Certification - Good and poor practice seen in banks

Transcription

1 Certification - Good and poor practice seen in banks TISA SM&CR Certification starts sooner than you think 29 January 2019 Max Lewis, Director, KPMG

2 SMCR Background & context June 2013: Parliamentary Commission on Banking Standards June 2015: Fair and Effective Markets Review (FEMR) October 2015: HM Treasury Paper announcing extension of SMCR to all FSMA-authorised persons Implementation of SMCR extension to all FSMA-authorised persons (approximately 60,000 firms) Banking Reform Act March 2016: SMCR implemented for banks, building societies, credit unions, PRA investment banks and branches 2019 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 2 Document Classification: KPMG Public

3 Certification A reminder of the requirements Certification covers specific functions that aren t Senior Management Functions, but can have a significant impact on customers, the firm and/or market integrity. The FCA does not approve these people, but firms will need to check and confirm (certify) at least once a year that these people remain suitable to do their job. This means that if a role meets the definition of a Certification Function, a firm needs to make sure that anyone doing that role has been certified and issued with a certificate. A firm must annually satisfy itself that all Certified Persons are fit and proper (F&P) to perform their role having regard to: Qualifications Training Competencies directly relevant to their role Personal characteristics Those in the Certification Regime will be subject to enhanced background checking and the firm will be required to request a regulatory reference from the candidate s past employer(s) covering their previous six years employment history. Firms should consider how they will manage individuals through the certification assessment on an annual basis and consider leveraging systems andprocesses KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 3

4 SMCR 2+ years on What are we seeing at the banks? 2. Use of Systems / Technology Lack of innovation in firms approach to managing SMCR and inadequate use of systems / technology. Reliance on manual processes and controls to manage and maintain large populations. 1. Accountabilities Statements of Responsibilities that do not clearly explain an individual s role and accountability. Gaps in allocation of responsibility, or duplication of ownership and shared responsibilities that are not defined effectively. 3. Conduct rule training Lack of engaging training for individuals as to what the implication of applying the SMCR Conduct Rules means to them. Insufficient use of tailored scenarios to bring training to life. 4. Certification challenges Firms that have struggled to operate an effective Certification Regime as their process controls are often not suitably robust, leading to issues/failures. 5. SMCR operating model Often unclear who is responsible for compliance and operational effectiveness of the regime in BAU (commonly across HR and compliance). Insufficient resource allocated to the on-going management of the regime KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 4 Document Classification: KPMG Public

5 Bank certification regimes Industry observations Lagging practice Leading practice. Reliance on manual inputs and process Innovation / use of integrated systems & tech Siloed functions & behaviours Close collaboration & effective communication Lack of training and awareness for BAU process owners Lack of defined or agreed process ownership Engaging and well understood learning & development Documented operating procedures & formalised accountability Normalised breaches; 2nd line over-reliance Effective, applied, front line-owned controls 2019 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. 5

6 Thank you

7 The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.