The Mishcon Academy Digital Sessions
Conversations on the legal topics affecting businesses and individuals today
Greg Campbell
In this episode, what are the key issues for senior executives across the banking and wider financial services sector under the Senior Manager Certification Regime? Have these changed in light of the Financial Conduct Authority’s focus on healthy cultures at the heart of firms? And what is the impact of Covid-19 and the new working environments? Hello and welcome to the Mishcon Academy Digital Sessions podcast. I’m Greg Campbell, a Partner in the Employment Law Team at Mishcon de Reya and I am joined by my Partner, David Cummings. Hi David, taking a step back for a moment, what is the Senior Manager Certification Regime and how did it come about?
David Cummings
Thanks Greg. Well, SMCR, as I’ll refer to it during our discussion, it really came out of the banking collapse and financial crisis of 2008 and the apparent lack of accountability across the sector for poor prudential management and behaviours that caused it. The view was that the old Approved Persons Regime, as it was called at that time was not sufficiently robust enough to really enable individual accountability. So, a Parliamentary commission on banking standards was established in 2012 to specifically consider the standards in culture of the UK banking sector and to make recommendations for legislative and regulatory action. Now, the PCBS, as I’ll refer to it, published a number of reports including its final report, Changing Banking for Good, which really did lay the groundwork for SMCR implementation across the banking sector. So, SMCR was devised and consulted on by both the Prudential Regulation Authority and the Financial Conduct Authority throughout 2014 and 2015 and it came into force in March 2016. Initially to UK banks, building societies, credit unions, UK branches of foreign banks and what are know as PRA-designated investment firms. And they are effectively the big commercial and investment banking houses operating in the UK. But in terms of what it actually is, I think you can best visualise SMCR as a pyramid really. At the top you have a set of senior managers and these are the people who carry out specified senior manager functions at the very top of the organisation. Typically, your CEOs, your executive directors, heads of key business areas, risk, compliance, finance, your money laundering reporting officer, your chief operations officer. So, really the key people responsible for ensuring firms’ safety and soundness and these people need to be what’s called ‘Fit and Proper’ according to the regulators, in order to carry out their role and they need to be approved as such before they start. Spread amongst the senior managers, you now have some specific, what are called Prescribed Responsibilities. There’s over 30 of these responsibilities across the banking sector which really need to be divvied up across all of your senior managers and they deal with things like countering risks of financial crime, oversight of audit compliant risk and remuneration policies and regulatory reporting and so on. Now, underneath the top cadre of senior managers so to speak you have a much broader population who are not senior managers but are people whose job involve a risk of significant harm to the firm or any of its customers. Now, these people are called Certification Staff and they don’t require pre-approval from the regulators anymore in terms of fitness and propriety which is a big change from the old Approved Persons regime. Then finally, at the bottom layer of the pyramid you have the broadest category of all, the Conduct Rule Staff and that is those employees subject to a broad code of conduct in how they carry out their roles. So, this applies to senior managers, to the certified staff I just mentioned but the code also extends essentially to all other individuals working for the firm other than those who perform what are called ancillary functions such as your receptionists, your security guards, your cleaners etcetera. So, the extension of SMCR was then discussed back in 2015 beyond just the banks and the building societies and the credit unions I mentioned earlier, to across the entire FCA-regulated financial services sector in the UK. That’s what happened at the end of 2019, although given the complexity and scale and sophistication of differing levels across the entire sector, it was rolled out in a more proportionate way across three different tiers depending upon the complexity of the firm.
Greg Campbell
So, what changed from the old Approved Persons Regime? Do you think SMCR was a sea-change in the way in which financial services executives are regulated?
David Cummings
I don’t actually think so, Greg. I wouldn’t call it a sea-change or a whole-scale revamp of the regulatory principles that governed how senior managers were supposed to operate in a risk-managed and effective way. I think the fundamental principles of prudent and effective risk-management and compliance that formed the foundation of the old Approved Persons Regime, remain the same but I think there are some key practical differences under SMCR compared to the old Approved Persons Regime such as the following. There is a much greater emphasis, an articulated emphasis on individual accountability of senior managers. That is personal responsibilities for issues that arise within a senior manager’s business or within their sphere of responsibility and hand-in-hand with this is what’s known as a specific duty of responsibility on senior managers where they really do need to take reasonable steps to prevent a breach of a regulatory requirement happening on their watch so to speak and within their area of business. I think that’s been reflected in the type of documentation, the type of practical paperwork that senior managers are now asked to sign up to across the financial services sector. Whether that be statements of responsibilities or management responsibilities maps or specific SMCR-related provisions in their employment contracts in terms of I’m using there. But there are specific types of documents now under the new regime which senior managers need to sign up to and be comfortable with and ensure that they’re up-to-date and accurate at all times. Including being subject to a much more specific form of regulatory references, if senior managers do move firms just to highlight a few of the practical documentation changes that senior managers are grappling with. And then finally I think a difference under the SMCR compared to the Approved Persons Regime is the FCA’s really clear focus on healthy cultures across firms. Really articulating the importance of non-financial conduct just as much as financial conduct and what comes with that is a much greater level of inter-disciplinary co-operation and decision-making within firms, whether that be through risk compliance, legal and in our world in particular, the HR stream, these sections of firms are much more heavily involved now in making decisions and judgement calls in respect of senior managers under this regime.
Greg Campbell
Okay I mean, you’ve used terms there like ‘Fitness and Propriety’ and the ‘Code of Conduct’. Now, they’re wonderfully uncertain terms that lawyers love. What do they mean in practice and why have we seen this much greater collaboration between HR, legal, risk and compliance than we were used to historically?
David Cummings
Yeah great question, Greg. The code of conduct is essentially a set of rules or principles of expected behaviour if you like that all staff in firms are now required to meet. The code of conduct requires individuals to act with integrity, with due skill, care and diligence, being open and cooperative with the regulators, paying due regard to the interests and treating them fairly and observing proper standards of market conduct in how they carry out their day-to-day functions. Now, senior managers have an additional set of specific conduct rules that they need to comply with on top of the ones I’ve just mentioned and they include taking reasonable steps to ensure that the business that they are responsible for is controlled effectively. That it meets the relevant regulatory standards and requirements and to ensure that any delegation of their responsibilities is to an appropriate person and that they oversee how that person discharges that delegated responsibility effectively. And they also must disclose information to regulators which the regulators would reasonably expect notice of. Things that come up in their world, in their parts of the business that they think the regulators should be aware of. That’s the code of conduct. Now, fitness and propriety, however, is more a set of specific attributes so to speak which senior managers must have in order to carry out their function. Now, these attributes are pretty lofty attributes such as honesty, integrity and a sound reputation, competence and capability, financial soundness themselves as individuals. But unlike the conduct rules which I mentioned before, which apply to their day-to-day functions for their firms, fitness and propriety is much broader and can be impacted by issues that come up in respect of senior managers both within and outside the workplace which is really important. And in this particular respect, in respect of fitness and propriety I do think there has been a greater, at least articulated emphasis by the FCA, on personal characteristics of senior managers as opposed to just the traditional elements of reputational soundness, competence and capability and so forth that I mentioned. Personal characteristics to do with the working environment, how does a senior manager contribute to a working environment that’s free of harassment and discrimination and where employees feel able and indeed encouraged to speak up, i.e. to blow the whistle about matters which should be raised and addressed? And also about how senior managers themselves approach issues such as compliance, risk and human resources frameworks from the very top of the organisation. Over the last few years I think it’s fair to say we’ve seen a number of very senior members of the FCA clearly stating that they view issues such as sexual harassment as misconduct that falls within the scope of the regulatory framework and that they view misconduct as misconduct full stop. Whether it’s financial or non-financial. And that they expect senior managers to play a key part in showing appropriate leadership to address non-financial misconduct and that failure to do so really does have a direct link to their fitness and propriety to carry out the role. So you know, these are tough judgement calls and that’s why I say that there’s been a greater level of inter-disciplinary cooperation between the likes of legal, compliance, risk and in particular HR because whether or not a senior manager is fit and proper, or whether or not there’s a conduct rule breach in respect of workplace issues or non-workplace issues, whether it’s financial conduct or non-financial conduct, really needs a holistic assessment by firms because the decisions that they make in respect of fitness and propriety for senior managers can have very far-reaching consequences.
Greg Campbell
Yeah it seems like what traditionally was concerned with the pure fitness of a financial advisor has gone much more widely now into the world of as you say, grievances against employees, diversity issues, sexual and other forms of harassment and indeed bullying and discrimination. All these things are now on the FCA’s radar, much more overtly than they were under the old, approved regime. Do you think the Me Too movement has been a key part of that change?
David Cummings
I think in part, Greg. But I think issues such as these, such as bullying, harassment and non-financial misconduct, which are corrosive to working environments from a risk perspective I think these were identified as early really as the Parliamentary Commission on Banking Standards back in 2012 as something that needed to change within the culture of the financial services sector in the UK. So, I certainly think that the Me Too movement over the last few years has given that greater emphasis and I think has allowed the regulators to articulate even more clearly with more urgency than perhaps previously. So, I do think it’s had an impact but I don’t think it’s just because of the Me Too movement.
Greg Campbell
And the regulators have talked about the role of senior managers being what they call ‘Culture Carriers’ and you’ve already touched on the importance of culture and how senior managers have to take issues way beyond pure financial issues incredibly seriously and then embed that behaviour throughout their teams. Moving away from those conduct issues, what kind of guidance is there out there for senior managers to know when they should be acting and what they need to be doing in practice? How can they be confident that they’re doing the right thing and not failing to do the right thing?
David Cummings
Well, I think it’s important to recognise that this is principles-based regulation. There’s no specific set of actions or conduct which senior managers must do or step through in order to be compliant. I think the regulators really expect both firms and individual senior managers within those firms to come up with architecture and a control framework that works in the particular circumstances based on the personalities of the senior managers involved, their direct reports, the nature of the business, the complexity, its geographic scope and so forth. So, I think that’s important. There is some actual practical guidance which the regulators have published, whether that be in the rules themselves, which senior managers can go to, which gives them clear examples of how to comply with their requirements from a practical perspective. But beyond that guidance from the regulators, I think it’s really important for senior managers themselves to be confident in the architecture around them and ensure that it’s fit for purpose so they need to understand and keep on top of their documents, their statements of responsibilities, where they sit within the management framework. They need to have clear and understood reporting lines across the business. They need to have effective delegation and oversight mechanics and they also actually need to get really good at identifying issues that come up, making records of how they’re going to deal with them and escalate them and really work on good management information flows both to them and from them around the organisation you know, senior managers shouldn’t be afraid to really lean on their compliance, their risk, their legal and their HR teams to get that architecture in place to support them and make sure it’s fit for purpose.
Greg Campbell
Yeah hearing what you said about the record keeping, it’s one of the things if the regulators don’t see a written record, they don’t think it happened! Now, we’re sitting here in the socially distanced bunker in Africa House and we can’t talk about these issues without talking about Covid. Now, you’ve said as part of this senior manager role you’d be actively engaging with compliance, HR, managing your delegates. That’s obviously much more challenging in light of the impact on all of our working lives of Covid-19 and you know, we’ve been working remotely for the last six months and it looks like that’s going to continue probably through the winter. How are the regulators going to approach their oversight of senior managers in light of the challenges of Covid-19?
David Cummings
I think the regulators’ expectation is that firms, SMCR, systems and controls, I think particularly in the banking world where they’ve had the last few years to really embed this system since March 2016 should really be effective enough to deal with the issues that Covid-19 throws up, whether that be adapting oversight and delegation methods in light of furlough and remote working, the move to online communication and management information flows a lot of which will be online already and firms relying on their business continuity plans back in March with the first lockdown and potentially more as we move forward. So, I mean fundamentally I think regulators are expecting Covid-19 to be the first real test for SMCR in the banking and larger financial services sector and in fact they’ve said just that in their public pronouncements. There has been some clarification and relaxation of some of the rules in the context of Covid. So, the regulators have made it clear for example you don’t have to have a single senior manager responsible for their Covid-19 response across the firm - who would want that job – if you needed it? But firms are free to allocate these responsibilities the best way they see fit across their management structure. Firms don’t need to submit updated statements of responsibilities to cover for absences or changes to senior manager responsibilities when they’re temporary and in direct response to the pandemic and you can have temporary cover for a senior manager for up to 36 weeks during the pandemic rather than the standard temporary cover rules of 12 weeks.
Greg Campbell
Alright. Thank you very much Dave, that’s a really excellent synopsis of an issue you could talk about for hours and hours. So, in terms of our key takeaways today, what we would say is if you are a senior manager operating under this SMCR regime, the key takeaways are; SMCR is not revolutionary. It builds on the old Approved Persons regime and seeks to provide for greater transparency and accountability of senior managers across firms. You need to proactively engage. Be all over your paperwork. Make sure you’ve got a record of what you’re doing. Make sure you understand the systems and controls and are comfortable with them. Work closely with HR, legal, risk and compliance as needed. The issues don’t just sit in there. Everyone has responsibility under these regimes and we are all responsible for making sure they work. And take non-financial conduct just as seriously as financial conduct, both in your own roles and duties and also across the teams. The regulators expect you to be Culture Carriers in a good way. They consider culture is central to compliance and banks’ health and safety. So, engage and take seriously with HR all their processes including appraisals, grievances, complaints just as you would with breaches of trading limits or customer complaints. And finally, be especially vigilant in the new normal that Covid-19 has brought. This is where your impact as senior manager can shine or be undone if poor practices or systems and controls expose weaknesses in governance and compliance.
David Cummings
I think that’s spot-on.
Greg Campbell
Thank you. Well for now, let’s wrap up there. I’d like to say thanks so much to David Cummings for joining me for this Mishcon Academy Digital Sessions podcast. I’m Greg Campbell and in the next episode, my colleagues Henry Farris, Nicola Vinovrški and Derval Walsh will be talking about whether Covid amounts to a material adverse change in contract law.
The Digital Sessions are a series of online events, videos and podcasts, all available at Mishcon.com. If you have any questions you would like answered or suggestions of what you would like us to cover, do let us know at digitalsessions@mishcon.com. Until next time, take care.