Quite often in the realm of compliance, the discussion is focused primarily on the organization. What can the organization do to improve its compliance, what are the ramifications of poor compliance, etc.? Rarely does anyone discuss how compliance can impact the individual? The Senior Managers and Certification Regime (SMCR) introduced something known as the Duty of Responsibility for senior managers. The Duty of Responsibility affects senior managers directly as it allows regulatory bodies such as the Financial Conduct Authority to take direct action against a senior manager in the event of a compliance breach.Responsibility, and thus legal action, can be entirely imposed onto a senior manager if they are proven to have failed to take “reasonable steps” in preventing said breach.
The Duty ofResponsibility has been present for quite some time as it was part of theFinancial Services and Markets Act of 2000 and has been applied to senior managers of financial institutions since May 2016. Fortunately, the Duty ofResponsibility takes an innocent until-proven-guilty approach. Regulators must prove that senior managers failed to undergo the necessary and expected steps to prevent compliance failure that would be expected of someone of their status. Senior managers do not need to provide evidence that they regularly take reasonable steps. However, with so much on the line, senior managers maybe interested in how they can effectively take reasonable steps and prove they are doing so.
Reasonable Steps
The FinancialConduct Authority released a list of some factors that the organization will be looking into when determining whether a senior manager took reasonable steps, these include:
● The specific senior manager’s roles and responsibilities.
● What sort of systems and controls were put into place by the senior manager?
● The information available to the senior manager.
● Level of experience of the senior manager.
Action by a regulatory body such as the Financial Conduct Authority can be detrimental to both the individual and the organization as a whole. It is critical that senior managers are aware of current compliance issues and have controls in place to best protect themselves and their organization. To do this, senior managers should consider the following:
1. Understanding Current Compliance. Compliance obligations are always changing, it is pivotal for compliance managers to stay up to date with current compliance, especially to that which directly affects the senior manager and their specific responsibilities.
2. Effective Managing. The role of a manager is often to delegate roles and responsibilities to those around them. Senior managers must ensure that when they delegate roles and responsibilities it is to those who have the qualifications and competence to carryout the specified tasks effectively and efficiently.
3. Performance and Risk Reviews. Reviews should be conducted regularly to ensure that designated responsibilities and controls are done in the most productive manner. Regular performance review scan help determine whether individuals with specific responsibilities are capable of performing. In addition, reviewing set policies, procedures, and controls to ensure that they are up to date with current needs will greatly improve the ability to adapt to changing needs. This can reduce the likelihood of breaches and ultimately reduce the possibility of prosecution of the senior manager.
With the implementation of the Duty of Responsibility, much of the responsibility and thus the blame can be placed on the relevant senior manager. Ensuring effective compliance and controls has always been critical for the longevity of the organization but now it is more directly tied to the individual. Senior management must be completely aware of current compliance and regulatory obligations and must be prepared to designate roles and responsibilities accordingly throughout a dynamic business environment.