The approved persons’ regime
In the UK the Financial Services and Markets Act 2000 (FSMA) gives the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) certain powers and responsibilities over individuals that carry on certain roles within UK financial services firms. These roles are known as “controlled functions” and the individuals performing them are described as “approved persons”.
Controlled functions are divided into two categories: significant influence functions (SIFs) and the customer dealing function. SIFs are those functions that allow individuals to exercise significant influence on the conduct of an authorised firm’s affairs, so far as relating to the authorised firm’s regulated activities. SIFs are sub-divided into certain categories including governing functions which covers directors, non-executive directors and the chief executive.
An individual must obtain regulatory approval before he can perform a controlled function.
UK banks, building societies and systemically important investment firms are dual regulated in the sense that conduct of business supervision is carried out by the FCA and prudential supervision by the PRA. Responsibility for controlled functions is also split between the PRA and the FCA. The PRA is the regulatory authority responsible for the approval of the governing functions.
Once approved by the PRA the approved person must comply with and meet on an on-going basis:
- the requirements set out in the Statements of Principle and Code of Practice for Approved Persons (APER) which can be found in the PRA and FCA Handbooks; and
- the fit and proper test for approved persons set out in section 61 FSMA (within both the PRA and FCA Handbooks there is a sourcebook called the Fit and Proper Test for Approved Persons (FIT) which provides further guidance on this).
The PRA and FCA may take disciplinary action against an approved person where the individual acts in a manner inconsistent with APER which may include a fine, suspension or the issuance of a public statement relating to the misconduct. Where the regulator believes that a person is no longer fit and proper to perform their role, it may withdraw approval and may prohibit the individual holding a controlled function in the future.
The attestation strategy
Despite the above requirements the UK regulators have often found it very difficult to bring enforcement action against senior management. In his evidence to the Treasury Select Committee in September 2013, the FCA’s chief executive, Martin Wheatley, observed that it was “hard to nail an individual against responsibility because matrix organisation structures and committee decision making means that individuals can always defuse responsibility.”
In light of this the FCA has been pushing forward with the strategy to require senior managers to sign written statements or “attestations” in which they personally confirm their firm’s compliance with particular regulatory requirements. The FCA has been clear about this strategy with Clive Adamson (FCA director of supervision) quoted as saying that: “If we find a particular problem has not been addressed, the attestation would make it easier to take enforcement action.” Tracey McDermott (FCA director of enforcement) echoed this sentiment stating, “You will probably already have seen an increasing emphasis from our supervisors on getting senior management to attest…. this is all part of focusing our attention – and yours – on the responsibility and accountability of senior management.”
The new senior managers’ regime
The Parliamentary Committee on Banking Standards (PCBS) was appointed by Parliament to consider and report on professional standards and the culture of the UK banking sector. In its June 2013 report entitled Changing banking for good the PCBS criticised the approved persons regime stating that “a lack of personal responsibility has been common place throughout the industry. Senior figures have continued to shelter behind an accountability firewall.” In light of these criticisms the PCBS recommended that a senior persons’ regime (now known as a senior managers’ regime) and a new certification regime be created to improve senior management responsibility.
Certain amendments were made to the Financial Services (Banking Reform) Act 2013 (the Act) as it was going through the Parliamentary process to make provision for the senior managers’ regime and certification regime. The new regime can be found in Part IV of the Act. Part IV is yet to come into force.
PRA and FCA joint consultation
In August 2014, the PRA and FCA published a joint consultation paper concerning the senior managers’ regime (mentioned above), the new certification regime and a new set of conduct rules for “relevant firms” (UK banks, building societies, credit unions and PRA designated investment firms).
The remainder of this briefing note considers these regimes as described in the joint consultation paper. However, before doing so it is worth noting that the consultation does not extend to individuals and approved persons of Appointed Representatives of relevant firms.
Senior Managers Regime
Scope of the new regime
The new senior managers’ regime applies to individuals performing a senior management function (SMF). An SMF is a function that requires the person performing it to be responsible for managing one or more aspects of the relevant firm’s affairs (so far as relating to regulated activities) and those aspects involve, or might involve, a risk of serious consequences for the relevant firm, or for business or other interests in the UK.
FSMA, as amended by the Act, states that, for definition purposes of an SMF, ‘managing’ can include taking decisions or participating in the taking of decisions on how a relevant firm’s affairs should be run. Therefore non-executive directors and directors in other group entities, that participate in the taking of decisions about the relevant firm, can be specified as SMFs.
The Act gives the regulators the power to decide which functions are SMFs, and introduces into FSMA several provisions designed to promote a clear allocation of responsibilities to senior managers and enhance their individual accountability. These include:
- a requirement that applications for approval as a senior manager of a relevant firm contain, or be accompanied by, a statement setting out the aspects of the affairs of which the person concerned will be responsible for managing, in performing the function. These ‘Statements of Responsibilities’ must be resubmitted whenever there is a ‘significant change’ in the senior manager’s responsibilities;
- new statutory powers for regulators to impose conditions and time limits on approvals of senior managers, both at the initial approval stage and subsequently through a variation of approval;
- potential accountability of senior managers in the event that a relevant firm contravenes a requirement in the area that the senior manager is responsible for. The senior manager could be held accountable if they are unable to satisfy the regulators that they have taken ‘reasonable steps’ to prevent or stop the contravention (the ‘Presumption of Responsibility’); and
- potential criminal liability under a new offence relating to a reckless decision causing a financial institution to fail
PRA approach to SMFs
In the consultation paper the PRA identifies the following functions that it considers meet the statutory definition of an SMF and which could directly affect a relevant firm’s safety and soundness:
Click here to view table.
Under the PRA senior management regime every relevant firm other than a small credit union will be required to have one or more persons performing a Chief Executive, Chief Finance and Chairman SMF.
Many of the SMFs will be familiar to authorised firms. However, the SMF of “Head of key business area” is new. The PRA states that this would be for individuals managing a business area or division so large, in relative terms to the size of the relevant firm, that it could jeopardise its safety and soundness, and so substantial in absolute terms that it warrants an SMF even though the senior manager performing it may report to the Chief Executive or another SMF.
The PRA acknowledges that individuals could perform more than one SMF. However, in such cases the relevant firm would need to apply for separate approvals for each even though these may be combined in a single application.
The PRA expects relevant firms to put forward for each SMF the most senior individual responsible for managing or overseeing that aspect of the relevant firm’s affairs although it does recognise that it may be possible for a relevant firm to have more than one individual approved to perform the same SMF. In such circumstances the PRA will expect each individual to be accountable for all responsibilities conferred by that SMF.
Parent companies and groups
In relation to senior managers based in a parent or group entity the PRA proposes to continue with the position under the approved persons’ regime. Under this regime an individual who is employed in the parent or other group entity of a relevant firm but who is deemed via an arrangement with the relevant firm to exercise significant influence over its affairs is subject to approval. The PRA also notes that there may also be situations where an individual based outside a relevant firm is performing a SMF directly on behalf of the firm. In such instances regulatory approval will be required. The PRA gives the example where a group holding company whose board includes a group remuneration committee which takes decisions on behalf of all group entities. In such circumstances the chair of the group remuneration committee would require approval as chair of the remuneration committee of the relevant firm.
The PRA proposes to make rules setting out a limited set of ‘Prescribed Responsibilities” that relevant firms (except small credit unions) will be required to allocate among their senior managers. These are set out below. It is worth noting that the PRA states that these are in addition to the “responsibilities inherent in the definition of each PRA SMF”.
Click here to view table.
FCA approach to SMFs
The FCA proposes to create additional SMFs so that:
- all board members are covered, i.e. executive and non-executive directors not otherwise specified by the PRA;
- certain functions currently classed as ‘required functions’ under APER, namely money laundering reporting and compliance oversight functions;
- the chair of the nominations committee, where a relevant firm is required under existing requirements to have a nominations committee or chooses to do; and
- individuals in a role which is not specified as an SMF by either the FCA or the PRA, but who have ‘overall responsibility’ for one or more key functions, or identified risks, listed by the FCA in its rules (these will be known as Significant Responsibility SMFs).
The FCA states that the roles of executive director and non-executive director, money laundering reporting and compliance oversight SMFs are broadly similar as currently defined in the FCA Handbook.
The FCA states that the test that should be applied when determining whether an individual performs a Significant Responsibility SMF is whether the board has delegated to them overall responsibility for a particular function and they are primarily responsible for reporting to the board in respect of that function. To provide assistance, the FCA has provided a list of key functions for which it thinks are likely to apply to most relevant firms (set out below). It is important to stress that firms will not necessarily be expected to appoint a single individual as an SMF for each function in the list.
Click here to view table.
Like the PRA senior manager regime the FCA states that individuals seeking to perform more than one FCA SMF will be required to seek separate approval for each. However, the FCA states that the exception to this is the Significant Responsibility SMF “which is only required where the person performing a key function or functions is not already approved as an SMF by the FCA or PRA.”
The combined scope of the PRA and FCA senior manager regimes captures all board members of relevant firms. For larger and more complex firms, the FCA expects that executive committee members or equivalent (i.e. the layer below the board), would also be within the scope of its regime. A table setting out the PRA and FCA SMFs is set out in the Annex to this briefing.
The FCA and PRA propose to issue rules and guidance requiring relevant firms to prepare, maintain and update a ‘Responsibilities Map’ (i.e. a single document that describes the relevant firm’s management and governance arrangements).
Such maps should also set out how responsibilities have been allocated, including whether they have been allocated to more than one person. It is proposed that the firm’s board provide annual confirmation that there are no gaps in the allocation of responsibilities.
Another new requirement that the regulators propose relates to handover arrangements. Relevant firms are to take reasonable steps to ensure that a newly appointed senior manager be made aware of all necessary materials / information and risks of regulatory concern in order to perform their responsibilities effectively.
Which regulator to apply to?
Individuals performing an SMF specified by the PRA will require pre-approval by the PRA with the FCA’s consent, whereas individuals performing an SMF specified by the FCA will only require pre-approval by the FCA.
The Certification Regime
The Act amended FSMA by introducing a certification regime. This regime provides that firms will have to certify certain employees as being fit and proper to perform certain functions. These functions are known as significant harm functions. A function will be a significant harm function if the person performing it will be involved in aspects of the firm’s affairs (so far as relating to a regulated activity carried on by the firm) that might involve a risk of significant harm to the firm or any of its customers.
Importantly, in the consultation paper significant harm functions were described as certification functions.
No direct approval from a regulator
An individual performing a certification function will not be subject to direct approval by the PRA or FCA. However, a firm must take reasonable care to ensure that an employee does not perform a certification function without having first been certified as fit and proper to do so. This certification must be renewed on an annual basis.
What firms does the certification regime apply to?
The firms that will be subject to the PRA’s certification regime will be those that are subject to the Capital Requirements Regulation (CRR) - banks, building societies and PRA designated investment firms (i.e. those subject to the senior managers’ regime).
Material risk takers
The PRA believes that, to a certain extent, individuals who are classified as ‘material risk takers’ for the purposes of remuneration should be subject to the certification regime. However, the PRA also states that not every individual classified as a ‘material risk taker’ under the remuneration rules will necessarily fall within the certification regime. The PRA gives the following examples:
- anyone who is a senior manager or performs any other controlled function for a firm will not be treated as performing a certification function for that firm; and
- individuals whose functions are not related to the regulated activities of the firm and therefore do not meet the statutory test for a certification function.
Credit unions are not subject to the CRR or the associated remuneration requirements. Given this the PRA proposes a separate definition which will use elements of the material risk taker definition that it believes could be relevant to a credit union.
FCA certification regime
The FCA believes that the certification regime should apply to a wider population of individuals. In addition to material risk takers the following will fall within the FCA regime:
- those individuals performing functions that would formerly have been an SIF, but would not fall within the scope of the new senior management function (including proprietary traders who would fall under CF29 and benchmark submission functions);
- individuals in customer-facing roles who are subject to qualification requirements (for example, mortgage and retail investment advisors), as set out in FCA’s Training and Competence Sourcebook; and
- anyone who supervises or manages a certified person, if they are not an senior management function holder.
The FCA’s rules will generally apply in the same way to credit unions although it expects the number of people who would fall within the set criteria to be relatively small.
All employees falling within the PRA certification regime will also be within the wider FCA certification regime.
Generally, a firm will be expected to put in place a single process for certifying each employee who falls within either regulator’s regime.
It is expected that a firm will be able to make a single assessment and issue a single certificate to its employee in respect of a particular certification function. In instances where an individual performs multiple certification functions their fitness and propriety for each function will need to be assessed even though they may be covered by a single certificate.
The PRA’s certification regime will not apply to incoming EEA branches. The PRA states that this is because the question of fitness and propriety of staff in those branches, insofar as it relates to prudential matters, is reserved to the Home State supervisor. The FCA notes that it has more powers over EEA firms than the PRA as conduct matters are not reserved to the Home State supervisor. However, it also notes that the position in relation to conduct issues to branches has the potential to be more complicated than the prudential position and has deferred its consultation on this issue.
Fitness and propriety
The FCA is currently of the view that the guidance in FIT is equally applicable and relevant for firms when assessing the fitness and propriety of senior managers and those within the certification regime. However, the FCA does intend to make certain amendments to this guidance so that its application and relevance is more apparent.
The PRA proposes to make rules to dis-apply the existing guidance in the FIT sourcebook and replace it with new material in a supervisory statement. However, its general expectations regarding fitness and propriety, and the factors it will consider in making an assessment will not change significantly.
The PRA and FCA are both proposing new conduct rules for certain employees of relevant firms.
The PRA is proposing that new conduct rules will apply to individuals who are approved by the PRA or FCA as senior managers or who fall within the PRA certification regime. The PRA will also apply new conduct rules to those who are performing FCA specified SMFs.
The FCA will apply new conduct rules to:
- all individuals approved by the FCA or PRA as senior managers;
- all individuals covered by the FCA’s or PRA’s certification regime (with the exception of some individuals based overseas who will be certified by the PRA and not the FCA due to the fact that they may be able to have an impact on the safety and soundness of the firm, but are unlikely to be able to cause harm to UK consumer); and
- all other employees other than those ancillary staff who perform a role that is not specific to the financial services business of the firm.
The FCA states that the only employees who would not be caught in scope would be those whose role would be fundamentally the same as it would be if they worked in a non-financial services firm. In the consultation paper the FCA sets out a list of such persons and this is set out below.
Click here to view table.
What do the new conduct rules say?
The conduct rules set out below are common to both regulators, reflecting the PRA’s and FCA’s assessment that they are relevant to each of their respective statutory objectives. The PRA does not propose to introduce any further rules beyond the shared rules set out below.
The rules are split into two tiers. The first tier comprises individual conduct rules which the regulators consider relevant across all the roles in which individuals are subject to the new conduct rules. The second tier rules only apply to senior managers, and reflect the management duties they have for the specific part of the firm they are responsible for, as well as their responsibility for the effective running of their firm as a whole.
Click here to view tables.
Enforcement of conduct rules
Each conduct rule applies only to a person’s conduct in relation to activities performed in their capacity as an employee or senior manager of the relevant firm.
The FCA will enforce:
- all the conduct rules against all senior managers; and
- individual conduct rules 1 to 5 against those within its certification regime and all other employees of the relevant firm, save for those employees performing a role listed above.
The PRA will enforce:
- all the conduct rules except individual conduct rules 4 to 5 against all senior managers; and
- individual conduct rules 1 to 3 against those within its certification regime.
The Act places three obligations on relevant firms with regard to the new conduct rules:
- that relevant firms make the individuals who are subject to the rules aware that this is the case, and train them in how the rules apply to them;
- that relevant firms notify the regulators when they are aware that or suspect that a person has breached the conduct rules; and
- that relevant firms notify the regulators when they have taken formal disciplinary action against a person for any reason specified by the regulator.
The regulators propose to require notification of formal disciplinary action only if action was taken by the relevant firm in response to any action, failure to act, or circumstance that amounts to a breach of the conduct rules. Therefore relevant firms will have to inform the regulators:
- if they suspect or are aware that a person has breached a conduct rule;
- if, having previously notified the regulators of a known or suspected breach, they reach a subsequent or different determination; and
- if they have issued a formal written warning to an employee, suspended or dismissed, or reduced or recovered remuneration from an employee as a result of conduct which amounts to a conduct rule breach.
Where the breach or suspected breach of a conduct rule is by a senior manager, it is proposed that the relevant firm will be required to notify the relevant regulator within 7 business days of it becoming aware of the matter. For other individuals, it is proposed that the notification is made to the regulators on a quarterly basis, with relevant firms compiling an aggregated list of actual or suspected individual breaches, the identities of those to whom the notification relates, and the disciplinary action that they need to report for that quarter.
The Act provides that senior managers of banks and building societies may be prosecuted by the PRA or FCA for taking a decision that causes their institution to fail.
For the offence to have been committed, at the time the decision was taken the senior manager must have been aware of a risk that its implementation would cause the institution to fail. In addition, the senior manager’s conduct in relation to the decision must fall significantly below what could reasonably be expected of someone in their position.
The consultation paper states that it is expected that “such prosecutions will be rare, not least because changes made to the regulatory structure since the financial crisis are designed to make the failure of banks and building societies less likely than in the past.”
Applying the new regime to UK branches of third country banks
HM Treasury consultation
On November 17, 2014, HM Treasury published a consultation document on regulating individual conduct in UK branches of third country banks. The deadline for responding to the consultation document is January 30, 2015.
Subject to Parliamentary approval, HM Treasury proposes to make the Financial Services and Markets Act 2000 (Relevant Authorised Persons) Order 2015. The effect of the Order will be to make third country financial services firms that have a branch in the UK and are credit institutions or PRA-designated investment firms into relevant authorised persons (RAPs) for the purposes of Part V of FSMA. However, the Order will not make a senior manager in such a branch potentially liable to the new offence relating to a decision causing a financial institution to fail.
The PRA proposes to require at least one individual per incoming non-EEA branch to be approved as an Overseas Branch Senior Executive Manager. The individual(s) approved will typically be performing activities akin to those of a CEO in relation to the branch.
In the consultation paper the FCA stated that it would consult on third country branches once HM Treasury had issued its consultation. However, at the time of writing this briefing note such consultation had not been published.
The PRA and FCA each plan to publish Policy Statement(s) containing their respective final rules by the end of the year. At the time of writing this briefing note this had not yet been published.
The creation of the senior managers’ regime, certification regime and new conduct rules are a significant milestone in UK regulatory reform as is the creation of a new criminal penalty for making a decision which causes an institution to fail.
Click here to view table.