Over a hundred compliance professionals attended the Compliance & Conversation event staged by Global Relay in London recently to hear leading figures from financial services discuss some of the pressing questions of the day. In one session, Seung Earm and Mark Taylor, partners at Ibex Compliance LLP offered a practical approach to SMCR.
Seung and Mark have both worked in senior roles in global compliance with Mark holding both the SMF16 Compliance Oversight Function and the SMF17 Money Laundering Reporting Function. Seung set the scene by giving a brief overview of how SMCR was established in 2016 as a political and regulatory response to the Libor scandal and financial crisis. It was initially applied to banks, credit institutions, and PRA-designated firms and then it was extended to the insurance sector.
Last year the FCA and PRA published a discussion paper (DP1/3) as part of the Edinburgh reforms and a call for evidence was published by the HMT seeking comments on whether the SMCR should be extended. These papers have fielded a lot of questions and interest from the compliance community.
Seung put some questions to Mark about some of the important issues their clients have raised.
Challenges of regulatory references
Regulatory references were first introduced for banks and insurers in March 2017, they are now a requirement for all firms regulated by the FCA and PRA, under the senior manager and certification regime.
Mark said the main concern is that “a lot of the issues that you want to know about never end up in the regulatory reference.” Serious disciplinary action will be referenced but not all misconduct is listed. It is often seen as a layer of bureaucracy.
“When Alex [Viall, CSO at Global Rely] and I started,” he said, “people would have made phone calls and chatted about what actually happened about the person that you’re about to employ.”
Other concerns included the disparity of hiring people from outside the non-financial services industry or from outside the UK as they don’t have the same audit trail as a UK candidate already working within the financial services sector. However, the FCA expects the same level of audit trail. It was suggested that firms could use third party firms to do background checks and that it is important to also do your own research.
Growth and expectations of the senior managers as a new and an emerging risk
This is a topical issue because it’s happening across the board and “it feels like a burden”. Senior managers have a lot of responsibilities and it’s important to document everything properly as the regulator is pretty demanding in certain circumstances.
Going through an investigation is “scary stuff, it’s all your emails, all of that stuff,” said Mark. The senior manager is the focal point. “So if you’re going into the role, be really careful.”
Delays in SMF approvals
There have been changes to the FCA, not just the staff but also the location of their headquarters, which has led to loss of staff. This has created difficult challenges for the firms waiting for staff to receive SMF approvals because they have to find and appoint an interim while they wait.
There have been some suggestions in some of the industry papers that the FCA should narrow down the number of SMFs to key executive members –CEOs, CEOs, CFOs etc. This would make it easier for organizations, as the problem with the current way the regime works is that if a CEO doesn’t tag someone to an SMF then that function falls to the CEO. Therefore, they often tag people to interim roles.
“Be careful if you’re going to go into an interim role, it is a really odd situation to be in!” Mark said.
Could the industry rely on “reliance”?
For example, asked Seung, if someone was a NED at another reputable organization and then joins a new firm in a similar role, could that firm rely on the reliance that previous employers have conducted adequate checks?
“There is real scope for reliance just to smooth the process because I just wonder what the FCA are actually getting out of the work,” Mark said. “High risk firms and individuals will go on the FCA’s watch list but they are not going to interview every single manager. If firms could place some reliance on the fact that someone’s being registered somewhere else, or they’ve got a provable CV, then they can move straight into the role.
“A lot of this stuff is tick boxing. When an asset management compliance officer moves on to be an investment bank compliance officer, they don’t usually get turned down. I don’t know what the FCA’s process is when they’re doing that. And therefore, I don’t understand why it takes more than a few weeks.”
12-week rule
The 12-week rule allows an individual to cover for a senior manager without being approved, where the absence is temporary or reasonably unforeseen, and the appointment is for less than 12 consecutive weeks. Both speakers thought the FCA should be more relaxed about people holding this temporary position and be more sympathetic as the people are probably not being paid more to take on the extra risk.
Interaction with other regulatory regimes
A lot of the audience worked for international firms and have co-heads and co-management across different jurisdictions. So the question of how they manage this in terms of function responsibilities was raised.
“It’s really, really difficult. If a firm is launching is a cost-cutting strategy, are you really going to stand up and say ‘not in the UK’!” Mark asked.
The Matrix management is a problem, whatever the FCA says. (See FCA Handbook).
Fortunately, a lot of other regions are starting to have similar rules. However, “in the US, managers are scared of the [SMCR] regime actually. So often, they’re scared to put things in writing, so those decisions are passed down. So you have to be really careful about that,” said Mark. “I would go back to the evidential thing if you’re involved in any of this in your management roles, you really need to get your head around what records you keep and how you keep them.”
What changes could be made to the SMCR?
SMCR has been on the whole well received. In the Bank of England Discussion Paper (DP1/23), 95 of the 125 respondents said SMCR was having a positive effect, and 70% of the PRA supervisors found SMCR helped them to take individuals to account.
However, it was noted that some of the more process-driven issues around the regime should be addressed.
Enforcement of SMCR
The SMCR is described in DP1/23 as a mostly a preventative regime, and to this end, aims to:
- encourage staff to take personal responsibility for their actions;
- improve conduct at all levels;
- make sure firms and staff clearly understand, and can show, who is responsible for what; and
- improve corporate governance.
Some people see this as a reflection in the relative lack of enforcement actions. Investigations can take up to four years. Last year the PRA fined Carlos Abarca (CIO SMF 18) for a failure to take reasonable steps to ensure that TSB Bank plc (TSB) adequately managed and supervised an IT outsourcing arrangement relating to its IT platform migration.
However, on the whole it was also noted that the FCA should not that be going after compliance officers and MLROs unless they are a bad actor.
Non-financial misconduct (NFM)
Seung and Mark were in total agreement – bullying, sexual harassment and similar bad behaviors should be covered under SMCR. It was queried whether NFM would be picked up in the regulatory reference and it was suggested that interviews would be a good tool for uncovering conduct issues.