The Senior Managers and Certification Regime (the “SM&CR”) is the tough new regulatory framework for individuals working in the banking sector, under which the UK regulators seek to increase individual accountability. The SM&CR will apply to UK-based subsidiaries of Chinese banks and will also extend, in slightly modified form, to UK branches of Chinese banks. Accordingly, Chinese banking groups which have UK subsidiaries, UK branches, or a combination of the two, will be affected by the SM&CR.
The need for approval as a Senior Manager under the new regime is based upon an individual’s role in practice, not their job title or location. This means that Chinese banking groups with a UK presence must think carefully about who is in scope, and senior individuals located outside the UK cannot assume that these UK reforms do not apply.
Importantly, it is proposed that anyone carrying on a Senior Management role will be subject to a “duty of responsibility” and will face potential disciplinary action for misconduct if something goes wrong in relation to one of their allocated responsibilities. Penalties for misconduct range from public censure to fines, the imposition of limitations or restrictions on an individual's approval, or the suspension of approval, and so it is crucial that anyone who will be a Senior Manager under the new regime fully understands their UK regulatory obligations, particularly if the individual is based outside the UK.
The UK banking industry has seen a great deal of change in the post-financial crisis era, but none that seems to attract quite so much personal interest from those at the top as the SM&CR. Although this is purely a UK (rather than European) initiative, the SM&CR has attracted international attention for its strict approach towards personal liability, particularly as it affects individuals working for overseas banking groups with a UK presence.
The implementation of the SM&CR on 7 March 2016 will see some hotly anticipated reforms finally come to fruition. Originally, the regime was to include a controversial “reverse burden of proof”, which would have resulted in Senior Managers being deemed guilty of misconduct in relation to regulatory transgressions that occurred within an area of their responsibility, unless they could show that they took all reasonable steps to prevent or stop that transgression. Although it was recently announced that this element will not be implemented, it is still expected that Senior Managers will be held to high standards and will need to be able to evidence and justify their actions to prevent the regulators finding them guilty of misconduct when there has been a regulatory transgression in an area for which they are responsible. The SM&CR will also feature a new criminal offence which will hold to account those Senior Managers who bear certain responsibility for the failure of a bank.
The direction of the reform was set when the Parliamentary Commission on Banking Standards published its June 2013 report ‘Changing banking for good’. It pronounced the current UK regulatory framework for individuals working in regulated financial services (the Approved Persons regime) a “complex and confused mess”, and stated that this regime had “created a largely illusory impression of regulatory control over individuals, while meaningful responsibilities were not in practice attributed to anyone”. This voiced the frustration among many that, despite all of the apparent misconduct and mismanagement in the banking sector prior to the financial crisis, ultimately it seems that senior individuals who oversaw these events will escape any sort of sanction, as under the current framework it is very difficult for the regulators to attribute responsibility to a single individual.
Framework legislation was quickly agreed, and consultation on the regulators’ detailed rules regarding the SM&CR began in July 2014. Most of the detail has now been finalised, although with some elements still out for consultation it seems that it will be a challenge for many of the affected firms to be fully prepared for commencement next March.
The new regime will lead to some significant changes in the way that individuals at affected firms are overseen, and held accountable, both by the regulators and by the firm itself. The SM&CR will require individuals performing specific “Senior Management Functions” to be pre-approved by the regulators and to have their responsibilities formally recorded and provided to the regulators so that they can be questioned (and potentially disciplined) if something goes wrong in an area for which they are responsible. It will also require firms to certify the fitness and propriety of other key staff (in practice comprising a broad population of individuals), referred to as “Certified Persons”, both at the time of appointment and, more significantly, on an annual basis thereafter, which will require substantial changes to firms’ processes and procedures. Further, the SM&CR will introduce new high-level Conduct Rules for Senior Managers, Certified Persons and most other staff employed by the firm (except those whose role has no relation to financial services, such as caterers and IT support staff), and will require firms to report breaches of these rules to the regulators within prescribed time limits, which could then trigger disciplinary action against the individual.
Scope of the regime
The regime for UK branches is intended to be proportionate, so fewer Senior Management Functions apply to branches and not all of these are compulsory for every branch (smaller branches may need only one or two approved Senior Managers). Senior Managers in branches will be subject to the provisions in relation to misconduct, although they will not be within scope of the new criminal offence. For branches of banks which are based in another European country, the regime is less intrusive, as European legislation dictates that certain matters must be reserved to the home-state regulator.
Importantly, the regime is not limited in its scope to apply to individuals based only in the UK, or within the UK subsidiary or branch, and therefore will capture certain individuals who are based overseas and/or within a different legal entity. As the regime applies on a legal entity basis, rather than by business lines, Chinese banking groups must identify individuals responsible for the UK subsidiary and/or branch in question, regardless of where those individuals are located.
There is, however, some limitation to the scope, as individuals outside the UK subsidiary or branch itself and/or based abroad may be less likely to meet the relevant criteria to be performing a Senior Management Function in the first place. However, branches with only limited staff in the UK may find it inevitable that individuals based overseas will need to be approved, particularly if the branch is centrally managed and governed.
To demonstrate their intention to capture individuals outside of the UK subsidiary or branch, the UK regulators have developed a general Senior Management Function for individuals with a certain level of influence over the UK subsidiary or branch, who work for the entity’s parent or another group company. The overarching principle is that an individual who is responsible for implementing strategy or overseeing transactions in the UK (rather than those merely responsible for setting strategy at a group level) is likely to be performing this Senior Management Function and so to require approval.
It is also possible that an individual outside the UK subsidiary or branch may perform a specific Senior Management Function directly on its behalf, for example an individual in a group company who acts as Chief Risk Officer for several group entities, including the relevant subsidiary or branch, could need to be approved to perform the Chief Risk function on its behalf. Although the regime has flexibility to avoid banking groups needing to adopt identical, prescribed organisational structures, this flexibility also means that applying the regime in practice and working out which individuals need to be approved is a challenging task. This is particularly difficult in large and complex groups; especially when the group is run by business lines rather than on a legal entity basis.
For Chinese groups, the reach of the SM&CR beyond the UK subsidiary or branch should prompt a review of governance arrangements to ensure that individuals within scope of the new regime are contained within the UK. Such structuring could help to make oversight and administration easier and to avoid individuals being subject to more than one regulatory regime. This approach could result in responsibility for implementing group strategy being delegated to a Senior Manager in the UK and individuals in the UK being given responsibility for roles which would ordinarily be performed at a group level. Otherwise, it may be challenging for the UK business to ensure that individuals based outside the UK are trained adequately and that systems are implemented to enable appropriate compliance oversight. However, for some groups it will not be possible to concentrate responsibility in the UK in this manner.
Although smaller branches may be able to arrange themselves so as to have only a few individuals approved as Senior Managers, this may only make things simpler for the branch rather than its managers, and would need to be signed off by the regulators. As every UK subsidiary or branch must allocate the entire list of regulator-prescribed responsibilities amongst its Senior Managers, this could increase the formal responsibilities of branch managers if the prescribed responsibilities are shared between only a few individuals, which may not be appropriate.
Another difficult area for Chinese banking groups is working out who is within scope of the Certification Regime, which will capture a much broader population than the Senior Managers Regime. Whilst some functions within scope will not have any territorial limitation, others will apply only in respect of employees of the UK subsidiary or branch who are either based in the UK or dealing with a client in the UK. A wide meaning of “dealing with” will be used, so that it will include almost any contact with a client (and certainly will not need to amount to carrying out any particular activity on behalf of a client).
Unfortunately, the SM&CR does not replicate a useful exemption under the current Approved Persons regime which permits individuals ordinarily based overseas to perform certain client-based activities in the UK under appropriate supervision for a limited period each year without approval. This all or nothing approach will force UK subsidiaries and branches of Chinese banks with employees based outside the UK to choose between certifying and overseeing individuals based abroad, or placing arbitrary restrictions on the activities of overseas employees in relation to UK clients. This is likely to cause issues for Chinese banking groups with a UK branch, as employees of a branch are more likely to be based outside the UK.
The current focus is on banking groups with a UK presence preparing for commencement. UK subsidiaries and branches must settle their arrangements before documenting these in governance maps and Senior Managers’ statements of responsibilities. They must also ensure that they make the required notifications in respect of individuals who they wish, and who are permitted, to grandfather across to the new regime: these notifications must be made by 8 February 2016. Soon the focus is likely to switch to enforcement, as we wait to see how quickly the regulators take action under the new framework and in what circumstances they succeed in holding individuals to account.
These are developments that non-banking groups will be watching with interest. A parallel Senior Insurance Managers Regime for the insurance sector has also been created and is set to come into effect early next year. Further, there is new legislation under consideration which would extend the SM&CR to all UK regulated financial services firms, from investment firms to consumer credit firms. Although it is not expected that such extension would take effect before 2018, giving time for the regulators to draft the detail of a version of the SM&CR which is appropriate and proportionate for all firms, the message is clear that the SM&CR is here to stay. It is not yet clear whether or how UK branches of non-banking groups will be affected, and so the development of the proposals will be followed closely by Chinese financial services groups doing business in the UK.
These reforms and their results will be watched carefully by financial services regulators outside the UK, particularly in the U.S. where regulators have indicated an intention to take a harder line against individuals, and in Hong Kong where the regulators are known to take a fairly strict approach and already have a track record for pursuing senior managers over conduct failings. That said, there are few signs at present of other jurisdictions looking to implement such major reform, or in some cases even seeking to take a more robust approach towards individuals in general. We will wait to see what, if any, influence these UK reforms have on the regulatory approach elsewhere.