The Financial Conduct Authority (FCA) has consulted on the way in which the senior managers and certification regimes (SMCR) will be rolled out to all authorised firms, probably from next year. From the inception of the SMCR, the FCA has faced some difficult decisions on how (and whether) to apply it to non-executive directors (NEDs). The extension of the SMCR to all authorised firms has offered it the opportunity to address this question again. The new rules it has drafted create a variety of obligations both on firms and on NEDs, but there are key areas of uncertainty that remain.

NEDs and the SMCR – the status quo

For those firms currently operating under the SMCR, the position of NEDs is broadly as follows. Certain senior management functions (SMFs) designated by either the Prudential Regulation Authority (PRA) or the FCA as controlled functions (which an individual needs regulatory approval to perform) must be performed by a NED. Other NEDs do not require approval. The PRA, however, requires banks to take a series of steps in relation to their NEDs. Firms must assess fitness and propriety prior to appointment and periodically thereafter, and provide the PRA with sufficient material to make such assessment (although the PRA will not actually do so). They must also notify the PRA of the identities of their NEDs, of the departure of any NEDs, or of any information that might affect the assessment of a NED's fitness and propriety. In addition, firms must (in effect) require their NEDs contractually to adhere to the PRA's conduct rules.

The FCA initially proposed to designate "non-executive director" as an SMF, but decided not to following consultation. Since that early change, it has essentially left the issue of NEDs to the PRA.

The FCA's present intentions towards NEDs

The FCA has naturally had to revisit the issue of NEDs in light of the much anticipated roll-out of the SMCR to all authorised firms, not least because the new firms to be brought within the regime are solo-regulated, and the PRA's measures will not apply. In Consultation Paper 17/25 (the CP), the FCA's intention appears to be fairly straightforward – non-approved NEDs need to be subject to an assessment of fitness and propriety by the firm, to the rules on regulatory references, and the FCA also wishes to make them subject to the conduct rules. The devil, however, is always said to be in the detail, and the draft rules appended to the CP contain a lot of detail.

Specific concepts in the CP that will be relevant to NEDs

The extended SMCR contains four broad categories of requirements (listed below) that are relevant to NEDs. Some of them apply to all NEDs, and some do not.

table { border-collapse: collapse; } table, td, th { border: 1px solid black; }

Applies to all non-SMF NEDs Only applies to "non-SMF board director subject to competence requirements"
Regulatory references Yes
Assessment of fitness and propriety Yes
Criminal records checks Yes
Conduct rules Yes

The draft rules appended to the CP state that a firm subject to the SMCR will be obliged to obtain a regulatory reference if it is considering appointing a board director. References must be sought from all current and past employers over the previous six years. The rules specify the type of information that must be sought and provided, how references (and requests) should be drafted, and when references should be updated.

  • where the firm is considering appointing an individual as a NED, there is no specific consideration of whether it should seek a reference from a firm of which the individual is or has been a NED, but by which he or she has not been employed.

Crucially, the onerous requirement for firms to assess fitness and propriety only applies to individuals who are a "non-SMF board director subject to competence requirements". According to the Glossary, that means: "(in relation to a firm) a board director of the firm who meets the following conditions: (a) they are not an SMF manager of the firm; and (b) the firm is required to assess their fitness and propriety under the competent employees rule, any directly applicable EU legislation or any other requirement of the regulatory system".

The definition is largely self-explanatory until the reader reaches limb (b). The "competent employees rule" is an existing Glossary definition, to which the FCA proposes no change, and for most firms it means the rule at SYSC 5.1.1R (where it applies). SYSC 5.1.1R states that: "a firm must employ personnel with the skills, knowledge and expertise necessary for the discharge of the responsibilities allocated to them". Guidance goes on to say that a firm's systems and controls should enable it to satisfy itself of the suitability of anyone who acts for it.

Pausing here, the following issues arise:

  • the competent employees rule does not, of itself, create an express requirement to assess fitness and propriety – the obligation on firms to do so in relation to SMF managers and certification employees, for example, arises from FSMA, not from SYSC 5.1.1R;
  • even if the competent employees rule can be said to involve a requirement to assess fitness and propriety, does the FCA believe that it can apply to NEDs who are not employees of the firm (as many may well not be)?;
  • it appears that the FCA considers that some NEDs are already "subject to a competence requirement". It is not clear who these NEDs are. The FCA does not seem to believe that all non-SMF NEDs are within this category. It might mean all non-SMF NEDs who are also employees, but this is not clear; and
  • in the absence of a specific new requirement, the FCA seems to suggest in places that there is an existing obligation to assess such individuals' fitness and propriety – again, the origin and extent of such obligation is unclear.

Guidance relating to the assessment of fitness and propriety is contained in FIT, but FIT itself does not advance the question of when firms need to assess the fitness and propriety of their NEDs. The CP states that the FCA proposes to apply the requirement for firms to take responsibility for ensuring that certain personnel are fit and proper "to Non-Executive Directors who are not Senior Managers". On the next page, however, the FCA states that the obligation to carry out a criminal records check will apply to such individuals "where a fitness requirement already applies to them". It is arguably a genuine weakness of the draft rules and the CP that the FCA has not addressed this issue, which may cause firms real uncertainty.

UK solo-regulated firms subject to the SMCR will also be required by SYSC 23.4.2R to obtain the fullest possible criminal records check in relation to their non-SMF board directors subject to competence requirements.

  • it is not clear to which NEDs these requirements apply;
  • the requirement to carry out a criminal records check does not apply to UK branches of overseas firms, limited scope SMCR firms or to dual-regulated firms (although note the PRA's separate requirements);
  • FIT does not apply to a limited scope SMCR firm, or (in the context of non-SMF NEDs) to a dual-regulated firm, but it does apply to UK branches of overseas firms.

The FCA proposes to apply the conduct rules to all NEDs who are not SMF managers. The rules applicable to non-SMF NEDs are:

1. you must act with integrity; 2. you must act with due skill, care and diligence; 3. you must be open and co-operative with the FCA, the PRA and other regulators; 4. you must pay due regard to the interests of customers and treat them fairly; 5. you must observe proper standards of market conduct; and 6. you must disclose appropriately any information of which the FCA or the PRA would reasonably expect notice1.

COCON, which is the section of the Handbook containing the conduct rules and guidance relating to them, also includes specific guidance on the role and responsibilities of NEDs of SMCR firms subject to COCON. That guidance is useful in setting out the FCA's expectations of the role of a NED generally, and particularly the role of those chairing boards or committees.

  • firms must train NEDs on how the conduct rules apply to their role;
  • the FCA expects NEDs to make sure that they contribute to discussions and decisions and, in particular, to make sure that they are kept appropriately informed prior to doing so;
  • breaches of COCON by NEDs must be included in the firm's annual report of conduct rule breaches.

What should firms be doing now about their NEDs?

The rules on regulatory references and the conduct rules will apply to all NEDs. There is no obligation on firms to obtain regulatory references in relation to their existing NEDs. In relation to the conduct rules:

  • banks, and other firms already subject to the conduct rules, should be considering extending training on the conduct rules to NEDs if they do not do so already, particularly bearing in mind the specific rules which will apply (which are not identical to the PRA's conduct rules); and
  • firms who are new to the SMCR should be including NEDs as a specific category of personnel who will require training in relation to the conduct rules.

The difficulty for many firms will be in identifying those NEDs in relation to whom they are required to assess fitness and propriety, and obtain criminal records checks. It is to be hoped that the FCA will clarify this issue further, but at the moment, there is no easy answer. It may be that the most cautious approach for firms to adopt would be to prepare on the basis that all NEDs are within the scope of these draft requirements, until such time as the FCA indicates otherwise.