Senior Managers and Certification Regime 2018 Extension: FCA Consults
The Financial Conduct Authority has published a Consultation Paper containing its proposals to expand the Senior Managers and Certification Regime to all FSMA-authorised firms; the window for providing comments to the FCA ends on 3 November 2017.
The Financial Conduct Authority (FCA) published a Consultation Paper in July 2017 regarding extending the applicability of the Senior Managers and Certification Regime (SMCR) beyond the banking sector. The final rules are expected in summer 2018, with implementation to follow later in the year. The expansion of the regime will significantly increase the number of firms required to comply and will bring an end to the current Approved Persons Regime. The FCA is separately consulting on how the SMCR will apply to insurers.
This LawFlash gives an overview of the proposed extended SMCR and identifies steps firms should be taking now, both with respect to getting ahead of implementation in 2018 and in preparing for their ongoing obligations under SMCR post-implementation.
Purpose and Approach
The SMCR was initially implemented in the banking sector after the 2008 financial crisis. Its aim then, and now, is to reduce the risk to consumers and strengthen market integrity by holding senior individuals more accountable for their conduct and competence. The FCA’s primary focus is on the value of good culture to the health of the firm and the financial services industry and markets more widely, and the FCA expects that the SMCR will encourage all staff to take greater personal responsibility.
The FCA has adopted a flexible approach, retaining the main elements from the existing banking regime. The SMCR will comprise
the Conduct Rules,
a Senior Managers Regime, and
a Certification Regime.
Who Will Be Affected?
The SMCR will apply to all FSMA-authorised firms that are regulated by the FCA; the FCA estimates that approximately 50,000 firms will be affected by the extension of the regime beyond the banking sector. If a firm is regulated by both the FCA and the Prudential Regulation Authority (PRA), it must comply with both regulators’ rules.
The SMCR will apply to incoming branches of non-UK firms that have permission to carry out any activities that are regulated by the FCA in the UK. It will also capture UK firms which outsource functions overseas.
Classification of Firms
The FCA proposes dividing firms in accordance with the following:
The FCA estimates that around 33,000 firms will fall within the Limited Scope regime. These will be firms that do not have financial services as their main operation, such as sole traders, oil market participants, and service companies. Such firms will have a reduced set of requirements to meet.
A standard set of requirements will apply to all FCA solo-regulated firms. The firms falling within the Core Regime will be those with financial services work at their heart. The Core Regime is a baseline of requirements to be applied to every firm, and consists of three main elements: the Senior Managers Regime, the Certification Regime, and the Conduct Rules (considered later in this LawFlash).
The FCA estimates that around 14,000 firms will fall within the Core Regime.
The FCA estimates that approximately 350 firms will fall within the Enhanced Regime. These are firms which, due to their size, complexity, and possible impact on consumers, will be subject to additional regulatory requirements. Enhanced Regime firms will include firms with assets under management of £50 billion or more, or mortgage lenders (that are not banks) with 10,000 or more regulated mortgages outstanding. All Client Assets Sourcebook (CASS) firms will also be subject to the Enhanced Regime.
In addition to the Core Regime, Enhanced Regime firms will need to impose the following:
Additional Senior Management Functions;
Additional Prescribed Responsibilities to be given to Senior Managers;
A Senior Manager with ‘Overall Responsibility’;
Responsibilities Maps that show the firm’s management and governance arrangements; and
Handover Procedures so that a person who becomes a Senior Manager is provided with all the information and material that they could reasonably expect in order to do their job.
The Consultation Paper contains the following chart that firms can use in determining their assigned categories.
Senior Managers Regime
This applies to the most senior people in a firm. Anyone who is responsible for a ‘Senior Management Function’, as defined by the FCA, must be approved by the FCA before they commence the role. In addition, firms will need to ensure the suitability of the Senior Manager by undertaking a ‘fit and proper’ assessment. It is proposed that firms should perform criminal record checks for each Senior Manager applying for approval as well as obtaining a ‘regulatory reference’ from the Senior Manager’s previous firm.
There is no territorial limitation on the Senior Managers Regime. Consequently, it will apply to any individual performing a Senior Management Function whether they are based in the UK or not. For firms with overseas headquarters or with outsourced management functions, the SMCR may incentivise a shifting of responsibility back to the UK. Such firms may wish to start considering whether restructuring at the management level would help to achieve the SMCR’s aims. The FCA has commented on the alignment of interests, noting that a firm that is easier to regulate will be easier to run.
Statement of Responsibilities
Every Senior Manager will be required to have a ‘Statement of Responsibilities’. This document sets out what they are accountable for in their role. It should be provided to the FCA when the Senior Manager applies to be approved, as well as when there is a significant change to their responsibilities.
Duty of Responsibility
Senior Managers will have a ‘Duty of Responsibility’. Consequently, if an issue occurs in an area for which they are responsible, the FCA will consider whether the Senior Manager took ‘reasonable steps’ to prevent it from occurring.
The FCA has proposed ‘Prescribed Responsibilities’, which are new responsibilities to be allocated to Senior Managers. The list of Prescribed Responsibilities for firms which are subject to the Core Regime is relatively narrow and has already attracted criticism from parts of the industry. Firms subject to the Enhanced Regime will have greater flexibility in setting out the responsibilities of Senior Managers.
This applies to employees who are not Senior Managers but whose roles mean it is possible for them to cause significant harm to customers, markets, or the firm, known as ‘Significant Harm Functions’ or ‘Certification Functions’. Examples of such roles include proprietary traders, those with a client-dealing function, and material risk takers.
In a change from the current Approved Persons Regime, these employees will no longer be approved by the FCA, and the FCA will no longer keep a register of Approved Persons. Instead, responsibility will shift to the firm to assess whether the employee is ‘fit and proper’ for the role. Firms should assess suitability on an ongoing basis and, at a minimum, annually when renewing the certification.
Firms must request a reference from previous employers for Certification Function candidates, as well as for Senior Managers and non-executive directors, for the previous six years. The SMCR will bring in a new requirement that past employers must provide regulatory references to the new firm in a prescribed form.
The Conduct Rules are the basic rules that will apply to almost every person working in financial services, except for ancillary staff such as receptionists, post-room staff, and security staff. There are five core rules based on the concepts of integrity; duty of care, skill, and diligence; cooperation with regulators; giving due regard to the interest of consumers; and observing proper standards of market conduct. Senior Managers will be subject to an additional set of conduct rules.
Firms will need to train their staff so that they are aware of how the Conduct Rules apply to them. If firms take formal disciplinary action against a person for breaching a Conduct Rule, they must notify the FCA. For Senior Managers, this notification must be within seven business days. Notifications for other individuals should be made annually. Notifications made to the FCA to declare a breach of the Conduct Rules must be included in the breaching individual’s regulatory reference.
The Consultation Paper contains the following diagram, which may be useful for firms as a summary of the key points of the regimes and to whom they apply.
A Cohesive Approach
Implementation is only the first step which needs to be taken in relation to the SMCR. Perhaps more significant in the longer term will be the work to instil culture and to balance competing HR and regulatory demands. A key lesson to be learned from the banking sector is the need for compliance, legal, and human resources functions to work together to ensure that all requirements of the regime are met seamlessly. As the responsibility for assessing fitness and propriety shifts from the FCA to the firm, it will become increasingly important for potentially problematic issues to be identified quickly and proactively and resolved in a cohesive manner.
Penalties for Non-compliance
The FCA will prosecute breaches of the SMCR. The penalties for serious offences and non-reporting or for trying to cover up misconduct will be more severe, including potential criminal liability.
Feedback on the Consultation Paper should be submitted to the FCA by 3 November 2017. The FCA will publish a technical consultation paper on the operational aspects of the new regime in late autumn 2017.
While the finalised rules will be published in a Policy Statement sometime after March 2018, firms should now start assessing what changes they will need to put in place to implement the SMCR. This should include consideration of the compliance and human resources frameworks necessary to manage compliance with the SMCR post-implementation.
The FCA has indicated that it considers the SMCR to be evolution, not revolution. Already, firms in the banking sector have reported greater collaboration and a positive shift in culture as a result of the SMCR’s implementation and changes in the wider regulatory environment. Firms that will fall within the scope of the Extended Regime can learn from their experience and begin nurturing this culture as well as revising and updating practices in line with FCA expectations.