• GL
Choose your location?
  • Global Global
  • Australia
  • France
  • Germany
  • Ireland
  • Italy
  • Poland
  • Qatar
  • Spain
  • UAE
  • UK

Management Information and Foreseeability: A timely pre-SM&CR reminder

29 April 2019
We discuss SM&CR related takeaways from a recent Mark Steward speech, including questions Senior Managers should pose as part of implementing their SM&CR responsibilities.

In a recent speech, Director of Enforcement and Market Oversight at the FCA, Mark Steward, discussed a number of topics, including an update on recent enforcement cases and  how the FCA will conduct AML investigations. We discuss the AML aspects separately here.

For these purposes, we wanted to focus on potential takeaways for Senior Managers as part of their increased accountability arising from the Senior Managers and Certification Regime (SM&CR). Specifically, the speech identifies two key themes for Senior Managers to address as part of their SM&CR implementation project. These are:

  • The importance of avoiding foreseeable harm; and
  • Ensuring Senior Managers receive thorough, relevant and adequate Management Information (MI) in a timely manner.

Whilst neither will surprise anyone, the speech is a helpful reminder to Senior Managers to consider how best to address these and to recognise the FCA's determination to implement and (likely) enforce the new regime.

 

Cases

Mark Steward referenced a number of recently concluded investigations, including:

  • Tesco Bank: Fined £16,400,000 for failing to exercise due skill, care and diligence in protecting personal current account holders from a cyber-attack. Mark Steward stated that this incident was "wholly foreseeable" as there had been a specific warning about this type of cyber attack 12 months previous.
  • Carphone Warehouse: Fined £29,107,600 for mis-selling the 'Geek Squad' mobile phone insurance and technical support product. The FCA considered there to have been red flags arising from the number of complaints and cancellations about the 'Geek Squad' policy. This was, in effect, held to have been an implicit warning which made the particular breaches foreseeable. 

 

SM&CR Observations

This speech gave more than a brief nod to the SM&CR. Specifically, Mark Steward stated:

  • "In each of these cases, senior management was either invisible or lacking influence because there had been little or no escalation or management data was insufficient to alert senior management that problems had not only arisen, they were persisting without solution."
  • "While these cases involve conduct that predates the senior managers’ regime, these cases signal that in any assessment of ‘reasonable steps’, escalation and senior management sight lines over problems that are not being solved effectively will be an issue."

Evidently, the FCA is starting to set out how it will approach investigating Senior Managers in a SM&CR world. With this in mind, we advise each Senior Manager to ask:

  • Do I receive sufficient information to be confident that the processes I am responsible for are working as intended?
  • Are the staff I am responsible for sufficiently trained to recognise and report on potentially important and/or systemic issues? Are there the processes in place to do this effectively? Is the culture of the team such that issues would be raised and not disguised?
  • What systems and controls are in place to ensure information received has been properly acted on? For sufficiently important matters, are there, for example, multiple lines of defence in my area of responsibility?

For larger firms, there will be a hierarchy of managers. As a Senior Manager, you would want to satisfy yourself that lower and middle management are sufficiently trained to recognise and escalate systemic issues. Senior Managers will want to review the processes for passing information 'up the line'.

 

Conclusion

The warning is clear (and unsurprising) – a lack of MI and/or failure to prevent foreseeable harm may leave the Senior Manager(s), and as an extension, regulated firms, in significant trouble. What is of most interest is the FCA already foreshadowing how they may frame these investigations in a SM&CR world.

Accordingly, Senior Managers should take action now to ensure these points are covered as part of their SM&CR implementation project. They should also (out of self-interest) check their employment contracts and D&O policies to make ready to defend themselves in the event of FCA enforcement action.

 

If you would like to discuss the contents of this article or any aspect of your implementation of SM&CR, please contact Aaron Osborn.  

Further Reading

We use necessary cookies to make our site work. We'd also like to set analytics cookies that help us make improvements by measuring how you use the site. These will be set when you accept.

For more detailed information about the cookies we use, see our Cookies page.

Manage your cookies

Our use of cookies

We use necessary cookies to make our site work. We'd also like to set analytics cookies that help us make improvements by measuring how you use the site. These will be set when you accept.

For more detailed information about the cookies we use, see our Cookies page.

Necessary cookies

(Required)

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

These cookies are required

Tracking cookies

Anonymous cookies that help us understand the performance of our website and how we can improve the website experience for our users. Some of these may be set by third parties we trust, such as Google Analytics.

They may also be used to personalise your experience on our website by remembering your preferences and settings.

Marketing cookies

These cookies are used to improve and personalise your experience with our brands. We may use these cookies to show adverts for our products, or measure the performance of our adverts.