Name: The Future of Individual Accountability: What to Expect in 2026 and Beyond
Uploaded: 2026-01-20T11:54:04.775Z
Duration: 38 min 8 s
Description: The Future of Individual Accountability: What to Expect in 2026 and Beyond

Transcript for "The Future of Individual Accountability: What to Expect in 2026 and Beyond": Light webinar on the future of individual accountability. What to expect in 2026 and beyond. I'm Max Williams, Strategy Head at Traillight and I'll be moderating today's event. Thank you all for joining on. I've got a few brief housekeeping points to mention before we dive in. Taking questions from the Q and A section with your submitted questions and we'll attempt to cover these throughout today's session. Failing that, we'll be in touch to follow-up on your questions. In addition, a recording of this event is going to be made available. So please do encourage any of your colleagues to take a look and or get in touch with us. I'm very pleased to be joined by our guest speaker, Dirk Young and Jackie Morcombe for today's session, both of which will introduce themselves in a moment. Before we do that, allow me to set the scene and the purpose of today's webinar. Regulatory accountability has come a long way since 2008, especially within The UK. And since the Mansion House speech of last year, the spotlight has turned to reform of the SMCR regime. And we've had consultation periods and we've had submissions and we're expecting phase one and phase two with legislative changes to the regime. Undoubtedly though, this spells uncertainty about what to expect, how to prepare and importantly how to ensure strong accountability within a regulatory setting, both now and under a new less prescriptive regime. Many of the practitioners we speak to are keen to seek clarity, understanding and informed advice and I hope this session will shed some light on those issues. Outside of the webinar I'd encourage you to reach out to us if you'd like more focused advice on managing your accountability framework both in The UK and further afield. So for those of you new to trail license comply, let's put some context on who we are and who we serve. With that in mind I'm going to hand over here to Jackie Morecambe to introduce herself if I could and then on to our guest speaker Dirk Young. Jackie? Thank you Max and hi everyone. So I'm Jackie Mokham, I'm SVP here at Comply. I'm responsible for our international expansion so I work with our customers and firms that are evaluating COMPLY for compliance transformation. For those of you that are not familiar with COMPLY and Traillight, we're a global provider of technology consulting services and education to financial institutions focused on compliance. We have approximately 400 employees across EMEA, UK, US and APAC. And that also includes Traillight business through our recent acquisition. And within the context of SMCR specifically, we have 5,000 clients that comply, and around 100 of those are leveraging the Comply Trail Lite technologies for managing their SMCR regimes. So very well placed to provide a technology spin on things, and of course delighted to be joined by Dirk. So over to you, Dirk. Thanks, Jackie. Thanks, Max. Hi, everyone. My name is Dirk Young. I'm the head of SMCR and conduct oversight at Jupiter Asset Management. I'm honored to be coming to talk to you about SMCR and broader things. I'm one of those rare people that finds this very interesting and exciting and value adding to what we do. So you know what bucket to put me in there. I think just as background before Jupiter, I've been at Jupiter since January 2018. Before Jupiter I ran the, I was the account executive for SMCR at Barclays globally and before SMCR in 2015, I was head of central compliance at Barclays and have done a myriad of different compliance roles. So hopefully some of the stuff that we talk about will be useful to all of you. Like Max says, if there are any questions or you want to reach out to any of us, do that. And I'm happy to do that from a Jupiter perspective as well. Thank you both for your introductions. A wealth of experience there, Dirk, across a range of different regulated entities, I guess, which we can sort of draw upon as we go into this. So let's dive into the key issues here, shall we? I'd like to kick off with an update of the latest developments in the regime, Dirk, and given your focus on SMCR currently as an enhanced asset manager, Can you lay out please for our audience the important issues being considered in phase one, phase two and any important timings which we should be aware of? Yeah sure, thanks Max. I'll try and keep it fairly light because I won't go in huge amounts of detail into phase one because we'll lose the audience before minute six. Post But the Mansion House speech and going back to the Edinburgh reforms, everyone's been looking at how do we make some changes to the SMCR regime, obviously maintain all of those things that make sense and are value adding in a good way of managing and mitigating the different risks that we all run post 2008. But have we gone a bit too far? Are there some administrational and operational elements that we all spend a lot of time on that can be either amended, enhanced or in some cases abolished completely. So we all went through the consultation process. You all would have responded either through your own firms or through industry associations or through other third party firms as to some of the measures that were being introduced. I think overall when the FCA and the PRA went out, a lot of the industry were basically saying it was overly burdensome and there were some changes and effectively some simplicity and proportionality that could brought to the regime. So where are we at the moment? We've gone through obviously the consultations, the regulators have come back and suggested effectively the reforms to take place in two key phases. And I think it's probably just worth pausing on that and sort of explaining what the differences are. So as a lot of you will know, regulation generally is driven from the legislative process. So there's different levels of effectively first law and then rules and regulations that apply. So a lot of the stuff that is proposed in phase two will need to go through a change from Her Majesty's Treasury or His Majesty's Treasury around different elements as to giving the regulators the power to be more proportionate around different elements. So it's not just a simple change from a regulatory perspective for phase two, there'll need to be changes more broadly and that will need to go through Parliament and we need to wait for when there is time in Parliament to assess all of these items. So within phase one, just touching on your point there, Matt, phase one has brought in a number of different elements that the regulator is looking at. It's looking at making changes to the twelve week rule, some changes to criminal checks, some changes to the SMS seven, the group entity senior manager for those people on the call for the overseas jurisdictions. Some changes and tweaks to how we deal with statements of responsibility and MRMs and the frequency by which we have to do that through any changes in responsibilities we give to the regulators. Certification has been looked at more broadly and been looked at in the vein that we can make some serious changes to certification. Our chancellor mentioned in the mansion house speech last year that we're looking to abolish certification. Just to add some more qualifying comments to that, what that doesn't mean is that we'll abolish it and replace it with nothing I'm afraid. So we'll abolish it as stands today post parliament having decreed that that's what we can do and then there'll be a process and a consultation that the FCNPRA will go through to determine what the right approach is to ensure that key regulatory individuals at our firms remain fit and proper to undertake their roles. There's some changes suggested through regulatory referencing, some stuff around the allocation of prescribed responsibilities, there's a bit around the conduct rules and what we need to notify and report on. But just touching on some of the key changes to phase two, we've talked around the certification regime, conduct rule reporting, removing some roles, looking at the approvals on how long those roles will take to approve. As we all know, sometimes the regulators do take a substantial amount of time to approve the applications that are being sent in and simplify key elements like allocation of responsibilities and the generation and submission of management responsibility maps. Those have all been looked at and are being reviewed. The consultation process is complete as such and the regulators are looking at the responses we've all given in relation to that. The dates that we've been provided by the regulator is a very sort of mid twenty twenty six, so your guess is as good as mine exactly when that will be. I guess it'll be around the summer when we all are planning to go off and have our summer breaks. Mid twenty twenty six is when we're expecting to hear back from the regulator through the consultation provided by the industry back to the regulators. Thanks, Dirk. And there's lots of different moving parts in there which people will be and have been mulling over for a while to try and assess the timings of it, the priorities and things like that. Can you just outline for people fundamentally what is not changing here and what people are going to have to continue to consider? Yeah, look, mean, touched on it slightly, the key element of having a group of individuals that are senior in all of our organisations, whether they be termed as different categories within certification, whether they're senior managers, whether they're board members, whatever it might be, there'll be a group of individuals that make key decisions, material risk takers as an example as well. We are going to need to continue to ensure those individuals are fit and proper. We are going to need to continue to ensure relevant checks are taken on a periodic basis, both independently as well as internally within firms. We're going to need to make sure assessments continue to take place in the timelines that the regulators have put out to all of us? So ensuring fitness and propriety for that population will not change and we still need to continue to track that and stay on top of that. I think as a whole, senior manager, there'll be tweaks around the senior manager regime, but lots of people including the previous governor of the Bank of England have talked about the good things that particularly the SM elements have brought in the concept of reasonable steps, the concept of people understanding what their responsibilities are, clear differentiating responsibilities, so there's no finger pointing to say our thought was her responsibility or his responsibility. That's been clear. There will still be a need, particularly for the enhanced and larger firms around some form of management responsibility map and understand how those are allocated and when there are changes in relation to that, we will still need to track a handover process as in a very formal way and as part of that application process. So I think within the senior manager regime, there aren't huge amounts of material changes that are being suggested through the consultation. There are some enhancements and some proportionality and some easier ways of navigating that, such as being able to allocate a prescribed responsibility to an SMF18 which you haven't been able to do up to this point. But as a whole and as a concept, we'll still need to do everything we do around senior managers, training them, making sure they're aware of regulatory developments, making sure they go through all their reasonable steps and so on so forth. I think on the combat rule piece, there's probably an additional step, and I think later on we're going to talk a little bit about non financial misconduct, but I think there's a real reliance on firms to be on top of conduct related matters. And if from a prescriptive perspective regulators are saying there's more of an onus on firms to do this themselves, then everyone needs to gauge themselves to make sure that they're in a position to do that. Through thematic and supervision reviews, we know that will be looked at by the regulator. So firms will need to look at those conduct processes and make sure those are tracked, well governed, reported, escalated accordingly, people are trained on all of those things. The changes to combat rule reporting will only take place in phase two, so there's not going to be much change around that, Max, to answering your question. Okay, thanks for that. Turning to the sort of the topical area of non financial misconduct now, we've recently seen the publication of a new policy statement confirming the expansion of the code of conduct rules as you discussed. Can you give a bit of an overview of what's changing here around what constitutes breaches and any other further changes to the fitness and proprietary assessment process? Yeah, look, I mean, think we've all been talking about non financial misconduct, it feels like five or six years with the regulators, and we've finally got to a point where we have a final policy statement. I think we're all hoping that that's it, we're now in a place that we needed to be. Again, this went through a recent consultation and we all responded to that consultation. I think helpfully HMT, the FCA and the PRA did reach out through different industry associations to hear from the industry as to what they felt of some of these proposals before the policy statement was finalized. And I personally think it's great to see enhanced collaboration and really hearing from the industry before they finalize some of their views. And they're clearly taking that on board because there are some tweaks that are made to the consultation paper, which as we know, if you've been around for as long as me, there was often not that much change between consultation and final policy statements. But generally, I think it's hugely welcomed by the industry, Having more clarity on what it is that firms need to be doing around non financial misconduct has been something we've all been asking for. The regulator did ask a specific question as to whether more guidance would be helpful for people through the consultation, and I think I'm not misquoting the numbers, 95% of all respondents felt more information would be useful for people to determine and understand and assess whether there has been a breach of non financial misconduct. As a summary statement, non financial misconduct concept here is bringing non financial misconduct into all of our conduct frameworks. So up to this point, we've focused more on financial misconduct. When we think about the six individual conduct rules within firms, we focus predominantly on those. Non financial misconduct has not been part of someone's formal conduct frameworks. What this regulation now does is informs firms that this now needs to take place and particularly for the non banks. So the FCA and the PRA have put out there how non financial misconduct should be considered, put out a definition of non financial misconduct around harassment, bullying and intimidation, and talk to firms as to how these different things might map to the existing conduct rules. So as a very high level statement, the majority of non financial misconduct will either map to a lack of acting with integrity or a lack of acting with de skilled care and diligence. Through the consultation period, regulators have also clarified their position around managers. There were terms that we used around line managers and managers and the industry weren't quite clear around that. They've clarified that in their policy statement and they've also clarified elements around private and public and what firms are expected to do in relation to firm sponsored events, firm related events and particularly what they are expected to do around surveillance, ongoing monitoring and social media elements in relation to that. Think So would you expect that to be pulled into the FMP process within SMCR for most, if not all regulated firms? Yes, so there is that expectation, I think for everyone on the call, on this webinar, there's obviously the element of what you need to do to make sure someone remains fit and proper, what questions do you need to ask, what checks do you need to do. And then there's the separate point of the entire population, the entire non regulated population and what is it that we expect firms to track and how do you assess that more generally. It's going to be a bit harder because non financial misconduct is often a bit more grey than financial. Financial is a bit more black and white as to what's right and what's wrong. Obviously with the non financial misconduct often there'll be investigations and large elements of grey, so firms will need to try and assess what looks like. I think the FCA have also and the PRA have also talked about what they're expecting firms to do between now and when this goes live, which is the first of September twenty twenty six. Firms should really be looking at the procedures that they have, their conduct, risk procedures, what they've got written there, how that needs to be updated. The FCA and the PRA have helpfully provided different process flowcharts within the policy statement back, which can kind of talk you through different types of scenarios and how you might want to write that up within your firms. You would need to look at the governance around all the conduct risk elements, but that would include non financial misconduct. They talk through refresh training, the training specifically around non financial misconduct, and that could take the form of e learning, could be classroom depending on the size of firm and so on and so forth. So there's a lot to do there and there's a lot to track and assess. So I think we all need to go away and work out what's the best way that we do that in a uniform consistent way. Thing's for sure that we all need to get this right because it will impact individuals careers and we have to make sure we apply this in a consistent and fair manner. Great, well thank you for sort of starting to dig into that little area. I actually wanted to switch gears slightly and turn towards exploring best practices. Our audience will be looking forward to getting some advice on what they need to be doing with all of these changes coming through and what best practices are which ensure internal controls. It's clear that a less prescriptive regime is going to require a more resilient and scalable approach to managing regulatory accountability. So, Dirk, I just wanted to ask you, you know, as firms navigate this regulatory change, what do you think is the biggest thing they need to consider to ensure effective conduct risk controls? And I'm really sort of pointing towards stronger resilience, internal processes, elements of transparency, things like that. What are you thinking about? Yeah, so I think it takes a number of different forms would be the way I'd respond to that. I think the first element is how are you getting the information? Are you getting all the information that you think that you need? How are you tracking and what MI are you getting around conduct risk more generally? I'm talking about financial and non financial here. Often the non financial stuff may be owned within a human resources department or a different part of the firm to your classic financial misconduct, which say may be housed within risk compliance or a different part of the organization. So it's about understanding where those silos are and where that different data resides and how do you bring that all together. Because I think the importance is to be able to look at the information in aggregate, to understand the cultural nature and the behavioural nature of what's happening in relation specifically to non financial misconduct. I think governance is hugely important and we always hear turn at the top is really important, senior manager buy ins are really important, but I think this really is. The ownership of conduct frameworks, so for example, here at Jupiter, it's owned by our CEO and he really applies the right level of oversight and importance to all of this stuff. We have different committees and forums which look specifically at culture and conduct elements. We apply that in adherence with our conduct rules and everything else. We've got over 100 metrics we look at. It might be that not everyone needs all these metrics and it's for each firm to decide what those might look like, but we've certainly needed to bring that all together and report that in a uniform automated way to be able to track the changes rather than trying to catch our tails in finding the data. So I'd really urge everyone to think about that. Obviously the training is important to make sure everyone understands what's expected of them, But bringing that all together and bringing all those data sources together in different parts of our organisation, and then getting the right people to look at that data, assess that data, and determine whether it's within the appetite and within the conduct risk frameworks that you have within your firms is going be incredibly important as we take this forward. Right, and I want to bring Jackie in on this next point for you both, which is what is exactly the cost of doing nothing? Is it an option? And what is the risk of waiting for these final rules? I can jump in from the technology perspective and obviously Jupiter and Dirk, you folks are already tech forward. What we've found is that there are combinations of approaches that are happening in the market at the moment. You've got financial institutions that are sitting and waiting, and this has been tech transformation and change within the world of SMCR and conduct have completely been kicked out into the long grassroots, as you sometimes say. And then we're seeing others that have put a pause on change, but they are aware that they will need to hit the ground running, you know, come September. And so they know what their sort of short list of options are. And I think that's, you know, that's the bare minimum for where you're going to be. And what we're seeing in the world of compliant trail light is that firms are investing in this space. The do nothing isn't sort of the reality on the ground. Very few firms are in that do nothing state. We're actually seeing a number of financial institutions providing more scrutiny or being, you know, more scrupulous about what they're going to what they're going to require from their vendors. So we see, for example, firms that went with legacy or generic GRC players that sort of rolled something out in 2019, that was kind of okay then, but has not had any investment since. So those are being replaced with best of breed and with Trail Light specifically, because the firms are aware that they need a solution that's going to be able to change, able to adapt with a team behind it that understands the business and is focused on this business. So we're seeing a lot of that sort of legacy vendor offering replacement. We're also seeing financial institutions that have big tech firms that invested in in house build moving away from that. Obviously, in house build has a place, but that place is not where there's a market solution available. So you get, you know, with a market solution, able to leverage, you know, the inputs and the feedback of, you know, a good 100 other firms facing the same sort of situation. So we're seeing a migration away from that initial sort of sticker solution that you would get when someone's maybe called something into Workday. What was good enough was good enough, but it's not scalable. Changes are only constant. So we know, and Dirk, you did a great job earlier talking about some of the things that aren't going away. So many of the fundamentals that firms are having to adhere to, they're here to stay. And so you need something that is robust, that is change proof, that is scalable in place. So cost of doing nothing, it's just going to get worse. So you're going be more inefficient. You're going to have less confidence in your data. Key person risk is pretty big. We don't have to convince the SMCR administrators. I think all the folks on this webinar, many of whom are trail like clients, but the folks on the ground doing the work really understand the need for this. It's just making sure that you get the right support and budget allocation within leadership, I think is key. Don't know, Jack, if what you sort of experienced there. No, no, I totally agree with everything that you've said, Jackie. It's really important, and I don't think anyone can afford to stand still on the side of things. I do think there's a regulatory focus that if certain things are going to change within this space, there will be more reliance on firms and internal processes to get this right. And at the same time, more requirements around senior manager oversight of what's going on in this important area. So the reasonable steps piece and everything else, you'll need to be clear on what that data looks like and what you've done with that and the evidence and order trail around that information. Because one thing's for sure, post the changes being made, the supervision teams will come in thematically and non thematically and will look at and want to understand what changes have been made since this has all taken place, how are you staying on top of things, how is information being provided to the right people within the firm, how they're meeting their SMF responsibilities which are going to remain. So these are all things that the regulator will focus on a more supervision standpoint in my view. This all to automation workflows that keep you in check evidencing regulatory data. How important has that been to your processes at Jupiter? Yeah, I mean, the way we structured at Jupiter is we map our consumer duty framework into conduct. We think it's part of our conduct framework. So what that's meant is there was a lot of data, both Jupiter data and third party data that we needed to track. And we didn't feel that we're doing the best job in getting to any compliance officers to try and track data. That's not really what they're good at. So we wanted to be able to find a way of automating that for them, give them the answers so they can do that assessment and the analytical piece of what they're seeing, rather than trying to get the data from different places. So we've certainly looked at automating our data and we've seen the real benefit of doing that and seeing themes, trends, seeing where we need to focus on something, whether it's an individual or department, an issue more broad within our firm that needs better education and so on and so forth, it's allowed us to look at these themes and assess and rate the different data points as to where we think they should be, apply tolerance levels and everything else, so that when we're at boards and committees, we're talking about the things, the right things, where we need to get people's expertise and views rather than just a collation of data points. Great, and that sort of brings me back to Jackie as we sort of look to close this out. What really in your view should we be looking at for in a technology solution? Good question. I think if you're going on the journey, I think you're in a privileged and exciting position to be able to pick what works best for you. I think tech is one, and I can speak from experience. Having met probably about 20 Traillight clients over the past two months post acquisition, obviously, everyone knows that Traillight has great technology. But the thing that the customers keep telling me about is the people. And it's, you you can have the best tech in the world, but if you can't go live, and if that project sends your whole organization into disarray, and you get time slips and budget slips, that's a problem. And so I think that's a really big thing, is ability to deliver. And then also, what is your experience as a customer going to be like thereafter? So how are you supported you know, when times are hard, right? The stakes are high here. You're dealing, you know, you're distributing forms out to the most senior people in these financial institutions. You need to get it right. There is a piece of friction that can occur if you're making mistakes and making people's lives much harder. So I think the confidence in the relationship and support you're going to have, the tech, of course, is extremely important, and then the ability to adapt to change. Change is constant. So it can't be hard coded. This has to be a big part of that business's focus. And reputation matters. So speak to your peers. Ask them what they use. Speak to the clients of those firms that you're evaluating. They'll tell you, we'll all say we're amazing, but what is the market actually saying? Because that's where you'll get the best reality out of it. Great. Thank you. So pulling all of these threads together from what I've heard, it's very clear to me that firstly, there's a good deal of uncertainty around these changes, but the careful preparation around the firm's procedures and the potential system enhancements are a prudent and necessary course of action. That's going to be important. Secondly, manual or fragmented processes around accountability and conduct create a material risk to a firm's governance. That jumps out from what I've heard here. Thirdly, timing is going to be key on this. Firms need to act now to strengthen their control systems. It's not an option to hope for the best. You're going to have to act. And lastly, having a robust process which leans into automation and audited evidence and which develops with an evolving regulatory landscape is essential. So with that in mind, you know, offers critical capabilities for dependable governance and oversight. Those would be my takeaways. With that, we're going to wrap up. Many thanks to you all for joining us today. A big thank you to you both, Dirk and Jackie, for answering our questions. For our audience please do reach out with further questions or advice on these issues. Compliance Traillight can guide you through the use of our best in class technology and our practitioners. With that thank you and goodbye.