The regulators have used the half-year mark following implementation of the Senior Managers and Certification Regime (SM&CR) and the Senior Insurance Managers Regime (SIMR) to provide feedback on the success of each regime to date and detail a number of tweaks and amendments to the rules.
The SM&CR will be applicable to all financial services firms from 2018.
Supervisory quality checks
The FCA has conducted an in-depth supervisory review of the statements of responsibility (SoRs) and management responsibility maps (MRMap) supplied with grandfathering notifications for all ‘fixed’ firms (those with an allocated supervisor) and a sample of those from ‘flexible’ firms (with no allocated supervisor).
Whilst the majority of firms have complied with the rules and guidance set out in the FCA Handbook, there have been concerns that some firms have not fully understood the regime or implemented it correctly. These concerns include:
- Allocation of responsibilities – FCA-prescribed responsibilities / overall responsibilities may not have been allocated to the most senior and/or most appropriate individual;
- Identification of responsibilities – some firms have not demonstrated that all business activities and functions of the firm have been allocated to senior management function (SMF) holders;
- Shared/divided responsibilities – some firms have not provided enough clarity or detail where responsibilities have been shared or divided;
- SoRs – in some cases these have been inconsistent with the MRMap; responsibilities have been limited/caveated which results in lack of clarity; and
- MRMap – some firms have only provided limited details on their governance arrangements e.g. reporting lines, committee structures, committee membership, and interaction with group governance arrangements.
The FCA has either already contacted the firms in the scope of the review or will contact them in the near future with the detailed observations that are relevant to them.
In our view – which accords with that of the FCA – firms should review their SoRs and MRMaps in light of the feedback provided, revise these documents where necessary and re-submit the documents if required by the existing rules.
Conduct rules applicable to all non-executives
Under the regime at present, a non-executive director (NED) of a bank or insurer who also holds an SMF is subject to the full conduct rules. Conversely, a notified NED (NNED), i.e. an out-of-scope NED, is not subject to these rules. The regulators are proposing to change this position and extend the application of the conduct rules / conduct standards to NNEDs in banking and insurance sectors. (FCA CP16/27; PRA CP34/16)
FCA conduct rules
The Code of Conduct sourcebook (COCON) is formed of two sets of conduct rules: five individual conduct rules and four senior managers conduct rules.
It is proposed that NNEDs in relevant authorised persons (RAPs) i.e. banks, building societies, credit unions, dual-regulated investment firms, be subject to the five FCA first tier conduct rules set out in COCON (see below) and the senior manager conduct rule 4 requiring persons to “disclose appropriately any information of which the FCA or PRA would reasonably expect notice”.
First tier conduct rules:
- Rule 1: You must act with integrity – this requires the management of risk, the exercise of sound judgement and observation of rules as well as honesty
- Rule 2: You must act with due skill, care and diligence – this requires all staff to understand their area of business and to act competently
- Rule 3: You must be open and cooperative with the FCA, the PRA and other regulators
- Rule 4: You must pay due regard to the interests of customers and treat them fairly – this corresponds with the FCA’s longstanding Treating Customers Fairly (TCF) requirement, but it is new in making this a personal obligation
- Rule 5: You must observe proper standards of market conduct – this encompasses not only market abuse but proper conduct in all other markets, whether or not regulated.
PRA conduct standards
There are a number of sets of conduct standards in the PRA rulebook, with subtle differences
Individual conduct standards 1-3 and senior insurance manager conduct standards 4 and 5 taken from Conduct Standards 3 will apply to NNEDs in Solvency II firms and large non-Directive firms (NDFs). For NNEDs in small NDFs, conduct standards 1-3, 7 and 8 from Conduct Standards 2 will apply.
The impact on NNEDs
The FCA’s earlier guidance on NEDs sheds some light on regulatory expectations. The standard of care, skill, and diligence that the FCA would expect from a NED is that of a reasonably diligent person with the general knowledge, skill, and experience that may reasonably be expected of a person carrying out the NED’s functions.
Under the previous Approved Persons Regime (APR), all NEDS in PRA regulated-firms were subject to the predecessor conduct rules and conduct standards; applying the SM&CR to NNEDs will effectively reinstate the position they were in under the APR.
The general role of any NED (NNED or SMF NED) is to provide effective oversight and challenge and help develop proposals on strategy. We consider that the rules effectively require a NNED to understand the business and to satisfy him or herself that executive management is properly managing the risks it faces and is treating its customers fairly. We consider that diligent and engaged NNEDs should already be meeting the conduct rules and standards applicable to them. NNEDs at non-banks and insurers should not be concerned about the proposal, which represents a natural extension of the regimes to ensure that all board members are required to adhere to basis good standards of individual conduct.
The FCA and the PRA published separate policy statements relation to regulatory references (FCA PS16/22; PRA PS27/16). The final rules generally reflect those as set out in the joint consultation paper (CP15/31).
The full regime will come into effect on 7 March 2017 and a transitional period will be provided for to allow firms to make changes to their processes.
The requirement for a firm to take reasonable steps to obtain references from current and previous employers for the preceding six years (SYSC 22.2.1) applies irrespective of the type of firm and regulatory status of the previous employers. The FCA has provided limited guidance in relation to what ‘reasonable steps’ means and have stated that it is likely to vary given the context. However, guidance has been added to say that it is expected that a reference should be provided within six weeks.
In terms of what should be disclosed in a reference, the position for non-banks and non-insurers is that ‘all relevant information’ should be provided. Unlike for banks and insurers there are no specified mandatory disclosures. What constitutes ‘all relevant information’ should be what a firm reasonably considers to be relevant in the circumstances but need only include information from the previous six years. The exception to this rule is in relation to serious misconduct which has no time limit and should always be disclosed.
Once the SM&CR is extended to all authorised firms in 2018, the FCA will consider whether to extend the full regulatory reference rules to other FCA-regulated firms.
How will the duty of responsibility be enforced?
The FCA has published a consultation paper (CP16/26) which provides guidance on how it proposes to enforce the duty of responsibility under the SM&CR. The PRA’s proposals on the duty of responsibility have been developed in close co-ordination with the FCA and are aligned in substance.
The statutory duty of responsibility replaced the controversial ‘reverse burden of proof’ concept (the ‘presumption of responsibility’) that was present in earlier iterations of the SM&CR.
The FCA will take action against a senior manager where:
a) there has been / there continues to be a contravention of a relevant requirement by the SMF holder’s firm;
b) the SMF holder was responsible for the management activity to which the contravention relates; and
c) the SMF holder did not take steps which he / she could have been reasonably expected to make in order to avoid the contravention occurring.
CP16/26 sets out a non-exhaustive list of considerations that may be relevant when determining whether a senior manager was responsible for the management of any of the firm’s activities in relation to which a contravention of a relevant requirement by the firm occurred. The FCA will examine the full circumstances but may have regard to the SMF holder’s SoR, the firm’s MRMap and how responsibilities were allocated in practice (DEPP 6.2.9-C). It would be expected that the FCA would have regard to these considerations.
A non-exhaustive list is also provided which state the considerations the FCA will keep in mind when determining whether or not a senior manager took such steps as a person in their position could reasonably be expected to take to avoid the firm’s contravention occurring or continuing (DEPP 6.2.9-E).
The considerations listed by the FCA are of limited assistance to SMF holders. They bear some resemblance to the steps that Mr Pottage, a senior UBS executive, took and which the Upper Tribunal for Financial Services held were reasonable steps to discharge his managerial responsibilities, and so defeat an enforcement case that the FCA brought against him. Every SMF holder should consider whether their business is structured to enable them to take these, or analogous, steps and whether they possess the adequate authority to take them – and if not, do something about it. The SMF holder should also ensure that he/she keeps adequate records to demonstrate that he/she has done so.
The grounds for discipline have been extended under the SM&CR although we question whether the duty of responsibility materially adds to the circumstances when a regulator will be able to successfully bring disciplinary action. In this context we consider the examples of action taken by the regulators against individuals for breach of APER 5, APER 6 and APER 7 (Statements of Principle and Code of Practice for Approved Persons (APER)) will continue to provide helpful guidance as to how the duty of responsibility may be enforced.
The legal function
Under the SM&CR the FCA and the PRA designated a number of SMFs. SMF 18, the other overall responsibility function, requires a person who is allocated overall responsibility for one of the firm’s activities, business areas or management functions to be pre-approved, if the individual has not already been identified as performing a specific SMF (SMF 1 – 17).
In a press release  earlier this year, the FCA indicated that they had been made aware of uncertainty surrounding whether an individual in charge of the firm’s legal function requires approval under the SM&CR. The FCA planned to consult on this area.
The recent discussion paper (DP16.4) clarifies that the legal function does come within the ambit of the SM&CR; the individual who has overall responsibility for the management of the legal function needs to be captured as an SMF 18 if they are not already captured under another SMF 18 e.g. SMF 16 – compliance oversight function. Furthermore, all employees within the legal function (except for ancillary staff) are subject to the conduct rules.
Recognising the concerns of the legal profession about the inclusion of the legal function within the SM&CR, and the potential challenge to legal professional privilege, feedback is invited on whether the legal function should be included within the SM&CR going forward. Comments can be made until 9 January 2017.