The FCA has extended SMCR rollout to 47,000 firms. As regulations become more prescriptive everywhere, the ability to evidence your compliance will only become more important
This month, we've been talking a lot about dashboards. Embedded analytics. Near-real time reports that provide actionable intel and give visibility up and down the org chart for compliance professionals, or whoever needs the kind of dynamic, interactive data dashboards are designed to deliver. A primary driver of dashboard use in the compliance function is the need to push critical data down to the first line of defense—a.k.a., employee supervisors—thereby relieving some of the oversight burden on overstretched compliance departments.
But there's a secondary consideration that, in an age of increasingly prescriptive global regulation, will likely become as important a driver as anything else—the capability to easily evidence how your firm surfaces, organizes, and presents the data it depends on to monitor and assess employee and firm compliance. Dashboards can and will be of enormous help in this effort. But first, a refresher on SMCR and an update on the latest developments surrounding it.
THE BIG ROLLOUT
The SMCR, or Senior Managers & Certification Regime, was part of the UK's answer to the 2008 financial crisis—an attempt to fix what it saw as a broken banking culture. It went into effect for all banks on March 7, 2016, and replaced the Approved Persons Regime, or APR. This initial incarnation of SMCR included building societies, credit unions, PRA-designated investment firms, and UK branches of foreign banks, but did not include the wider community of solo-regulated financial firms: those regulated only by the Financial Conduct Authority, or FCA. These 47,000 firms finally came under the SMCR's regulatory umbrella last December.
Here's what the FCA's Jonathan Davidson, Executive Director of Supervision – Retail and Authorizations, said in the solo-regulated firm rollout announcement, and it's as good a guide as any as to what the regulator is after with SMCR overall: “The culture and governance of firms is a priority for us and should be for industry, too. We expect firms to embed healthy cultures, as this will lead to better outcomes for consumers and markets ... The SMCR is an important way to ensure that individuals take personal responsibility, and it is a catalyst for driving cultural transformation. It is about the principle of stepping up and taking accountability every day from here on, not just about ticking the box on implementation of the regime."
Versus the APR, then, the SMCR draws a much straighter line from the person in charge of a particular area of the firm to any misconduct that occurs there; in short, senior employees can be held personally responsible for the missteps of junior employees. In particular, the SMCR introduces something called the statutory duty of responsibility, which specifically requires senior managers to take "reasonable and proper steps to prevent regulatory breaches from occurring in their areas of responsibility." With greater visibility into the activity of those operating beneath you comes the power to not just properly, but also comfortably, assume that personal responsibility for the actions of others. But before we get to dashboards' power to evidence compliance, it's worth taking a slight detour into how they can offer visibility down the org chart: offering assurance to those who will need it most under this rollout: senior managers.
A SLIGHT DETOUR
Gifts, Entertainment, and Certifications. Star designed and developed dashboard functionality in these three areas first, primarily because that's what customers were asking for most. "We went on the road to talk to our clients," says Tim Ward, Star's Director Of Product Strategy & Marketing, "asking them what types of reports they would be most interested in us building—because that's what dashboards are in the end: dynamic, interactive, near-real time reports. Gifts, as well as entertainment, came up as the most universally called for." A certifications functionality was also high on clients' wish list. Why these three?
Gifts and entertainment spending is nearly universal. A large percentage of an employee population can do it, and as such it can touch every part of a firm. It's also generally understood that G&E spending goes underreported. This is where your ears should prick up if you're a manager subject to SMCR: G&E is an area ripe for the kind of honest mistakes or intentional misconduct that could have you in hot water with the FCA. G&E dashboards, like Star's, give greater—and more immediate—visibility into that particular world of employee activity.
The same goes for certifications. Certs are viewed by regulators as a bellwether of a firm's compliance program. That is, if firms are achieving high certs-completion rates, chances are they're organized enough and capable enough to be getting the rest of it right. Certs dashboards give the same kind of visibility down the org chart—giving you an accurate, ongoing read of how well the firm is keeping that corner of compliance on track. And if you don't like what you see, you and team supervisors have the data at hand to intervene with departments or individuals that aren't keeping up to ensure they do their part.
DEMO THE DASHBOARDS
Getting back to the idea of using dashboards to evidence compliance to the regulator, Tim Ward recently had this to say about the role dashboards can play in this increasingly important effort: "Regulations surrounding accountability are only going to become more prescriptive. It's likely you'll eventually have to evidence that you've collected the proper data, and explain how you got it. With embedded analytics, you’ll be able to simply demo the dashboards. Data visibility and accountability go hand-in-hand when it comes to financial compliance, at every level of the organization, and are at the heart of dashboard analytics."
The SMCR is already very prescriptive in the sense that the FCA knows what it wants to see. Again, Ward: "The FCA wants firms to have an org map, which clearly shows who's responsible for what. It wants everyone assigned specific roles and responsibilities. And then firms have to certify that everyone is carrying out those roles and responsibilities. All of this on a frequent basis." What the regulator isn't prescriptive about, at least not yet, is anything like a specific requirement for dashboard-level reporting, but strongly implied in the SMCR are exactly the kinds of capabilities dashboards provide. "Managers need to have visibility of problems, of issues," continues Ward, "which is what dashboards offer. Managers then have to have training, and know what the compliance issues are that the dashboards surface and highlight, and then how to resolve them. We help out with part one, the visibility side of things."
Regulations calling for more accountability from financial firms and their senior managers are on the rise. In Australia, the SMCR's regulatory counterpart is the Banking Executive Accountability Regime, or BEAR. For right now, again, these kinds of regulations give structure, but not clear guidelines—or best practices—for how to achieve them, so the execution is up the individual firm. But this new level of accountability on display in the SMCR—this straighter line between lower-level misconduct and the ramifications for senior management—is likely not going away. "If managers think, we're accountable for all this, they should also be thinking: 'We need visibility on what the issues are. We need to know what we need to know.' Dashboards give this data visibility. Compliance dashboards tell them what they need to know."