1. Interpretation risk – Notwithstanding the technical challenges with implementing MiFID II, which have been significant, the rules themselves, to a large degree, were prescribed and required relatively less interpretation by firms. SM&CR, on the other hand, whilst does have some clear rules it is largely framed by principles and guidance. This means firms need to interpret the regulation in the context of their business. This leaves implementation open to judgement and introduces an ‘attitude to risk’ both for the firm and for individual senior managers. In other words, there is no right, but there is a wrong.
2. Cultural change – SM&CR is designed to change a firm’s culture from top to bottom. The ubiquitous nature of this aim has implications for all staff. It is the responsibility of senior management to ensure all staff are aware of the changes and how they apply to them as individuals. Cultural change does not happen overnight and is not always easy to measure. The implementation date for SM&CR is just the start of the journey. Firms should expect a 2-3-year journey as a minimum.
3. ‘Below the line regulation’ – SM&CR gives the regulators significantly more flexibility over how they set rules and what is covered within the regime. Firms are obliged to clearly define, document and maintain who is responsible for what. This gives the regulators the opportunity to mandate changes in behaviour, without having to change the underlying rules. For example, the are no ‘Prescribed Responsibilities’ for such things as cyber security, diversity or Algo trading, nonetheless, in recent speeches the FCA have made it clear that these things, and others, must be documented in Statements of Responsibility and are part and parcel of their expectations. Senior managers will be held personally accountable.
4. Legal entities – SM&CR applies at a Legal Entity level. This adds significant complexity for firms that have multiple entities within their group. Senior managers roles across the group need to be defined and documented without gaps or overlapping responsibilities. Further complexity is added when Certification staff act in roles across multiple entities within the group. All these elements need to be defined, monitored and maintained ongoing.
5. Punishment – Failing to comply with MiFID II can result in hefty fines running into millions of pounds. Failing to comply with SM&CR not only can result in hefty fines it also has the potential to inflict significant reputational damage to the firm and individual senior managers. Potentially, resulting in individuals facing disbarment and the end of their careers. Few Senior managers would relish the choice of being publically named as ‘acting without integrity’ (wrong doing with intent) or ‘acting without due care, skill or diligence’ (being incompetent), if they are responsible for Conduct Rule breaches in their areas of responsibility.
The learning from the banking and insurance sectors, who have already implemented SM&CR, is that the regime is much more complex and time consuming than was ever anticipated.
By Redland from Redland Business Solutions
© Copyright Redland Business Solutions 2019