The UK parliament passed the Bank of England and Financial Services Act 2016 (the “Act”) on 4 May 2016 which will extend the Senior Managers’ and Certification Regime (the “SM&CR”) to all firms authorised under the Financial Services and Markets Act 2000 (“FSMA”) by 2018. The Act, which brings in amendments to FSMA and the Financial Services (Banking Reform) Act 2013, will bring over 60,000 financial services firms and 200,000 individuals within the scope of the SM&CR.
The SM&CR, which we discussed in three detailed alerts published in autumn 2015,1 came into operation for banks, building societies, credit unions and Prudential Regulation Authority (“PRA”)-regulated investment firms,2 also known as Relevant Authorised Persons (“RAPs”), on 7 March 2016. The passage of the Act means that financial services firms in a wide range of sectors, including financial advisers, hedge funds, asset managers, stockbrokers and consumer credit firms, will now also become subject to the new conduct regime during 2018.
The Senior Insurance Managers Regime (“SIMR”) was also fully implemented on 7 March 2016, containing a number of the same principles as the SM&CR but tailored to address the risks specific to the Solvency II insurance industry. The Treasury has said that the introduction of the SIMR will “pave the way” for the application of the SM&CR to insurers.3
The Outgoing Regime: the Approved Persons Regime
The Approved Persons Regime (“APR”) contained in Part 5 of FSMA prevents financial services firms from employing a person to perform a Controlled Function unless they have been approved by the relevant regulator. The APR has been directly replaced by the SM&CR for RAPs, other financial services firms will continue to be subject to the APR until the regime is extended to them in 2018. The Controlled Functions are those functions identified by the Financial Conduct Authority (“FCA”) and PRA that influence a firm’s regulatory conduct and involve either customer functions, for instance those managing investments, or Significant Influence Functions, such as those carried out by individuals closely involved in running the firm, for example a director or a person overseeing a firm’s systems and controls or money laundering reporting.
Once approved, these individuals become personally accountable to the regulator and have to comply with the Statements of Principle, a series of binding standards of professional conduct issued by the FCA and PRA which, if breached, allow the regulators to take enforcement action against the approved persons.
What has changed?
The first stage implementation of the SM&CR for RAPs, which came into force in March 2016, introduced three new components, described below, that replace the APR and are designed to apply proportionately to the different categories of relevant firms. These key features will also be applied to all financial services firms under the new regime from 2018, although we will not know exactly how the process and concepts will work until the FCA publishes its final rules following industry consultation.
Senior Managers Regime (“SMR”): directly replaced the APR in its application to persons performing Senior Management Functions (“SMFs”) in a firm and focuses on individuals holding key roles or with overall responsibility for whole areas of firms.
There are 18 SMFs for UK firms.4 All PRA- Controlled Functions are SMFs while only those FCA-Controlled Functions that may involve a risk of serious consequences for the authorised persons or for the business will be SMFs. Individuals that had already been approved under the APR have been “grandfathered” into performing SMFs if they were moving to equivalent roles in the new regime. However, any new senior managers or those individuals that were approved but materially changing their role had to apply to regulators for approval under the SMR.
Certification regime: applies to a broader range of individuals not carrying out SMFs, those whose roles could cause significant harm to the firms or its customers, for example those giving investment advice. Firms will need to certify that a person is fit and proper to perform a particular certification function at least annually and while these individuals do not need to be subject to regulatory pre-approval, they are accountable to regulators.
Rules of Conduct: these high level rules apply to senior managers, those subject to the certification regime and perhaps most significantly, all other employees in a bank or PRA-designated investment firm, except those in purely ancillary roles, e.g. receptionists and cleaners. The Conduct Rules are designed to hold individuals to account and replace the Statements of Principle for senior managers and other approved persons and reflect the core standards expected of staff working in financial services. They focus on the concepts of acting with integrity, skill, care and diligence and regards the interest of consumers as well as cooperating with regulators and observing proper standards of market conduct.
The regulators have said that the principles of proportionality already present in the SM&CR regime that are designed to prevent undue burden on smaller banking institutions will be extended to acknowledge and accommodate the broader range of firms operating in the financial services industry and reflect diversity in the business models, size and complexity of firms.
What if the Rules are breached?
Actual or suspected breaches of the Conduct Rules by senior managers under the SMR must be submitted by a firm to the FCA within seven business days of the firm becoming aware of the actual or suspected breach. Actual or suspected breaches of the Conduct Rules by any other staff members must be reported annually to allow firms to assess whether any suspicion regarding misconduct is well-founded.
The original SM&CR proposals included the controversial ‘presumption of responsibility’ which reversed the burden of proof in enforcement cases and made it the responsibility of individuals charged with misconduct to prove that they took every reasonable step to prevent a breach. However, this measure was scrapped in October 2015 and replaced with a ‘duty of responsibility’ following concerns raised by industry.
The ‘duty of responsibility’ means that individuals are required to take reasonable steps to prevent regulatory breaches but requires regulators in enforcement actions to show that an individual did not take such steps as a person in a senior manager’s position could reasonably be expected to take to avoid the contravention occurring (or continuing). This means that the burden of proving misconduct will fall on regulators under the SM&CR, making it consistent with other regulatory enforcement actions.
Under the SM&CR, those individuals found to be in breach of their responsibilities could be subject to unlimited fines, remuneration clawback and lifetime bans. Individuals could also face up to seven years’ imprisonment if a senior manager takes a decision, or fails to take steps that prevent a decision being taken, that causes the failure of a financial institution.
A lack of personal responsibility and accountability among individuals working in the financial services industry and a culture that was not tough enough on addressing and taking action against misconduct were identified as key causes of the financial crisis. The SM&CR was introduced following criticism of the APR by the Parliamentary Commission of Banking Standards (“PCBS”) in its report “Changing Banking for Good”.5 The PCBS said that the APR was broad and insufficiently focused on senior management.
While the PCBS recommended that SM&CR should be introduced across all sectors of financial services, it was considered more important to introduce the reforms for the banking sector first to avoid any delay.
The Fair and Effective Markets Review in June 2015 also recommended that the UK authorities should broaden the regime holding senior management to account and called for the HM Treasury to extend elements of the SM&CR to cover a wider range of regulated firms.6 Given that the SM&CR and SIMR have entered into force, the government has now taken the decision to extend the SM&CR more widely.
The extension of the SM&CR allows for a more consistent approach to behavioural standards across the financial services industry and helps to raise conduct standards across the industry generally, helping to effect a wider cultural change and boosting the enforcement powers of the regulators in relation to the behaviour and conduct of individuals.
The extension also complements the aims articulated in the FCA’s Business Plan 2016/20177 which include increasing the accountability of individuals and allowing firms to be managed in a way that promotes appropriate culture and behaviours, with senior managers delivering effective governance and being fully accountable for defined business activities and material risks. The SM&CR is seen as an instrumental mechanism in effecting this cultural change.
The effects of the extension of firms
In its October 2015 policy paper,8 HM Treasury says it expects that the SM&CR will mean that:
- there will be a reduction in the number of appointments subject to prior regulatory approval although there may be some increase in costs per application as firms prepare documentation required by the SM&CR, such as Statements of Responsibilities;
- most current approved persons below senior management level are expected to become certified persons even where prior regulatory approval is not currently required; and
- firms may incur additional costs from putting in place systems to ensure employees are notified about and receive suitable training in the Conduct Rules that will apply to them.
What can firms do now?
Although the SM&CR, as applicable to all financial services firms, does not come into force until 2018, it is crucial for firms to start thinking about how best to implement changes now. Firms should start coordinating with HR, compliance and legal departments to develop training programmes, restructure job responsibilities, adjust job descriptions, update current documentation, introduce new documentation and brief employees regarding the important changes to their responsibilities and accountability. Firms will also need to consider implementing mechanisms that will allow them to assess whether someone is fit and proper to perform a certification function and adapt their recruitment processes and appraisal systems accordingly. Firms may also wish to consider adjusting their insurance coverage to accommodate the changes to their liability that this legislation will bring.