Solvassure has compiled a 10 step guide to assist senior managers and their compliance teams
in the run up to late 2018 when accountability reforms will take effect.
Your organisation should map the latest published regulations for the Senior Managers’ Regime, Certification Regime and Conduct Rules into traceable business requirements and actionable instructions for an auditable implementation of the regulations.
Whilst this is not a mandatory requirement under the accountability regulations, the only way to be certain that the correct rules have been included or excluded for your firm is for a qualified person to perform a line by line regulatory impact analysis for each of your legal entities. Those regulations deemed as impacting the firm should have business requirements generated which specify the organisational change necessary to meet the rule and the performance indicators needed to measure it.
Roles and Responsibilities
Your organisation should agree, assign and record acceptance by relevant personnel for all senior management functions; prescribed senior management responsibilities; non-executive director roles; significant influence functions; certification functions and management groups along with any subsequent changes.
This is a mandatory requirement under the accountability regulations for all senior managers, but not for non-executive director roles, significant influence functions, certification functions and management groups. Any subsequent changes to these records must also be captured and recorded for access when required.
Can your organisation produce Statements of Responsibilities (SoR) and, if you’re an Enhanced Firm, a Management Responsibilities Map (MRM) setting out in a single document the firm’s management structure and governance arrangements with snapshots capturing any historical changes?
The SoR is a mandatory requirement under the accountability regulations for all senior managers. It must be submitted when applying for approval of a Senior Management Function with past versions detailing any changes, clearly showing how that individual fits into the firm’s overall governance arrangements and being consistent with its MRM.
For Enhanced Firms, the MRM should be a single document describing management and governance arrangements, reporting lines and details about relevant individuals with names of all the firm’s certified persons, governing body and senior management along with the responsibilities they hold.
If your organisation is an Enhanced Firm, you should generate handover certificates for temporary or permanent replacements to ensure the incoming individual has all the information and material necessary to perform their duties including any on-boarding activities and outstanding regulatory issues.
Whilst this is a mandatory requirement under the accountability regulations, the FCA accepts that there will be cases in which it will be impractical to ask the predecessor to prepare a handover certificate. When a senior manager takes on a new or revised responsibility, all information and material that they could reasonably expect to perform their job effectively and in accordance with the regulations must be made available to them. This material should include an assessment of what issues need to be prioritised and express judgement and opinion, not just facts and figures.
Your organisation should annually certify as fit and proper every employee responsible for a certification function with supporting evidence for honesty, integrity and reputation; competence and capability; financial soundness along with employer and regulatory references.
This is a mandatory requirement under the accountability regulations for relevant authorised persons who perform any of the defined significant harm functions. The fit and proper test is a benchmark used to assess an individual’s suitability to perform a specified function and forms the basis for the Certification Regime. Under this regime, employees should only perform such a function if they have been issued a certificate by the firm when it is satisfied that the person is fit and proper to perform that function.
Firms are also required to seek references from all previous employers in the last six years, provide references in response to requests from authorised firms and provide an updated reference to an individual’s current employer.
Your organisation should monitor adherence to conduct rules for both senior managers and relevant individuals ensuring that breaches relating to senior managers are reported to the regulator within the defined timescales.
This is a mandatory requirement under the accountability regulations. For senior managers, if the business is operating in high-risk areas there should be a high degree of control with clear reporting lines and procedures in place for reviewing the performance of each staff member with action taken where required, regardless of the financial performance of the person concerned.
Actual or suspected breaches should be supported with appropriate processes using expert opinion or legal advice where necessary with delegated individuals equipped to deal with an issue particularly in a larger and more complex business. For individuals, inappropriate behaviour includes misleading clients, firms or regulators, ignoring risk or liability and inadequate control over assets and payments, with jurisdiction stretching to foreign regulators.
Duty of responsibility
Your organisation should track and monitor the “reasonable steps” required to support the duty of responsibility which prove that senior managers have their arms around low level operational activities and regulatory requirements with documented historical evidence.
This is a mandatory requirement under the accountability regulations for all senior managers, but its impact applies to many parts of the Handbook. In May 2017, the FCA published a policy statement which clarified the factors that will influence any decision to take action against a senior manager when the rules have been broken. Action can now be taken where there has been a contravention by the firm, a senior manager was responsible for any of the related activities and reasonable steps were not taken to avoid it.
Senior managers will therefore need to demonstrate how they implemented their duty of responsibility which means creating an effective framework to monitor business-as-usual activities and low level regulations. This should be designed to detect any anomalies and initiate a thorough investigation process supported by relevant evidence.
Your organisation should be able to link to internal and external systems to keep track of ancillary elements including training records, appraisal details, employment contracts, job descriptions, employee access to relevant documents, legal representation at meetings, handling of reference requests, disciplinary action, liability cover and directors insurance.
Many of these are not a mandatory requirement under the accountability regulations, nevertheless they represent key factors in supporting a sustainable compliance framework. All these elements should be captured and accessible to enable the underlying regulations to be met and it’s quite possible that they will exist on disparate systems and paperwork requiring manual effort to retrieve them.
Can your organisation demonstrate common compliance standards and processes in an auditable framework with quarterly reviews, providing timely and accurate management information to accountable executives allowing them to identify who owns prioritised issues and any follow up actions?
This is a mandatory requirement under the accountability regulations. A firm must maintain adequate policies and procedures to ensure compliance of the firm, its managers and employees whilst also minimising risk. An individual is responsible for assessing the adequacy and effectiveness of these procedures and addressing the deficiencies in the firm’s compliance of its obligations. The firm should have procedures to ensure that the removal or disciplinary sanctioning of the compliance officer does not undermine the independence of the compliance function.
Your organisation should deliver a communication programme that not only distributes targeted regulatory instructions, but also provides supporting information about its wider conduct objectives to embed understanding and cultural change whilst promoting individual ownership and accountability.
This is not a mandatory requirement under the accountability regulations, although there are things that firms must keep their staff informed about. Beyond these, timely and relevant communication is essential to secure support from employees because without their buy-in it is unlikely that the programme will deliver its intended goals successfully. This could mean additional costs or business delays, losing key personnel and bad PR, or worse still unhappy customers and even a regulatory misdemeanour.
Solvassure. Compliance Technology.