Senior Managers and Certification Regime (SM&CR) Consulting and Implementation Support
Kroll provides a comprehensive range of support to all firms and individuals subject to SM&CR, with solutions that are proportionate, practical and fully compliant with the regulations.Contact us
Explore Financial Services Compliance and Regulation
The FCA and PRA introduced the Senior Manager and Certification Regime (SM&CR) to deposit taking institutions in 2016, changing the way that individuals are regulated in the financial services industry. In 2019 the regime was extended to nearly all FCA regulated firms. SM&CR is the biggest change in the regulation of individuals in recent history and introduces a new era of accountability, aiming to improve conduct at all levels.
The impact of this new accountability regime is now becoming clearer, with the FCA and PRA now embedding individual conduct and accountability considerations throughout their supervisory and enforcement activities, with more direct questions being asked of individual Senior Managers.
SM&CR – Post Implementation
Following the implementation of SM&CR to solo-regulated firms the Financial Industry as a whole has entered into a new era of individual accountability. SM&CR requires firms to articulate how they manage themselves in clear, unambiguous terms that both management and the regulators can understand. SM&CR also requires that those accountable take reasonable steps to ensure that they are managing things in an effective way.
The challenges presented by SM&CR are not just regulatory, they impact the wider business practice and so should not be viewed as something for the compliance to handle in isolation. Nor should the completion of implementation be viewed as the end of the process. Senior Managers are expected to take a pro-active role in checking things are up to date, both in terms of accountabilities and their own management arrangements.
During periods of transition, for example where roles change, Senior Managers join and leave the firm, organizational restructuring – SM&CR arrangements will need specific attention.
Incoming Senior Managers are increasingly asking firms questions around SM&CR accountabilities and mechanisms firms have in place to support them, often ahead of signing a contract. Robust SM&CR arrangements are therefore becoming a necessity for firms that want to attract the best talent to the most senior roles.
We believe that the first 100 days are of vital importance for a new Senior Manager, taking time to assess all areas for which they are accountable, identifying gaps and starting to take steps to remediate them Firms should have processes in place to support both outgoing and incoming Senior Managers during this transition.
Evidencing Reasonable Steps
Senior Managers may be asked to evidence that they have taken ‘reasonable steps’ under the new regime to prevent or stop breaches within their area of responsibility. It is important that each Senior Manager understands what they and other Senior Managers are responsible for within the firm. Each Senior Manager will want to review their area of responsibility and ensure that they are comfortable with the arrangements and able to evidence that they personally have taken steps to ensure that breaches can be prevented. In order to evidence this review, we believe senior managers should take a four-stage approach:
Confirm responsibilities are accurate and understood, updating them where necessary.
Undertake a review of each area of responsibility, the key challenges, areas for improvement, key risks, culture, structure and governance arrangements in place.
Risk rate and prioritize the findings and set out plans to address them, escalate if necessary and discuss with relevant parties to develop risk-based responses to issues.
Implement the necessary changes, focusing on sustainable solutions and evidencing systems and controls.
Below we have set out some of the key headings that should inform any review:
Key Areas of Review
- Governance Arrangements
Consider whether existing arrangements, and the management information that supports governance, are up-to-date and remain fit for purpose. While governance arrangements are often designed and managed on a firm wide basis, each Senior Manager should look to ensure that they have appropriate arrangements within their area of responsibility, such as formalizing departmental decision making and committees.
- Delegation and Oversight
Assess whether the appropriate tools and mechanisms are in place which accountable individuals use to delegate with confidence and maintain effective oversight. This will include reporting lines, escalation, incident and risk reporting mechanisms.
- Policies and Procedures
Review whether staff have access to clear documentation, that their work can be monitored against agreed standards and that controls and check points have been assessed and documented. Handover frameworks will also need to be reviewed to ensure that new Senior Managers have the information they need to make their own departmental diagnosis.
- Training and Support
Consider whether staff have sufficient training and ongoing support in order to understand the Conduct Rules and how they affect them in their roles and identify potential risks.
- Fit and Proper (“FIT”) Assessments
Review whether there are satisfactory processes in place for ensuring that individuals are fit and proper.
- Crisis Response
Ensure that sufficient mechanisms are in place for investigation and reaction to breaches that may occur within an area of responsibility to enable accountable staff to react quickly and effectively to emerging problems.
- Change Management
Assess whether the firm has appropriate systems and controls in place to effectively manage change within the firm.
How We Can Help
Kroll has broad SM&CR experience and insights from supporting a diverse range of financial services firms with all aspects of SM&CR. Our approach to SM&CR recognizes the importance of both the practical and individual aspects of the regime, which goes beyond simply confirming regulatory rules compliance. Drawing on our experience and proprietary tools, our team of SM&CR experts can assess the needs of your firm and assist with strategic thinking, planning and implementation of change within areas of responsibility.
Health Checks of Ongoing Arrangements and Reasonable Steps
- Customized health checks covering regulatory compliance, management arrangements, delegation, evidencing records and training.
- Independent assurance reviews and remediation of SM&CR arrangements
- HR policy and process reviews, including FIT arrangements and referencing
- Reviews specific to the SM&CR conduct rules, individually or as a whole
- Internal investigations
- Advice and assistance on potential and confirmed regulatory enforcement actions
- Counselling and regulatory assistance for Senior Managers
- Root cause analysis
- Remediation planning, applying lessons learnt from crises
- Assistance in addressing weaknesses and gaps
- Review and remediation of policies and procedures
- Advice on the allocation of responsibilities and implementation of SM&CR
Ongoing Compliance Support
- Senior Manager approvals
- Preparation for FCA/PRA reviews
- Skills gap analysis and learning and development plan creation
- Assistance with Certification
- Breach management and reporting
- Ongoing assistance and ad hoc advisory services
- Ongoing conduct rules and other training
- Non-intrusive and in-depth screening solution
- Pre-employment offer screening and assurance reports
- Senior Manager interviews
- Internal investigation support
A comprehensive set of 14 templates to support your ongoing compliance with SM&CR including:
- Responsibilities Maps
- Statements of Responsibility
- Annual Review Procedures
- Fit and Proper Questionnaires
- Joiner and Leaver Procedures
- SM&CR Handbook
- Implementation Plan
See all servicesStay Ahead with Kroll
Valuation of businesses, assets and alternative investments for financial reporting, tax and other purposes.
Compliance and Regulation
End-to-end governance, advisory and monitorship solutions to detect, mitigate and remediate security, legal, compliance and regulatory risk.
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.
Environmental, Social and Governance
Advisory and technology solutions, including policies and procedures, screening and due diligence, disclosures and reporting and investigations, value creation, and monitoring.