I am unclear about some of the Significant Harm Functions and worry that I might miss somebody who should be in scope of certification.
The challenge here is that whilst some FCA defined significant harm functions are specific and clear, others are much broader and more generic. Take, for example, the “Significant Management Certification Function” – what exactly does this mean?
The FCA offers more detail by defining a significant management certification function as one where an individual has “significant responsibility for a significant business unit”.
The FCA then unpack this further by offering up a range of factors a firm should consider when deciding whether a business unit is significant. These include factors such as risk profile of the unit, the unit’s use of the firm’s capital, number of customers served by the unit etc.
The problem for you as you attempt to interpret this guidance is that you need to look at these factors and decide what values you will put against each of them within your context – for example, how much risk within a business unit is significant? Or, how many customers in the unit make it significant?
This is important because you need to be able to show evidence to support all your in and out of scope certification decisions. That evidence needs to be supported by logical and consistent terms and definitions.
Our top recommendation:
Build a list of terms and a standard definition for each of them (taxonomy) – if everybody is talking the same SMCR language you will avoid confusion and reduce risk to you and your firm.
This includes terms such as “significant business unit” but also many others that need a common definition. Continue to build this list of terms over time, store and update it centrally and make sure that everybody who needs to know is aware of it and uses it.