SM&CR refers to the Senior Managers and Certification Regime (also known as SMCR) and as a HR professional working in financial services, you’ll have no doubt heard about it in some form, whether through dedicated training courses or reading up on the FCA website. But what does it mean for you as a HR professional and your business?
Replacing the Approved Persons Regime (APR), banks, building societies and other financial institutions adopted the regime in 2016. With the legislation having been extended to all FCA-regulated firms, in this blog we look at common questions around SM&CR compliance – helping to protect your business from staff misconduct, financial penalties and the negative publicity that might follow.
Our handy Q&A explains everything you need to know about the new regulations, so you can get your New Year recruitment drive off to a flying start.
What is SM&CR?
According to the FCA, the purpose of the legislation is to ‘reduce harm to consumers and strengthen market integrity by creating a system that enables firms and regulators to hold individuals to account.’ In other words, it’s designed to ensure those in senior roles have the skills, knowledge and integrity to act in the customers’ best interests.
SM&CR was first introduced in the banking sector in March 2016 to create greater accountability for those within responsible roles. Since then, the FCA announced that it will extend SM&CR to all financial firms by 9th December 2019¹, replacing the Approved Persons Regime.
‘The regime embraces a very simple proposition – a senior manager ought to be responsible for what happens on his or her watch’².
The FCA stresses that SM&CR compliance should not simply be seen as a ‘box-ticking exercise’ but a cultural shift towards transparency in the financial services sector.
Who does the SM&CR apply to?
SM&CR now applies to all FCA regulated firms. The first part of the legislation – the Senior Managers Regime – states that those at the top level must be FCA or PRA (Prudential Regulation Authority) approved before taking up a position and certified at least once a year. A company then assigns each senior manager a ‘statement of responsibilities’ leaving them in no doubt about their obligations.
Finding out whether or not someone is FCA-approved is one thing but there is another part to the regulation, the Certification Regime. This ‘applies to employees whose role means it’s possible for them to cause significant harm to the firm or its customers’3.
While these people do not have to be FCA-approved, businesses still have to ensure they are ‘fit and proper’ to do their job, both when they start and then once a year or more afterwards.
Senior managers must undergo a criminal record check, although this is not a requirement for those who fall under the Certification Regime. However, it is usually good practice to do so.
SM&CR replaced the Approved Persons Regime, which came under scrutiny from the Parliamentary Commission on Banking Standards (PCBS). These criticisms included ambiguity around senior management responsibilities.4
The new regulation aims to set out clearly who is responsible for what and encourage honesty and best practice across the organisation.
What are the disciplinary actions following a breach?
Individuals, rather than the business, are now held accountable for a breach that falls in their area of responsibility. Under SM&CR, the FCA must prove that the senior manager did not take reasonable steps to prevent the breach.
But, as we have seen, the onus is on firms to perform adequate checks on their employees before they join the company and at regular intervals afterwards.
Of course, the type of penalties imposed will depend on the seriousness of the breach and the FCA could take action against the individual, company or both. Still, it is worth reiterating the breadth of enforcement powers the regulator has, which include withdrawing authorisation, court action and fines – all of which could be crippling for an individual and/or the company.
How should I review compliance processes in line with the new legislation?
Navigating any new legislation can feel like a minefield, so it’s important to have clear compliance processes in place from the start.
The first step is to identify what your senior manager roles are and establish the checks that need to be carried out and when. Then decide who is responsible for these checks, including whether they are performed in-house or outsourced. Background screening on candidates is crucial, but you should also have a framework for re-screening existing employees within the company.
Pre-employment and employment screening are one of the ways in which you can help protect your organisation and mitigate conduct risk. Screening under SM&CR is something we’re really familiar with at Experian, as we’ve been working with banking clients who are already governed under SM&CR for a number of years. Our employment screening solutions are geared up to ensure simple, yet robust screening is in place once you’ve identified the definitions of responsibility for senior managers.
As part of adhering to the SM&CR framework it is required that the individuals placed in roles within this framework are screened adequately and your organisation can certify that these individuals are ‘fit and proper’ to carry out their roles.
Your employment screening process under SM&CR
We work with a range of clients governed under SM&CR and each organisation will have its own process for screening regulated roles. There are different levels of checks that may be deemed adequate for these roles and it’s important to have a process in place to ensure you’re carrying out the right checks for the right roles. As employment screening specialists under SM&CR, a member of our team can come into your business to review your process and advise on how this might be set out to ensure a robust screening process is in place.
It’s important to note that your process should also include internal promotions and regular re-screening. Promotions to roles governed under SM&CR should be tracked, so that adequate screening can be done prior to the person starting the new role.
Tips for screening under SM&CR
- Determine your senior manager roles. Set out which checks need to be carried out for the relevant roles and when.
- Clearly define who will be responsible for conducting the checks. Outsourcing this work to Experian can save a lot of time and help you to reduce cost, improve efficiency and deliver a positive candidate experience, whilst giving you peace of mind.
- Set out robust, compliant processes to help mitigate risk to your business and protect your employees.
- Be clear on your best practice for screening both SM&CR roles and the rest of your workforce. There are a range of background checks applicable for all types of roles to help mitigate business risk and our consultants can review this with you.
What all regulated and non-regulated firms need to know about SM&CR
Ensuring compliance with the new regime could involve a lot of work. However, all firms are currently obliged to issue regulatory references to an individual’s new employer if he/she is carrying out a CF30 role². In line with the proposals in the Fair and Effective Markets Review (FEMR), firms will now be obligated to issue regulatory references to an individual’s new employer if he/she is taking on a Certification role or Senior Management Function (SMF). Regulatory references should provide an overview of the individual’s conduct record. Firms will be required to share a standard template which includes the following information:
- Details regarding the certified function held.
- Information relating to whether the individual has at any time within the last six years been in breach of Conduct Rules.
- Whether the individual has failed to be classed as fit and proper for certification within the last six years.
- Any record of disciplinary action including the basis and outcome.
This information will support firms in assessing the fitness and propriety of new candidates to take on Senior Managers and Certification roles. However, for the firm providing the reference it could raise a number of legal and operational considerations. Firms should ensure they have appropriate policies in place to determine the appropriateness of information to be included in a regulatory reference.
The wider roll-out of SM&CR has put employee screening firmly in the spotlight and for good reason. Professional misconduct can cost a firm hundreds-of-thousands, if not millions, of pounds in FCA fines, on top of the reputational damage and any lost business that results from it.
Compliance is business critical, but demand for key skills means businesses are also under pressure to recruit and promote staff quickly – and hiring managers must have the mechanisms in place to carry out background checks as required quickly and efficiently.
Data-driven employee screening, delivered by an FCA-regulated business, is one of the most effective ways of establishing an individual’s competence and integrity, in line with SM&CR and should be carried out on both candidates and existing employees.
Our experience and service enable you to carry out all the relevant checks and help ensure they are completed within a timely manner. We appreciate that many of the individuals are the most senior members of the organisation and this requires a level of support that we can offer.
Typical checks for consideration:
- SM – New Roles – ID, adverse, standard DBS, 6-year occupational history including regulatory referencing if applicable, highest education, directorship, peps and sanctions, gap identification, adverse media, gap analysis, statutory excuse, professional qualification and FCA check.
- CR – New Roles – ID, adverse, basic CRC, 6-year occupational history including regulatory referencing if applicable, peps and sanctions, directorship, gap identification, gap analysis, professional qualification and FCA check.
- SM – Re-Vetting – Adverse financial, standard DBS, peps and sanctions, adverse media.
- CR – Re-Vetting – Adverse financial, basic CRC, peps and sanctions.
Manage your preferences here to make sure you receive invites to our future events.