SMCR: what happens if you get it wrong?

"Three colleagues meeting with one taking writing

Anyone in the regulated financial services industry is already familiar with the SMCR. They will have watched its evolution from the SMR, introduced into the banking sector in March 2016, its expansion into the insurance sector in December 2018, the arrival of the fully fledged SMCR in December 2019 with its application to all solo regulated firms, and some may even be aware that the evolutionary journey comes to an end in December 2020 when the SMCR is extended to benchmark administrators and claims management companies.

That said, how many of those wearyingly aware of the who, what, which, where, when, why, how of SMCR are equally alive to what can happen if the Conduct Rules which support the regime are broken, or, perhaps more worryingly, are thought to be broken by the FCA. What are the FCA policies and procedures that could lead to intervention and penalty, what might that penalty be, and against whom could it be imposed.

As in all things FCA the starting point is the Handbook and the Decision Procedure and Penalties Manual, DEPP as it is styled.

The overarching principle which drives decisions in relation to penalty is set out in the Introduction in DEPP 6, it is deterrence pure and simple. Deterring the person punished from doing it again, and thereby deterring others. For that reason penalties are designed, and intended, to be as severe as the circumstances of each case permits.

So what will the FCA look at when deciding whether or not to intervene? DEPP 6.2 sets this out in detail, but it distils to a few important issues.

Firstly, what is the overall assessment of the nature and seriousness of the suspected breach? That comes from a number of discrete issues which combine to give a sense of the overall level of delinquency. These include was the behaviour deliberate of reckless? What was its duration? Does it make a gain or avoid loss? Is the suspected breach evidence of systemic control and management deficiencies?

Second, what was the conduct of the regulated person or firm post discovery, was there a self-report, remediation, cooperation?

Third, what is the effect, if any, on consumers and/or the integrity of the market?

Fourth, what has been the FCA's assessment of similar situations in the past?

All of that is weighed in the balance and informs the decision whether or not to take action. Once that step is taken there is then  a second set of decisions to arrive at as to what that action should be, public censure or financial penalty, and, if it is to be a fine, a third decision making process, how much and against whom it will be imposed, the firm,  an individual, or both.

Significantly, one of the aspects of the policy of deterrence is that, as DEPP 6.2.4 makes clear, the FCA regards penalties against individuals as a crucial part of its delivery.

The process of determining whether there should be a financial penalty or public censure is set out in DEPP 6.4., and, unsurprisingly, a number of the issues surrounding the decision to take action reappear, including whether profit was made or loss avoided and post discovery behaviour. However there are additional considerations in this process such as previous disciplinary record and impact of any financial penalty on the person concerned including severe adverse effect on shareholders and damage to market confidence and/or stability.

If, following the DEPP 6.4 process, there is a determination to impose a financial penalty there is then the decision as to what the amount should be. The factors which govern that are set out in DEPP 6.5.

The policy which lies behind the determination of the level of fine is tri-partite, deterrence, disgorgement of any profit realised by the breach and punishment for wrong doing.

The process of determining the amount of any fine follows the stepped approach adopted by most regulators. The ones set out in DEPP 6.5, which apply equally to individuals and firms, are, firstly, disgorgement of profit. No matter what the outcomes of later steps may be this remains untouched. Second determine a figure which reflects the seriousness of the breach. Here the DEPP 6.1 criteria are again relevant. Third adjust upwards by reference to aggravating features, the nature and impact of the behaviour, and then adjust downwards by reference to any mitigating factors, regulatory history, post-discovery behaviour. Fourth add a deterrence effect to the amount determined by step three, and finally, fifth, apply any settlement discount.

There are hardship provisions in DEPP 6.5D which enables the penalty to be mitigated, but only where it is demonstrated by verifiable evidence that the proposed penalty will cause serious financial hardship.

To give some sense of what that means serious financial hardship for an individual is when payment of a fine would result annual income of less than £14,000 and a fall in capital to less than £16,000, and for a firm payment of the fine would threaten insolvency.

If that is not enough an individual may also be made the subject of a prohibition order or have their approval withdrawn.

In light of all this it is not difficult to see why SMCR enforcement may be viewed as draconian, but it does send a very clear message is that the only sensible thing to do is to get it right.


Our lawyers are experts in their fields. Through commentary and analysis, we give you insights into the pressures impacting business today.