The first blog in this series, on 29 November, looked at some quiet revolutions that SMCR is beginning to drive. This one starts to look at how SMCR sometimes struggle to capture horizontal functions.
There’s a decent argument to be made that SMCR was conceived to fix problems in a world that’s no longer with us. If so, it would be scarcely a surprise. The crisis that spawned it was a decade ago, and the Parliamentary Commission that recommended it reported over five years back.
So it’s certainly worth exploring what has changed since 2008, and examining how flexible SMCR might be in dealing with any new challenges the intervening years have thrown up.
Over the decade or so leading up to the crisis, as the impact of globalization mushroomed and the big banks merged with and acquired each other, matrix management became increasingly complex. As a result, within the FSA, the old principle of “four eyes” (i.e. two people overseeing a firm's business) became diluted, so that, especially for the major banks, it no longer had to be the same two people. Different pairs of people were therefore able to take responsibility for different functions.
This may have reflected reality and improved executives’ understanding of the individual business lines, but it also harmed the ability of management, and by extension regulators, to grasp the bank’s overall business, and its risks, in the round. Silos became deeper and ultimate accountability became more diffuse.
It is this complexity of matrix management – shared responsibility that, too often, ultimately led to minimal accountability - that SMCR targets. This was seen as the core reason why the FSA wasn’t able, other than in a few cases, to take action against senior executives. Whether or not this is the right diagnosis, and SMCR the best solution, we’ll probably never know; time has moved on and other reforms have already changed the landscape.
However, it is clear, in line with the original diagnosis, that SMCR: (1) takes a predominantly vertical view of structure; (2) has a prejudice towards simpler reporting; and (3) focuses much more explicitly on legal entity (solo) level accountability and governance rather than that at group (consolidated) level.
The first of these characteristics, means that SMCR can struggle to capture adequately a firm’s horizontal functions. This is perhaps most evident around technology, which is unfortunate given it's now so critical to many firms. Also data policy, which is emerging as another important horizontal function as the prerequisites for the effective Regtech become clearer. More “analogue” era functions, like complaints’ handling, also qualify as important functions that need horizontal coordination across silos.
Meanwhile, for a variety of reasons, some which pre-date the crisis, it may be that the coordination between horizontal functions, notably the Compliance, Risk and Internal Audit, may have become harder rather than easier.
How SMCR helps or hinders firms with these challenges will depend on how they have implemented it and how they have integrated it with their existing culture.
More on this this next time...
Ten years on from the crisis, there is no question that we saw behaviour in the past which was well below what we should expect. The regulatory regime did not create the correct incentives – emphasising individual culpability rather than the responsibility of senior people for the firm’s activities as a whole. A defence that the individual did not personally make a bad loan or mis-sell a product is not good enough. We are now implementing the new Senior Managers and Certification Regime across our landscape, extending it out from banks. This is a very important change.