SMCR Conduct Rules: are you meeting the standards?
Over the past few weeks and months, there have been several reminders of the importance that firms ensure their SMCR Conduct Rules awareness is up to speed and that senior management are taking due consideration of the requirements around both financial and non-financial misconduct. Below we set out a summary of some timely reminders of the consequences of failing to do so:
The Chief Financial Officer of Prudential recently resigned following an internal conduct probe relating to a ‘recruitment situation’. Further information on what this ‘recruitment situation’ was hasn’t been revealed, but it is telling that someone of a high stature in a reputable firm (who prior to being CFO was the risk and compliance officer) would fall short of conduct requirements you’d expect to be second nature given his knowledge and experience. This goes to show firms shouldn’t assume their staff (including senior management) have the necessary awareness and understanding of the conduct requirements, without ensuring regular and comprehensive training and monitoring is undertaken. Firms must remain mindful and vigilant that the SMCR Conduct Rules are fully integrated into their corporate culture and that expectations set of senior management fully adheres to the FCA’s expectations in this area, in terms of both financial and non-financial conduct.
The PRA recently fined the Chief Information Officer of TSB Bank £81,620 for breaching PRA Senior Manager Conduct Rule 2 by failing to ensure compliance with the relevant requirements and standards of the regulatory system. Problems arose after the individual gave assurance to the TSB board that its third-party supplier for an IT migration outsourcing process was fully prepared, before obtaining proper assurance from the provider that it was ready to undertake the migration process. As was well reported at the time, the process did not go to plan which led to widespread disruption to all branches, online and telephone banking services and payment service failures. Along with causing reputational damage, this led to a joint financial penalty of £48,650,000 being imposed by the FCA and PRA. The individual ultimately failed to take adequate steps to ensure the operational resilience of TSB, something that as SMF18 holder he was responsible for (IT business continuity planning).
Any issues that arise from the inadequate oversight and management of a third-party supplier will ultimately fall at the door of senior management of the outsourcing firm. Tellingly, the PRA focused on the individual’s Statement of Responsibility here, which further emphasises the importance of individual integrity as well as corporate culture when adhering to SMCR Conduct Rules.
If you think you could do with brushing up on the SMCR Conduct Rules, have any questions about it or feel that an SMCR training session would be beneficial, ComplyCraft would be happy to help. Please get in touch.