Financial Services, London | January 2016 The Senior Managers Regime Approaches: A Crammer's Guide to Implementation Contact Us Subscribe Download Visit Our Website The New Year heralds the introduction of the Senior Managers Regime ("SMR") for banks, building societies and large investment firms. The SMR, alongside a similar regime for insurers (the "SIMR"), will enter into force on 7 March 2016. Many column inches have been written on the new regimes and their significant implications. In the short term, however, implementation poses administrative challenges. Time is running out for firms to make the changes, regulatory applications and notifications necessary to comply on Day 1. This briefing recaps on what firms need to do and by when, in order to ensure compliance with the new requirements. It also addresses some common questions on the regimes. Follow us The Key Points - A Reminder The SMR replaces the Approved Persons Regime in a new, three-tiered structure: • Senior Management Function Holders ("SMFs") - Board members and other individuals who hold key roles or have overall responsibility for specific business areas, functions or activities within the firm require approval by the PRA or FCA (depending on the function being performed). • A Certification Regime for Significant Harm Function Holders - these individuals do not require regulatory approval but need to be certified by the regulated firm, which must assess their fitness and propriety. The regime will capture most individuals other than SMFs who are subject to the current Approved Persons Regime. • Conduct Rules - these are high level requirements replacing the existing Statements of Principle and Code of Practice for Approved Persons. Eventually the Conduct Rules will apply to all staff except for those in purely ancillary roles, though initially they will apply only to those caught by the SMR and Certification Regime. For insurers, the approach under the SIMR is similar to the SMR in some respects but with important differences: • Holders of Senior Insurance Management Functions ("SIMFs") will require PRA approval, similarly to SMFs. However, for insurers there is no equivalent regime to the SMR Certification Regime. • Instead, the FCA will continue to approve all persons performing a Significant Influence Function ("SIF") who have not been approved by the PRA to perform a SIMF as well as holders of other FCA Controlled Functions ("CFs"). A new list of SIFs and CFs has been prepared for these purposes, which builds on the existing SIF and CF designations under the Approved Persons Regime and which will include the Customer Function (CF30) as well as certain Board level roles not designated as SIMFs and other specified control functions. • Solvency II requires firms to identify "Key Function Holders". These individuals may or may not also be performing SIMFs or FCA SIFs. Where they are not performing SIMFs / SIFs, their status as "Key Function Holders" must nevertheless be notified to the PRA. • The SIMR and PRA and FCA Conduct Rules will generally apply directly to SIMF holders and those individuals approved by the FCA under the SIF/CF regime. Insurers will be under an obligation to require some non-approved individuals to observe some of the Conduct Rules – the relevant individuals include NEDs who have not been approved to perform an SIMF, and others performing "Key Functions" under Solvency II. The Key Dates 1 January 2016 Elements of the SIMR entered into force for insurers in order to implement Solvency II. 8 February 2016 The deadline for submission of key documents to PRA/ FCA including the Responsibilities Map and the Grandfathering Notification for current staff. 7 March 2016 SIMR and the SMR enter into force, including Conduct Rules for SMF and Certified Persons. 7 September 2016 _____________________ New whistleblowing rules enter into force impacting on internal controls including requirement for a SMF holder to act as "whistleblowers champion". 7 March 2017 _____________________ Deadline for firms to certify Certified Persons. Conduct Rules apply to all staff. 2018 _____________________ Expected extension of SMR to all authorised firms. Scope of the New Regimes SMR applies to all banks (i.e. deposit-takers), building societies, credit unions, and PRA-designated investment firms. SIMR applies to all insurers (that is, firms with permission to effect / carry out contracts of insurance or manage the underwriting capacity of a Lloyd's syndicate). The precise application of the regime also depends on whether the insurer is subject to Solvency II. Initially, the regimes will not apply to other firms - such as asset managers, brokerage firms, consumer credit firms, mortgage or insurance brokers. However, the Government has announced that it intends to extend the SMR to these firms, likely in 2018. The development of practice under the SMR should therefore be a matter of interest to these firms. The SMR and SIMR, as well as the Certification Regime, will apply to branches of overseas banks, but in a modified form, which will differ for EEA and Non-EEA firms (see below). Key Actions 1. For Banks/Investment Firms: Identify your SMFs For Insurers: Identify your SIMFs, SIFs, CFs and Key Function Holders To the extent not already completed: • banks and other firms subject to the SMR need to identify all of their SMFs; • insurers need to identify all SIMFs (who require PRA approval) and SIFs (who require FCA approval), and any other Key Function Holders under Solvency II (whose status needs to be notified to the PRA). The precise SMF, SIMF, SIF/CF and Key Functions that apply will depend on the size of the firm, the nature of its business and structure - including whether it is headquartered in the UK or operating in the UK through a branch. Broadly speaking, however, under the SMR the SMFs will consist of: • Executive Directors; • Heads of key functions (such as Risk, Internal Audit, Finance and Key Business Areas); • NEDs who chair the Board or specified committees of the Board (including the Risk, Audit and Remuneration Committees), and the Senior Independent Director; • Control functions (Compliance Oversight, MLRO); • Other persons exercising "overall responsibility" for a business activity, function or area but who are not otherwise approved to perform one of the other SMFs. Designation of the SMFs is split between FCA and PRA on a function-by-function basis. Under the SIMR the SIMF functions (approved by the PRA) will consist of: • the Chief Executive; • Heads of key functions (Risk, Internal Audit, Finance, Actuary, Underwriting, Underwriting Risk Oversight, With Profits Actuary); • NEDs who chair the Board or committees of the Board (but not the Nominations and With-Profits Committees, which are caught by the FCA SIF regime), and the Senior Independent Director. The FCA SIF functions for insurers are: • Executive Directors (other than those approved by the PRA); • Chairs of Nomination and With-Profits Committees; • Control Functions - Compliance Oversight, CASS operational oversight, MLRO, the Systems and Controls Function. Additionally, the Customer Function (CF30) will remain an FCA Controlled Function for which FCA approval is required. Insurers will also need to consider whether any individuals who will not be approved by the FCA / PRA will be holders of the "Key Functions" designated under Solvency II. If any such individuals exist, a notification will need to be made to the PRA in respect of the individual's key function holder status. The PRA has said that the "Key Functions" under Solvency II are (i) the risk management function, (ii) the compliance function, (iii) the internal audit function, (iv) the actuarial function, (v) the function of effective running of the firm, and (vi) any other function that has specific importance to the sound and prudent management of the firm (this might include, for example, investment management, claims management, IT systems and reinsurance functions). Under both the SMR and SIMR regimes, individuals based overseas and those in parent companies of the firm or other companies in the group may need approval to perform the Group Entity SMF (and/or other SMFs). Firms will need to consider whether it is necessary to allocate a SMF to individuals based overseas with responsibility for UK business. This issue, and the different impact of the regimes on UK branches of overseas firms, is considered further below. A full list of the SMFs and SIMFs can be found here. 2. Finalise and Submit your Management Responsibilities Map Firms are required to prepare a Responsibilities Map setting out how their prescribed responsibilities have been apportioned amongst SMFs/SIMFs. The list of prescribed responsibilities for the SMR can be found here. Firms need to submit them to the regulators by 8 February 2016. 3. Arrange for Grandfathering of SIFs by 8 February 2016 Once SMFs, SIMFs and SIFs have been identified, firms need to consider the application of the PRA/FCA approval and grandfathering regimes (as applicable) and complete any required notifications / approval applications. The SMR and SIMR require firms to make a "Grandfathering Notification" to the regulators in respect of current SIF holders who are transitioning to equivalent functions under the SMR and SIMR. For insurers, this includes a Grandfathering Notification for holders of the FCA SIF functions under the new regime, other than individuals performing CF10, CF10a or CF11 functions who will continue to perform the same functions after 7 March 2016 – such individuals, as well as those in the CF30 (Customer Function), will grandfather automatically. Notifications must be made by 8 February 2016. Notifications must be made using Form K, via the Connect system and accompanied by a Statement of Responsibility ("SoR"). Existing NEDs who are not within the scope of the SMR / SIMR do not need to be grandfathered. The Grandfathering process avoids the need to obtain new approval to perform SMF functions for existing SIFs, provided that the particular SIF and SMF/SIMF functions are identified as corresponding. We set out tables mapping the SIF to SMF functions here and SIF to SIMF and new FCA SIF/CF functions here. 4. Seek approval for New SMFs / SIMFs For individuals who are not eligible for Grandfathering, an application under the SMR and SIMR will not be considered until 7 March 2016 (although the forms can be submitted prior to this, the statutory clock for the regulators to consider the application will not start running until that date). If firms wish to start the clock running before 7 March 2016, they can continue to apply under the existing Approved Persons Regime and also complete a Grandfathering Notification. If approval has not been granted prior to 7 March 2016 (a so-called "in flight application"), the statutory clock will not re-start on 7 March, but will continue to run. However, the regulators will need to consider the application under the criteria applicable for the new regime. If approval is granted prior to 7 March 2016, Grandfathering should proceed in the normal way. The need to seek approval for new SMFs / SIMFs is likely to be relevant to: • New directors / staff being recruited who will perform a SMF/SIMF but who do not currently work at the firm; and • Existing staff who are not Approved Persons or who are approved to perform a function that does not correspond with the SMF/SIMF for which they are being appointed. For new NEDs who do not fall within the SMR/SIMR (on the basis that they do not chair relevant committees or otherwise perform SMF/SIMF functions), there is no duty to seek approval. Such appointments nevertheless must be notified to the relevant regulator and an assessment of fitness and propriety must be carried out by the firm. 5. Draft Statements of Responsibilities Under the SMR, a SoR must be submitted for each individual who is grandfathered and for new applications to perform a SMF by 8 February 2016. For insurers, submission of the SoR is not a condition for grandfathering under the SIMR. The PRA has extended the deadline for accepting completed SoRs for grandfathering SIMFs to 7 September 2016. There is no requirement to file a SoR for SIFs grandfathering to the new SIF regime. Instead, the SoR must be available on request. The SoR must clearly show the responsibilities that the senior manager is to perform as part of their function and how they fit in with the firm's overall Management Responsibilities Map. The PRA and FCA do not expect the description to exceed 300 words for each responsibility given to a Senior Manager. 6. Identify individuals performing Significant Harm Functions These individuals will fall within the new Certification Regime under the SMR. This will capture material risk takers, proprietary traders, staff who require qualifications (such as retail investment advisers and retail asset managers), and those in significant management functions, together with managers of certification employees and certain other specified functions. The Certification Regime is likely to be extended to capture other customer-facing staff who would have required approval to perform the CF30 function under the Approved Persons Regime (such as wholesale traders/brokers), and those in Algorithmic Trading functions (this extension is, however, subject to the outcome of recent consultation). These individuals will require Certificates to be issued by the firm by 7 March 2017. The firm will need to assess fitness and propriety before granting Certificates and the assessment must be repeated annually. It is likely that firms will want to build this annual assessment into the usual internal performance management process. 7. Train SMFs and Certification Regime Staff Senior Managers under both regimes and Certified Persons must be trained on the new Conduct Rules before they take effect on 7 March 2016. Training should subsequently be rolled out to all other staff to whom the Conduct Rules are to apply on a deferred basis (by 7 March 2017). 8. Employee References - Update Procedures and Look Out for Final Rules Under the SMR and SIMR, it is likely to be mandatory for firms to (1) obtain employee references (for the new employer) and (2) to provide employee references (for the old employer) where relevant staff leave employment and take up a new role at another firm. These rules will apply to SMFs, SIMFs, FCA SIFs and all NEDs. Whilst the new rules on regulatory references have not yet been finalised (expected shortly), the rules as proposed will be significantly more prescriptive as to what a reference must contain and firms should consider amendments to procedures around giving (and obtaining) references in anticipation of the final rules. Under the new rules as proposed, firms will be required to disclose breaches of the Conduct Rules in a reference, together with any disciplinary action (including forfeiture of remuneration) taken as a result of such breaches or as a result of a finding that the employee lacked fitness and propriety. Additionally, as is the case currently, firms will have to disclose any other information relevant to an assessment by the new firm of the transferring employee's fitness and propriety. The regulators have made clear that they expect firms to exercise judgement as to what they disclose outside the prescriptive requirements, so that relevant and complete information is provided. Firms will also need to be mindful of their more general obligations under employment law. 9. Reporting of Conduct Rule Breaches - Update Procedures Firms may need to update procedures in relation to the reporting of rule breaches to regulators. It was initially proposed that all actual and suspected Conduct Rule breaches would need to be reported. However, it is now being proposed that this be narrowed to require reporting only where disciplinary action is taken as a result of such a breach. The FCA and PRA are currently consulting on these proposals. Existing regulatory requirements to report significant breaches of any rule (including the new Conduct Rules) will remain - this requirement applies regardless of whether disciplinary action is being taken. Questions and Answers Do the SMR/SIMR Regimes Apply Extraterritorially? Yes, as anyone who is performing a SMF/SIMF will need to be approved irrespective of where they are located. In practice, the application of the new regime will depend on the firm's structure and location of individuals with responsibility for areas caught by the SMR / SIMR. For many firms, most individuals in SMF/SIMF roles are likely to be located in the UK. However, it is possible that firms will have allocated responsibility for certain functions or business areas to individuals based overseas, particularly in larger firms (for example, in other financial centres) and therefore that SMF/SIMF approval may be triggered for overseas-based individuals. The position is also likely to be different depending on whether a firm has its headquarters in the UK (with branches overseas) or its headquarters overseas (with branches in the UK). We deal further with the application of the regimes to UK branches of overseas firms and other group companies below. Does the Certification Regime Apply Extraterritorially? Yes. This issue is subject to some further ongoing consultation by the regulators. However, as things currently stand, the Certification Regime applies extraterritorially to UK firms with overseas branches where an individual located in the overseas branch is categorised as a Material Risk Taker or where the individual deals with UK clients. The Certification Regime also applies to individuals based in the UK where an overseas firm has a UK branch. Under the original draft rules, Non-EEA Firms with UK branches were to be required to extend the Certification Regime to individuals overseas who deal with UK clients. Concerns were raised that this would lead to a very wide application of the regime, and capture individuals who are already licensed under foreign regimes. In response, the FCA has decided to remove the "dealing with UK clients" test - for now - for UK branches of Non-EEA firms so that individuals working in such firms will be caught by the Certification Regime only if they are physically based in the UK. However, the FCA has said that it intends to revisit this issue during the course of 2016. On the other hand, the "dealing with UK clients" test remains relevant to overseas branches of UK headquartered firms. Therefore UK incorporated firms will need to apply the Certification Regime to overseas staff who deal with clients in the UK as well as Material Risk Takers. We are a Branch of an Overseas Firm - What do we need to do? Both the SMR and SIMR, as well as the Certification Regime, apply to UK branches of overseas firms, in a modified form and is different under the SMR and SIMR. This answer focuses on the position under the SMR only. The application of the SMR is different depending on whether the firm is headquartered in an EEA or Non-EEA Country. All UK branches of relevant firms will be required to provide and maintain a Responsibilities Map. For Branches of EEA firms, only the MLRO and those performing the EEA Senior Branch Manager function require approval by the regulator. The latter may capture individuals responsible for a significant business unit that carries out relevant business (such as deposit-taking or designated investment business), and may therefore (for example) capture holders of the existing CF29 (Significant Management Function). However, firms will need to analyse the differences between the old CF29 and new definitions, since they do not overlap entirely. For Branches of Non-EEA firms, there is a broader list of SMFs that will apply. Those requiring PRA approval incude: • Head of Overseas Branch (SMF 19) (the person or persons (the role can be shared) who perform activities akin to those of a CEO in relation to the branch); • Group Entity Senior Manager (if applicable) - this can capture individuals in the head office or in another group entity who have direct management and/or decision-making responsibility over the UK branch's regulated business; • Other specified roles where performed in the branch (Chief Finance, Chief Risk, Head of Internal Audit). Those who will require FCA approval include: • Executive Directors (SMF 3) responsible for business of the branch (this does not include Executive Directors responsible for the firm as a whole but not for branch business); • Other individuals with local responsibility (SMF 22); • Compliance Oversight and MLRO functions. For a full list of SMF functions and prescribed responsibilities for UK branches of EEA and Non-EEA firms, please see here. Are NEDs caught by the requirements? It depends on whether the NED carries out one of the prescribed SMF/SIMF functions. Unlike under the Approved Persons Regime, being a NED does not require approval in its own right. Firms need to identify which of their NEDs will be subject to the pre-approval requirements, since not all NEDs will be (unlike under the current regime). Those likely to require approval are the Chairman, the Chairs of the Risk, Audit, Nomination and Remuneration Committees, and the Senior Independent Director. In practice, this is likely to mean that many NEDs are caught by the regimes. For NEDs not within the scope of the SMR and SIMR, there will be a requirement that appointments are notified to the FCA and PRA and the regulators will be able to assess their fitness and propriety on an ex post basis. For SMR firms, the Conduct Rules will not apply to non-approved NEDs initially, but power has been given to the FCA and the PRA under legislation to extend the Conduct Rules to them. For insurers, PRA and FCA Conduct Rules will apply directly to pre-approved NEDs. Additionally, firms will be under an obligation to require that non-approved NEDs observe some of the Conduct Rules. What is the Group Entity SMF? An individual employed in a parent or other group entity, who is able to exercise significant influence over the regulated firm's affairs will require approval for the Group Entity SMF. This is similar to the existing position under the Approved Persons Regime. However, the need to produce Responsibilities Maps which illustrate group reporting lines means that these arrangements are likely to be subject to greater regulatory scrutiny. The regulators have not put out substantial guidance on this issue. However the FCA has noted that where a group committee outside the UK directs the activities of a UK committee, the chair of the group committee is likely to need SMF approval. In addition to the Group Entity SMF, it is possible that individuals employed by other group companies will be deemed to be performing a SMF role for the firm itself pursuant to an arrangement. Will there be a "Presumption of Responsibility" for SMFs where failings occur? No. This was a controversial issue during the legislative process. The legislation originally passed by Parliament provided for a "presumption of responsibility" under the SMR (though not the SIMR) whereby an SMF would be presumed responsible for failings that occurred in areas under his/her responsibility, unless he/she could demonstrate that reasonable steps had been taken to avoid the breach from occurring or continuing. However, following the 2015 General Election the new Government decided to remove the presumption of responsibility in October 2015. The legislative measure to remove the presumption was - narrowly - approved by the House of Lords on 14 December 2015. This has been replaced with a requirement on SMF holders to take reasonable steps to prevent regulatory breaches in the area of the firm for which they are responsible. Where a breach has occurred, the regulators will therefore need to prove, on the balance of probabilities, that the senior manager was responsible for the activities subject to the breach and that the senior manager did not take such steps as a person in the senior manager's position could reasonably be expected to take to avoid the breach. Can we make amendments to an application / SoR once submitted? Yes. Amendments can be made to the Form K and SoR and the revised version submitted by 7 March 2016. Arun Srivastava Partner Mark Simpson Senior Associate Tel: +44 (0)20 7919 1285 email@example.com Tel: +44 (0)20 7919 1403 firstname.lastname@example.org Disclaimer - Baker & McKenzie International is a Swiss Verein with member law firms around the world. In accordance with the common terminology used in professional service organizations, reference to a "partner" means a person who is a partner, or equivalent, in such a law firm. Similarly, reference to an "office" means an office of any such law firm. If required, put the stationery disclaimer here.