Working with the Bank of England's senior managers regime
As of March, the new Senior Managers Regime (SMR), designed to improve individual accountability in the banking and finance sector, is in full effect within the UK. According to the Bank of England’s Prudential Reporting Authority, the SMR “is aimed at supporting a change in culture at all levels in firms through a clear identification and allocation of responsibilities to individuals responsible for running them”.
Under this new regime, banks and other regulated financial institutions are now required to identify all individuals who hold a Senior Management Function (SMF), so that those individuals can be held accountable for any misconduct that falls within their areas of responsibilities.
It’s clear that the regulators are serious about improving accountability in the financial sector. If responsible individuals are to avoid criminal sanctions potentially being imposed upon them for non-compliance, they will need to be absolutely certain that their firms have all the necessary policies, procedures and processes in place to allow them to do their jobs and remain within the law.
The first step is for firms to clearly define the responsible roles (i.e. the Senior Manager Functions), so they can inform the regulator who is performing those roles, and which areas they're responsible for. However, it’s worth emphasising that this is not just a one-off action; firms can’t just register their senior managers with the FCA and leave it there. It’s an ongoing process, where senior managers and the roles they perform must be reviewed on a regular basis to ensure those individuals are still fit, proper and performing their functions correctly.
It is important to note that these new regulations do not just apply to the individuals who perform Senior Management Functions. Every firm must also now implement a Certification Regime, to certify that employees carrying out “significant harm” functions – who are not Senior Managers – are also fit and proper to perform the functions that are considered to carry risk. These employees also need to be regularly assessed.
Under the new regime, firms are now expected to put processes in place for certifying every individual who falls into one of the above two categories. Of course, this needs to address ongoing issues, such as when people change roles or get promoted, people leaving the firm and others coming in, temporary cover for things like maternity leave or compassionate leave and so on.
Another aspect of the SMR is that every firm needs to identify and implement a set of Conduct Rules, which then need to be monitored on an ongoing basis to ensure that they are being adhered to. All relevant individuals must be made aware of the Conduct Rules that apply to them and trained appropriately. Firms also need to inform the regulators when those rules are potentially being breached and by whom.
As it is the Senior Managers’ heads that will roll in the event of serious failings within their part of the organisation, they will want and need the ability to actively monitor for breaches of compliance and conduct by their staff, which means closer collaboration between their lines of business, HR and Compliance departments – even bringing more compliance monitoring into the front office.
While none of this is simple or straightforward, it can all be made more transparent, more controlled, more manageable and more agile through the use of appropriate Business Process Analysis (BPA) technology and Intelligent Governance, Risk Management and Compliance (iGRC) solutions. This type of technology allows firms to not only document the roles and functions of their named Senior Managers, but also to track the workflow around those functions and run automated real-time control testing, which can be tied back to what’s actually going on within the organisation right now. This includes automatically flagging and highlighting elements that could potentially be breaching specific Conduct Rules, so that appropriate action can be taken and, where necessary, reported to the regulator.
It is important to note that the implementation and ongoing management of the SMR is not an isolated function that happens on a stand-alone basis. One of the key benefits of Intelligent GRC and integrated BPA technology is that it allows SMR compliance to be fully integrated with a firm’s ongoing business, so the entire process becomes much more meaningful. This additional clarity means there is less scope for error and misinterpretation of rules and regulations, as it becomes much easier for the organisation to actually track, monitor and manage the whole process. As a result, compliance becomes much more manageable with fewer unwanted surprises.
In conclusion, the firms that are able to rapidly and clearly design a set of processes around these new policies, and implement those processes in an integrated way, will be in a much stronger position in terms of compliance, enabling their Senior Managers to sleep a little easier at night.
By Nigel Farmer, Solutions and Industry Director of Capital Markets, Software AG