In the media

Firms should use SM&CR to streamline their governance

Global Risk Regulator

13 January 2020

Tags

This article was first published in Global Risk Regulator

As the next wave of firms ready themselves for SM&CR, they should use its implementation as an opportunity to streamline their governance and declutter their operations.

As of December 2019, asset managers, insurance brokers and consumer credit firms were part way through the implementation of the Senior Managers and Certification Regime (SM&CR), which is a daunting task.

This is no mean feat, particularly for firms operating within groups or across multiple jurisdictions which often have complicated governance arrangements. While the intention of the new regime is to improve governance, the greater focus on personal accountability has in some cases introduced more work and more complexity, particularly for the corporate governance structure.

Solo-regulated firms have a further 12 months, as of December 2020, to complete the remainder of SM&CR implementation and ensure their data is uploaded onto the new Directory. But all firms, particularly those with complex structures, should review their corporate governance to identify efficiencies and make the following three new year’s resolutions.

Slimming governance

Collective responsibility exercised through committees is an important element of corporate governance, and whether a committee’s role is toadvise or decide should be clearer now. However, UK Finance has found some banks have created new committees in response to SM&CR.Excessive governance slows down decision making and increases cost, so any governance review should focus on whether additions are addingvalue. It should also examine where existing structures are convoluted and where responsibilities and delegated authorities are unclear orredundant. This is particularly relevant for UK subsidiaries whose boards historically have not had sufficient authority to make meaningfuldecisions.

Regulators including both the UK’s Prudential Regulation Authority (PRA) and the Central Bank of Ireland are focussed on making sure that individual entities are responsible for the management of their own affairs and not unduly influenced by the strategy of the parent company. Firms should confirm that boards are effectively steering the business; meeting their legal and regulatory requirements and are clear on how these link to individual responsibility. In some cases, governance can be reduced altogether by dissolving unnecessary committees, or combining them to eliminate duplication, reduce distractions and optimise management time. Look for forums with no formally delegated authority; those which result in a high volume of escalations, or those where a large proportion of attendees are delegates.

Finding purpose

It is no surprise that SM&CR has led to more firms systematically documenting decisions. Many now report they have a deluge of documentation that serves little purpose other than to provide an audit trail for the senior manager. A smarter, simpler approach is required. During the governance review, firms should ensure that decisions are being captured using a single procedure and managers are able to quickly view historic records. They should also consider developing further guidance for managers on how to demonstrate reasonable steps, as this is a concern driving the mass production of records.

Digestible and meaningful information is also essential to effective oversight. There is now greater demand for management information (MI) as those accountable seek more evidence of control, as well as early indicators of potential issues. Firms should look to provide a common set of metrics to all decision-makers, using automated and standardised processes. For complex firms, MI should be available across a variety of lines. Where new MI is created, firms should assess its purpose and how it can best be used. Without good quality, consistent MI, managers will spend more time gathering results at the expense of executing strategy.

Decluttering operations

Additional support is required to operate under SM&CR and many firms have recruited people specifically to manage the additional workload. Solo-regulated firms coming into the extension should put a supportive operating model in place, while all firms should use a governance review to check that resources are being used efficiently. Firms should centralise functions such as CEO offices and secretariats as much as possible and reduce the volume and complexity of manual work by simplifying reporting and applying a standard set of templates and escalation procedures.

They should also take a risk-based approach to using their control functions, including internal audit, to test the embeddedness of the regime and recommend improvements to their current systems, controls and governance. A coordinated programme of reviews across the three lines of defence forms part of demonstrating that senior managers are taking reasonable steps. In a recent update of its rulebook, the UK’s Financial Conduct Authority (FCA) provided more guidance on the circumstances and factors it would consider to identify if a manager had taken reasonable steps. Firms would be wise to use their control functions to stress test that internal checks are good enough and represent ‘reasonable’ measures to manage risk.

As we enter the new year, solo-regulated firms will no doubt return ready to complete the remainder of SM&CR implementation, but they, along with banks and insurers, should give priority to a governance review. Good stakeholder management will be key to executing this, in addition to building the case for change where efficiencies are found. But by reassessing and removing the complexity from their corporate governance, firms can ensure they have the right structures to support the business to be responsive and make effective decisions.

Laura Boyd, a financial services expert at PA Consulting

Explore more

Contact the team

We look forward to hearing from you.

Get actionable insight straight to your inbox via our monthly newsletter.