Getting the Senior Manager & Certifcation Regimes ‘over the line’ – Learning from the banking sector
By Peter Griffths from Worksmart
The new SM&CR Regimes are aimed at bringing greater transparency and individual accountability into the wider Financial services market place. It promises to deliver considerable change to firms across all the different sectors. As the industry tries to ready itself, it does so against a backcloth of uncertainty about the final rules or a fixed deadline to aim for. The banking sector faced similar challenges in 2015, although the start date of 7th March 2016 was known.
Worksmart has worked with a whole variety of banks of all shapes and sizes since 2015, helping them to get ready and implement the new rules. Since then, we have been busy helping already subject to SM&CR transition from paper based systems onto our software to enable easier management of the ongoing activities and provide accurate record keeping and ‘point in time’ reporting. So all in all, we have over two year’s experience of helping transition to the new rules from a number of perspectives. In this article, we have distilled this experience into some key messages for a smooth and timely transition to the new regime.
My role in Worksmart has been to work with our 15 plus customers to implement our SMCR software. Practically, this has meant me working with customers to configure the software to replicate their Responsibilities Map and complement their business processes. Once configured, I train the different user communities ahead of launching the system. Finally, I continue to stay close to customers to iron out any teething problems and help embed the new software. Because of this, I have experienced a wide range of situations – not to mention a few challenges!
By now most firms in the wider financial services market will have started to think about the new regime But knowing the rules is one thing, translating them into an appropriate response for each firm (as every firm is different) is another. Putting in place a timely and efficient plan for implementation is an entirely different matter. In this article, I would like to share with you the key things that I have learnt along the way.
Put Your SM & CR Regimes ‘To Bed’ Early
Sounds easy, but from the experience of the banks, this takes time – usually much more time than is originally thought. So what causes the time delays? Of course, it varies, however, experience has taught me that the delays will fall into two areas;
Within the firm: allocating SMFs and committee memberships is usually straightforward, however, working out which Prescribed Responsibilities are relevant to the firm can take time. Most firms will accept the definitions provided by the regulator for each Responsibility, however because business models vary, these definitions may need to be amended. Luckily, the proposed SMFs, Responsibilities and Control Functions for the wider financial services market are clearer, so should be easier to understand and allocate between the executive team. However things are seldom straightforward, and sorting out your Responsibilities and Control Functions will be no different. However, a task that is consistently underestimated involves senior executives scrutinising the detail of their proposed Responsibilities and reviewing, even renegotiating, their personal T&Cs in return for this greater accountability. As a Programme Manager in a major Building Society said “we’ve only just got agreement on what we proposed to the exec team a year ago”. So be warned!
With the regulator: once agreed internally, the second area of delay was with the regulator. Not only did banks suffer delays due to the backlog of submissions, they sometimes received unwelcome surprises particularly when executives, who were previously unregistered, had their applications for approval refused. Refusals had knock on effects into reallocating Responsibilities within the exec team, resubmissions and, sometimes, even external recruitment. So the message is clear, avoid delays by getting your submission in early. That way you will get decision ahead, not months after, the regulatory deadline.
Clarifying Certification and Conduct Rules
If the message about getting started early with the SMR community, it is equally true of Certification. Many firms in the banking sector simply underestimated the amount of time it would take to define and gain agreement as to what roles were caught by Certification. When we ask customers how many members of staff are in their Certification Regime, we often got answers like, “anything between 40 and 250, we’re still deciding”. And of course, a second time delay is then allocating Significant Harm Functions (Certification Functions) to those roles. Again, the guidance appears clearer for the wider financial services market, but deciding what roles are caught by Certification and what roles fall into Conduct Rules should not be underestimated.
Once decided, planning the design and delivery of training activities for certification staff will take time. Not only will there be the need to design, organise and deliver the training to provide evidence of understanding of the conduct rules, following the regulator’s guidance for training to be as role-specific as possible, more specialised training also need to be designed. Experience over multiple implementations has taught me that training is often an afterthought on the project plan. If this is the case, then your training will probably be delivered late, leaving you exposed to the risk that staff are not fully aware of their responsibilities under the new regulations.
Finally, because the regulator’s expectations are for competent, not just compliant, behaviour there will also be a debate about what evidence will you need to demonstrate competence. If your firm has a fully functioning performance appraisal process, then this may well be enough, (certainly this is the view taken by most firms). However, if your firm does not have a robust performance appraisal process in place, I suggest the new regulation should be the ‘tipping point’ to implementing one.
This article would not be complete without recounting my experiences of working with NEDs. In short, I’ve found NEDs a challenge and I warn you to expect the same! For such a small group, they often take a huge amount of project time. The reasons are many but the most common are; they are part-time meaning they are difficult to get hold of. Secondly, they are busy and so difficult to gain their full attention. Thirdly, they are not employees and so they have to be treated on an individual basis when it comes to IT. For example, they usually do not have a company email address and in one company, the firm’s IT security blocked external email addresses from accessing anything within their firewalls. Meaning they couldn’t access their records and complete their activities. And if they are based outside the UK, e.g. based in India, the Middle East or Africa, the access problems are made worse and are compounded by culture. For example, one Worksmart customer had a NED based in India that was ‘so important’ that he simply ‘did not have the time’ to formally accept his Responsibilities or complete his annual Fit and Proper return. When challenged, the NED’s offer was for one of his staff to complete his activities on his behalf! So be ready for NEDs when it comes to transitioning onto the new regulation.
Processes and Records Management
The new rules will challenge your record keeping and force rethinks in a number of areas. From experience, the most common areas are;
Job descriptions: make sure your job descriptions are up to date and, for execs in the SMR, aligned to their new responsibilities.
DBS / credit checks: be clear about the regularity of these checks, where you store these and who has access to them. For example, most Worksmart customers store these checks against each user (‘so everything is in the same place’) and use the security within the software to control access.
References: the process of obtaining positive work references for the last 6 years is mandatory. Ensure your internal processes don’t slip up! Also, be prepared for reference requests from other firms and be able to supply these references quickly and easily.
By now most firms in the wider financial services market will have started to think about the new regime But knowing the rules is one thing, translating them into an appropriate response for each firm (as every firm is different) is another.
Competence: because the regulator’s expectations are for competent, not just compliant, behaviour there will also be a debate about what evidence will you need to demonstrate competence. If your firm has a fully functioning performance appraisal process, then this may well be enough, (certainly this is the view taken by most firms). However, if your firm does not have a robust performance appraisal process in place, I suggest the new regulation should be the ‘tipping point’ to implementing one.
Early implementation: finally, in my experience the most savvy firms run their first cycle well ahead of the regulatory deadline. Whilst this creates pressure for the project team to complete preparations early, if anything untoward is identified, e.g. issues with an individual’s F&P, these issues can be dealt with ahead of the deadline.
The last two years have certainly been interesting. I have worked with some very capable people and seen evidence of genuine best practice. However, if I could offer a single piece of advice, it would be to start early and don’t expect things to be straightforward.
And this is just implementing the new rules in your firm. Finally, the whole subject of moving beyond simple record keeping and making the regulation what it is intended to be, i.e. an agent for culture change, will, I suspect, be the lessons for the next two years...
18 T-C NEWS OCTOBER 2017 REGULATORY GENERAL