Working with the Senior Managers Regime
Blog: Software AG Blog - Reality Check
In follow up to my recent blog post about market abuse and banking culture, it’s worth noting that the new Senior Managers Regime (SMR), designed to improve individual accountability in the banking and finance sector, has now come into force in the UK. According to the Bank of England’s Prudential Reporting Authority, the SMR “is aimed at supporting a change in culture at all levels in firms through a clear identification and allocation of responsibilities to individuals responsible for running them”.
Under this new regime, banks and other regulated financial institutions are now required to identify all individuals who hold a Senior Management Function (SMF), so that those individuals can be held accountable for any misconduct that falls within their areas of responsibilities.
It’s clear that the regulators are serious about improving accountability in the financial sector. And if responsible individuals are to avoid potentially criminal sanctions being imposed upon them for non-compliance, then they will need to be absolutely certain that their firms have all the necessary policies, procedures and processes in place to allow them to do their jobs and stay within the law.
The first element in all of this is that firms have to clearly define the responsible roles (i.e. the SMFs), so that they can inform the regulator who is performing those roles, and what areas they’re responsible for. But it’s worth emphasising that this is not just a one-off action. Firms can’t just register their senior managers with the FCA and leave it there. It’s an ongoing process, where senior managers and the roles they perform must be reviewed on a regular basis, to ensure those individuals are still fit and proper and performing their functions correctly.
It is also important to note that these new regulations do not just apply to the individuals who perform Senior Management Functions. Every firm must also now implement a Certification Regime, to certify that employees carrying out “significant harm” functions- who are not Senior Managers – are also fit and proper to perform those functions that are considered to carry risk. Those employees also need to be regularly assessed.
Under this new regime, firms are now expected to put processes in place for certifying every individual who falls into one of the above two categories. And of course, this needs to address ongoing issues, such as when people change roles or get promoted, people leaving the firm and others coming in, temporary cover for things like maternity leave or compassionate leave, and so on.
Another aspect of the SMR is that every firm needs to identify and implement a set of Conduct Rules, which then need to be monitored on an ongoing basis to ensure that they are being followed. All relevant individuals must be made aware of the Conduct Rules that apply to them and trained appropriately. Firms also need to inform the regulators when those rules are potentially being breached (and by whom).
Because it is the Senior Managers’ heads that will roll in the event of serious failings within their part of the organisation, they will want and need the ability to actively monitor for breaches of compliance and conduct by their staff, which means closer collaboration between their lines of business, HR and Compliance departments, even bringing more compliance monitoring into the front office.
None of this is simple or straightforward. However, it can all be made more transparent, more controlled, more manageable and more agile through the use of appropriate Business Process Analysis (BPA) technology and Intelligent Governance, Risk Management and Compliance (iGRC) solutions. This type of technology allows firms to not only document the roles and functions of their named Senior Managers, but also to track the workflow around those functions and run automated real-time control testing, which can be tied back to what’s actually going on within the organisation right now, automatically flagging and highlighting elements that could potentially be breaching specific Conduct Rules, so that appropriate action can be taken and, where necessary, reported to the regulator.
The important thing here is that the implementation and ongoing management of the Senior Mangers Regime is not an isolated function that happens on a stand-alone basis. One of the key benefits of Intelligent GRC and integrated BPA technology is that it allows SMR compliance to be fully integrated with a firm’s ongoing business, so the whole thing becomes much more meaningful. This additional clarity means there is less scope for error and misinterpretation of rules and regulations, because it becomes much easier for the organisation to actually track, monitor and manage the whole process. As a result, compliance becomes much more manageable with fewer unwanted surprises.
In conclusion, the firms that are able to rapidly and clearly design a set of processes around these new policies, and implement those processes in an integrated way, will be in a much stronger position in terms of compliance, enabling their Senior Managers to sleep a little easier at night.