It is now six years since the Senior Managers and Certification Regime (SMCR) was introduced in the UK, initially to banks regulated by the FCA and PRA, and then, in December 2019 to all sole regulated firms.

It’s worth spending a few sentences looking at the antecedents of this regulation. It was the result of a parliamentary commission set up in July 2012, in the wake of the financial crisis, to recommend improvements in UK banking.

The commission’s subsequent report stated that “an environment of insufficient personal responsibility” allowed executives to evade the consequences of decisions. Moreover, it said, the then prevailing Approved Persons Regime “had created a largely illusory impression of regulatory control while meaningful responsibilities were not in practice attributed to anyone.”

It was these shortcomings that the SMCR was designed to cure, and it made senior managers (SMs) responsible for failures of conduct and control that happened on their watch. Whether the SMCR has lived up to its billing as the big stick required to keep recalcitrant bankers in line is a matter of debate, but the message remains clear: fall foul of SMCR and you could head straight to jail. It’s serious.

However, systems currently in place are not protecting SMs. It should be a matter of concern that fully one-third of asset managers, or 64 firms, failed to meet the criteria for acceptance to the new UK stewardship code in September.[1]

There are three main ways in which current risk control procedures are failing.

• Financial institutions have a raft of lengthy policy documents they can brandish in front of regulators, but very little evidence that these policies are being adhered to in a meaningful manner. This should make SMs very worried. They are supposed to be fully accountable yet they cannot be fully accountable if all a bank has is a policy. Comprehensive front to back (FTB) risk controls are required, fully connecting all businesses within a SM’s ambit of responsibility and providing incontrovertible evidence that policies are being followed and appropriate controls are in place.
• There is a serious lack of satisfactory risk control diagnostics. This means firms do not currently have systems which dynamically review controls on a continuous basis, nor do they know how these controls compare with those at other firms on the Street. These diagnostics should be able to identify where there are chinks in the armour and recommend remedies. In lieu of this, SMs don’t know where the weaknesses reside and when they do find out it could be too late.
• There is much talk about culture and conduct, but at the moment these remain somewhat woolly concepts which are, once again, insufficiently integrated to a firm’s risks and controls. There are lots of different ideas about what good culture is, but very little evidence to show what it is. These issues are perhaps likely to become more pertinent over the next year as working from home becomes an established feature and SMs can no longer monitor their teams as closely as they once could. It becomes imperative that SMs know what the people in their teams are doing and that they are behaving with probity.

According to the FCA, the first two senior manager conduct rules are “You must take reasonable steps to ensure that the business of the firm for which you’re responsible is controlled effectively” and “You must take reasonable steps to ensure that the business of the firm for which you’re responsible complies with the relevant requirements and standards of the regulatory system.”

This can only be accomplished if a SM has a complete and comprehensive view of risk and controls across the whole business, front to back. Once again, data holds the keys to the castle, and fitting technology is needed to mine that data.

[1] https://www.frc.org.uk/news/september-2021/frc-lists-successful-signatories-to-the-uk-steward

About Acin

Acin has a comprehensive, pre-built risk and control quick start library of inventories constructed through industry consultation and mapped to regulatory guidance, to provide immediate value and accelerate impact. Easily and proactively demonstrate to the regulator, auditors, investors, shareholders, and boards that you are managing climate risk – ahead of regulatory deadlines.