Menu
undefined undefined
My dashboard
My Content
My products (0) My insights (0) My events (0) My contacts (0)

SMCR+ View - April 2023

Timely updates on SMCR developments and regulatory announcements alongside helpful tips and services to assist in managing your SMCR compliance.

27 April 2023

Publication

Spring has sprung and ahead of the first of many bank holiday weekends, here is April's SMCR+ View. It's not often we ask for reader participation, but hopefully we've banked up enough goodwill with SMCR+ View to ask for your help in completing a very short questionnaire to help with our response to the HMT Call for Evidence and PRA/FCA Discussion Paper on the SMCR (see Section 1). This edition also covers the most recent Senior Manager enforcement case, Senior Manager approval status, a whistleblowing update and more.

As ever, please do let us know if you have any feedback or questions.

1. A favour...help us frame our response to the HMT and PRA/FCA SMCR reviews

We are responding as a firm to the HMT Call for Evidence and PRA/FCA Discussion Paper on the SMCR and would be very grateful for your feedback in order to frame our response. We know a lot of teams are stretched and unable to respond to these papers individually, but would love to have a voice.

With that in mind, we've created a very short questionnaire here (13 questions, all yes/no or multiple choice) and we would really (no, REALLY) appreciate you completing it for us. We've tested it and it genuinely takes 5 minutes. All submissions will be anonymous and no responses or comments will be attributed to a firm. You do not have to answer every question and can skip as required or submit at any time.

The aim is to be able to provide data to HMT and the regulators to support the points put forward in our responses.

We will be supplementing this by organising some deeper dive roundtables mid-May - do let us know if you'd like to be involved! We are also very happy to have bilateral calls with firms if you would find it easier to feed in and discuss your thoughts with us directly.

THANK YOU in advance and we are also happy to share the (anonymised) results with this group in due course (if we get enough responses!). The deadline for responses is COB 12 May 2023.

Please do reach out to Penny Miller (Partner)Andrea Finn (Partner) or Amy Sumaria (Supervising Associate) with any feedback or questions you have.

2. PRA - First Senior Manager Conduct Rule enforcement case

Earlier this month, the PRA published their first enforcement case in relation to Senior Manager Conduct Rule 2 (a Senior Manager must take reasonable steps to ensure that the business of the firm for which they are responsible for complies with the relevant requirements and standards of the regulatory system), in respect of the former Chief Information Officer (SMF 18) of TSB who was responsible for the firm's performance of its obligations under the PRA's outsourcing rules (amongst other things).

Our key thoughts are set out in this Flash SMCR+ View. Whilst this case relates to a bank and has been brought by the PRA, we still think that there are points of interest for solo-regulated firms.

Please contact Penny Miller (Partner)Amy Sumaria (Supervising Associate)Emma Sutcliffe (Partner) or Richard Sims (Partner) if you have any questions.

3. PRA - Letter on thematic findings from the 2022 cyber stress test (relevant to SMF 24s)

Of interest to SMF 24s (or equivalent) of PRA-regulated firms and financial market infrastructure (FMIs), is the PRA's letter sharing their findings from the cyber stress test held in 2022 (CST22), which was a voluntary test based on data integrity affecting retail payments. The PRA outlined a number of areas of focus, including industry co-ordination, communication, the availability of contingencies and mitigants, data reconciliation and testing capabilities.

The PRA is expecting relevant firms to consider these findings and incorporate relevant findings to ensure that their important business services can remain within impact tolerances in severe, but plausible scenarios, by March 2025. A key outcome sought by the PRA is that firms embed the policy expectations to take action to improve their operational resilience. The Bank and PRA expect to see a testing and remediation workplan that provides board-level assurance that the relevant firm will be able to remain within impact tolerances -- so there is a Board / governance angle to be aware of too.

If you have any questions please contact Oliver Irons (Partner) or Amy Sumaria (Supervising Associate), or to sign up to Payments View please click here.

4. FCA - Update relating to delays in determining Senior Manager applications

The data-driven regulator has produced some data! The FCA has published an update showing an improving trend in the time taken to process Approved Person applications. Many firms will have experienced delays in getting Senior Managers approved, but for Jan/Feb 2023 the FCA determined 94% of applications within the statutory time period (3 months). The FCA notes that they expect to be meeting the statutory deadline for these applications by the end of FY 2022/2023...

We assist a lot of firms with their Senior Manager applications -  if you'd like to discuss or need any assistance, please contact Penny Miller (Partner) or Amy Sumaria (Supervising Associate).

5. Government - Review of the whistleblowing framework

Something of interest to relevant firms' Whistleblowing Champions and broader whistleblowing policies is the Department of Business & Trade's review of the whistleblowing framework. The review will focus on how the whistleblowing framework facilitates disclosures and protects workers; the wider benefits and impacts of the whistleblowing framework; and what best practice looks like. The evidence gathering stage of the review is expected to conclude in autumn 2023.

To discuss this further, please contact Andrea Finn (Partner) or Peter Lockwood (Managing Associate).

6. PRA - Final Notice for Wyelands Bank Plc

It wouldn't be an SMCR+ View without a Final Notice...The PRA issued a Final Notice censuring Wyelands Bank Plc as a result of its failure to notify the PRA of certain structured finance transactions entered into which were in excess of its regulatory limits on large exposures, resulting in an unacceptable concentration of risk to the Gupta Family Group (GFG) or counterparties connected to the GFG. The PRA found the firm to be in breach of PRA Fundamental Rule 3 (a firm must act in a prudent manner), 5 (a firm must have effective risk strategies and risk management systems) and 6 (a firm must organise and control its affairs responsibly and effectively), amongst other rules. The PRA would have fined Wyelands over £8.5 million, but as the firm is in wind down, the PRA has not imposed the penalty.

From an SMCR perspective, some interesting findings raised by the PRA include:

  • Senior executives and directors conducting business via informal means of communication (in this case, WhatsApp) with no formal record keeping policies or procedures to retain these messages. This resulted in the Wyelands' Risk function being unable to exercise effective scrutiny and oversight of transactions. The use of WhatsApp and informal means of communication has been something on the FCA's agenda for some time (see SMCR+ View from January 2021, for example).
  • Certain requests to enter into new business required to go to the Board via the "Engagement Policy" together with a rationale for the transaction never reached the Board, and there was a failure to take sufficient care to comply with the policy. This is a stark reminder that firms should ensure that policies are operationalised effectively and that the infrastructure supporting the Board is in place and aligned with the firm's policies
  • Wyelands' "three lines of defence" risk management model was not sufficiently developed so as to be commensurate to the complexity of the transactions, with key personnel operating between the First and Second Line, thereby comprising the independence of the risk management function from the operational functions.
  • When delegating authority for lending and the provision of credit to executive management, the Board failed to sufficiently interrogate and challenge how the firm's transaction would operate within the large exposure requirements. This is a reminder to Board members of their role and the expectation of the PRA and FCA that there is effective, documented challenge at Board level.
  • Wyelands failed to ensure that remuneration payments were clearly documented or approved by the RemCo and Board. Again, this is a reminder of the importance of robust governance structures.

This is the first time the PRA has taken action against a firm for breaches of large exposure limits and Fundamental Rule 3, and reiterates the need for diligence from a governance perspective in the context of intra-group / connected persons transactions.

To discuss this further please contact Emma Sutcliffe (Partner) and Richard Sims (Partner).

7. Ireland - Individual Accountability Framework

In Ireland, the long-awaited details of the new individual accountability framework (the IAF) have been taking shape. On 13 March, the Central Bank of Ireland (CBI) published its consultation paper, "Enhanced governance, performance and accountability in financial services". This paper follows the signing into law on 9 March of the Individual Accountability Framework Act 2023, and includes three draft regulations and a set of draft guidelines.  

We have hosted a series of webinars to discuss the CBI's expectations for the implementation of the new IAF, the most recent of which looked at how the proposed new regime compares to the SMCR.  In short, while there is a lot that is similar, it's worth noting the nuances of the different regimes, particularly if firms are considering borrowing processes and procedures from their implementation of the SMCR.

We have also been putting together a toolkit to enable firms with an Irish presence to prepare for the new rules.  The toolkit will be divided into separate modules for: (i) SEAR; (ii) the conduct standards; and (iii) the enhancements to fitness and probity.

Please see links to the recordings of our webinars below, and if you have any questions on the toolkit or the regime generally please don't hesitate to contact Derek Lawlor (Partner)Penny Miller (Partner) or Niamh Ryan (Partner)

This document (and any information accessed through links in this document) is provided for information purposes only and does not constitute legal advice. Professional legal advice should be obtained before taking or refraining from any action as a result of the contents of this document.

Related insights

This website uses cookies and other similar technologies to ensure you get the best experience on our website. Please review our cookie policy and our data protection privacy notice for more information on how the data that is collected is used.