In this section we are going to examine what are those proactive steps that individuals need to take when first becoming an SMF holder, in order to fulfil their regulatory responsibilities. We advise SMF holders on taking up a new SMF role to conduct a robust initial assessment of the risk management framework as it applies to their area of business within two months of coming into the role. Now, when you read through the rules, you won’t find anywhere an explanation of the steps that you should take on coming into the role. But it is clear from case law and from reading between the lines of the Conduct Rules that these steps are necessary. Remember, you are required to take reasonable steps in relation to your area of the business to make sure that it’s controlled effectively, that it complies with regulative requirements and that delegation is to appropriate individuals with effective oversight.
So when you first take on a new role, what are those steps you should take to ensure that you fulfil these duties? So the first point of course, is to make sure that you are confident that you understand your area of responsibility. So to go back to your statement of responsibility and identify specifically what business of the firm you are responsible for? Once you establish that, then it is a learning exercise. Make sure that people are able to tell you clearly how the risk management framework is designed to work in relation to your area of the business. How are risks identified? How are they assessed? How are they managed in practice? How do the systems and controls in place attach to the relevant risks in relation to your area of the business?
The third stage is to really test that risk management framework. It is not good enough to say, “Yes, I understood it”, you need to make sure it is robust, that it’s designed effectively and working effectively. You should talk to your predecessor in the role. Understand how the risk management framework had been working previously. How are issues identified? And then you need to talk to other colleagues to say, “Where have problems occurred and has the risk management framework responded in the way that it was meant to?”
Fourthly, if there are areas where you feel that the framework is not as strong as it ought to be, you need to make sure that those are remedied. It is very, very important to be able to show that if there are weaknesses, these are addressed properly.
And then finally, and this is a really important step, keep a record of the steps that you have taken, because it may be two or three years down the line when a problem occurs and the question will come, “What steps did you take to make sure that this risk was managed effectively?” And so, if you have filed the steps that you took, you will be able to respond easily and in a persuasive way to the regulator when they come knocking on your door.
So those are the steps that any individual should take when they assume a new SMF role. They are required to take them within a reasonable period, which is normally construed as approximately two months.
We explain the proactive steps you need to take when you first become an SMF holder in order to fulfil your new regulatory responsibilities.
Under the new regime, there is still no single place that Senior Managers can look and understand exactly what’s expected of them. To help, we have produced a survival guide which sets out your key areas of risk and most importantly, the practical steps you need to take to comply with your regulatory obligations.
Deputy Global Head of Litigation & Corporate Risk, and Co-head of the Investigations, Financial Regulation and White Collar practice group. Specialises in complex regulatory issues for…View Nathan Willmott's full profile