This month the government announced it is extending the scope of the Senior Managers and Certification Regime ("SM&CR") to all sectors of the financial services industry, and that it will introduce a statutory duty of responsibility to all senior managers within these sectors.
These changes are discussed in more detail below. However, it is important to note that these changes will not come into force with the implementation of the SM&CR in March 2016. Details of the SM&CR coming into force next year were reported in our July newsletter. By way of recap, the SM&CR was developed as part of a package, together with the Conduct Rules, to seek to raise the standards of conduct across the banking sector and promote great accountability and responsibility on individual senior managers of firms, as well as the firms themselves.
The extended SM&CR will be implemented in 2018. According to the government announcement, this delay will allow the regulators time to consult with stakeholders, consider lessons learnt through the implementation of SM&CR and agree the detail of the changes.
The two key changes:
The scope of the SM&CR
With the aim of ensuring a more comprehensive regime across all banking and financial services and a more even playing field for competition, the SM&CR will be extended to cover any persons authorised under the Financial Services and Markets Act 2000. This includes investment firms, insurers, asset managers, insurance and mortgage brokers and consumer credit firms. The FCA estimates suggest that the scope of the SM&CR will be extended from covering 935 firms, as per the current regime, to nearly 60,000.
In making this change, the regulators are aware that the extended regime will have to reflect the diverse business models operating in the UK market and be proportionate to the size and complexity of each firm. This will certainly be a challenge for them.
The main consequence for new firms being brought into the regime is expected to be a reduction in the number of appointments that are subject to prior regulatory approval, although this will be countered to some extent by the fact that most current approved persons below senior management level are expected to become certified persons and therefore fall within the scope of the SM&CR. Some roles in firms where prior regulatory approval is not currently required may also become certified person roles. In consequence, there will be an increased cost to firms in training these employees on their responsibilities and requirements under the new regime.
Further, a change to the application process for senior managers means that, whilst the number of applications required is expected to fall, the cost per application is likely to increase as a result of the new regime allowing the regulator to request statements of responsibilities for senior managers.
The statutory duty of responsibility
Another significant change to the SM&CR is the introduction of a statutory duty of responsibility to all senior managers across the financial services industry. This replaces the "reverse burden of proof" which would have applied to banking sector firms when they became subject to the SM&CR in March 2016, and was one the most controversial aspects of the proposed regime. The "reverse burden of proof" had been criticised for its potential unfairness since it meant that regulators were able to impose penalties on senior managers for regulatory breaches by the firm unless that senior manager could prove that he or she had taken reasonable steps to prevent the breach.
This presumption of responsibility will now be replaced under the revised SM&CR by a "duty of responsibility". This will mean that senior managers will continue to be under an obligation to ensure that they take reasonable steps to prevent regulatory breaches in the areas of the firm for which they are responsible, but the burden will be on the regulators to prove that a senior manager has failed to do this.
Whilst this change appears to weaken the regulator's enforcement weaponry and reduce the risk of an unfair result, the effect may be more procedural than substantive. Senior Managers will still be required to take all reasonable steps to prevent regulatory breaches and should be able to show that they have done so, in satisfaction of their new duty of responsibility.