A Practitioner’s Guide to the Nuts and Bolts of SM&CR for the Hedge Fund Sector
Behavox ran one of its regular roundtables for the buyside compliance community and invited Vaughan Edwards, partner at Medius UK, to come and set out the key practical considerations for hedge funds and alternative asset managers as the new Senior Managers and Certification Regime (SM&CR) deadline approaches on 9th December 2019. Here is a potted summary of the key takeaways from this presentation.
How have we got to this?
The origins lie in the larger financial scandals that surrounded the financial crash of 2008. Top billing goes to characters like Sir Fred Goodwin at RBS, whose lack of ultimate responsibility for the train wreck at his own institution highlighted what Westminster regarded as the abject failure of the Approved Persons’ Regime (APER). A lot of companies got chunky enforcement fines; with very few exceptions (such as Peter Cummings at HBOS) no individuals received any sort of sanction. Many of those whose activity (or lack of it) was revealed as grossly negligent or unprofessional, are still very much at large in the market.
The nature of the APER regime did not provide for genuine individual responsibility. It engendered an environment where the buck could pause with one individual but then be shifted on almost interminably. Individuals could rely on claiming they did not have actual responsibility, and this opened up a blame culture that saw accountability shifted easily from their own department or purview.
SM&CR changes that quite considerably by removing the “room for manoeuvre” and creating a credible individual accountability regime. It is divided into three parts:
- Senior Managers: enhanced accountability for senior managers.
- Certification: firms assume full responsibility for initial and ongoing assessment of fitness and propriety of key employees.
- Conduct Rules: enhanced accountability for the vast majority of employees.
This regime is applied proportionately across three categories of firm: enhanced; core (most hedge funds); limited scope. While this is designed to ensure that the burden is heavier for higher risk firms, it can also mean that some individuals at smaller firms find themselves carrying a disproportionate amount of responsibility compared to their peers at much larger firms.
What has changed?
Senior Managers: the new approach replaces the Significant Influence Function (SIF) regime and crucially enhances it with Statements of Responsibility (SoRs) that set out the scope and nature of an individual’s responsibility. The Overall Responsibility concept means that Senior Managers must own ultimate responsibility for all the relevant activities of their firm.
Certification: this sees the regulator being removed as the clearing house for individuals who were approved persons. It puts the onus on the firm and its counterparty.
Conduct Rules: these replace the Principles for Approved Persons and bring in new specific individual conduct obligations for (a) senior managers and (b) all other employees, including those in temp/contract roles, i.e.they apply top to bottom with very few exceptions.
The application of the regime is at legal entity level, not just “compliance at group level”. The application also means that employees providing their services to the regulated firm through other unregulated group entities (“service companies”) will typically be caught. SM&CR applies to individuals responsible for managing one or more aspects of the firm’s regulated activities that involve a risk of serious consequences for the firm or the wider financial system. Most managers who were SIFs under the previous regime are in scope, but new entrants who were not necessarily caught prior to this in functions like HR, IT and Ops are now under potential scrutiny. Most SIFs are familiar with the previous Principles but less so with the detail that the new regime involves.
Senior Manager Function Categories for Core firms are as follows: SMF1 – CEO; SMF3 – Executive Director; SMF9 – Chairman; SMF16 – Compliance oversight; SMF17 – MLRO; SMF27 – Partner. There are six potentially relevant prescribed “core” responsibilities under the regime: performance of obligations under SM&CR; performance of obligations under the certification rules; performance of obligations in respect of notification and training of the Conduct Rules; responsibility for policies and procedures for countering the risk of furthering financial crime; responsibility for compliance with CASS; responsibility for an AFM’s assessments of value, independent director representation and acting in investors’ best interests.
Exposure like never before – beware the backwash of SORS
The SoRs map the prescribed responsibilities and additional responsibilities to individual senior managers and all applicable ones MUST be allocated. There is very little scope for sharing responsibility. The industry has been encouraged to err on the side of “less is more”, which roughly translates to fitting a statement onto one side of A4 paper. FCA recommends brevity and directness, without the attached detail. Its guidance on statements is generally clear and has plenty of examples of good and poor practice. One key issue is that the responsibility, if unallocated or it transpires that no one was responsible, flows back all the way to the top. CEOs beware!
A common concern relates to the need (or not) for job descriptions (JDs). The key consideration is that the JDs, while potentially useful, will need to remain compatible with the SoRs, thereby compounding the significant administrative burden that comes with the new regime.
Individual accountability in a “partnership” structure
These two do not exactly go hand in hand, and FCA’s statements around this issue are short and sweet. FCA recognises that there are very few true partnerships, and that senior, executive- type partners typically have more responsibility than junior partners (and, as stated earlier, FCA does not like responsibilities being shared or divided among partners).
It does beg the question of what the partnership concept really means at individual firms, and it forces an examination of the governance structure, who has influence, the right to vote, and genuinely provide challenge. Getting to grips with all these issues in the course of SM&CR implementation is certainly not an unhealthy exercise. In practice, partners focused on revenue generation are suddenly showing no desire to be SMF27s, and many people who demanded grand corporate titles are now shedding them quickly! In addition, many partnerships have important people who actually run the business but are not partners (any CCO and indeed most people typically sitting on executive committees are likely to be deemed senior managers). Most of the firms at this roundtable said that they are using the HMRC designation of “partner” to determine who is actually caught.
The maps are designed to clarify the regulatory governance arrangements at firms; they set out the responsibilities and reporting lines (up and down) at the firm for all senior managers. These reporting lines must include lines outside the local offices and take in matrix arrangements. These must be accurate and up-to-date at all times and all versions need to be maintained. They are only obligatory for enhanced firms but they do serve a useful purpose, and all firms should consider utilising some form of map.
The FCA has been keen to state its intent to use SM&CR as a supervisory rather than just an enforcement tool. Firms that maintain effective records of regulatory governance frameworks will impress supervisors and help CEOs evidence the effective discharge of their considerable responsibilities under the regime.
The really important stuff – “reasonable steps”
It is no longer enough to just be a good manager or supervisor, you must be able to evidence it. There is a duty or responsibility on you if something goes wrong, and the regulator may examine the evidence to establish what action a manager took to stop it happening in the first place, and/or to stop it continuing.
Managers need to embrace an enhanced awareness of when it might make sense to record ad hoc decisions formally. For example, a manager is about to get on a plane to NY and someone calls and asks if the desk should hedge a very big position. The manager says they should. She gets on the plane and flies to NY and gets out of the plane and discovers that the firm has incurred a major loss and people are denying her verbal instructions to put on the hedge. Is this sort of situation potentially material? Yes it is. Best to record these interactions in writing to cover yourself. This sort of discipline will work very well when dealing with people who, when faced with negative consequences for themselves, have a tendency to have a very different recollection of events when required to give their version of what happened to a regulator.
Outside these ad hoc interactions, the recordkeeping associated with good Board and senior executive governance arrangements should readily provide much of the evidence that directors and CEOs need. Much more attention is likely to be needed at the “functional layer” where there is less formality and little or no recordkeeping.
Reasonable Steps Framework (RSF)
Firms and Senior Managers that are genuinely invested in getting SM&CR right need to focus on developing strong RSFs. The SoRs lay out the key responsibilities, but the real question is how these are actually discharged in practice. Where tasks have been delegated, it is important that there is a record (a) of that delegation and (b) of its acknowledgment (“I acknowledge I am performing tasks X, Y and Z”). Effective oversight of those delegated tasks can be best evidenced through a combination of good management information (MI), and sufficiently regular interaction with the delegates. The MI should be referenced at those meetings and it is suggested that the ongoing oversight can be evidenced through good action-tracking (as opposed to the need for minuted meetings). This RSF action-tracking can then be complemented with records of any key decisions arising from those inevitable, non-routine (corridors, restaurants, conferences, airplanes etc) interactions referred to above.
Regulators have defined the scope here as any individual “who could pose a risk of significant harm to the firm or its customers”. The obligation is now on the firm and not the FCA to certify that the individual is fit, proper and competent for their role on an annual basis. While it is similar in nature to the Approved Persons Regime, it is wider in scope and designed to capture more individuals such as those engaged in key risk and control functions. The 30-day exemption remains similar in that an individual who is based outside the UK and spends no more than 30 days in the UK in a 12-month period, is exempt if properly supervised. Individuals who are senior managers under the new regime do not typically need to be certified but can be captured if they perform activities outside the scope of their SMF.
The new system is designed to stop bad apples rolling around from firm to firm as their conduct is uncovered and they simply move on. The regulatory reference now requires more than a simple confirmation that someone worked at a certain place from this date to that date, and Conduct Rule breaches must be disclosed. It requires a communal approach and places a much greater reliance on relationships with other firms.
The new Conduct Rules are designed to encourage individuals to accept greater responsibility, and they replace (albeit in name, not in substance) the Statements of Principle for Approved Persons. They are divided into the Conduct Rules for Senior Managers and those for all other staff. The latter covers all employees (temporary as well as permanent) except for some ancillary staff (eg catering, security). FCA’s guidance states that chauffeurs and print room staff are not covered, which seems an oversight, as both are often exposed to very sensitive information (print room staff have been historically enforced against for using inside information they have seen relating to unannounced M&A deals). Should drivers, personal assistants etc be covered? This is a call each firm must make themselves based on their own risk appetites, but there seems to be very little downside to erring on the safe side and including everyone.
The five Conduct Rules apply to all, and if they are not adhered to by an individual, there is an obligation to report any Conduct Rule breaches to the FCA (immediately in the case of Senior Managers). They are very high level and reflect the FCA’s Principles (“integrity”, “treating customers fairly”, etc). Conduct Rule breaches can be expected to be career-limiting once the regulated firm that an individual is hoping to move to gets notified of them. It is essential that firms apply their approach to this with great care and, more importantly, with total consistency. The potential for individuals to take their own legal action against a firm for inconsistent application of the Conduct Rules is significant.
Tips on implementation and market practice
- Experience of SM&CR since 2016 suggests that people being asked to sign up as Senior Managers can have differing reactions. The two ends of the spectrum include those who understand and accept the responsibilities inherent in their role, through to those who seek to deny the responsibilities clearly implied by their job titles (and compensation!) and demand their own lawyer to resolve the issue.
- The substance of what goes into a typical SoR should not take up more than one side of A4.
- Some firms have job descriptions for their senior executives and wish to maintain them alongside the SoRs. In such cases, it is very important that both documents are regularly reconciled to avoid any inconsistencies.
How is implementing it? Some firms and people have to be literally dragged through the process but once they start, they generally get into the swing of it. It can help to get buy-in from one core person who champions the process and drives it.