White Compliance Hub Rules and Regulations text on black background

The “Senior Managers and Certification Regime” Explained

The Senior Managers and Certification Regime introduces added accountability measures for financial firms related to individual conduct to strengthen governance, improve culture, and protect market integrity.

Article
16 February 2024 6 mins read
By Jennie Clarke
Written by humans

Written by a human

Here’s what recent enforcements in the Senior Managers and Certification Regime says about personal liability

The Senior Managers and Certification Regime (SMCR) replaced the Approved Persons Regime (APER), and was born out of the 2008 financial crisis. The regime was introduced in 2016, though it didn’t apply to all FCA-regulated firms until 2019 (and even then, COVID caused delays).

The SMCR is broken into two key parts:

  1. Senior Managers
  2. Certification

Senior Managers

Firms must exercise due diligence when handling both external prospective senior managers that might join the company and those promoted from within their firm. This includes completing criminal record checks, as well as credit and directorship checks.

Moreover, these individuals must be approved by the Financial Conduct Authority (FCA) or Prudential Regulation Authority (PRA) before they can assume their new positions. Once appointed, their obligations must be set out and signed under a Statement of Prescribed Responsibilities. 

Certification

The certification function requires that firms introduce a testing process for employees to ensure that those in specific roles are fit and proper. This section is specifically targeted at employees who could cause significant harm to either the firm or their customers. A certified person includes anybody who is in a position of power or has the ability to cause change. 

Enforcements from the FCA and PRA

Although the SMCR has led to very few enforcements since its launch in 2016, freedom of information requests have proved that a large number of cases have been investigated. Plus, the growing focus on individual accountability means that external regulators have tied SMCR into their enforcements. 

TSB Bank’s former CIO fined £81,620

In 2023, the PRA investigated TSB Bank’s former Chief Information Officer, Carlos Abarca. As CIO of the regulated firm, his responsibilities included "taking reasonable steps in relation to risk identification and mitigation."

The PRA's investigation into his conduct was launched after TSB experienced a botched IT migration with a third-party firm. Abarca was listed under the SMCR’s Statement of Responsibility.

Yet, he failed to confirm a degree of assurance from the third-party before convincing TSB's board that this migration was necessary, and that the third party had been sufficiently risk assessed. This directly conflicted with Conduct Rule 2 of SMCR, and as such, Abarca was fined over £81,000 by the PRA.

£18 million enforcement to investment advisory firm Julius Baer Limited (JBL)

Upon the FCA's identification of a colossal number of compliance failures beyond just SMCR violations, JBL was fined in 2022.

JBL, a financial services firm, was responsible for brokering large investments on behalf of third-party companies. In exchange for these services, organizations paid "finders fees" (commission) to those that introduced them to JBL.

However, at least one company working with JBL was charged inflated commission fees by their introducer. Upon investigation, it was found that these added profits were being split between the introducer and JBL, equaling approximately $3 million.

Therefore, the FCA found that JBL “showed a lack of integrity” in the way business was operating, especially thanks to these “improper” fees. Alongside the company penalties, three senior executives at JBL were also penalized. This supports the trend towards emphasizing individual accountability instead of only blaming the systems, and warns other senior executives about the severity of this type of negligence or exploitation.

Chief Executive of Barclays fined £642,430 by FCA and PRA jointly

The first enforcement action taken in violation of the SMCR was against Barclays' Chief Executive James Staley, who was fined almost £650,000.

In 2016, Stanley received an anonymous letter from a whistleblower, and an investigation conducted by the FCA and PRA found that he "failed to act with due skill, care and diligence." In response to receiving the letter, he attempted to identify the author and handle the issue himself. Since Staley failed to consult with whistleblowing experts on proper procedure, this meant that the issue could not be dealt with impartially because his position at the firm led to a conflict of interest.

As such, Staley was fined almost £650,000 in 2018 and Barclays was ordered to annually report on their whistleblowing protections to regulators. 

The importance of personal liability within compliance

The clear pattern across almost every regulatory body in financial services is a trend towards increased individual accountability. In 2022 and 2023 especially, financial regulators have shifted away from corporate responsibility and towards individuals in senior positions.

For example, two-thirds of all SEC cases this year involved charges against individuals, with a total of 133 people barred. Similarly, in the U.S., FINRA issued a senior compliance officer at a firm with a $25,000 anti-money laundering (AML) fine and a two month suspension for failure to familiarize themselves with AML procedure and supervise AML analysts.

The trend towards personal liability under compliance regulations has been continued in the U.K. as well. For example, the Law Commission recently proposed a new framework to increase individual liability.

In reflection, it's imperative to not only systematically comply with regulations like SMCR, but to ensure that both junior and senior staff members understand their roles. By providing the green light on projects or signing off on risk assessments, for example, these individuals are confirming they understand their responsibility and accountability.

Get support for compliance with Global Relay

While many companies have not necessarily felt threatened by the SMCR thus far, it could be time to overhaul your compliance frameworks and re-train senior employees. If previous penalties are anything to go by, your senior executives could be placing over half a million on the line each time that they make a significant decision.

If you're looking for support to ensure compliance with SMCR and other regulatory requirements, get in touch with Global Relay. We offer a range of solutions that allow regulated companies to keep on top of current enforcement trends and communicate compliantly.

Book a bespoke demo to learn more about how Global Relay can help you.  

< Back to the hub

SUPPORT 24 Hour