Senior Managers & Certification Regime ("SMCR"): Financial Crime and CASS
The SMCR is now the fertile ground from which CASS and Financial Crime should be considered. As the FCA themselves put it: the SMCR aims to reduce harm to consumers and strengthen market integrity by creating a system that enables firms and regulators to hold people to account. This article looks at how.
The SMCR breaks down firms into Enhanced, Core or Limited Scope. It delineates the Senior Managers' Regime, a Certification Regime, a Public Directory and Conduct Rules. Senior Managers have to submit Criminal Record checks, are subject to Senior Management Functions (SMFs), a Statement of Responsibilities (SoRs) and Prescribed Responsibilities (PRs). Most importantly here, a Senior Manager must assume a PR in respect of combatting Financial Crime and in respect of compliance with CASS. Below the Senior Managers sit those in the Certification Regime whose jobs mean that they have significant impact on customers, the firm or market integrity. The Conduct Rules apply to most staff at Tier 1 and even more so at a higher Tier 2 level for Senior Managers. Notification obligations are strict for Senior Managers in respect of disciplinary matters.
Every firm handling insurance money, as agent of the client or the insurer, has obligations under CASS. Under SMCR, each firm must now have at least one Senior Manager with formally PR for CASS. Those Senior Managers must take ‘reasonable steps’ to ensure that their firm protects client money in compliance with CASS. If they do not, then they will be held personally accountable for any failures and can expect hefty personal fines such as that imposed upon Mr Radford at One Call in 2018.
The Radford/One Call case predated SMCR but the language used by the FCA in its rulings is identical to that within in SMCR. The FCA held that Mr Radford failed to take ‘reasonable steps’ to:
- inform himself of the relevant (CASS) regulatory requirements applicable to his firm;
- properly assess the basis on which it held client money; and
- ensure that effective risk transfer was in place with insurers.
No One Call client or insurer actually lost money. However, there was a significant risk that they could have lost money and that was sufficient for the FCA to impose a fine on Mr Radford of £468,600 (after discount). One Call also received a fine of £684,000 plus a restriction on its business that was expected to cost it a further £4.7m.
Senior Managers must not underestimate the potential for significant corporate and personal fines for CASS failures under SMCR. The message is abundantly clear: if you are a Senior Manager with a PR for CASS then you need to take ‘reasonable steps’ to ensure that your firm protects client money and complies with CASS. These steps need to be well documented in order that they can be clearly evidenced as having been taken at the relevant time.
There are clearly many detailed steps that need to be taken but the case of Mr Radford helps to highlight two that are absolutely fundamental.
- 1. To obtain an understanding of the CASS regulatory requirements applicable to the firm, the Senior Manager requires a comprehensive and up to date CASS Rule Mapping. This detailed mapping needs to identify: each CASS rule that is relevant to the firm; the risks specific to that firm which could lead to it breaching those rules; and the key controls put in place to address those risks and prevent /detect any breaches. The CASS Rules Mapping is already a requirement under the FRC’s Client Asset Assurance Standard. Therefore, your external CASS auditor should be requesting this mapping for review as part of their annual CASS audit process. (If they are not doing this, you should probably consider if they are fit and proper to produce your Client Asset Report.)
- 2. To obtain, and evidence, an adequate assessment of the basis upon which a firm is holding client money and its position on effective risk transfer, the Senior Manager requires a documented review of client money and CASS relevant terms for all insurer TOBAs and binding authorities: This is normally documented within an insurer TOBA/Binder register. It is particularly critical for those brokers and agents that operate without client money permission, as such firms require 100% effective risk transfer with every insurer to avoid a significant CASS breach.
Any Senior Manager with a PR for CASS who has not yet taken these two reasonable and fundamental steps is likely to be running a high risk of significant CASS breaches. Their accountability is now explicit under SMCR, and they could be open to substantial personal fines.
Financial Crime is any kind of criminal conduct relating to money or financial markets involving: fraud/dishonesty; misuse or misconduct of information; handling the proceeds of Crime and the financing of Terrorism. The responsibility assigned to a Senior Manager under FCA Handbook concerns the risk that his/her firm might be used to further Financial Crime. The SMCR means that there is nowhere to hide especially for a Senior Manager. The FCA's Financial Crime Guide is a useful (but not the only) source of material as to Financial Crime as well as portraying the good and bad practices. The only way that a firm can satisfy itself and the FCA about its good standing in respect of Financial Crime is to conduct a full Risk Assessment concerning Crime, bribery and corruption. There is no substitute for hard work which will (unless already done) mean reviewing: policies and procedures relating inter alia to Whistle Blowing; anti-Money Laundering Regulations and relevant SYSC provisions; selection of appropriate persons for roles; areas for improvement; audit reports; due diligence and data security - among others.
The FSA (as it then was) has, some years ago, already pursued larger insurance brokers in respect of payments to overseas third parties and separately breach of data security issues. There is no doubt that issues relating to Financial Crime will continue to emerge and pursuant to SMCR individual Senior Managers may be on the receiving end of personal financial and other punishment.
Looking to the future
Against the backdrop of the SMCR, the FCA may now pursue, for example, smaller and middle-sized insurance brokers in respect of CASS issues concerning insurance transaction money. Likewise, issues of potential Financial Crime in respect of different sized firms will continue to trouble markets and regulators alike. The writing is on the wall. Firms that take advice from the lawyers and accountants will protect themselves in the long-term.
Chris Burr BSc ACA is founder of Broad Reach Partnership Ltd and an experienced consultant who specialises in supporting brokers on client money protection and CASS Compliance. Contact: Tel. +44(0)7876 417146