1. Modification by Consent (solo regulated firms)
A distant memory we know, but cast your mind back to 2020 and the first lockdown. Back then the FCA recognised that some firms were struggling with the unexpected absence of Senior Managers due to matters such as illness (e.g. COVID-19) or furlough, for example. To afford firms greater flexibility they introduced the Modification by Consent ("Modification") which allowed firms, under certain circumstances, to: (1) extend the period an unapproved individual could cover a Senior Management Function from 12 weeks to 36, and (2) reallocate prescribed responsibilities held by an absent Senior Manager to the non-Senior Manager providing cover for them (whereas normally they need to be reallocated to another Senior Manager).
The Modification expires on the 30 April 2021 meaning that the flexibility it affords firms will end on that date. As such, firms who are still relying on the Modification need to consider how their arrangements will need to be adjusted for 1 May 2021. We helped a number of firms in relation to relying on the Modification initially and would be happy to advise further on next steps now it is coming to an end.
2. FCA: Freedom of Information Requests
The FCA recently published their Disclosure Log for 2020 here. This log lists some of the disclosures made under the Freedom of Information Act which the FCA think are of wider public interest. There are some interesting SMCR points we want to highlight which we have summarised in this short deck. Of particular interest will be the data around investigations and non-financial misconduct.
3. Non-financial misconduct and lacking honesty and integrity
Talking of non-financial misconduct...whilst not under the SMCR, this is still of interest as the FCA have recently banned Simon Varley from working in financial services and fined him over £63k for lacking honesty and integrity. Mr. Varley had knowingly performed a controlled function without approval and provided investment advice to retail customers when he knew he was not qualified or approved to do so. It was found that he had deliberately lied about his position and his misconduct continued for a number of years, potentially creating a risk of loss to customers. The FCA said that the ban should act as a deterrent to other senior individuals who abuse a position of trust.
The FCA published a Decision Notice against Jon Frensham whereby the FCA considered him to not be fit and proper (because of a lack of integrity and reputation) thus withdrawing his approval to perform his current SMF roles and making an order to prohibit him from performing any functions in relation to regulated activity. This, like the others we saw last year, relates to a particularly egregious criminal matter whereby Mr Frensham was convicted of attempting to meet a child following sexual grooming. He committed this offence whilst he was an approved person. Mr. Frensham has referred this matter to the Upper Tribunal.
4. Diversity and inclusion speeches by the FCA
A really important topic that the FCA have been actively engaging in. Recent FCA speeches have indicated that the SMCR will likely have a role to play in enhancing the diversity of senior management within regulated firms. In March 2021, Nikhil Rathi (the CEO of the FCA) highlighted that diversity will be crucial in the FCA's consideration of vulnerability, particularly as firms come out of a pandemic which has disproportionately affected women and people of colour. He outlined that the FCA will be asking tough questions about representation across grades and whether firms' cultures are open and inclusive. Of note, he said that the FCA were considering how they might hold firms to account using the tools available to them and he mentioned that he would be considering whether the diversity of management teams - and the inclusivity of the management culture they create - could be part of the FCA's consideration of senior manager applications. This was further reiterated in a more recent speech by Sheldon Mills on "Why black inclusion matters to us" where he made the same point as Mr. Rathi on senior manager applications. Another point touched on in both speeches was around exploring the listings framework in the context of D&I, and considering whether firms should comply or explain a lack of diversity at senior levels. Finally, the FCA are also considering including a sixth question into their 5 Conduct Questions programme around diversity and inclusion (which was mentioned again in Mark Steward's speech here on 26 April).
On a related point, we want to mention the 10,000 Black Interns initiative which seeks to enhance diversity across the financial services sector. We are proud to have been involved in this programme from the very beginning and would strongly encourage you to sign up.
5. Compliance Culture and Evolving Regulatory expectations
As mentioned briefly above, Mark Steward made a speech on 26 April 2021 where he talked about the SMCR. A key conclusion he made was that human nature is the real challenge for the FCA and that the point of failure is not necessarily a failure of compliance. He noted the law has a good chance of changing the mores of an organisation (i.e. the SMCR is a cogent framework for focussing in on conduct risk and the 5 Conduct Questions ("5CQs") are an effective means of engaging with firms on the challenge of transformational change), but that 'change from within' (i.e. one's individual mindset, preferences, beliefs, habits and pre-dispositions - being clear about how you will respond on your own and why) will be a core focus for the FCA. He discusses two specific examples of 'tone from within' in his speech. Both relate to certain individuals' choices and how they demonstrate that individuals can calculate conduct risk differently at an individual level and how systems and controls are prey to individual assessments of risk which might be wrong. He also described the evolution of the FCA's 5CQ journey and likened each stage to parts of the SMCR - he noted the message has shifted from 'tone from the top' (necessary for setting the parameters, the expectations and the examples - the Senior Manager Regime), to 'tone from above' (the example set by one's immediate line manager - the Certification Regime and process), to 'tone from within' (relating to every person in the organisation encouraging personal accountability - the application of the Conduct Rules). In other sections he covers reasonable steps and the virtuous circle of the SMCR - i.e. that Senior Manager self-interest in avoiding liability means taking reasonable steps to protect themselves which, in turn, reduces the risk of non-compliance more generally. He highlighted that the SMCR is not a panacea for all firm misconduct and that firms can breach their obligations even if the Senior Manager has fulfilled their duty of responsibility (especially in large firms). He noted that reasonable steps must be properly implemented and effective and that the regime has made material changes in the way firms build into their systems explicit reasonable steps to prevent non-compliance. It is a very interesting speech and we suggest reading it in full.
6. PRA and Culture: Measuring the Amorphous
In March's SMCR View we flagged the PRA's Paper on Organisational Culture and Bank Risk (link here). It is a very interesting read and insight into how the regulators might set out to measure firms' culture in the future and we have sought to summarise the key points in our insight piece "Measuring the Amorphous" available here.
All feedback on your thoughts about the Paper (and how you might be responding to it) are very welcome.
7. FCA: Whistleblowing
In the financial year 2019/2020 the FCA received over 1,100 separate whistleblowing disclosures, covering nearly 3,000 separate allegations. So it is unsurprising that the FCA continues to be focussed on whistleblowing as a "vital and unique source of information" for its policy, supervisory and enforcement work or that it has recently been increasing resources in its whistleblowing team. In that context, the FCA recently launched 'In confidence, with confidence', a refreshed whistleblowing campaign "to encourage individuals to report wrongdoing".
The campaign itself offers limited additional insight beyond some further resource for firms and whistleblowers and the introduction of a dedicated FCA case handler for each whistleblower. From the perspective of firms the key message from this campaign is to re-affirm whistleblowing as a key FCA priority as part of its broader culture and governance agenda and comes off the back of recent FCA activity in this area. Firms should be considering not only whether their whistleblowing policies and procedures are fit for purpose but also whether their culture is psychologically safe and enables appropriate escalation of concerns, whether they are conducting their investigations appropriately and whether their Boards have adequate MI about whistleblowing.
8. FCA: New prudential regime for MiFID investment firms - CP21/7
Many of you will be aware that the FCA have published their second consultation paper on the proposed rules to introduce the new prudential regime for UK firms authorised MiFID (the Investment Firm Prudential Regime ("IFPR")). There is a short section in this consultation paper (page 51) relating to governance and Senior Manager oversight of the ICARA (the internal capital and risk assessment). In it the FCA outline that, given the importance of the ICARA, they will hold senior management and governing bodies responsible for ensuring that the ICARA process meets the FCA's expectations. The FCA proposes that, once the ICARA is completed, a firm's governing body must review and approve the content of the ICARA document within a reasonable period. The paper outlines their expectation that Senior Managers take an active role in contributing to the required analysis and embedding the requirements in their business areas. They also refer such staff to the relevant provisions in COCON, specifically COCON 3 and 4.
9. PRA: Operational resilience
Just a short update but, in the PRA's statement of policy from March 2021 on operational resilience, they reiterated that the COO (SMF 24) role includes responsibility for the firm's operational resilience. There is other broader governance guidance around board responsibilities which might be helpful for firms to consider.
10. PRA: Outsourcing and third party risk management
In March 2021 the PRA published SS2/21 on "Outsourcing and third party risk management". In this supervisory statement (which doesn't come into effect until 31 March 2022) there is a section on the SMCR (page 16). Here, the PRA highlight that relevant firms are required to allocate the outsourcing Prescribed Responsibility to a Senior Manager and this will usually be (but does not have to be) the SMF 24 (COO). The PRA note that firms should interpret this Prescribed Responsibility as encompassing the firm's overall framework, policy, and systems and controls relating to outsourcing, and that responsibility for individual outsourcing arrangements may still lie with relevant business lines or other areas of the firm.
11. SMCR Toolkit (solo regulated firms)
We have been very busy refreshing the SMCR Toolkit for solo-regulated firms. We have updated it with new FCA guidance and included some additional, practical documents to help firms navigate their ongoing SMCR compliance including:
- SMCR checklist to ensure effective implementation
- SMCR Form A templates
- SMCR Notifications Summary
- Conduct Rule Panel/Committee - Terms of Reference / process document
- New joiner and leaver checklists for Senior Managers and Certification Staff
- MRM template / example structure
- Reasonable Steps Guide document
- Reasonable Steps One Year On - Lessons Learned One Pager for Senior Managers
- Fitness and propriety procedure document
- Handover policy
- New scoping documents for Senior Managers, Non-Senior Manager NEDs, Certification Staff and Conduct Rules Staff which account for all the key FCA guidance
- In-house / internal Statement of Responsibilities template
- Table of the application of the SMCR to Non-Senior Manager NEDs
- Regulatory references policy - this is often something we see overlooked despite the requirement under SYSC 22.8.1R to establish, implement and maintain policies and procedures that are adequate for the purpose of complying with the obligations under SYSC 22.
The updated Toolkit is an excellent resource and is a cost-effective way of (1) ensuring that what you have in place is sufficient and in line with both the FCA's expectations and also market practice, and (2) accessing new practical documents.
Please get in touch with the SMCR Team to find out more.
.jpg?crop=300,495&format=webply&auto=webp)
