The regime will monumentally affect banks, building societies, credit unions, and PRA-regulated investment firms.
The much-trailed Senior Manager’s Regime (SMR) was brought into effect on Monday, 7 March by the enactment of Part 4 of The Financial Services (Banking Reform) Act 2013, (the Banking Act). The provisions of the Banking Act that create the SMR are essentially the Parliamentary Commission on Banking Standards’ recommendations, which were set up to examine the standards and culture of the UK banking industry. Because of that genesis, the SMR was originally intended only to catch the banking industry; UK banks and UK branches of non-UK banks that ordinarily operate as UK-incorporated entities in any event.
The new regime is designed to bring personal responsibility to the forefront of any examination of failures in the banking system, something that sits closely with the move toward personal responsibility in corporate affairs. This is currently the policy direction in which the US government is travelling, as best exemplified by the Yates Memorandum (published last September), which put personal responsibility front and centre of all government investigations into corporate delinquency.
Since the first announcements of the proposed new regime were published, the UK government announced in October 2015 that the SMR would extend beyond banks to the entire UK financial services industry. However, as of 7 March 2016, the SMR is in place for banks, building societies, credit unions, and Prudential Regulation Authority–regulated investment firms only. Some may regard these entities as the most significant part of the UK financial services sector, but that still leaves about 60,000 other regulated businesses yet to come within the regime. Such businesses are expected to be covered by the SMR during 2018.
The new regime identifies two different classes of regulated persons: senior managers and certified individuals. The Banking Act defines a “senior manager” as a person who carries out a function in relation to a firm’s regulated business and who is responsible for managing one or more aspects of the firm’s affairs. Those aspects involve, or might involve, a risk of serious consequences for the firm, businesses, or other interests in the United Kingdom. Certified individuals are employees of the firm certified by the firm, after carrying appropriate due diligence into that person’s background, as being fit and proper to carry out any function that could cause significant harm to the firm or its customers. That certification must be made on recruitment and annually thereafter.
The Banking Act imposes a statutory duty on senior managers to take reasonable steps to prevent regulatory breaches in their area of personal responsibility. It also creates exposure to regulatory intervention at a personal level if there are any regulatory failings within a senior manager’s area of responsibility.
The definition of “misconduct” in section 66 of the Financial Services and Markets Act 2000 (FSMA) is amended by the Banking Act so that an individual is guilty of misconduct if any one of a number of conditions is satisfied. The condition most relevant to senior managers is that misconduct occurs if (1) an individual has at any time been a senior manager and (2) there has been a breach of a regulatory requirement within the firm during which time the senior manager was responsible for the area of the firm’s activities within which the breach occurred. A finding of misconduct can have catastrophic consequences for a senior individual in the financial services sector.
The position as of 7 March is that all banks will have had to identify their senior managers and what their areas of responsibility are in a document called a Management Responsibility Map. Those persons who are senior managers will have already been approved under the preexisting Approved Persons Regime (APR), which is grandfathered into the SMR, with the additional requirement that each senior manager transitioning from APR to SMR must provide a document setting out the areas of his or her personal responsibility in a Statement of Responsibilities.
For those individuals who are not senior managers and who fall within the certification regime for persons in a significant harm function, banks have until 7 March 2017 to complete their certifications.
Alongside the new regime are new Conduct Rules that apply to senior managers and “significant harm function” individuals when they are all certificated. The new Conduct Rules will also apply to persons who fall outside the regime but are nevertheless employed by a regulated entity. Current estimates are that when the entire UK financial services sector is within the regime, as many as 1 million people could be subject to the new Rules.
Non–executive directors are omitted from the regime. They will, however, be brought into the scheme through the Conduct Rules, and as a consequence, non–executive chairpersons and non–executive directors with specific responsibilities, such as chairs of essential board committees, will have the same personal exposure in their roles as do employed senior managers.
The new Conduct Rules are expressed as high-level principles, much like the Principles in the APR. A breach of the Rules brings into play the issue of self-report. Actual or suspected breaches of the Conduct Rules by senior managers must be reported within seven days of a firm becoming aware. This contrasts markedly with the new requirement to report actual or suspected breaches by other staff caught by the rules only annually. This significant difference in oversight demonstrates clearly how focused the FCA is on senior management’s behaviour. These new requirements run alongside the preexisting obligations on firms to report to the FCA any matters that the FCA could reasonably expect to be notified of, as set out in Principle 11 of the FCA’s principles for good business (which govern all regulated firms), and, in particular, the requirement to report any significant regulatory breach immediately once a firm becomes aware of it.
If senior managers are to have the degree of scrutiny and insight over those who work in their area of responsibility, firms should ensure that highly sophisticated systems and processes for monitoring and oversight are in place and fully implemented. There is clearly a great burden on banks to provide their senior managers with effective oversight tools to reduce, or eliminate entirely if possible, the risks that this new regime presents to their most senior employees.
The consequences for banks and their senior managers under this new regime are monumental. Leaving aside the issues of increased administration and consequential costs in vetting and certifying thousands of people on an annual basis, senior employees are now personally exposed to the consequences of behaviours and activities that they may know nothing of and neither wish nor condone. In the hierarchical structure of banks that employ thousands of people, such a scenario is more than likely.