The Senior Managers and Certification Regime (SMCR) was introduced to banks in the UK just over a year ago. The Bank of England and Financial Services Act 2016 (the Act) provides for the extension of the SMCR to all financial services firms, including asset managers. Approximately 60,000 additional firms will be brought within the scope of the extended SMCR regime.

Whilst the obligations imposed on senior managers are, on their face, very similar to the requirements of the Approved Persons regime, the emphasis and focus on the part of the Regulators on individual accountability and responsibility and the ability to more clearly identify who within firms is responsible for particular areas add a new dimension to the obligations.

It is possible for asset managers and others to draw some lessons from the implementation of the banking regime for asset managers, which will help them navigate the extension of the SMCR in 2018.

Summary of requirements under the SMCR

In summary, the following are the key components of the SMCR as applicable to banks in the UK:

Senior Managers

Individuals fulfilling "senior manager functions" are required to be pre-approved by the Regulators.  The extent to which an individual requires approval depends on whether they fulfil a role which requires it or whether they have overall responsibility for a business area, activity or function of the firm.  The scope of each senior manager's role must then be clearly documented in a Statement of Responsibilities (SOR).  This document is critical in delineating responsibilities across the firm and ensuring that there is coverage of responsibilities for all key activities conducted by the firm and certain other prescribed responsibilities.

The firm is also required to produce a management responsibilities map, which summarises its management and governance arrangements and allows the Regulators to identify quickly which individuals are responsible for which areas and activities of the firm.

In relation to obligations on senior managers, the S

MCR imposes on senior managers a new, so-called "duty of responsibility".  The duty of responsibility requires senior managers to take reasonable steps to avoid the occurrence or continuation of a contravention of a regulatory requirement on the part of the firm in the area for which they are responsible.  This duty is in addition to Conduct Rules, some of which only apply to senior managers, and which largely replicate the Statements of Principle for Approved Persons.  A notable addition to the Conduct Rules is an obligation on senior managers to take reasonable steps to ensure that any delegation of their responsibilities is to an appropriate person and that they oversee the discharge of the delegated responsibility effectively.

There are also new requirements regarding handovers for incoming and outgoing senior managers, which will require careful thought.

Certification and Conduct Rules staff

Individuals who do not fulfil senior management functions, but do fulfil certain specified "significant harm functions" within the firm, will need to be certified by the firm as fit and proper to conduct their role.  The key difference here is that the firm is responsible for the fit and proper assessment, rather than the Regulators.  This is a significant departure from the Approved Persons regime, and imposes potentially onerous obligations on firms to ensure that they have policies and procedures in place to make an appropriate determination of fitness and propriety. All other staff, apart from those performing purely ancillary functions, will also be required to adhere to individual Conduct Rules.  The firm will need to ensure that Conduct Rules staff are appropriately trained and understand their obligations.

Lessons Learnt

The introduction of the SMCR prompted significant change, both from the perspective of the black letter requirements of the regime, but also from the steps many banks felt it prudent to take to ensure that employees, and senior management in particular, were prepared to take on their obligations under the SMCR.  The scale and depth of the effort required to ensure compliance with the regime, even for smaller firms, should not be underestimated.

There are a number of key practical lessons learnt from the banking SMCR which asset managers (and other financial services firms) may wish to consider:

General

Lesson 1: Ensure you have identified the right legal entities: Each authorised firm will need to be included in the SMCR so it may be worth considering whether entities still require authorisations, or can be de-registered.  Bear in mind that de-registration can take some time.
Lesson 2: Consider the impact of reporting along product and regional lines on the mapping of responsibilities.  Reporting along geographic and product lines can make mapping responsibilities complicated, and it is important to leave sufficient time to work through any issues.
Lesson 3: Review governance and controls to improve standards and to ensure consistency across the firm.  Taking the opportunity to ensure that formal governance frameworks are clear and effective, and that informal governance and control frameworks operate within guidance set on a firm-wide basis, will assist senior managers (and the firm) in being able to demonstrate appropriate controls aimed at the avoidance of regulatory contraventions.

Senior Managers

Lesson 4: Consider how the firm will describe the scope of each senior manager's responsibility.  Whilst in theory this may sound straightforward, documenting the delineation between roles can be complicated, particularly where the Regulators ask firms to aim to do this in 300 words of less.  One particular area of complexity may be the cross over between business areas and functions.  Confirming the scope of responsibilities may also require discussion between senior managers, and so it is prudent to start this process early.

Lesson 5: Review reporting lines to ensure that there is clear delineation of roles and responsibilities.  Often, reporting lines have developed organically over time, meaning that they can be unclear.   Again, navigating this can be more complicated where firms are organised on geographic and/or product lines. 
Lesson 6: Review delegation arrangements. A firm will want to ensure that there is a clear delegation of responsibilities from each senior manager to direct reports, and that the senior manager understands his or her obligations to effectively oversee delegations.  Again, delegation arrangements are often informal and, whilst everyone thinks they understand the arrangements, there can be confusion or a lack of clarity when asked to document this. 
Lesson 7: Review how management information is created and disseminated (both generally within the firm and on an individual senior manager basis). It will be key for firms to ensure that management information is serving the purpose for which it is intended.

Lesson 8: Ensure senior managers are engaged early so that they feel part of the process and understand in detail their responsibilities and the importance of any planned reviews.  Different senior managers are also likely to have different concerns and areas of focus.  Engaging early enables an effective dialogue about those concerns.  This might for example include one to one meetings with senior managers to gain an understanding of any concerns, their area and their view on the scope of their responsibilities, and what "reasonable steps" might look like for them. 
Lesson 9: Consider preparing a senior managers handbook. This will provide an ongoing resource for senior managers, including providing guidance on the duty of responsibility and practical ways in which they can demonstrate having taken reasonable steps.

Certification and Conduct Rules requirements

Lesson 11: Appreciate the definition of an "employee" used to identify individuals subject to the regimes is wider than its ordinary meaning.  For example, it includes consultants, secondees and other workers.  Identifying individuals who are classified as employees can be time consuming in itself.
Lesson 12: Appreciate the definition of "significant harm function" for Certification staff may also require some analysis.  Although the rules applicable to other firms are likely to differ slightly from those applicable to banks, the rules for banks contain some complexities which, if replicated, will take some time for firms to work through.
Lesson 13: It is helpful to use a methodology document setting out how Certification and Conduct Rules staff have been identified.  This is particularly useful where staff are not being identified centrally, to ensure a consistent approach, but in any event this will enable the firm to clearly show the approach it has taken.
Lesson 14: Maintain a live inventory of Certification and Conduct Rules staff.  Considering early on how this will be maintained, and whether it will require changes to IT systems, will assist later when individuals start to be identified.
Lesson 15: Once the population of Certification staff has been identified, the firm will need to consider what changes are required to its onboarding, appraisal and exit processes to ensure compliance with the Certification regime at every stage.  Again, this may require changes to IT systems and training for business areas and HR staff, and so it would be advisable to start the process early.
Lesson 16: Put in place a process for Certification Staff who cannot be certified as fit and proper. If an employee who is Certification staff cannot be certified as fit and proper, early thought should be given to how this will be managed and the process in place to assess fitness and propriety and deal with any issues that arise.
Lesson 17: Consider the impact on regulatory references. The rules also require some changes to the way references are given.  In particular, it will be difficult for references for senior managers and Certification staff to be automated going forwards.  Firms will therefore need to develop processes for ensuring compliance with the new requirements.

Conclusion

There is no doubt that the introduction of the SMCR has resulted in significant change for banks. Asset managers and other firms impacted by the extension of the SMCR can learn a number of practical lessons from the banking regime by looking beyond the formal requirements, and considering how the firm can ensure that the implementation brings about the desired organisational and cultural changes.

To contact the authors: 

Dorian Drew, Partner, Regulatory Enforcement, Clifford Chance LLP: [email protected]

Alistair Woodland, Partner, Employment, Clifford Chance LLP: [email protected]

Chinwe Odimba-Chapman, Senior Associate, Employment, Clifford Chance LLP: [email protected]