Fitness and proprietary requirements for employees of financial institutions are not an option, but a regulatory obligation that calls on firms to regularly assess employees’ honesty, integrity and reputation, competence and capability, and financial soundness.
RegTech Insight publisher A-Team Group recently brought together a panel of compliance experts for a hosted webinar sponsored by MyComplianceOffice (MCO) to discuss, How to ensure employees meet fit and proper requirements. The webinar panel featured Leslie Coombs, Director of UK Senior Managers & Certification Regime (SMCR) at Citi; Matthew Harris, Head of Regulatory Conduct at Howden; and Sinead Egan, Product Manager at MCO.
Fit and Proper Requirements
Webinar attendees heard there are two separate parts to SMCR:
- Senior Managers are subject to extensive background checks and regulatory approval by the UK’s Financial Conduct Authority (FCA) or Prudential Regulatory Authority (PRA) before they can take up their role.
- Certification requires that firms introduce a testing process to ensure that employees in designated roles are ‘fit and proper’. A certified person includes anybody who is in a position of power or has the ability to cause change and particularly any employee who could cause significant harm to either the firm or their customers.
These ‘fit and proper’ requirements also delve into personal characteristics and conduct, such as how managers treat their teams, their track record in the industry and overall reputation.
“Before appointing anyone as a registered person—whether a senior manager or a certified individual—firms must thoroughly assess their honesty, integrity, reputation, competence, capability, financial soundness, and personal traits,” one panellist noted. This comprehensive evaluation typically involves background checks, criminal records, credit assessments, and regulatory references from previous employers spanning up to six years.
The regulatory landscape is rapidly evolving, with new proposals and amendments continually reshaping compliance obligations. One significant development on the horizon is the FCA’s proposed inclusion of non-financial misconduct in individual assessments. This change aims to eliminate ambiguity regarding how personal conduct outside of financial matters impacts one’s ability to fulfil regulatory responsibilities effectively. “Getting rid of that grey area will be really helpful for firms,” the experts noted, highlighting the importance of staying ahead of such regulatory changes to ensure ongoing compliance.
Cultivating a Culture of Compliance
Embedding a culture of compliance within an organization is more than just adhering to regulations – it’s about integrating compliance into the company’s DNA.
“I think regulators, certainly the FCA, have made it very clear they won’t tell you what the right culture is, but they’ll absolutely tell you if you’ve got the wrong one. They see it as the main driver for failings in firms. People don’t set out to make errors or mistakes; it’s normally cultural drivers that push them to do so—that’s the FCA’s view” one expert noted.
Rather than viewing compliance as a bureaucratic hurdle, firms should strive to make it an integral part of daily operations.
“A culture of compliance transforms the perception from a necessary evil to a natural aspect of how we operate,” shared one panellist. This involves shifting attitudes so that compliance measures are seen as supportive mechanisms that enable better decision-making and risk management.
Challenges and Best Practices
An audience poll asked – Which area do you find most challenging in implementing best practices for SMCR compliance. ‘Governance and Frameworks’ was the most frequently cited challenge at 56% followed by ‘Role Categorization/Certification’ and ‘Screening/Monitoring’ at 39% each. ‘Misconduct Case Management’ came in at 17%.
Governance is accountable for ensuring that every employee occupies the role appropriate to their capabilities, understands their responsibilities, and knows how to fulfil them. This requires more than an annual review. People are continually leaving, joining and changing roles throughout the year and these changes must be captured and recorded through attestations, self-assessments etc. These practices help confirm that what is recorded by the firm aligns with what individuals believe their roles entail.
Keeping an up-to-date roster of personnel and their roles is crucial. The panel noted a tendency for firms to have a smaller number of Senior Management Functions (SMFs), forming a core group with larger responsibilities that are appropriately delegated, rather than many individuals with overlapping duties.
Additionally, fostering a strong organizational culture where everyone is aware of expectations, adheres to policies, and has the necessary tools to perform their tasks is essential. This cultural emphasis ensures that all employees, regardless of their position, contribute effectively to meeting the firm’s compliance obligations.
All SMFs must be approved by the FCA or PRA before they can begin their role. One of the process hurdles firms are facing is the time-consuming process of obtaining regulatory approval for SMFs. “Our longest timeline was six months to get someone approved, not because they were controversial, but because the FCA took that long to review the application,” noted one expert.
To mitigate such delays, proactive engagement with regulators is crucial. Firms are advised to build time lags into their processes and communicate early with regulators once potential senior managers are identified.
Effective compliance requires seamless collaboration between compliance teams, HR, legal and other departments. This coordination is essential during employee onboarding, background checks, and in handling any subsequent misconduct cases.
A second audience poll asked – How well do HR, Compliance, and Legal departments collaborate in your organisation on SMCR-related matters?
While 30% selected ‘Well’ and 10% selected ‘Very Well’, 50% selected “Adequate’ which suggests there might be room for improvement in this area. Regular communication and shared processes supported by workflow automation tools help ensure that all departments are aligned in maintaining the firm’s compliance posture.
Maintaining up-to-date documentation and regularly reviewing the roles and responsibilities of senior managers are vital practices. Annual documentation reviews allow firms to ensure that statements of responsibility accurately reflect current roles and that any changes in duties are documented appropriately.
“There’s a risk that documentation can become stale if not regularly reviewed,” the panel warned. Regular assessments help prevent discrepancies between documented responsibilities and actual job functions, thereby reducing compliance risks.
Leveraging Technology
Technology like the MyComplianceOffice platform plays an increasingly critical role in streamlining compliance efforts. Tools that centralize data, automate workflows, streamline case-management and monitor communications can significantly enhance a firm’s ability to meet ‘fit and proper’ requirements efficiently.
“Centralization of data and ease of access are key,” the panel noted. Such systems allow for better management of roles, responsibilities, and compliance obligations across different jurisdictions and departments.
While advanced technologies like artificial intelligence hold promise for future efficiencies in compliance, the consensus is that firms should focus on actionable steps available today. “We’re in the wait-and-see mode with AI, but we’d be very encouraged to get to practical use cases,” noted one panellist.
In the meantime, leveraging existing technologies to improve data management, workflow automation, and communication monitoring offers near-term benefits.
Key Take-Aways
Leadership involvement is crucial in fostering a strong compliance culture. Accountability should be driven from the highest levels of the organization, with senior leaders actively promoting and participating in compliance initiatives. When leadership prioritizes compliance, it sets the tone for the entire organization, reinforcing the importance of meeting fit and proper requirements.
With all SMFs requiring regulatory approval and ongoing attestation and review, staying on top of changes is critical to prevent the SMF population becoming bloated and exposing the firm and individual employees to unnecessary risk.
An effective strategy begins by closely examining the risks faced by the firm’s clients. By identifying these potential threats, organizations can work backward to ensure that their operational models are designed to address and mitigate them comprehensively. This involves placing the right people in the appropriate roles with clearly defined responsibilities and the tools to do their job.
Meeting the ‘fit and proper’ requirements of SMCR are not a nice-to-have, they are an enforceable regulatory mandate.
By understanding the full scope of these obligations, staying ahead of regulatory changes, cultivating a culture of compliance, leveraging technology, and fostering cross-departmental collaboration, organizations can navigate the complexities of the SMCR and compliance more effectively.
For more expert insights and tips, check out the webinar recording here: A-Team Insight Webinar.
About MCO
MCO (MyComplianceOffice) provides integrated compliance management software that enables global financial services firms to operate efficiently, ethically, and compliantly. With 25+ products on a single system, the powerful MyComplianceOffice platform lets compliance professionals demonstrate that they are proactively managing compliance obligations and the regulated activities of employees, the company and third parties.
1400+ client companies across 105+ countries use MyComplianceOffice to reduce their risk of misconduct and effectively oversee regulatory obligations. Available as a unified suite or à la carte, MCO’s easy-to-use and extensible SaaS-based solutions get firms up and running quickly and cost-efficiently. Learn more at mycomplianceoffice.com.
Subscribe to our newsletter
