Classification is the key to compliance

Classification is the key to compliance

Q: What should I do first as I look to comply with the Senior Managers and Certification Regime?

First, companies need to identify their classification, ie are they an enhanced, core or limited company, as they will be subject to certain requirements based on this definition.

Our view is that larger businesses, or businesses that are part of a group, should not leave this to the last minute to implement, as the regime gives them an opportunity to make changes that are feasible before implementation and to test a number of iterations.

Article continues after advert

Companies that are part of a group structure will be required to apply SMCR at legal entity level. This means such groups could be caught under more than one category, eg core and enhanced.

In this circumstance, companies may choose to apply the highest regime across the whole business, although there is no requirement to do so. 

Businesses should review their organisational structures to identify the relevant senior management and certified functions, and to ensure they have the correct individuals approved for the roles.  

For core and limited scope companies, existing approved persons will be mapped across to the new regime where possible, so pre-approval will not be required before implementation.

It is important, however, for businesses to consider any changes to the current approved persons ahead of implementation, and to ensure that for any individual not currently approved, or where additional approval is required, they submit robust documentation on the scope of the individual’s responsibilities to the Financial Conduct Authority.

Core and limited scope companies should note that non-executive directors who are not the company’s chairperson no longer need approval, but may still be covered by the regime.

Under the certification regime, it is the business’ responsibility to certify as ‘fit and proper’ any individual who performs a function that could cause ‘significant harm’ to the business or its clients.  

This is required at the point of recruitment and annually thereafter.

Companies therefore need to design tailored competency training, testing, attestation and fitness and propriety processes that are appropriate, linking this and the conduct rules to their performance management and annual appraisal process.

It is also important to consider who will be responsible for signing off on ‘competency’ within the business. 

Defining and recording individual accountabilities is an important step in complying with the regime. Every senior manager is required to have a statement of responsibility that should adequately describe their role and all responsibilities and accountabilities.

Although only enhanced companies are required to define and implement a responsibilities map and robust handover process, it is considered good business practice for core companies to undertake a similar exercise.

Lorraine Mouat is a senior regulatory consultant at TCC