Last week, the PRA published Policy Statement 15/18 providing feedback to responses to its earlier consultation papers - Consultation Paper (CP) 14/17 ‘Strengthening individual accountability in insurance: extension of the Senior Managers and Certification Regime to insurers’, and CP28/17 ’Strengthening accountability: implementing the extension of the SM&CR to insurers and other amendments’.

The PRA has also published:

The policy statement is relevant to all Solvency II insurance firms (UK Solvency II firms, the Society of Lloyd’s and managing agents and third country (re)insurance branches), and to insurance special purpose vehicles (ISPVs), large non-Directive firms (large NDFs), and small non-Directive firms (small NDFs).

The FCA has also published Financial Conduct Authority (FCA) PS18/14, FCA PS18/15 and FCA PS18/16, which provide feedback to the responses to FCA Consultation Papers (CP) 17/26, CP17/41, and CP17/42, and contains the FCA’s equivalent policy to implement the extension of the SM&CR to insurers.

This bulletin sets out an overview of the PRA policy statement, changes to the FCA’s near final rules and the steps insurers should be taking to ensure compliance with the new rules before they enter into force on 10 December 2018.

The SM&CR consists of 3 parts which apply on a legal entity basis:

1. the Senior Managers Regime (SMR) which focuses on individuals who hold key roles or have overall responsibilities for whole areas of relevant firms;

2. the Certification Regime which applies to other staff who could pose a risk of significant harm to the firm or any of its customers; and

3. the Conduct Rules which are high level requirements that hold individuals to account.

Overview of key changes to the regime

Certification regime

The biggest change is that insurers will be subject to the certification regime for the first time. The PRA is maintaining its policy on certification for insurers other than small NDFs and the set of ‘certification functions’ for Solvency II insurers (along with ISPVs and large NDFs, but excluding small run-off firms) would include key function holders (KFHs).

In addition, the set of ‘certification functions’ would include material risk-takers (MRTs) at Solvency II insurers (and large NDFs) that are ‘large firms’. Any individuals who are non-executive directors (NEDs) or that are approved for a senior management function (SMF) by the PRA or FCA would be excluded (as required by FSMA). Any individuals whose appointment is solely to cover the absence of an employee in a ‘certification function’ whose absence is reasonably unforeseen, and is for less than four weeks, would also be deemed to be excluded.

For small NDFs, the PRA has modified its proposals for the certification regime by including only members of the governing body (other than PRA/FCA approved persons or NEDs) in the certification regime, and not their direct reports, which was proposed in the consultation paper. Firms will still be required through the FCA’s ‘competent employees’ rules to employ staff with relevant skills, knowledge and expertise, and the FCA’s conduct rules will apply to employees of the firm (other than ancillary staff).

SMFs

The PRA is retaining its senior insurance management functions (SIMFs), but plans to rename them as senior management function for consistency with the SMR for banks.

An SMF is a new type of controlled function set out in Financial Services and Markets Act 2000 (FSMA). Under FSMA s. 59AZ, a function is a ‘senior management function’ as ‘in relation to the carrying on of a regulated activity by [a firm], if the function will require the person performing it to be responsible for managing one or more aspects of the [firm’s] affairs, so far as relating to the activity, and those aspects involve, or might involve, a risk of serious consequences for the [firm], or for business or other interests in the United Kingdom’. Which ones will apply to a firm will depend on the type of SM&CR the firm is categorised as (e.g. Solvency II, large NDF, small NDF, ISPV or small run-off).

The FCA is introducing a new set of SMFs that will replace its significant influence functions (SIFs). The FCA has designated five executive and two non-executive roles as SMFs (Executive Director, Other Overall Responsibility, Conduct Risk Oversight Officer, Compliance Oversight and Money Laundering Reporting Officer, Chair of the Nomination Committee and Chair of the with Profits Committee).

The PRA will maintain the existing SIMFs which will be called SMFs. Anyone holding a PRA or FCA SMF will be subject to pre-approval by the relevant regulator but ‘grandfathering’ arrangements are in place.

Prescribed responsibilities

Prescribed responsibilities (PRs) are specific responsibilities, defined in SYSC 24 of the FCA Handbook and the PRA’s Rulebook, that a firm must give to a senior manager (SM). They are in addition to the responsibilities that are an essential part of an SM’s role, such as responsibilities for aspects of the business and activities and functions of the firm. EEA branches will not need to apply the PRs, because they remain subject to home state supervision. They will apply to all other firms.

The SM allocated a PR should be the most senior person responsible for that area in the firm. The PR must be allocated clearly and should normally be held by a single individual, except where a firm can show that dividing or sharing a responsibility is appropriate and justifiable.

Insurers will need to allocate additional FCA and PRA prescribed responsibilities to their SMs. The PRA proposed to add some new PRs that should be allocated to a SM, so as to encompass responsibility for all aspects of the operation of the regime, including the new certification regime. The PRA also proposed to add four new PRs for third country branches and Swiss general insurers.

Statutory duty of responsibility

SMs within insurers will be subject to the statutory duty of responsibility. The PRA proposed amendments to SS35/15, to set out its expectations of how the new statutory ‘duty of responsibility’ (s66B(5) of FSMA) should be complied with by individuals performing an SMF at insurers. Under the extended SMR, every senior manager within an insurer will have a statutory duty of responsibility which means that if a firm breaches a regulatory requirement, the senior manager responsible for that area could be held accountable if they did not take “reasonable steps” to prevent or stop the breach. 

Fit and proper requirements

Insurers will need to satisfy themselves that employees within the certification regime are fit and proper and assess this every year. The FCA will require insurers to make sure that anyone performing an SMF or a certification function is fit and proper for their role. This requirement stems from sections 60A(1) and 63F of FSMA and reflects the fact that a key feature of the SM&CR is that firms need to take responsibility for their staff being fit and proper to do their jobs. The FCA also plans to apply this requirement to NEDs who are not senior managers.

Conduct rules

The majority of employees working for insurers will become subject to directly enforceable conduct rules. The PRA proposed to extend the application of a number of its conduct rules to all employees who are holding a PRA ‘certification function’ (including KFHs) at insurers, as well as to the employees of those firms who are performing an SMF on a temporary basis, including those who have been approved subject to a time limit or are performing an SMF pursuant to the grace period.

Management responsibilities map

Insurers will need to produce management responsibilities maps as opposed to governance maps and senior managers will have statements of responsibilities rather than scope of responsibilities documents.

The responsibilities map is essentially the same in substance as the governance map, but has been renamed to be consistent with the new legislation. Similarly the statement of responsibility is similar to the scope of responsibilities document.

Handover requirements

Solvency II firms and large NDFs will need to comply with a new handover requirement (to which banks are already subject). This new rule will require Solvency II insurers and large NDFs to take all reasonable steps to ensure a senior manager is provided, in advance, with all the information and materials they would reasonably expect in order to perform a new SMF. The PRA recognises that information that a firm chooses to include in its handover material will depend on the business model and governance structure, as well as the specific individual’s position and responsibilities in all circumstances.

Regulatory references

Insurers seeking to appoint someone as a certified person will need to obtain regulatory references from past employers.

Transfers of individuals

A simpler process is being introduced for individuals who have been previously approved by the PRA or the FCA to move between banking and insurance firms.

What should insurers be doing to prepare?

The FCA has published ‘The Senior Managers and Certification Regime: Guide for insurers’ which sets out a summary of the FCA’s rules and guidance on the SM&CR and gives an overview of how the SM&CR works.

Firms should be preparing for the 10 December commencement date and should be doing the following:

  • Identifying whether there are individuals who will perform relevant SMFs;
  • Identifying which PRs apply to the firm and which SMs should be allocated each PR;
  • Preparing statements of responsibility;
  • Identifying whether the rules will apply to individuals in other group entities;
  • Reviewing the firms activities, governance structures, business area and management functions;
  • Ensuring that every activity, business area and management function been allocated to an SM under the overall responsibility requirement?
  • Identifying their certification staff ahead of 10 December (although firms still have 12 months from the commencement date to complete the initial certification process);
  • Identifying and training SMs and certification staff on the conduct rules ahead of 10 December and abide by these from this date (although firms will have 12 months to train their other staff on the conduct rules);
  • Considering training to be offered under the new regime; and
  • Considering the form and structure of any handover process and materials.