What is SMCR?

Fraser Doig Date published: Sep 14, 20

The Senior Managers & Certification Regime (SMCR) is part of the core effort led by UK regulators. So, what is SMCR and what does it mean in the context of your business?

The aim is to drive personal accountability in financial firms, by promoting improved corporate culture, governance, and transparency. The regulation ensures that all senior managers within financial services firms are:

• approved by the relevant regulator
• have a statement of responsibilities detailing everything that they are accountable for
• can be held personally responsible for any form of misconduct

SMCR also stipulates that a code of conduct must be established for all staff in financial services and that employees in roles in which they could do significant harm to consumers or to the UK’s financial stability are annually approved by their firm.

SMCR affects:

• Banks - The banking sector has been required to abide by SMCR since March 2016 
• Insurers - SMCR has applied to dual-regulated insurers (those regulated by both the FCA and PRA) since December 2018 
• Solo-Regulated Firms - The FCA extended SMCR to include all firms in December 2019. The deadline for solo-regulated firms to comply with SMCR guidelines is the 31^st of March 2021 

On 9 December 2019, the Senior Manager’s and Certification Regime (SMCR) – seen by many as the most significant piece of regulation in the industry for a generation – was expanded out to all financial services firms regulated by the Financial Conduct Authority (FCA). This change puts personal accountability for risk, compliance, and control directly in the hands of senior directors and executives and can result in jail time and significant personal fines in the case of non-compliance. The damage this can cause is evident in the case of Mr James Staley, Chief Executive of Barclays Group, who was fined £642,430 last year for failing to act with due skill, care and diligence.

SMCR has proven to be a massive disruptor to the daily activities of thousands of firms; however, it can be managed with the proper time and resource investments. Steps that firms can take to better manage their obligations include:

Establish an SMCR project team

Having an established project team responsible for the maintenance of SMCR is the best way to spread awareness of the changes and ensure preparedness. SMCR is a business initiative and calls for a structured approach to ensure the firm has the knowledge and resources to deliver the proper requirements. It is also important to gain full engagement from the Board and senior leadership to ensure traction throughout the organisation. After all, it is the senior leadership that need a comprehensive understanding of how their organisation’s risk and compliance roles and responsibilities map back to them. For this reason, it is vital to ensure that your project team are equipped with the proper tools necessary to align your organisation with SMCR as efficiently and effectively as possible. A system for communication, project governance, managing workflow and tracking actions and incidents is key to the success of SMCR project management and allowing all parties to work together effectively.

Don’t be short-sighted

You have met the December 2019 deadline and spent a great deal of time and effort ensuring you satisfy the FCA’s rules. However, firms must also consider the time and resource needed to maintain the ongoing management of SMCR. This means testing that process controls are steadfast and putting in place a system to manage SMCR end-to-end. If implemented well, SMCR should be a driver for positive cultural change in the long term. This is another key part of the regulation, to establish good culture throughout the organisation. Gaining a thorough understanding what’s going on throughout the business and what employees’ expectations are is key to achieving this.

Invest in innovation

One of the lessons learned from the implementation of SMCR in the banking and insurance sectors was poor innovation – in particular the inadequate use of systems, tools and technology. A number of firms used manual spreadsheets and processes to maintain controls over SMCR which in many cases proved ineffective.

Using manual processes to manage your SMCR obligations will never be sufficient, as workarounds and in-house systems are not designed to meet the standards regulators demand for compliance. In addition to this, it is time-consuming and complex. In order to make sure that SMCR does not become a distraction and hinder productivity, it must be approached with a clear focus; a proper system of record including full audit trail and real-time reporting of risk and compliance obligations to senior executives is essential. Those organisations looking to excel in their own preparations for SMCR should consider the benefits a robust software application can bring to automating processes and empowering people to engage with the regime. Software solutions can bring clarity and consistency to the entire SMCR lifecycle, and make sure that the initiative is not viewed as a race to the finish line, and is instead adopted fully throughout the business, and completely understood by all stakeholders.

Build an Accountability Framework

This may prove to be the most challenging aspect of SMCR, but it is arguably the most important thing businesses can do to make sure that governance structures, reporting lines, policies and practices are in place to support those individuals shouldering the responsibility of SMCR. Taking care to compile and organise your organisation’s key supporting documents, as well as establishing a system that allows you to standardise and automate the document control process is key to laying a foundation for regulatory compliance and allows you to develop a framework for operational excellence. From this foundation, the burden of SMCR will significantly decrease.

Taking a hybrid and collaborative approach to compliance

It’s not enough to merely comply with SMCR by the deadline, this regulation is going to require long term change from firms which means compliance must be embedded into business practices in order to uphold the standards laid out by the FCA. This is an opportunity to enable positive change within your organisation and look at new ways of doing things. A hybrid approach allows both people and technology to come together to enhance SMCR compliance and strengthen working practices, paving the way for a better understanding of the responsibilities of Senior Managers and what that means for the organisation as a whole.

[1] Due to the global coronavirus pandemic, the FCA and HM Treasury agreed to extend the deadline for these firms to have undertaken the first assessment of the fitness and propriety of their Certified Persons to 31 March 2021.