The findings of our review into the embedding of the Senior Managers and Certification Regime (SM&CR) in the banking sector. The SM&CR was introduced for deposit-taking firms and dual-regulated investment firms (the banking sector) in March 2016.
Who this review applies to
Our findings will be of interest to the banking sector and to all SM&CR firms. This includes solo-regulated firms that will be coming into the regime in December 2019 and insurers, for which the regime commenced in December 2018.
Why we conducted this review
We want to better understand how the SM&CR has embedded in the banking sector in the 3 years since it was introduced. We are interested to understand whether there are any issues that warrant more focus from firms and the FCA.
We anticipate that firms will be able to learn from banks and building societies in developing their approach to embedding SM&CR. We will also use the findings ourselves, to help focus our communications and supervision.
This is not a full post-implementation review and we do not propose to make any policy changes based on it.
What we did
Our approach was based on interviews with 45 people at 15 banking sector firms as well as trade associations, the Banking Standards Board, the FCA and the PRA.
The key element of the review was interviews with individuals in firms who have worked with SM&CR. The firms we selected for this review came from across the banking sector, including large and small wholesale and retail banks and building societies.
The review covered a wide range of themes, including:
- senior manager accountability
- certification
- regulatory references
- conduct rules
- impact on culture
- unintended consequences
- embedding and overcoming initial implementation issues
The findings are based on interviews. We did not validate the interviews through reviews of documentation. However, we found a high level of commonality across our interviews and we believe that the results are likely to be broadly representative of the sector.
What we found
The industry has made a concerted effort to implement the regime. Most firms are taking actions to move away from basic rules-based compliance towards embedding the regime in the organisation.
Senior Manager accountability
Senior managers across all firms were clear on what accountability means in the context of their jobs and day-to-day activities. They could explain how they were accountable for their own actions and their responsibilities as leaders in their organisations.
Some non-executive directors were concerned the regime expected too much from the Board. There was a perceived risk that the line between a non-executive and executive could become blurred as Board members become more involved in operations of the business.
Our comments:
The SM&CR does not seek to redefine the roles of non-executives. In particular, we do not expect non-executives to act more like executive directors. Indeed, we see the oversight role of non-executive directors and their ability to challenge management as a key safeguard for the interests of firms’ stakeholders. However, especially in larger firms, the responsibilities of SMF non-executive directors will often be considerable.
Some firms are placing a lot of importance on the Management Responsibilities Map (MRM) and are using it beyond what it was originally created for.
Many senior managers expressed concern around understanding the meaning of ‘reasonable steps’ in the context of their business. They were reluctant to state what they believe good looks like and inclined to look to the regulators’ expectations, often seeing the answer as being further guidance from the FCA.
Our comments:
The concept of reasonable steps is part of the Duty of Responsibility introduced in the legislation that established the SM&CR. There is guidance in the Decision Procedure and Penalties manual that sets out some of the factors that the FCA would expect senior managers to have regard to in considering whether they have taken reasonable steps to avoid a contravention from occurring or continuing. However, it is not possible to provide an exhaustive list that would cover every situation. Neither would it be helpful; our expectation of senior managers is that they should be doing what they reasonably can to prevent misconduct. Appropriate controls and processes are an important part of this but we also look to senior managers to think more broadly and to create an environment where the risk of misconduct is minimised, for example through nurturing healthy cultures.
Certification
Our evidence indicates that firms have implemented processes to oversee the certification population. They have taken steps to ensure their frameworks are robust with several checks and balances in place to support the competence assessment and provision of training.
Firms have broadened their approach to assessment of staff beyond solely technical skills, and managers are in a better position to assess the behaviours of their certified staff. However, most firms could not demonstrate the effectiveness of their assessment approach, use of subjective judgement or how they ensure consistency across the population.
We did not see evidence in general that firms had made significant changes to their performance assessment processes other than incorporating expected behaviours. For instance, it is not clear that firms are using the Certification Regime to evaluate if managers of certification staff (who are themselves certified) are competent managers.
Regulatory references
All firms were positive about the concept of regulatory references and its intention to address the potential issue of ‘rolling bad apples’. This is where people with poor conduct records are able to move to new employers. However, the majority felt that the industry had some way to go to improve the quality and timeliness of references. Another challenge for firms is that other firms are not always consistent in recording breaches of the Conduct Rules.
Some firms were more inclined to rely on references than others. This depended on their size, risk appetite and from where they recruit senior managers and certification staff.
Conduct Rules
Interviewees believed that staff generally understand the conduct rules. However, our evidence suggests that firms have not always sufficiently tailored their conduct rules training to staff’s job roles.
Firms are often using their own values to articulate how they bring the conduct rules to life. However, there was insufficient evidence to be confident that firms have clearly mapped the conduct rules to their values.
Many firms were often unable to explain what a conduct breach looked like in the context of their business.
Our comments:
The conduct rules are a critical foundation for firms’ culture and the conduct of individuals. It is essential that staff understand the rules and how they apply to them. Under FSMA, firms must:
a) notify all relevant persons of the conduct rules that apply in relation to them
b) take all reasonable steps to secure that those persons understand how those rules apply in relation to them
This must include the provision of suitable training.
Impact on culture
Most firms said that they had embarked on culture change work before the implementation of the regime. These initiatives were prompted by a number of factors, including past conduct issues, the impact of ring-fencing and the remuneration code.
Many firms described a stronger tone and ownership from the top. They told us that there was now a change in the level of detail, clarity and quality of conversations on culture and expected behaviours. All the firms talked about the work they had done to create a culture of challenge, escalation and providing a safe environment for staff to speak up.
Firms have found it challenging to find appropriate ways of measuring culture and the effort to do so is continuing.
Firms told us that the regime is having an impact on the mindset of senior managers. However, SM&CR is primarily enabling firms to improve their controls environment, which they expect to lead to improved behaviours. It is not clear to what extent the regime has been linked to culture.
Unintended consequences
For most firms, SM&CR did not lead to significant unintended consequences. The unintended consequences that arose for a few firms were specific to their respective businesses.
Some firms told us that there was a culture of fear during the early days of the regime. However, this has now largely dissipated. Two reasons were given for this:
- Firms worked to develop an environment of healthy challenge and openness
- They are seeing the regulators work collaboratively with them to achieve positive outcomes
There is evidence that processes and controls on approvals of new products and businesses have been tightened. This has potentially contributed to firms being more risk averse and considered around innovation initiatives. However, if firms get the balance right, we don’t see this as a negative outcome.
There is some evidence of recruitment challenges, particularly for candidates from outside the financial services industry considering certification or SMF roles but this was not universal.
Most firms mentioned the additional staff and work required to administer the regime. However, this was seen by many as part of creating a robust governance environment within their firm.
Embedding and overcoming initial implementation issues
Most firms are continuing to embed the regime, particularly below the senior manager level, with a focus on the spirit of the regime and ensuring their approach is proportionate. The different levels of maturity across firms are driven by several factors. This includes size, resources, their cultural baseline and their interactions with regulators. Generally, the larger banks, with more resources and exposure to the regulators, are more mature in their approach.
We believe that initial implementation issues that firms faced have now been overcome. Firms described the initial stages of implementation as challenging but came to see clear definition of accountability as beneficial.
Some firms seem to have been less successful in embedding the regime below the senior manager level. There is some room for further progress at the certification level and potentially more significant weaknesses in the implementation of the conduct rules for other staff.
Our actions
We will increase our supervisory focus on the conduct rules. We expect all SM&CR firms to ensure that they are embedding the conduct rules in their businesses to meet their obligations under the regime.
We will continue to build on the links between the SM&CR and firm culture. The Senior Managers and Certification Regime is an important way to establish a culture of accountability for conduct and aligns with our cross-sector business priority to continue to work on firm culture and governance.
Next steps
9 December 2019: The SM&CR will commence for solo-regulated firms. For further information, please see our web pages[1].
10 December 2019: Insurers must have trained all conduct rules staff on the conduct rules and issued the first certificates for certification staff.
9 December 2020: Solo-regulated firms must have trained all conduct rules staff on the conduct rules and issued the first certificates for certification staff.