Regulation 

How to comply with SMCR

How to comply with SMCR

The deadline for solo-Financial Conduct Authority regulated companies to comply with the extension of the Senior Managers and Certification Regime is now less than a year away (December 2019) and they need to be stepping up their planning.

Near final rules were published last summer and accountability and governance arrangements are high on the regulator’s agenda. The scale of the task is significant, the regime requires companies to make fundamental changes to their management and governance structures.

Large amounts of new documentation will be required, and systems and processes will need to be updated.

The clear message for companies coming into the extended regime shortly, particularly large asset managers, is that they need to prepare well in advance and incorporate the lessons learned from previous implementations.

In particular, there are three common pitfalls: failing to develop a comprehensive view of accountabilities; failing to provide supportive management information, and failing to embed cultural change.

Comprehensive view essential

An accurate understanding of management responsibilities is central to implementing the SMCR.

Without this, it will be difficult to complete the production of key regulatory products such as statements of responsibilities, which set out each senior manager’s role and responsibilities; responsibilities maps, which document the management and governance arrangements of the company; or a reasonable steps framework, which outlines how senior managers demonstrate that they have taken ‘reasonable steps’ to prevent failures or regulatory breaches in their area.

Responsibilities must be identified, understood, documented, and then appropriately assigned and agreed with senior managers.

Companies should start at the top and categorise their people individually to identify the different populations required under the regime. These are the individuals who will hold senior management functions and those who will be approved as certified persons – individuals occupying specified risk-taking positions.

Then they need to consider how each individual seeks assurance for tasks that flow through their areas of responsibility, how they escalate issues, and where their responsibilities impact or touch another area.

Key points

  • The deadline for SMCR compliance is less than a year away
  • A company must have an accurate understanding of management responsibilities
  • Senior managers will need enhanced management information

To add further complexity, delegation of activities is common, particularly in large companies, resulting in overlaps and splits in responsibilities. Where a senior manager has delegated tasks to another senior manager, certified persons, normal staff or a governance body, that delegation of authority should be clearly defined in the SoR.

Delegation must be balanced against the expectations of the regulator. In the case of the regime’s own prescribed responsibilities, which must also be allocated, the FCA is clear that these should be assigned to the most senior manager.

In building this comprehensive view of responsibilities, implementation programmes should collate a central source of useful, existing material such as current organisational charts, governance maps and committee terms of reference.

Engaging with senior managers early will also be crucial. Each needs to be aware of their responsibilities, and the change in the regulator’s expectations. This will embed individual accountability within the regime and will ensure success in the later stages of implementation.