Last week, the FCA published its near final rules on extending the Senior Managers and Certification Regime (SM&CR) to all FCA solo-regulated firms as well as non-UK firm branches.
The new rules replace the approved person regime and will apply to some 47,000 firms from sole traders through to global businesses.
From 9 December 2019, many investment firms, asset managers, consumer credit firms and mortgage and insurance brokers will need to comply, although there will be a 12 month transition period for certain aspects of the regime.
Despite the ‘near’ final status of the rules, the FCA is not expected to make any significant changes before 9 December 2019, absent any subsequent handbook amendments due to Brexit or ‘SM&CR optimisation’.
The new rules promote individual accountability: making individuals more accountable for their conduct and competence and allowing the FCA to hold the most senior staff to account if problems arise within their area of responsibility.
The new rules will apply proportionately to firms, depending on their size and complexity. Firms will be divided into three categories with different rules applying to each category:
Core firms – includes most solo-regulated firms which will need to comply with a set of core requirements including the Senior Managers Regime (SMR), certification regime and the conduct rules.
Limited scope firms – such as sole traders and non-core financial services businesses which will be subject to fewer rules.
Enhanced firms - includes the largest asset managers, intermediaries and non-bank lenders which will be subject to additional requirements.
Helpfully, the FCA will contact firms ahead of 9 December 2019 with an indicative assessment of which tier they are likely to fall into, based on the information held about the firm. That said, it will be down to the firm to make a final assessment on the appropriate tier.
The SM&CR applies to three staff populations: senior managers, certification staff and conduct rules staff. Only a firm’s ‘ancillary staff’ such as facilities staff, receptionists and HR administrators/processors will fall outside the new regime.
The Senior Managers Regime (SMR) applies to a core list of senior managers responsible for the areas of a business with the greatest potential to cause harm or impact market integrity including the CEO, directors and the chair. Many of these roles, for example the SMF 17 Money Laundering Reporting Officer, will have inherent regulatory responsibilities allocated to them as an essential part of their role.
Under the SMR, in addition to any inherent responsibilities, every senior manager in a core or enhanced firm must be allocated ‘prescribed responsibilities’. These are recorded in a statement of responsibilities which sets out which areas of the business each individual senior manager is accountable for.
In enhanced firms, the SMR will apply to a broader population of senior staff and the organisation must also produce a ‘responsibilities map’ recording the firm’s wider management and governance arrangements.
However, perhaps the most significant change for senior managers under the new rules is that they will have a statutory ‘duty of responsibility’. If there is a regulatory breach within their area of responsibility and they failed to take reasonable steps to prevent it, they could face enforcement action by the FCA.
Much like under the current approved person regime, senior managers will need FCA approval before starting their roles and firms will need to satisfy themselves of a candidate’s fitness and proprietary through pre-employment vetting (including criminal records checks) before an application is made.
The SM&CR also introduces a requirement for firms to have handover procedures for incoming senior managers to ensure that they have all the information and materials they could reasonably expect to do their jobs properly.
This covers the population of employees who are not senior managers but whose roles mean that they could cause significant harm to the firm or its customers. It includes most of the current approved population but also anyone with a significant influence function, client dealing functions and material risk takers.
Unlike the approved person regime, these roles will not be subject to pre-approval by the regulator under SM&CR. Instead, firms will need to certify that such staff are fit and proper to perform their roles both annually and on an ongoing basis.
And in an attempt to stop the rolling bad apples, as part of the fit and proper assessment, firms will need to request regulatory references for certified employees, senior managers and non-executive directors from previous employers covering the last six years of employment. When giving such references, firms will need to use the FCA’s regulatory reference template and to update any such references if the information included changes over the next six years.
The conduct rules are high level standards which replace the current Statements of Principle for approved persons and will cover a wider population – senior managers, certified staff and all other employees apart from ancillary staff.
The conduct rules are split into: individual conduct rules which apply to everyone including senior managers and certification staff and senior manager conduct rules which apply only to senior managers.
|Rule 1||Act with integrity||FCA|
|Act with due skill, care and diligence||FCA|
|Rule 3||Be open and cooperative with FCA, PRA and other regulators||FCA|
|Rule 4||Pay due regard to the interests of the customers and treat them fairly||FCA|
|Rule 5||Observe proper standards of market conduct||FCA|
|SMR 1||Take reasonable steps to ensure that the business for which you are responsible is controlled effectively||FCA|
|SMR 2||Take reasonable steps to ensure that the business of the firm for which you are responsible complies with relevant requirements and standards of the regulatory system||FCA|
|SMR 3||Take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively||FCA|
|SMR 4||Disclose appropriately any information of which the FCA would reasonably expect notice||FCA|
Firms will have a duty to inform staff who will be covered by the conduct rules and give them training on how the rules apply to their roles. In many cases this means that the training will need to be tailored to the roles the individuals perform.
Firms will also be obliged to monitor compliance and report breaches of conduct to the FCA for senior managers within seven days of a breach and other staff at least annually.
The new rules come into force on 9 December 2019 by which date firms will need to have identified their senior managers and certification staff; there will then be a further 12 months for firms to issue certificates and train staff on the conduct rules.
Despite the lead-in time, experience from the banking sector shows that advance planning is key to ensure the smooth implementation of the SM&CR.
Employers should identify now who within their organisation will be responsible for implementation of the SM&CR. The project should be championed by one of the senior management team with support from the legal, HR and compliance teams.
The first step for firms will be to audit their existing arrangements. Consider what approved functions will grandfather into equivalent senior manager roles and what new applications for approval will be needed. Depending on the category of firm your business falls into, you will need to check whether the approved person population will convert automatically into the equivalent senior management functions or whether you will need to file a conversion form (Form K) and supporting documents. Firms will need to satisfy themselves that all senior managers are fit and proper to perform their new roles before 9 December 2019.
Prescribed responsibilities will then need to be allocated amongst the senior management functions and statements of responsibility agreed with senior managers. For enhanced firms, a responsibilities map will then need to be drawn up. It is a good idea to start discussions with staff about their prescribed responsibilities early to allow them to get comfortable with their new responsibilities.
Firms will then need to identify which staff will fall into certification functions and satisfy themselves that those staff are fit and proper to perform these functions.
HR and compliance teams will also need to design policies and procedures for the business to follow to ensure ongoing compliance with the new rules including how certificates will be issued to staff, fitness and propriety assessed annually and the FCA notified of any conduct rule breaches. Training will also need to be rolled out for all staff on their obligations under SM&CR including how the conduct rules apply to their roles.
Finally, the HR and compliance teams will need to update employment contracts and policies including compliance, recruitment, disciplinary, reference and appraisal policies to meet SM&CR requirements.
As the individual accountability for those operating within the regulated sector increases, so too does the severity of the repercussions they may face when things go wrong. The firm’s financial services regulation group is holding a seminar at 6pm on 16 July 2018 on dealing with FCA investigations and enforcement. Dan Hyde, our contentious financial regulation partner, will provide insight on the investigative approach adopted by the FCA and how to respond to this, together with a first-hand account from David Bermingham, of the ‘Enron/Natwest Three’, of the potentially devastating consequences of regulatory enforcement.
To register for this seminar, please click here.