The Senior Managers and Certification Regimes ("SMR") and new Conduct Rule requirements are high on the agenda for many of our clients' Audit Committees following their landing earlier this year. The changes, impacting banks, building societies, credit unions and designated investment firms, are designed to improve professional standards and culture. They have led to a flurry of activity across the sector in changing and implementing policies and processes to enable compliance.

Impacted firms should now have allocated individuals to the new Senior Manager roles, and should have clearly documented each Senior Manager's responsibilities and accountabilities, including the allocation of the 'prescribed responsibilities' as set out by the regulators. Amongst those prescribed responsibilities are responsibilities for the firm's obligations under the SMR. The Senior Manager with such responsibilities needs to demonstrate they have taken 'reasonable steps' in discharging these.

We are supporting a number of our clients who have chosen to conduct a post implementation internal audit of SMR implementation. These reviews assist the firm and the accountable Senior Manager: challenge what has been done to comply with the new regimes; provide an independent expert assessment of alignment with regulatory requirements; and, provide a roadmap for remediation of any issues or inefficiencies.

Listed below are the key focus areas which are typically scoped into a post implementation internal audit:

  • Governance framework – all firms were required to produce and submit key regulatory documentation ahead of commencement. An internal audit should review the Management Responsibilities Map ("MRM") and the individual Statements of Responsibilities ("SoR") for accuracy and alignment with the actual governance framework in place at the firm.
  • Record keeping – for Senior Managers, record keeping will become increasingly important in helping to evidence that they took reasonable steps in managing their areas of responsibility. Firms should consider using internal audit reviews to test the procedures and systems used to store essential documents including all iterations of the MRM, the individual SoRs, as well as key meeting minutes and materials.
  • Conduct Rules training – Senior Managers and Certification staff must now have been trained in the new Conduct Rules and how they apply to them. An internal audit should review the content, delivery and completeness of this training. In testing completeness, consideration should be given to whether the initial Certification population was correctly identified in line with regulatory requirements as well as determining whether new joiners continue to be trained appropriately following commencement.
  • Conduct Rules breaches – firms are now required to record Conduct Rule breaches. An internal audit should review the Conduct Rule framework and assess how a firm communicates what a Conduct Rule breach is, the effectiveness of the mechanisms in place to identify, assess and report on these, and the visibility Senior Managers and key governance forums have on any breaches or suspected breaches across the firm.
  • Certification employees – whilst firms do not need to issue certificates for existing staff until 2017, the new regulations require firms to have in place a system to identify new joiners as certified and assess their fitness and propriety from now. An internal audit should assess these processes and help inform the design of the infrastructure needed to issue certificates.
  • Handover arrangements – firms are required to establish a formal Handover Policy setting out how the firm manages the transition between incoming and outgoing Senior Managers. An internal audit should review the policy and related on-boarding arrangements for compliance with relevant regulations. Also, where any handover has taken place the audit should include an assessment of whether the policy was complied with in practice.

Beyond any post-implementation review work, Internal Audit functions should now be considering how SMR impacts the forward audit plan. Implementation of SMR is relevant to almost all internal audits on impacted entities, and going forward, the MRMs and SORs will be a vital information input to the assessment of the effectiveness of governance and management arrangements. 

Deloitte has supported a range of clients to develop, design and deliver the changes needed to comply with SMR. As a result, our subject matter specialists are well placed to assist internal audit functions assess the design and effectiveness of compliance arrangements for the new regulatory requirements.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.