Soon, all firms regulated by the FCA in the UK will be required to demonstrate their accountability for all aspects of risk and compliance under SMCR. The regulation will bring into scope tens of thousands of new companies which will have to comply. It will also affect international organizations and their senior staff outside the UK whose subsidiaries operate within it.
This will affect all staff throughout the business (via Conduct Rules), not just Senior Managers and Certified persons. As we’ve discussed in our recent blog, this will bring numerous challenges in assigning and formalizing prescribed functions and responsibilities, demonstrating reasonable steps and mapping then to risks, documenting awareness of accountabilities and decision making, and communicating and training staff throughout all levels of the organization on the financial Conduct Rules.
While SMCR introduces protections that will safeguard consumers and even whole economic systems, it’s a lot of new weight on financial services providers’ shoulders. Along with the accountability, regulated bodies face the challenge of documenting all the activity that needs to take place to comply with SMCR. With the countdown to the December 2019 implementation deadline ticking away, now is the time to cut through any confusion and decide what processes will be introduced to demonstrate compliance, and the people and – crucially, technology that will facilitate it.
There is extensive guidance from the FCA that will be helpful for all regulated firms. Still, there are some key questions that need to be addressed before it’s too late, aside from the key facts, what do you need to know?
Every organization will need to determine their own set of reasonable steps towards SMCR compliance, but organizations anticipate some difficulty. In our recent webinar, 43% of our audience told us that they anticipated that this would be the most difficult aspect of SMCR compliance. 55% told us that their Senior Managers were not prepared for the reasonable steps and how to meet them. To determine the right steps for your organization, we recommend focusing on the following:
1. Interpret how the regulation applies to you. Since there are duties of responsibility assigned to firms depending on their size and function, it is essential to know where yours fits. For an organization with a single legal entity based within a single geography making this determination is relatively straight forward but for organizations with multiple and complex legal entity hierarchies and based across multiple geographies the answer is much more complicated to determine.
2. You will then need to decide how you are going to embed an SMCR workflow into your governance frameworks and processes (inclusive of HR).
3. Beyond this, you will need to find a way to record and ensure that your staff clearly understand what is expected of them, how they should be conducting themselves and where responsibility lies.
4. Finally, you must decide how you will demonstrate compliance to the FCA and that your staff and hiring processes are aligned with the regime.
Find out what risks your company may face during the SMCR and how SureCloud can provide the solution in next blog The Risks you may face with SMCR and the Solution.
Subscribe for upcoming educational SMCR blogs by filling in the pop-up form in the left-hand corner.