Q&A: Should US firms be worried about SMCR?

Compliance consultant Paul Henshaw explains the significance of incoming UK regulation to US firms that may be affected.

The Senior Managers and Certification Regime is a UK law that will affect all firms regulated by the Financial Conduct Authority. We asked compliance consultant Paul Henshaw to explain the significance for US firms that may be affected.

How would you describe SMCR?

The initiative seeks to reduce harm to consumers and strengthen market integrity by making individuals more accountable for their conduct and competence. It also sets new standards in financial services by encouraging a culture of staff at all levels taking personal responsibility for their actions.

When is it due to come into force?

On 9 December 2019

Say my firm is based in the US – under what circumstances will this apply to us? 

UK firms that are affiliated to a larger overseas firm (such as a London based subsidiary of a US investment manager) are currently required to maintain separate authorization by the FCA and, as such, are subject to its governance and organizational requirements. This need for appropriate, local substance is sometimes referred to as having “hearts and minds” in the UK – i.e. individuals who the FCA can hold to account for the regulatory performance of the UK firm.

Although SM&CR does not change the fundamental legal and structural requirements for such UK affiliates, it does change the balance of accountability somewhat in respect of managers of the parent entity who play a significant role in the management of the UK firm. In certain regards, there is no territorial limitation on the SM&CR – therefore, it will apply to anyone who performs a senior management role with respect to an entity domiciled in the UK, whether they are actually based in the UK or overseas.

The FCA comments that “where an overseas manager’s responsibilities in relation to the UK are strategic only, they won’t need to be a senior manager.” However, if they are responsible for implementing that strategy, and have not delegated that responsibility to a senior manager in the UK, they are likely to be performing a senior management function (SMF).

Hence, some UK firms may wish to consider whether certain senior managers in an overseas entity in fact occupy key decision-making and oversight roles in the UK firm, and hence require FCA approval as SMFs.

How might firms breach the rules?

An example might be an inadvertent breach due to lack of staff awareness of the rules and the new obligations it places on firms. For example: a failure to produce clear statements of responsibilities and thereafter update them, or incorrectly set up certification arrangements – introducing shortcomings into the process for assessing competency and fitness and propriety.

What is at stake if they do?

Any breach of regulatory obligations can present regulatory, legal and reputational risks. As former US deputy attorney general Paul McNulty once said: “If compliance is expensive, try non-compliance!” The quote has passed into cliché but remains resolutely accurate.

Say I’m the CFO of a large private equity firm in the US set to be implicated in SMCR regulations – what should I do next?

The first thing to do is initiate a regulatory change project program and assign ownership for that task. The project owner should acknowledge that there are three distinct regimes here: the senior managers, the certification and the conduct regime. Duties and obligations under each strand should be understood, including the classification of your relevant SMCR firm type. Understanding the key concepts of SMCR is also essential, including: statements of responsibility, significant management functions, the duty of responsibility, prescribed responsibilities, fitness and propriety, training requirements and regulatory references. These concepts should then be made real within the business in the form of updated policies, procedures and a program of training – all of which should inculcate the message of good culture that the regime seeks to reinforce.

Paul Henshaw is a senior principal consultant with ACA Compliance Group.