The art of self-defence: how to protect yourself from the SMR
Neil Herbert, HRComply, CEO, London, 26 October 2017
The new Senior Managers and Certification Regime is not just intended to encourage high-ranking executives to be responsible for their actions; employees also need to consider how to best protect their own interests.
Not all aspects of the SM&CR have come into force yet, but we now know that in 2018 the regime will be rolled out across the entire financial services sector, affecting up to 46,000 firms. The profound changes it brings will include prescribed governance structures, recordkeeping, registration and managerial requirements. This presents challenges to all staff who will be registered under either regime, but in particular those people who are required to perform Senior Management Functions (SMFs) and the associated responsibilities, accountabilities and potential consequences that they will bring. At the heart of this is the fact that most people in senior management jobs will – by necessity – have to delegate many of the responsibilities that fall under their areas of accountability and are prescribed by the regulator. They must be made to remember, however, that they can delegate responsibility but not accountability. They must be clear that whenever they delegate key responsibilities, the people who have to discharge them are obeying the rules. To do this they must oversee these people, the areas in which they function, their conduct, their competence and their performance most effectively.
The challenges also extend to employers, who will effectively have to change their relationships with the employees they are putting in these responsible positions. In doing so, they must make the cultural and contractual modifications required to bring that about.
For some members of staff who were not subject to the previous APER (Approved Persons Regime) arrangements, and for staff who have to accept SMFs for the first time, the changes could be profound; employers will need to handle them with care.
It is not just people in SMFs, however, who have to consider their positions. Ordinary members of staff should expect a demonstrable commitment from their employer, who should provide them with training, the means, the management information (MI), the 'oversight control' (identifying gaps in control and improving controls) and the monitoring or recording of important benchmarks. Only then can the relevant staff rest assured that this is all being done thoroughly.
There are numerous questions that I would advise every relevant member of staff to ask his employers.
- Are you committed to maintaining and developing my competence to appropriate levels?
- Equally, are you committed to maintaining the competence of those that come under your span of control?
- Can you give me proper oversight of your span of control – including people and business functions – to ensure that I am taking the ‘reasonable steps’ I am expected to take?
- Have you invested in a decent system that gives me the MI I need for peace of mind?
- What, if anything, would you do if things went wrong and you found yourself being held accountable and under FCA scrutiny? Can you guarantee that you will defend me or fund my defence, if push comes to shove?
Practical things to do if the company breaks the FCA's rules
If you are an employee and you believe that a regulatory breach has occurred, there are a number of practical steps that you can take to offset your risk under the Senior Managers Regime.
The first step is gathering information – what happened, how it happened and when it happened. Ask the regulator and your employer to disclose to you all relevant material. Remember, the company and the regulator will want to protect that material from being distributed to many employees and may not want to give you the information that you request.
The second step is to know your liability. You should always protect yourself by considering how you might be seen to be involved in the breach and determining the liability that you face. You’ll need to consider that what you did or didn’t do could amount to a regulatory breach or, more seriously, a criminal offence. You should also contemplate whether you could face potential liability in another jurisdiction.
Most investigations start within the four walls of the financial institution itself, usually with interviews. If you are asked to attend an internal interview with your employer, you absolutely must prepare for that interview. This is the third step. If you are to prepare adequately, you must consider all the possible consequences of the enquiry and know your answers to questions before they are asked. It is common for people who think that they have not done anything wrong to believe that the truth will set them free and that they can simply answer questions without any preparation or assistance. This may happen, but generally, individuals who are unprepared do not see the risks and at times may unknowingly make admissions that are hard to rectify in future interviews or proceedings.
The fourth step is to take legal advice. Always instruct a lawyer to give you independent legal advice. That is, advice that looks after your interests before anyone else’s, including your employer. A good lawyer will tell you where the problems lie. Often, if you think you might be accountable in some way, you may be wise to resign. If you do not think you have done something wrong, you may be well advised to be loyal to the company but not necessarily to every manager.
If you are acting on behalf of the company, then you probably are not involved in the breach or the wrongdoing. A further consideration is that if you are supervising individuals overseas, you should take advice from a lawyer in that country as you may be facing liability in that jurisdiction.
Prepare for interviews!
Once the regulator is involved, its staff will often invite people to attend interviews on a purely voluntary basis. You are not obliged to attend this interview and you are not obliged to answer questions, but it could sit ill with the regulator if you do not attend. Whether you should volunteer or not depends on the seriousness of the breach.
The regulator has the power to compel anyone who is the subject of an investigation or who has information relevant to the investigation to see its staff and answer their questions. This means that any connected person such as a director, partner, employee or auditor could be compelled to answer questions or provide relevant material. Failure to do so is punishable as a contempt of court and could lead to the person serving a prison sentence as a civil prisoner.
If you are compelled to attend an interview, you will have to go to the regulator’s office accompanied by your lawyer. Investigators will question you. They could be ex-police officers, lawyers or people who have previously worked in your field, or they could be foreign investigators if the firm broke some rules in a different jurisdiction. The interview will be tape-recorded and you will be handed a copy of your tape (and a copy of your transcript at a later date) for your own records.
It is extremely important for you to prepare for these interviews, so you are ready to be questioned about any potential act or admission about which you find it difficult to talk. If you have had numerous internal interviews, this is your opportunity to clarify your answers or to rectify any inconsistencies. By preparing properly, you will be more confident in your interview and will not be taken by surprise.
The outcome of this process is either survival or your career (and possibly freedom) hanging in the balance. If you are prepared, you are far more likely to keep your job and to continue working in the financial services industry. If, however, you are found to have breached your duty of responsibility by not taking the steps that a person in your position could reasonably be expected to take, by breaching your rules of conduct or by being found to be "knowingly concerned in a breach," the regulator can vary or remove your 'approved status' for a Senior Managers Function. You could also find yourself facing a large fine.
Simultaneously, the regulator can prohibit you from working in the financial services industry if you are found to not be fit and proper.
Accountability 2 and the cost of an ‘appropriate’ response
The FCA has been running something it calls a "pre-consultation process" this year, going out and about and meeting firms and trade associations. It issued the consultative paper (CP 17/25) in July. Now that the FCA's proposals for the Accountability 2 regime are published, firms at least have some answers regarding proportionality and the levels of compliance that will apply to them.
As before the consultative paper’s publication, many firms still appear to be focusing on the ‘least case scenario,’ i.e. trying to identify the fewest things they need do to comply. This is a worrying attitude and one that conflicts with the new cultural principles that the FCA is trying to foster throughout finance. Instead, firms should be focusing on ‘what good looks like’ and applying the highest practical standards that they can, subject of course to the budgets and resources available.
* Neil Herbert is the director of the 'training and competence' (T&C) software firm, HRComply. He can be reached on +44 (0)20 3176 7859 or at neil.herbert@hrcomply.co.uk