1. 31 March 2021 deadlines - solo-regulated firms
I know we've said this a million times, but....the deadline for (1) completing the first certification process of your certified staff, (2) training your conduct rules staff on the individual conduct rules, and (3) uploading details of your Directory Persons to the Directory, is fast approaching (31 March 2021).
One point we are getting a lot of questions on the Directory is what to include for the role "start date" for those who were identified as certification staff at the start of the SMCR on 9 December 2019. We have spoken with the FCA bilaterally who have confirmed our view that the role "start date" should be the date the individual was initially certified, rather than the date on which these individuals were initially identified as holding a certified role (i.e. 9 December 2019). The FCA have some helpful user guides on how to submit your Directory Person data (here for the multi-add and here for the single-add user guides). The FCA recently updated (3 March) their Directory Q&As to include an additional section on solo-regulated firms at the front. Something to be mindful of with regards to the Directory is that if you are using the multi-add template then the deadline for submitting your data via this template is the 18 March 2021. For those using the single entry form on Connect, you have up to the 31 March 2021 to upload this data. We also have an SMCR Surgery on the 17th of March for any last minute queries you may have. To sign up please register here.
2. SMCR Summit
David Blunt (Head of Conduct Specialists) from the FCA had some really interesting comments regarding SMCR at the SMCR Summit organised by City & Financial in a session that I chaired and we sponsored. We thought it might be helpful to outline some of the interesting takeaways from that session in case you weren't able to join:
Conduct rule breach reporting - the FCA will take a dim view of firms "lowballing" their conduct rule breach numbers. In the period 9 December 2019 - 31 August 2020 the FCA received c. 2,500 conduct rule breach reports (we note that this would only have included certification staff and Senior Managers and it isn't clear how many related to each population of individuals). Firms should also be using conduct rule breaches as a means of assessing whether there are any internal controls, policies, or training that can be improved.
Conduct rule training - training should not be a one-off process and conduct rules need to be reinforced regularly for existing staff. Firms should be assessing the effectiveness of training and make changes to their training programmes where issues are identified. At Simmons, something we have seen firms do to test the effectiveness of training is to ask a random sample of individuals whether they can list the five individual conduct rules. Where weaknesses are identified, firms are looking to enhance their internal training programme and reinforcement tools - e.g. including conduct rule reminders as firm screen savers, bringing up the conduct rules at team meetings etc. We have a number of ways to help firms provide ongoing, role specific training. See our LinkedIn post here or get in touch for conversation about how we can assist.
Senior Manager investigations - there is a time lag between firms coming into the regime and investigations commencing as the misconduct needs to have taken place once the regime was in force. Investigations take a significant period of time (often years) and therefore there will be a delay. However, David Blunt did suggest there were an increasing number of investigations into Senior Managers and that this number will increase over time.
Psychological safety - Senior Managers must listen to staff and must be following up on what they have heard. Psychological safety, culture, diversity and inclusion, and purpose remain high on the FCA's agenda. You can read more on why the FCA care about diversity and inclusion here. We're also running a webinar on psychological resilience with independent psychologist Mandy Rutter on March 24th. Feel free to join via the following link.
The SMCR Summit also had a number of interesting panel sessions - we spoke about the challenges of remote and hybrid working arrangements and, as clients start to plan their Return to Office plans (version 3.0, at least) control functions and Senior Managers are considering how to ensure effective supervision and oversight in a remote/hybrid world, including so as to maintain and develop the firm's culture and manage conduct risk (there are also a number of people/employment law issues to be managed). We have recently developed a paid training session which focuses specifically on the supervision and oversight of staff in a remote environment. Do get in touch with Andrea Finn if you'd like to discuss this further.
3. Organisational culture and bank risk - PRA Working Paper
For those less familiar with PRA staff working papers, these set out research in progress by PRA staff with the aim of encouraging comments and debate. This paper focuses on looking at the link between poor organisational culture and bad banking outcomes - apparently there is surprisingly little research that has investigated this link empirically. The paper defines and measures 20 indicators of bank culture, including things like the number of internal fraud events as a proportion of the total operational risk events reported by the firm as a means of measuring a bank's ethical culture. Spoiler - the conclusion of the report is that there is strong evidence of a link between organisational culture and bank risk - banks with poorer cultures are substantially more risky. This is something the PRA/FCA have been talking about for some time and isn't new, but perhaps most interesting for firms is to look at how the PRA are looking to "measure" culture using data that is less obtrusive than traditional employee self-reports. This will likely be of interest to Boards/committees/teams tasked with monitoring culture, or running cultural change programmes. On the topic of culture, we have a webinar on The reality of leading cultural change: with Dame Inga Beale on 16 March 2021. Please register here if you would like to attend.
4. FCA Approach to Internal Firms
You will likely have seen the FCA's paper on their Approach to International Firms. Of interest for SMCR purposes is the section on "Personnel and decision making". This outlines that the FCA expects individuals directly involved in managing a firm's UK activities to spend an adequate and proportionate amount of their time in the UK to ensure those activities are suitably controlled. The FCA haven't advised on what the right proportion of time will be and have indicated it will be assessed on a case by case basis, but this is something for firms to be aware of, particularly when putting in relevant Senior Manager applications. In addition, the FCA also expect individuals responsible for the day to day management of the UK branch activities to have sufficiently independent decision making powers and to exercise independent challenge over strategic decisions that affect the wider firm. Again, something for firm's to consider when thinking about their decision making frameworks as this clearly this also ties in with the need for any Senior Managers to discharge their duty of responsibility under the SMCR, which may mean drawing more "lines" around UK activities in some cases. We are helping a number of international firms with their authorisation applications. Do get in touch if you would like any assistance.
5. Fair treatment of vulnerable customers
In FG21/1 and FS21/4 the FCA emphasised the role of senior leaders in creating and maintaining a culture that allows and supports staff to take responsibility for reducing potential harm to vulnerable customers (i.e. retail client/customers (who are natural persons) who, due to their personal circumstances, are especially susceptible to harm, particularly when a firm is not acting with appropriate levels of care). The FCA want to see senior leaders embed the fair treatment of vulnerable customers in their firm's culture and in their governance, systems, policies and processes that govern the whole customer journey. They suggest that senior leaders should ensure that their firm's culture and systems do not discourage staff from taking extra time or flexible steps to respond to vulnerable consumers' needs. We suggest that, to the extent relevant to firms, this guidance should be considered by relevant Senior Managers and such consideration / next steps recorded as part of their reasonable steps.
6. Implementing technology change
Operational resilience has been a hot topic of late, but so has technology change and, in February, the FCA published the findings of their review into how financial firms manage technology change (amongst other things). There is no specific SMCR wording in the review, but the FCA does include a section on governance arrangements which should be of interest to firms, particularly those with SMF 24s (COOs). In this section the FCA (perhaps unsurprisingly) outlined that effective governance at senior levels helps foster an operationally effective environment throughout an organisation. Most firms reportedly review their change management governance arrangements on a periodic basis and on an ad hoc basis (e.g. following a major change or lessons learned exercise had been completed) - firms that do not do this should put in place mechanisms to do so in appropriate cases. In addition, it was said that Board level governance was complemented by subject matter experts and Non-Executive Directors (NEDs) providing challenge from a technical and business perspective. This feeds into a more general direction of travel we have observed whereby the FCA are becoming increasingly interested in the independent oversight of UK regulated entity Boards and are actively encouraging firms to have NEDs on these Boards (even if not formally required by the FCA's rules).
7. iNED insights
It's not often you get an insight into what is on the mind of independent non-executive directors, which is why we wanted to flag this. In October/November 2020 the PRA conducted a pilot programme of virtual meetings between the PRA's Senior Advisors and independent NEDs from c. 40 PRA regulated banks and insurers. In February the PRA shared some themes that emerged from those meetings in this letter and we wanted to highlight these to you as, although the iNEDs represent dual regulated firms, many of their key concerns will likely resonate with other financial services firms. The iNEDs' key governance and people concerns relating to a continuing remote working environment included (1) building and maintaining a desired culture, (2) refining operational practices of the risk and internal audit functions in a virtual operating model, and (3) the mental health of staff. These are not new concerns and are all things that we have heard discussed by the regulators and industry since the first lockdown in 2020, but they clearly remain high on the agenda as lockdown continues and firms start to plan for how the workplace of the future might look. Something else the iNEDs considered a challenge was the controls environment with insider information and other risks heightened by working from home - we touched on the challenges associated with WhatsApp and other communication platforms in our January SMCR View here. Finally, they acknowledged the challenges / risk associated with implementing larger scale IT programmes while working remotely and while staffing effects of the pandemic persist which links to our section above about the FCA's review on implementing technology change and ensuring that effective governance arrangements are in place.
8. SMCR Toolkit Update
Many of you are subscribers to our SMCR Toolkit. We are currently overhauling the SMCR Toolkit by updating current content based on recent FCA/PRA guidance and providing new best practice documentation based on our experience advising over 100 firms on their implementation. The new SMCR Toolkit will be available from mid April. For pricing and access please contact Lee Curtis.
9. PRA TPR (Temporary Permissions Regime) firms
This is relevant for PRA regulated TPR firms who did not submit a Part 4A permission application with full SMF applications in advance of entering into the TPR. We are sure that you have already done this, as relevant firms should have done this within the first 6 weeks of 2021, but just a note if you have not...PRA TPR firms should have submitted an abridged application (TPR SMF Application) for at least one individual to perform the SMF 19 (Head of Overseas Branch) role and allocated the two specific TPR prescribed responsibilities (rather than all the prescribed responsibilities for third countries). In some circumstances the PRA Rulebook requires third country branches to have additional individuals approved as Senior Managers (e.g. the CRO (SMF 4)) and relevant firms should also have submitted applications for these individuals where required. The PRA suspected that most SMF 19s would already be approved as SMF 21s (EEA Branch Senior Managers) and so obtaining an additional SMF 19 approval should not have led to any ambiguity/confusion. You will likely be familiar with the PRA's SMCR guidance for TPR firms available here and also their detailed note here. We are assisting a number of firms with their Part 4A authorisation applications and the SMCR elements of that application. Do get in touch if you need any assistance with this.
We'd be delighted to discuss the above with you in more detail so please do let us know if we can be of any assistance.
.jpg?crop=300,495&format=webply&auto=webp)
