All questions

The regulatory regime applicable to banks

i The UK regulatory framework for banks

Regulatory and supervisory responsibility for UK banks is divided principally between the Bank of England (in its capacity as the PRA) and the FCA. The Bank of England exercises its role as the PRA through its Prudential Regulation Committee, while its Financial Policy Committee (FPC) has a macroprudential mandate to identify imbalances, risks and vulnerabilities in the UK financial system, and can direct the PRA and the FCA to take certain actions to mitigate those risks. The Bank of England also acts as the UK's resolution authority for banks, building societies and certain investment firms.

The authority of the PRA and the FCA derives from the Financial Services and Markets Act 2000 (as amended) (FSMA). The FSMA sets out objectives for each regulator and requires each regulator to exercise its powers in a manner that it considers will advance those objectives.


The PRA is the prudential regulator of all UK banks and building societies, insurance companies and certain investment firms. The conduct of business of PRA-authorised firms is regulated by the FCA, and these firms are therefore referred to as dual-regulated.

Under the FSMA, it is a criminal offence for a person to engage in regulated activities by way of business in the United Kingdom unless authorised (an authorised person) or exempt from the authorisation requirement. Regulated activities are prescribed in secondary legislation made under the FSMA. Accepting deposits is a regulated activity where such deposits are lent to third parties or where any other activity is financed wholly or to a material extent out of capital or interest on deposits. The regulated activity of accepting deposits is specified for the purposes of the Financial Services and Markets Act 2000 (PRA-Regulated Activities) Order 2013 (PRA Order); consequently, firms that wish to carry on deposit-taking activities (i.e., prospective banks and building societies) are required to seek authorisation to do so from the PRA.

An application to the PRA for authorisation must cover all regulated activities that the applicant wishes to carry on, regardless of whether those activities are specified in the PRA Order. The PRA is required to obtain consent from the FCA before granting any authorisation. The FCA is fully involved in the authorisation process for such firms, and may request information from, or ask questions of, the applicant.

Other regulated activities under the FSMA that may be relevant to banks include dealing in investments as principal, dealing in investments as agent, advising on investments, arranging deals in investments, managing investments, certain residential mortgage-lending activities, safeguarding and administering investments (i.e., custody activities) and certain consumer credit-related activities. The investments to which the investment-related activities noted above relate are set out in secondary legislation and include shares, debentures, public securities, warrants, futures, options, contracts for differences and units in collective investment schemes.

The PRA's general objective is to promote the safety and soundness of the firms it regulates. The PRA is required to advance this objective by seeking to ensure that the business of PRA-authorised firms is carried on in a way that avoids any adverse effect on the stability of the UK financial system, and by seeking to minimise the adverse effect that the failure of a PRA-authorised firm could be expected to have on the stability of the UK financial system. The second element of this objective reflects the principle that the PRA does not operate on a zero-failure basis: a core aspect of the PRA's approach to banking supervision is its focus on the establishment, maintenance and implementation of appropriate recovery and resolution arrangements. Since 1 January 2019, the PRA has had specific responsibilities relating to ring-fenced bodies and ring-fencing requirements when advancing its general objective. The PRA also has a specific insurance objective and a secondary competition objective.

The PRA has a general power under the FSMA to make rules that apply to the firms it regulates, and to issue related guidance, with respect to regulated activities and other unregulated business activities (e.g., certain business lending activities that fall outside the regulatory perimeter in the United Kingdom) that such firms carry on. The PRA may, however, only make such rules as it considers necessary or expedient for the purpose of advancing any of its objectives.

The PRA has adopted a set of Fundamental Rules, which are a series of high-level prudential principles that underpin the PRA's regulatory approach to the firms it regulates. These focus on certain matters relating to governance, integrity, resolvability and financial resources. The Fundamental Rules are drafted as clear statements of principle, and include statements that 'a firm must at all times maintain adequate financial resources' and 'a firm must deal with its regulators in an open and cooperative way and must disclose to the PRA appropriately anything relating to the firm of which the PRA would reasonably expect notice'.

Consistent with its judgment-led approach to supervision, the PRA's supervisory approach focuses on the most significant risks to its statutory objectives. The PRA draws on a broad set of information and data in forming supervisory judgments and relies on banks – and other firms that it regulates – to submit that information and data. Periodically, the PRA may validate data though on-site inspections conducted either by its own supervisory staff or by third parties. To support its information-gathering and analysis, the PRA requires firms to participate in meetings with supervisory staff at senior and working levels.


The FCA is responsible for the regulation of conduct of business at all authorised firms in the United Kingdom (including banks and other PRA-authorised firms) and the conduct of business in respect of wholesale and retail financial markets and market infrastructure. The FCA is also responsible for the prudential supervision of firms that are not subject to prudential regulation by the PRA, which may include banks' subsidiaries or other entities within banking groups, such as dedicated consumer credit lenders and investment firms. Firms subject to both prudential and conduct of business regulation by the FCA are not dual-regulated, and therefore only need to seek authorisation from the FCA to carry on regulated activities.

Under the FSMA, the FCA has a strategic objective to ensure that markets for financial services in the United Kingdom function well. This is supported by three operational objectives: consumer protection, enhancing the integrity of the market and promoting competition.

When pursuing its consumer protection objective, the FCA must have regard to consumers' need for timely information and advice that is accurate and fit for purpose, and whether firms are providing an appropriate level of care to consumers, among other factors. The FCA has various powers to further its consumer protection objectives, including powers to introduce product intervention rules (pursuant to which it can ban the sale or distribution of certain products), to require the withdrawal of misleading financial promotions, and to publicise the issue of a warning notice (a stage in an FCA regulatory investigation prior to any finding of guilt or wrongdoing).

The FCA uses its supervisory and enforcement work, thematic reviews and market studies to further its objectives. The FCA also has competition powers relating to the financial services sector that are concurrent with those of the Competition and Markets Authority (CMA). The FCA's competition powers permit it to investigate the performance of any market for financial services under the Enterprise Act 2002, and investigate and enforce against any breach of the Competition Act 1998 in financial services. In addition to the specific competition objective described above, the FCA is also subject to a general duty to promote effective competition in the interests of consumers, and may use its general powers under the FSMA to do so.

The FCA has the power under the FSMA to make rules that apply to all regulated firms, and to issue related guidance with respect to the carrying on of regulated activities and other unregulated business activities carried on by regulated firms. The FCA may, however, only make such rules as it considers necessary or expedient for the purpose of advancing one or more of its operational objectives. Like the PRA's Fundamental Rules, the FCA's Principles for Businesses set out high-level requirements that apply to the firms it regulates. One key principle is that a firm must pay due regard to the interests of its customers and treat them fairly.

The Bank of England

Alongside its roles as a microprudential regulator (exercised in its capacity as the PRA) and as the central bank of the UK, the Bank of England has specific regulatory functions relating to financial stability. In particular, it is the body responsible for the enforcement of the special resolution regime introduced by the Banking Act 2009 (see further Section III.vii) and, acting through the FPC, has the macroprudential objective of protecting and enhancing financial stability and the resilience of the UK financial system. The FPC does this by monitoring threats and taking action where necessary to address any perceived or identified vulnerabilities and imbalances in the UK financial system. The FPC has the power to issue macroprudential recommendations and directions to the PRA and the FCA. It does not, however, have the power to exert control over, or issue directions to, individual firms.

ii Management of banks

The Financial Services (Banking Reform) Act 2013 (Banking Reform Act) introduced amendments to the FSMA that have established an enhanced regulatory framework for individuals performing certain functions at UK banks or, in certain circumstances, UK branches of foreign banks. These reforms were primarily intended to enhance individual accountability in the banking sector and to address concerns that continuing responsibilities of senior bankers were inadequately defined. This section provides an overview of this framework, which includes a senior managers regime (which replaced the approved persons regime for banks), a certification regime (applying to other bank staff in positions where they could pose a risk of significant harm to the firm or its customers) and a set of conduct rules (which replaced the previous Statements of Principle and Code of Practice for Approved Persons) enforceable by either the PRA or the FCA. This framework, which originally only applied to UK banks and PRA-designated investment firms, was extended to cover insurers with effect from 10 December 2018, and will be extended to apply to FCA-authorised firms with effect from 9 December 2019 (subject to certain transitional measures).

Senior managers regime

Individuals intending to carry on certain specified senior management functions at UK banks require prior approval by the PRA or the FCA (the regulator granting the approval depends on the nature of the role). These specified senior management functions broadly cover roles in which persons are responsible for managing one or more aspects of the bank's affairs relating to a regulated activity, where the relevant function involves, or might involve, a risk of serious consequences for the firm or for business or other interests in the United Kingdom. Senior management functions are specified by either the PRA or the FCA, a distinction that reflects the difference in scope of each regulator's objectives.

There are currently 30 specified senior management functions (SMFs), each of which is labelled with an SMF number. Some of these functions relate to insurance undertakings only, and not all SMFs will therefore be relevant to banks and their groups. Banks are required to allocate overall responsibility for each of their activities, business areas and management functions to a person approved to perform a senior management function. If a person responsible for an activity, business area or management function that does not have a designated SMF number is not already approved to perform another senior management function, that person must be approved to perform the 'other overall responsibility' function.

Certain non-executive directors (NEDs) also require pre-approval as senior managers, including the chair, senior independent director and chairs of the risk, audit, remuneration and nominations committees. Other NEDs (termed notified or standard NEDs) fall outside the scope of the senior managers and certification regime, but are subject to certain FCA conduct rules (see below). The regulators also retain the ability to prohibit notified NEDs from carrying out their roles.

For senior management functions specified as PRA functions, individuals are pre-approved by the PRA with the FCA's consent. For senior management functions specified as FCA functions, individuals require pre-approval by the FCA only.

The PRA and FCA also specify certain prescribed responsibilities, which banks must allocate to individuals holding senior management functions. This is designed to ensure that there is individual accountability for the fundamental responsibility inherent in a particular function. Certain prescribed responsibilities are designed to be assigned to executives, while others reflect non-executive roles. Not all of the prescribed responsibilities will be relevant to all firms – for example, certain prescribed responsibilities apply only in specific circumstances (such as where a bank carries out proprietary trading or where a bank is ring-fenced). In general, each prescribed responsibility should be allocated to one individual, although the regulators have recognised that the sharing of responsibilities may be necessary in limited circumstances (e.g., where departing and incoming senior managers work together temporarily as part of a handover).

All applications for individuals to perform a senior management function must be accompanied by a statement of responsibilities, a document that sets out the areas of business for which the individual will be responsible. Banks are also required to produce a responsibilities map, a single document that describes the firm's management and governance arrangements.

Qualifications for approval: fitness and propriety

The regulators will approve an individual only if satisfied that the candidate is a fit and proper person to perform the senior management function for which approval is sought. The PRA and the FCA both apply a fit and proper test, which is concerned largely with the candidate's honesty, integrity and reputation, competence and capability, and financial soundness.

Both regulators are interested in the qualifications of prospective directors of banks, and expect banks to carry out extensive referencing and due diligence before appointing new directors and other individuals performing senior management functions, including assessing suitability for the role, conducting criminal record checks and obtaining references from previous employers. The PRA and the FCA have, and frequently exercise, the power to interview prospective directors and other individuals performing senior management functions at banks.

Duty of responsibility

The senior managers regime is designed to increase individual accountability and is supported by a duty of responsibility, which allows the PRA or the FCA to bring a misconduct claim against the accountable senior manager if the authorised firm has contravened a relevant requirement. Broadly, the PRA or the FCA, or both, must show in any misconduct claim against an individual that the senior manager with the relevant responsibility did not take such steps as a person in the senior manager's position could reasonably have been expected to take to avoid the contravention occurring. The burden of proof lies on the regulator. Both regulators have produced guidance on the factors they will consider when addressing the duty of responsibility. Where the FCA or the PRA finds that a senior manager is in breach, it may suspend or limit the senior manager's approval, impose a penalty, impose conditions on the individual's approval or publish a statement of misconduct.

Certification regime

The certification regime applies to individuals employed in positions where they could pose a risk of significant harm to a firm or its customers. Neither the PRA nor the FCA pre-approves these individuals, but banks are required to certify that the individuals are fit and proper for their roles, both at the point of recruitment and thereafter (at least annually). If it believes that an individual within the scope of the regime fails to meet the requisite standards, a bank must refuse to renew that individual's certificate of fitness and propriety.

Conduct rules

The FCA and the PRA have each issued conduct rules that apply to those subject to the senior managers and certification regimes. The FCA's conduct rules apply to all individuals approved as senior managers or covered by the certification regimes, as well as notified NEDs and all other employees (other than certain ancillary staff who perform a role that is not specific to the financial service business of the firm). The PRA's conduct rules apply to individuals approved as senior managers or covered by the certification regime, and to notified NEDs.

The conduct rules are high level, and reflect core standards expected of those within their scope, including requirements relating to integrity, acting with due care, skill and diligence, observing proper standards of market conduct, and dealing openly and cooperatively with regulators.

Both the FCA's and the PRA's conduct rules are in two tiers: those that apply to all individuals within the scope of the conduct rules (individual conduct rules) and those that apply only to senior managers (senior management conduct rules). The latter include the requirement to disclose to the regulators any information of which they would reasonably expect notice and to take reasonable steps to delegate responsibilities and oversee the delegation of responsibilities to an appropriate individual. In addition to the individual conduct rules, notified NEDs are subject to the senior management conduct rule requiring them to disclose to the regulators any information of which the regulators would reasonably expect notice.

Relevant individuals who fail to comply with a conduct rule, or who are knowingly involved in a contravention by an authorised firm of any requirement imposed on it by or under the FSMA, or FCA or PRA rules, may be fined or publicly censured, or both. Both regulators have the power to discipline an approved senior manager who has breached a conduct rule that it has issued, irrespective of whether it has approved the individual. Both regulators also have the power to withdraw approval from individuals or to issue a general or specific prohibition order prohibiting an approved person from carrying on any senior management function, or both.

Reckless misconduct in the management of a bank

The Banking Reform Act introduced a new criminal offence that applies in respect of misconduct by a senior manager that leads to the failure of a bank, building society or PRA-authorised investment firm (financial institution). The offence is relevant where – upon the failure of a financial institution – it is established that an approved individual:

  1. made, or agreed to the making of, a decision by or on behalf of the bank or investment firm as to the way in which the business of the financial institution, or another financial institution in its group, was to be carried on, or that individual failed to take steps that he or she could take to prevent such a decision being taken;
  2. at the time of the decision, the individual was aware of a risk that the implementation of the decision could cause the failure of the relevant financial institution;
  3. in all the circumstances, the individual's conduct in relation to making the decision fell far below what could reasonably be expected of a person in that individual's position; and
  4. the implementation of the decision caused the failure of the relevant financial institution.

The offence has been in force since 7 March 2016, and applies to any decision made on or after that date that causes a financial institution to fail.