In this chapter of our Annual Insurance Review 2020, we look at the main developments in 2019 and expected issues in 2020 for financial institutions.

Key developments in 2019

As we foreshadowed in 2018, 2019 saw a sea change for financial services regulation. On 9 December 2019, the Senior Managers and Certification Regime (SMCR) replaced the Approved Persons Regime (APR) for authorised firms regulated solely by the Financial Conduct Authority (FCA). “Dual-regulated” institutions (including banks and insurers) were already subject to SMCR, but the extension presents compliance challenges for the 47,000 “solo-regulated” firms, which tend to be smaller and more diverse.

SMCR aims to strengthen market integrity by enabling firms and regulators to hold individuals to account. Its essence is therefore individual responsibility. SMCR has three core elements, the first being the Senior Management Functions (SMF) regime. This replaces the controlled functions regime and introduces a statutory duty of responsibility, which requires senior managers to take reasonable steps to prevent regulatory breaches from occurring or continuing.

Many SMFs will “map across” from the old regime, but the other two elements of SMCR may prove more burdensome, especially for smaller solo-regulated firms. The second element is the Certification Regime, which requires firms to assess and certify individuals who could potentially put the firm or its customers in “significant harm”. The third element is the new Conduct Rules, which set out expected behaviours for almost all employees of authorised firms. Both require significant planning and investment in compliance processes, as well as staff training.

We are already seeing an increase in FCA enforcement investigations focusing on senior management responsibility, and we expect this trend to continue as SMCR becomes more embedded.

What to look out for in 2020

The FCA's guidance on the regulation of cryptocurrencies and other "cryptoassets", published in July 2019 following a six-month consultation, heralds increasing regulatory scrutiny in this area. In particular, the guidance emphasises that those dealing in more sophisticated cryptoassets should consider carefully whether they are carrying on regulated activities, which require FCA permissions.

The guidance distinguishes between three types of cryptoassets, namely exchange tokens, utility tokens and security tokens. Exchange tokens include cryptocurrencies such as Bitcoin, which serve as a means of exchange akin to traditional currency. Utility tokens grant access to a product or service – for example, a token issued by an online casino and used solely to play that casino's games.

Exchange tokens, and most utility tokens, are not "specified investments" and fall outside the regulatory perimeter. A cryptocurrency exchange is therefore not carrying on a regulated activity by facilitating transactions in exchange tokens such as Bitcoin.

In contrast, security tokens are cryptoassets which are inside the regulatory perimeter because they share characteristics with traditional securities, and are therefore "specified investments". For example, a security token might entitle the holder to a proportion of the issuer's profits – resembling traditional shares in the issuer. Regulated activities involving security tokens are likely to require similar FCA permissions as if they involved traditional securities. For example, an exchange which facilitates trading of security tokens may require permission to "arrange deals in investments".

Whilst the FCA's guidance clarifies the position rather than making new rules, it highlights that the increasing sophistication of cryptoassets is well and truly on the regulator's radar. Firms and their insurers should also be aware of the incoming FCA-supervised anti-money laundering regime for UK cryptoasset businesses, which takes effect from 10 January 2020 and carries registration requirements.