As firms and their workforces continue to adapt to largely unanticipated risks and challenges, as well as new ways of working, the spotlight has been put on Financial Services firms’ leadership and, in particular, the individuals performing Senior Management Functions (SMFs).
The Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA) have confirmed that while they do not require firms to have a single Senior Manager responsible for their COVID-19 response, these responsibilities should be allocated in the way which best enables them to manage the risks they face. Furthermore, the regulators highlight that there are existing, relevant responsibilities specified in the regime. For example SMF24 for operational resilience and SMF2 for financial resilience. (Links to guidance: Joint FCA and PRA statement on SMCR for dual-regulated firms and FCA's statement on SMCR for solo-regulated firms)
Both the FCA and the PRA are taking steps to alleviate certain compliance pressures on firms, however, the duties and obligations on SMFs will not change. SMFs will still be subject to the Conduct Rules and are required to take reasonable steps to ensure effective control. However, in these extraordinary circumstances, the regulators’ expectations of what is reasonable may change, and SMFs may have to adapt the steps they take to discharge their responsibilities. During this period of change and uncertainty, it is vital that SMFs continue to document their decisions and actions, escalate issues and push to receive accurate information in a sufficiently timely manner.
As what is “reasonable” is subject to change, in any given scenario there is unlikely to be a single “right answer”; rather there could be a number of different decisions that could be considered to fall within a “zone of reasonableness”. It is, however, crucial that SMFs document clearly and comprehensively the rationale for decisions taken and the governance process applied to them. This is particularly pertinent given the current pace of decisions having to be made.
In the current environment, it is likely that Senior Management will be required to make material decisions promptly and possibly without complete information or a guiding precedent. To avoid harm both to customers and to the business itself, it is important that businesses continue to function and that key decisions are not delayed. Importantly, the FCA’s Handbook (COCON 3.1) states that the FCA will take into account “whether they [SMFs] exercised reasonable care when considering the information available to them”.
The pace of change requires SMFs to consider constantly, and regularly reflect on, whether governance arrangements and the control environment remain appropriate. Aligned to this, SMFs will have to consider what their risk appetite is in this area. For example, are there policies that are designed to ensure compliance with regulation that need to be updated to enable individuals to work from home?
Key questions that SMFs may wish to consider during this period include:
- How have consumers and/or the product set been impacted in the context of your business?
- Have consumers become vulnerable in new ways? Are you confident that you have identified all the ways your customers will be impacted?
- What additional measures have you/the firm put in place to support affected consumers, specifically, vulnerable customers, and are these sufficient relative to the risks and challenges being created by the crisis?
- What communications have/are you planning to put in place and will they be easily understood by your customers?
- What level of staff absence will impact front line services and key functions? Are there enough contingency resources available to support during this time?
- Is the current control environment appropriate and within appetite? If not what changes are required?
- Do you need to take action to enhance the firm’s financial or operational resilience? How is stress testing being used to assess this?
- Do the firm’s Capital Plans, Contingency Funding Plans, Business Continuity Plans and Recovery Plans remain appropriate across a range of possible scenarios?
- How are key third-party providers adapting to the changing circumstances, what are their contingency plans and how are you able to assess their on-going financial and operational resilience?
- Are there any regulatory requirements which current circumstances are making it difficult to comply with? If so, has the problem been appropriately escalated within the firm’s governance structure? Has responsibility been clearly allocated and have adequate mitigating actions, with supporting monitoring arrangements, been taken? Is the risk to consumers, markets and/or the business of such seriousness that the regulators need to be informed (for example challenges around call recording)?
Above all, it is vital that businesses continue to monitor outcomes, as although methodologies and processes may change, the outcomes that the regulator expects have not.
In these uncertain times, the underlying expectations on SMFs remain constant. SMFs should continue to focus on ensuring the areas of the business for which they are responsible are controlled effectively and work closely with fellow SMFs to ensure appropriate coverage. In order to demonstrate reasonable steps, it is important to emphasise that SMFs need to ensure that decisions, rationale and actions are clearly documented and escalation procedures are clear, effective and followed.