On 9th December 2019 the Senior Managers and Certification Regime (SM&CR) will be in force across the financial services sector.

This year, there have already been two notable developments relating to the SM&CR. The first relates to whether the head of legal should be a designated senior manager within the SM&CR, and other changes to the scope of the certification regime. The second concerns some useful draft guidance on regulatory references.

The rest of this note sets out the implementation timetable and a short overview of the new regime.

LATEST NEWS

Head of Legal

On 23 January 2019, the FCA published a consultation paper in which it proposes to exclude heads of legal from the SMF18 (Other overall responsibility function). The rationale for this is that as a senior manager, the head of legal would be in several positions of conflict:

  • If the firm breaches any FCA requirement, the senior manager responsible for that area is under the duty of responsibility which could render the head of legal personally liable. Here, you can imagine a not unlikely scenario where a head of legal may wish to waive the firm's privilege to avoid personal liability in circumstances where it is in a firm's interest to preserve privilege.
  • Personal liability may impact a head of legal's desire to investigate matters fully and properly
  • The senior manager's conduct rule requiring reporting to the FCA could conflict with a lawyer's duty of confidentiality and duty to act in the client's best interests.

That said, heads of legal will still be covered by the certification regime and can hold other functions that require them to be a senior manager (e.g. a compliance head or money laundering officer role). The other overall responsibility function (SMF18) is only applicable to enhanced solo-regulated firms, as well as banks and insurers.

In the same consultation paper, the FCA also made changes to the scope of the certification regime: it plans to narrow the client-dealing function and introduce a new "systems and controls" certification function for certain firms.

Regulatory References

On 30 January 2019, the Banking Standards Board (BSB) published a consultation "Certification Regime: Regulatory References" in which the BSB seeks views on its proposed draft good practice guidance on regulatory references. Although directed at the banking sector, it will also be helpful guidance for the wider financial services sector.

The BSB was established in 2015 to help raise standards of behaviour and competence across UK banks and building societies. The guidance represents the pooling of member firms' knowledge through the BSB's cross-industry certification regime working group (CRWG). The CRWG meets regularly to consider where voluntary good practice guidelines could be useful to firms that are implementing the certification regime. The guidance is not intended to be binding on BSB members but the BSB hopes that members and the wider sector will find it relevant and practical, and that they will use it in developing their own processes, policies and procedures for implementing the regulatory references requirements.

The draft guidance is based on three principles: fairness, proportionality and consistency. It covers:

  • Good practice when providing regulatory references
  • Good practice in obtaining a regulatory reference
  • The type of information to include in a reference

As soon as the guidance has been finalised, we will be publishing a summary of its key provisions.

OVERVIEW OF THE SM&CR

Time to prepare – your implementation timetable

Many firms will have already started their preparations for this important change, but if you're lagging behind there's still time to prepare. The rest of this briefing will help you get familiar with what the new regime looks like and sets out some practical ways you can start to prepare.

More information can be found in the FCA's guide for solo-regulated firms and the FCA's Policy Statement (Extending the SM&CR to FCA firms feedback to CP17/25 and CP17/40, and near final rules - PS18/14).

By way of background, the SM&CR was rolled out to banks, building societies, credit unions, and PRA designated investment firms (called "banking firms") in 2016. A modified version of the regime (the Senior Insurance Mangers Regime) was also rolled out to insurers at the same time. On 10 December 2018, the SM&CR was extended to dual regulated insurers, and from 9 December 2019 it will be rolled out to most financial services firms, including insurance brokers, as shown below.

Commencement

9 December 2019

Conduct rules apply to SMFs and certification staff so before commencement, firms must:

  • Identify senior managers and certification staff
  • Train them on the conduct rules
  • Review contracts of employment
Transitional period

One year from 9 December 2019 to 8 December 2020

During this one year period, firms must:

  • Train all other conduct rules staff in preparation for when it applies to them at the end of the transitional period
  • Assess existing certification staff
  • Identify new in-period certification staff
  • Assess certification staff hired during transitional period
Post transitional period
9 December 2020
  • Conduct rules apply to all staff
  • Initial Certification Assessments completed
  • Firms must check that the firm's information is correct on the Financial Services Register after automatic conversion
Post 9 December 2020

Ongoing requirements to:

  • Train new staff in the conduct rules
  • Assess senior managers and certification staff as fit and proper at least annually
  • Update and resubmit statement of responsibilities to the FCA when there is a significant change to a senior manager's responsibilities
  • Ensure Prescribed Responsibilities are appropriately allocated to senior managers (except for limited scope firms)
  • For new joiners:
    • ensure candidates for new senior manager and Certification Roles are "fit and proper" to carry out their roles
    • apply for senior managers to be approved by the FCA before taking up their roles

Appointed Representatives

The SM&CR does not apply to Appointed Representatives (ARs) (except for certain Limited Permission Consumer Credit firms that also act as ARs for other businesses).

An outline of the new regime

The three main elements that we expected from the roll out to the banking firms remain, and are called the "core regime":

  • The senior managers regime. The most senior people in a firm will be approved by the FCA, with firms also having a responsibility to ensure they are suitable for their role (with a review at least once a year). The senior managers will be required to have:
    • Prescribed responsibilities – these will vary by firm, and are responsibilities that the FCA will require firms to place on their senior managers.
    • A statement of responsibilities – mapping what they are responsible and accountable for.
    • A duty of responsibility – meaning that if something goes wrong in an area they are responsible for, the FCA will consider if they took "reasonable steps" to stop it from happening.
  • The certification regime. This will cover people who are not senior managers, but whose jobs mean they have a significant impact on customers, markets, or the firm (called "significant harm functions").
    • These roles include proprietary traders, CASS oversight function, functions subject to qualification requirements, client dealing functions, algorithmic traders, material risk takers, and any supervisor or manager of someone who is a certified person.
    • These individuals will not be approved by the FCA; rather they will be approved by their own firm. Their firm will have to "certify" they are suitable (fit and proper) to carry out their job (with a review taking place at least once a year).
  • The conduct rules. These will apply to almost all people working in financial services. The conduct rules will be:
Rule 1 You must act with integrity
Rule 2 You must act with due skill, care and diligence
Rule 3 You must be open and cooperative with the FCA, the PRA and other regulators
Rule 4 You must pay due regard to the interests of customers and treat them fairly
Rule 5 You must observe proper standards of market conduct

Additional conduct rules will also apply to senior managers:

SC1 You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively
SC2 You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system
SC3 You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee this effectively
SC4 You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice

Conduct rules applicable to Directors

All executive and non-executive directors are subject to the basic conduct rules (1-5 above) as well as senior manager conduct rule SC4 – to disclose appropriately any information of which the FCA or PRA would reasonably expect notice.

Executive directors at core and enhanced firms are required to be approved as senior managers, so SC4 will apply to them anyway. In limited scope firms, however, a narrower set of senior manager functions apply so there will be executive directors who may not be senior managers. The latest consultation paper proposes that in view of their seniority in the firm, such directors should also be subject to SC4 even though they are not senior managers.

Non-executive Directors will only be senior managers to the extent that they hold a chair position eg Chair of the Board, or Chair of the Nominations Committee. For those directors, all the senior manager conduct rules will apply. Those NEDs who do not hold a senior manager position, will be subject to SC4.

So what are the key differences going to be?

  • Senior managers will be created and they will have more clear individual responsibilities and more clear accountability than previously
  • The "approved persons" regime will disappear; being replaced at the senior end by the senior managers regime, but for the most part by the certification regime (which will likely include at least as many people as were previously approved persons, probably more)
  • Firms take on from the FCA their own responsibility for the certification (and assessing suitability and fitness and propriety) of individuals
  • A new duty of responsibility on senior managers, making senior managers more accountable for contraventions in the part of the business for which they are responsible
  • New "simple" code of conduct rules will apply to almost everyone in the firm
  • The regulatory referencing scheme which has been introduced for banking firms will extend to all firms in the regulated sector, so increasing the obligations around obtaining, and giving, references

And for those who have been looking closely at what banking firms have previously been subject to, what are the key differences?

The core regime is "lighter" than the regime that the banking firms are subject to. Banking firms also have obligations which do not apply to firms covered by the "core regime". These are the obligations to:

  • have a full responsibilities map for their business;
  • have full handover responsibilities; and
  • have a senior manager responsible for every area of their business.

However, although these obligations are removed for firms covered by the core regime, firms who are covered by the "enhanced regime" will need to comply with these obligations. More details are set out below on the "enhanced regime", which essentially applies to the biggest, more complex, firms.

How does the "core regime" vary for firms?

The "core regime" applies as a rule of thumb to all firms.

There are increased obligations for firms covered by the "enhanced regime" (larger and more complex firms) and reduced obligations for firms covered by the "limited scope" regime.

In terms of how firms work out whether they are "core regime", "enhanced regime" or "limited scope", a useful diagram from the FCA Guide is reproduced below (wording underlined indicates the changes made following the FCA's consultation)[1].

An enhanced firm will have:

  • More senior managers
  • More prescribed responsibilities for those senior managers
  • Other requirements

As is referred to above, enhanced firms must also have in place:

  • a full responsibilities map for their business (which sets out the firm's management and governance arrangements)
  • full handover procedures (to ensure that every senior manager role has the information and materials needed to do the job effectively)
  • a senior manager responsible for every area of their business

So what will the SM roles be?

Core regime firms, and enhanced regime firms, are proposed to have the following senior manager roles (far fewer than banking firms), although there is the ability to flex these depending on what is relevant/appropriate for firms:

Compliance oversight SMF16
Money Laundering Reporting Officer MLRO

The requirements for limited scope firms will be lower.

Enhanced firms will also have to review and have as appropriate additional senior manager roles as follows:

Chief finance function SMF2
Senior independent director SMF14
Group entity senior manager SMF7
Chief operations function SM25

Prescribed Responsibilities

Core regime firms and enhanced regime firms will also have to place "prescribed responsibilities” on the senior managers (limited scope firms will not be subject to this) including responsibilities for:

  • performance of obligations under the senior manager regime including implementation and oversight
  • performance of obligations under the certification regime
  • performance of firm in relation to conduct rules
  • firm's policies and procedures regarding countering the risk of firm being used for financial crime
  • firm's compliance with CASS (as applicable)
  • value for money assessments, independent director representation and acting in investors best interests

Enhanced firms will also have to have responsibilities for:

  • compliance with rules relating to firm's responsibilities map
  • safeguarding and overseeing independence and performance of internal audit
  • safeguarding and overseeing independence and performance of compliance function
  • safeguarding and overseeing independence and performance of risk function
  • if audit function outsourced, overseeing independence and performance of that
  • developing and maintaining firm's business model
  • managing the firm's stress tests and ensuring accuracy and timeliness of information provided to the FCA for stress testing

The new duty of responsibility

Currently only applicable to banks (from March 206) and insurers (from December 2018) this key new duty makes the senior manager individually responsible if the firm contravenes a regulatory requirement, and the senior manager responsible for that area did not take "reasonable steps" to prevent or stop it from happening.

This duty is an additional ground on which the regulator can discipline a senior manager so senior managers need to understand what this means in the context of their jobs.

The FCA's guidance on the duty of responsibility currently applying only to banks, is set out in its Decision Procedure and Penalties manual of its handbook (DEPP) and will be extended, unchanged to financial services firms.

What are the proposals re Regulatory References?

The regulatory reference scheme proposed to go along with the new SM&CR looks very similar to that brought in for banking firms. This will require firms to request references for regulated individuals from past employers, and also to provide such references.

This is a step up from previous referencing obligations and requirements, and is what enables firms to get the information that they need to work out if someone is fit and proper.

For more information on the Regulatory References regime for banking firms, see our summary and the latest consultation and draft guidance published by the Banking Standards Board.

How will individuals be moved to the new regime?

For the majority of firms, the FCA plans to automatically convert existing relevant controlled functions approved under the Approved Persons Regime (APR) into senior manager functions in the new SM&CR[2]. Of course, the majority of those under existing functions will not automatically convert because those roles will no longer require approval by the FCA and will not be senior manager roles[3]. This means the majority of firms will not need to submit anything to the FCA unless they need to change their approved individuals before conversion or apply for new approvals to be effective after 9 December 2019 ("Commencement") - see below New and in-flight applications.

To keep the conversion process simple, there will be a different approach depending type of firm.

  • Core and limited scope firms, conversion to senior managers

Key points to note include:

- senior managers will be automatically converted wherever possible with no action required by firms

- There will be no need to perform extra checks such as mandatory criminal records checks and regulatory references because firms will already have to ensure that these individuals are, and continue to be, fit and proper

- There is just one exception to the automatic conversion rule: where a CF2 Non-Executive Director is going to perform the SMF9 – Chair function, the firm must notify the FCA using Form K

  • Enhanced firms, conversion to senior managers

For enhanced firms, there will be no automatic conversion to senior manager roles. To convert existing approved individuals to new senior manager functions, enhanced firms will need to submit:

- Form K conversion notification

- Statements of responsibilities

- Responsibilities Map

Form K is used to tell the FCA who the firm wants to assign to the new SMFs, but no further approval is required if the proposed SMFs can be mapped directly from the APR.[4] For individuals who hold these so-called "mapped functions", there will be no need to do extra checks when they are converted since firms are already required to ensure that these individuals are, and continue to be, fit and proper.

Failure to submit a conversion notification (Form K) will be a breach of regulatory requirements which means the firm will have no FCA approved individuals, risking possible enforcement action by the FCA. Firms in this situation would then have to follow the full application process for approval of the relevant individuals, including mandatory criminal records checks and regulatory references.

  • New and in-flight applications

The FCA guide explains the process if a firm wishes to change their approved individuals before Commencement. The key points to note are as follows –

  • The existing processes for applications for controlled functions under the APR will apply right up to Commencement
  • The SM&CR application forms will be available for submission before Commencement but any new approvals will only be effective from Commencement
  • An APR application submitted but not determined before the start of the new regime will be converted to an application for the relevant SMF at Commencement

What are the next steps?

Firms should prepare for the new regime by considering the following:

  • Who is planning and running your preparations? Do they have a project plan?
  • What firm-type are you? Core, enhanced or limited? Use the firm checker tool in the FCA Guide.
  • Consider preparing a responsibilities map. Whilst only enhanced firms are required to produce a full responsibilities map, this could be a good exercise for all firms to carry out as it will make the transition to SM&CR far easier.
  • Check the appropriate people are in the correct approved functions before conversion of approved individuals to SM roles. This will make conversion much easier and smoother.
  • Who are your SMs going to be? Are they fit and proper? When are you getting your applications ready? What will their responsibilities be? Are their prescribed responsibilities clearly included in their statement of responsibilities? Check all prescribed responsibilities which apply to your firm are covered. Check every activity, business area and management function has been allocated to a SM under the Overall Responsibility requirement.
  • Trained your SMs? Do they know what the duty of responsibility is? Do they know that they need to make sure happy with their statements of responsibility? Trained on the conduct rules?
  • Certification regime – which (if any) of the defined certification functions apply to your firm? Identify certified persons before Commencement. How will you assess if fit and proper, fitting these into existing HR processes? What will their training be?
  • Conduct Rules – who will they cover? Identify other Conduct Staff and ancillary staff. Understand conduct rules training and notification requirements.
  • For enhanced firms, handover procedure, and responsibilities mapping.
  • From HR perspective – review contracts, policies and procedures; how do you fit criminal records checks and regulatory reference requirements into recruitment processes?

Key Documents and Links

PS18/14 - Extending the SM&CR to FCA firms – feedback to CP17/25 and CP17/40, and near final rules