the senior managers and certification regime in practice · pdf filethe senior managers and...
TRANSCRIPT
25 April 2017
Taking a running start
The Senior Managers and Certification Regime in practice
2
Senior Managers and Certification Regime
Overview
Agenda
1 SMR overview and planning ahead
2 Lessons learnt from the banks
3 Practical application
- HR processes
- Statements of Responsibility
3
Senior
Managers
Regime
Certification Regime
Conduct Rules
Senior Managers and Certification Regime
A reminder of the regime for banks
Introduces new Senior Management Functions (“SMFs”) to replace existing Significant Influence Functions.
Introduces specific ‘prescribed responsibilities’ which must be allocated amongst SMFs.
Requires firms to record their key governance arrangements in a ‘Responsibilities Map’and for SMFs to complete individual ‘Statements of Responsibilities’.
Requires firms to annually certify the fitness and propriety of certain key employees in ‘significant harm-functions’ who are not pre-approved by the regulator as SMFs.
Replaces regulatory approval for individuals who are not Senior Managers.
New Code of Conduct rules to replace existing approved persons principles.
Tier 1 – Individual Conduct Rules apply to all employees, excluding ancillary staff.
Tier 2 – Senior Manager Conduct Rules apply to those in SMF roles.
4
Planning ahead
Steps to consider taking now
• Set up SMCR working group with representatives from key areas of the firm i.e. HR, Compliance, Legal, Secretariat, IT.
• Identify individuals who may be in scope of Senior Manager and Certification regime.
• Prepare Statements of Responsibility for all individuals in scope and establish the scope of their personal liability.
• Draft Management Responsibility Maps according to the FCA-designated areas of responsibility, ensuring there are no gaps and clear lines of reporting.
• Review management information to determine whether it is effective and sufficient to enable those individuals to oversee the activities of the firm, understand the risks of the business, make decisions and evaluate performance.
• Review the level of detail captured at committee meetings and other documentation to determine whether it is sufficient to provide evidence that individuals are taking appropriate steps to prevent breaches in their areas of responsibility.
• Design procedures and controls to annually assess and certify the ongoing fitness and propriety of these individuals.
• Review code of conduct.
• Update recruitment procedures and reference request templates.
5
Implementation: Lessons Learned
Delivering the programme
Programme considerations
Cross-Function
al Involvem
ent
Identifying Key
Functions &
Function Holders
Some firms experienced significant debate over which individual should lead the SMR project. Some foreign owned banks nominated the UK CEO to be sponsor, in line with expectation for this individual to be accountable for regime on BAU basis.
Working groups typically need good coordination across Compliance, Legal, Secretariat, HR and in some cases COO and IT.
Some firms were very proactive in approaching the PRA and FCA for feedback on draft SMR populations. Once timings on the new regime are clearer, those firms with a supervisor may want to plan the timing of an initial regulatory interaction as well as grandfathering timescales.
There can be significant discussion over key areas such as allocation of responsibilities and multiple iterations of documents. The regulations require a firm “to keep a record of its reasoning” so clear design documentation is important.
Cross-Functional
Involvement
Regulatory interaction
Programme Ownership
Documenting rationale
Appropriate sequencing
of workstreams
Board involvement
Based on our experience with similar projects we have set out below just a few of the programme-related practical
considerations that we have encountered during preparation for SMCR.
Planning out Board milestones is important to ensure a smooth approval process. This is especially the case given most firms have few scheduled Board meetings between now and 1 January 2018.
Some firms have found that Directors (including NEDs) wanted more active discussion and the opportunity to input at an earlier stage than
planned.
A considerable number of firms spent a lot of initial time on the Senior Managers aspects of the programme, only to find that changes needed for “fit and proper and conduct monitoring” processes have a longer
than expected implementation time.
6
Implementation: Lessons Learned
Findings from recent Internal Audits on SM&CR
Business-as-usual ownershipThose organisations experiencing significant senior management changes need to update the Management Responsibilities Map more frequently than anticipated. This is highlighting the need to conclude business-as-usual ownership of key documents and transition to first line owners.
Sustainability of “Reasonable Steps”Although considerable energy was put into training and identification of reasonable steps for senior managers, recent internal audits are highlighting challenges by senior mangers in adhering to the minimum standards set out by SMR programme teams pre-March 2017.
Delegated AuthoritiesFollowing the exercise to clarify role profiles and populate Statements of Responsibilities, firms are finding it necessary to undertake deeper projects to clarify delegated authorities at levels below senior managers.
Oversight of cultureThe individuals with prescribed responsibilities in relation to culture (particularly Chairman) are keen to have more explicit oversight of this area at the Board. A number of firms are still developing an approach to monitoring.
Certification population Areas of particular judgment included identifying senior management and concluding on overseas in-scope individuals. Larger firms are going through certificate issuance in batches.
Conduct breach monitoringSome firms are still considering the most effective governance mechanism for consideration of breaches and calibrating the difference between an internal breach and a reportable breach. The regulators have been focused on consequences post breach.
Tightening up on Board disciplinesSome firms have identified and implemented a number of better Board disciplines including Chairman appraisals of NEDs, Board training programmes, recording Board CPD, calendar of non-exec/exec meetings.
Internal audit activityThe work of internal audit is moving from programme assurance to assessing the degree of embeddedness. Some IA functions are weaving consideration of SMR organically into each audit.
7
What are the processes impacted by SMCR?
Employee lifecycleUnder the new regime, a number of requirements are likely to be introduced that will require various teams to work together so that all aspects are considered and fully implemented prior to commencement. Firms will need to develop a consistent UK process to manage the requirements of the new regime.
Identifying certification
roles
New Joiners
Changing rolesOnboarding
Fitness and Propriety
Regulatory references
Criminal Record checks
SMR requirements
Registrations
Statements of Responsibilities
Responsibilities Maps
Handover
Training
Conduct Rules
On-going requirements
Conduct Breaches
Monitoring
Reporting
Annual Certification
Fitness and Propriety
Conduct breaches
End of year review process
MI and Reporting
SMR / CR lifecycle
Reasonable steps
1
2
3
45
6
7
Employee SMR/Certification
Lifecycle
8
Information requested Response
1AName, contact details and firm reference number of firm providing reference; or
1BNames, contact details and firm reference numbers (where applicable) of group firms providing a joint reference
2 Individual’s name (i.e. the subject of the reference)
3Name, contact details and firm reference number of firm requesting the reference
4 Date of request for reference
5 Date of reference
Regulatory reference
What’s expected
9
The answers to Questions A to F cover the period beginning six years before the date of your request for a reference and ending on the date of this reference
Question A
Has the individual:
(1) performed a specified significant harm function for our firm; or
(2) been an approved person for our firm.
Answer:
Yes
No
Question B:
Has the individual performed one or more of the following roles in relation to our firm:
(1) notified non-executive director;
(2) credit union non-executive director; or
(3) key function holder (other than a controlled function).
Answer:
Yes
No
Question C:
If we have answered ‘yes’ to either Question A or B above, we set out the details of each position held below, including:
(1) what the controlled function, specified significant-harm function or key function holder role is or was;
(2) (in the case of a controlled function) whether the approval is or was subject to a condition, suspension, limitation, restriction or time limit;
(3) whether any potential FCA governing function is or was included in a PRA controlled function; and
(4) the dates during which the individual held the position.
Answer:
Regulatory reference (continued)
What’s expected
10
Question D:
Has the individual performed a role for our firm other than the roles referred to in Questions A and B above:
Answer:
Yes
No
If ‘yes’, we have provided summary details of the other role(s), e.g. job title, department and business unit, below.
Question E:
Have we concluded that the individual was not fit and proper to perform a function:
Answer:
Yes
No
If ‘yes’ and associated disciplinary action was taken as a result, please refer to Question F below.If ‘yes’, and no associated disciplinary action was taken as a result, we have set out below the facts which led to our conclusion.
Question F:
We have taken disciplinary action against the individual that:
(1) relates to an action, failure to act, or circumstances, that amounts to a breach of any individual conduct requirements that:
(a) apply or applied to the individual; or (b) (if the individual is or was a key function holder, a notified non-executive director or a credit union non-executive director for your firm) the individual is or was required to observe under PRA rules (including if applicable, PRA rules in force before 7 March 2016); or
(2) relates to the individual not being fit and proper to perform a function.
Answer:
Yes
No
If ‘yes’, we have provided below a description of the breaches (including dates of when they occurred) and the basis for, and outcome of, the subsequent disciplinary action.
Regulatory reference (continued)
What’s expected
11
Question G:
Are we aware of any other information that we reasonably consider to be relevant to your assessment of whether the individual is fit and proper? This disclosure is made on the basis that we shall only disclose something that:
(1) occurred or existed:(a) in the six years before your request for a reference; or(b) between the date of your request for the reference and the date of this reference; or
(2) is serious misconduct.Answer:YesNo
If ‘yes’, we have provided the relevant information below.
Regulatory reference (continued)
What’s expected
12
Statement of responsibilities
Examples of application
13
Statement of responsibilities (continued)
Examples of application
14
Statement of responsibilities (continued)
Examples of application
15
Statement of responsibilities (continued)
Examples of application
16
Thought leadership publications
© 2017 Deloitte LLP. Private and confidential.
Industry leading points of view
Our blogs exploring latest themes and issues surrounding SMCR
Senior Managers Regime
Individual accountability and reasonable steps
An industry leading white paper on SMCR and the implication of ‘Reasonable Steps’
for Senior Managers.
Transition to SMCR
Strengthening accountability in banking
Setting out the key points in the banking CP and our expectations of what this will
mean for firms and individuals in practice.
Management information on culture
Connecting the dotsThis paper sets out eight principles for
collecting culture MI which will help Boards and senior management to assess
and manage their culture.
http://blogs.deloitte.co.uk/financialservices/2016/04/the-new-accountability-regimes-now-live-and-auditable-the-buck-stops-here.html
http://blogs.deloitte.co.uk/financialservices/2015/02/senior_managers_regime.html
http://blogs.deloitte.co.uk/financialservices/2015/02/senior_managers_regime.html
http://blogs.deloitte.co.uk/financialservices/2017/03/smr-a-year-on-but-with-more-to-do.html
http://blogs.deloitte.co.uk/financialservices/2016/10/senior-managers-and-certification-regime-changes-to-functions-responsibilities-and-scope-of-conduct-.html
http://blogs.deloitte.co.uk/financialservices/2016/09/notification-of-conduct-rule-breaches-holding-individuals-to-account.html
http://blogs.deloitte.co.uk/financialservices/2015/06/individual-and-collective-responsibilityrewriting-agatha-christie.html
http://blogs.deloitte.co.uk/financialservices/2016/10/regulatory-references-fca-issues-its-final-rules.html
https://www2.deloitte.com/uk/en/pages/audit/articles/management-information-on-culture.html
https://www2.deloitte.com/uk/en/pages/financial-services/articles/senior-managers-regime.html
https://www2.deloitte.com/uk/en/pages/financial-services/articles/senior-managers-regime.html
17
Contacts
With you today
Lauren Masson
Senior Manager
Investment Management
+44 20 7303 0127
Dominic Graham
Director
FS Risk Advisory
+44 20 7303 2194
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited (“DTTL”), a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.co.uk/about for a detailed description of the legal structure of DTTL and its member firms.
Deloitte LLP is the United Kingdom member firm of DTTL.
This publication has been written in general terms and therefore cannot be relied on to cover specific situations; application of the principles set out will depend upon the particular circumstances involved and we recommend that you obtain professional advice before acting or refraining from acting on any of the contents of this publication. Deloitte LLP would be pleased to advise readers on how to apply the principles set out in this publication to their specific circumstances. Deloitte LLP accepts no duty of care or liability for any loss occasioned to any person acting or refraining from action as a result of any material in this publication.
© 2017 Deloitte LLP. All rights reserved.
Deloitte LLP is a limited liability partnership registered in England and Wales with registered number OC303675 and its registered office at 2 New Street Square, London EC4A 3BZ, United Kingdom. Tel: +44 (0) 20 7936 3000 Fax: +44 (0) 20 7583 1198.