Banks, insurers and enhanced solo-regulated firms that will become subject to the Senior Managers and Certification Regime (SMCR) (Affected Firms) will be interested in the FCA's long-awaited proposals regarding treatment of the legal function as set out in Consultation Paper 19/4 (CP19/4).
CP19/4 has been portrayed as a victory for those who lobbied for the legal function to be out of SMCR but a more detailed reading of the proposed draft rules suggests the FCA's concession may not apply consistently depending on how firms are structured. If this is the case, it may still give rise to concerns around privilege in some instances and this potentially merits further clarification.
From the position taken by the FCA in the body of CP19/4 it would appear that the FCA intends (i)for the Head of Legal not to have to be a Senior Manager; and (ii) responsibility for the legal function to be allocated to a Head of Legal who is certified. For those Affected Firms whose Head of Legal also performs other SMFs this leaves considerable uncertainty around whether or not they will be subject to the duty of responsibility in respect of that function.
The detailed background to this is set out in a previous note. In short, two years ago, in response to significant industry uncertainty, the FCA issued a statement and then a discussion paper (DP16/4) regarding how SMCR applies to the legal function and in particular whether a firm's Head of Legal should be approved as a Senior Manager. Confusion had arisen from the existence of the "no gaps" principle, which requires Affected Firms to identify all "business areas, activities or management functions" and allocate responsibility for them to a Senior Manager. The "Other Overall Responsibility Function" (SMF18; SMF22 for overseas firms) was created as a catch-all for those individuals who held such a responsibility but did not otherwise hold an SMF. It was not clear whether or not responsibility for the legal function needed to be allocated to a Senior Manager. The legal function was not included in the extensive, though non-exhaustive, list set out by the FCA at SYSC 25 Annex 1G, suggesting that the FCA had intended not to require its allocation.
DP16/4 generated widespread interest and opposition, including from The Law Society, which published an extensive response expressing serious concerns that including the legal function could lead to the "erosion of legal professional privilege" and "in-house lawyers being placed in positions of conflict with their employers". The deadline for comments on DP16/4 was 9 January 2017 but Brexit and other more urgent SMCR work (coupled possibly with the difficult points this issue raises1) meant it has taken until now for the FCA to set out its proposals in CP19/4.
Why does this matter?
For those who have not read the detailed papers and responses it could be easy to categorise concerns around this issue as special pleading by lawyers keen to avoid being regulated by the FCA.
In essence, understanding the issues this matter raises depends on an appreciation that: (i) lawyers owe professional duties – not merely contractual ones – to act in their client's best interests; and (ii) the privilege in legal advice "belongs" to the client and cannot be waived by the adviser.
Once this is appreciated it is clear that if a Senior Manager, subject to the duty of responsibility with individual responsibility for failings in their areas of responsibility, is responsible for the legal function this has the potential to compromise that individual's ability to demonstrate that they took reasonable steps in the event of a failing regarding the legal function. For example, that person might need to rely on privileged advice to prove they acted reasonably but this may be in conflict with their duty to act in the firm's best interests and, in any event, it would be up to the firm whether to waive privilege. This in turn has the potential to impact on the relationship between in-house legal advisers and their employer firms, which should be of interest and concern to firms as well as lawyers.
As noted already the current proposals in CP19/4 do not entirely address the issue. What the text of the CP and the draft rules indicate is:
- The head of a firm's legal function (Head of Legal) is expressly carved out of the scope of the SMF18 function (and equivalent SMF22 for overseas firms).
- Local or overall responsibility for the SMCR Legal Function is included in the list of suggested responsibilities that should be allocated in SYSC 25 Annex 1G but may be allocated to someone who is not approved as performing an SMF.
- The definition of SMCR Legal Function is convoluted but appears intended to cover the provision of legal services (advice, representation, dispute resolution etc) to the firm or its group as well as support services (e.g. training, CPD) which both (i) directly support provision of these services; and (ii) are the responsibility of the Head of Legal. Where a legal department is split and has co-heads they will all be excluded from SMF18/22.
Based on the above it appears that the FCA continues to be of the view that Affected Firms should, consistent with the "no gaps" principle, allocate responsibility for provision of legal services.
One concession it has made is to make clear that, where a firm has a Head of Legal or equivalent, they do not need to hold the SMF18 function or be approved as a Senior Manager solely by virtue of that role and:
- they will need to be certified (as performing either a Material Risk Taker or a Significant Management Function); and
- the firm may allocate responsibility for the SMCR Legal Function to them without offending the "no gaps" requirements.
Where a firm has a Head of Legal who also performs other functions or has other responsibilities which require them to be approved as a Senior Manager they will still need to be approved as such (i.e. being Head of Legal only exempts them in relation to that responsibility, and not more widely). As noted above, responsibility for the SMCR Legal Function will still need to be allocated (and logically it would be allocated to them).
However, we query whether this is really what the FCA intends. If so, if those Heads of Legal who are otherwise approved as SMFs are allocated responsibility for the SMCR Legal Function (as they surely will be) they will potentially be subject to the duty of responsibility in relation to that function. This gives rise to the same concerns around privilege (noted above) as the FCA appears to seek to remedy in the body of the CP19/4 consultation. It surely cannot be the FCA's intention that, where an individual is Head of Legal and responsible only for the legal function, they are not subject to the duty of responsibility whilst Heads of Legal who are Senior Managers by virtue of other responsibilities would be. It may be that the intention is that, if individuals are approved as Senior Managers for other reasons, in relation to any allocation of responsibility for the legal function they would be treated as Certification Staff and not subject to the duty of responsibility. We suggest this is a point that would benefit from further clarification, especially for those Affected Firms whose Head of Legal is likely to require approval as a Senior Manager for other reasons.
The deadline for comments on CP19/4 is 23 April 2019. The FCA will consider feedback and publish final rules and guidance in Q3 2019 with the effective date of the changes being at some point prior to SMCR coming into force for solo-regulated firms (i.e. 9 December 2019).
In the meantime, over the next few months, Affected Firms that are already subject to SMCR need to revisit what they originally decided in relation to their Head of Legal:
- For those who sought approval for their Head of Legal for other SMFs because of other responsibilities and roles they have, this is unlikely to result in any change. It is likely that the individual will also need to be certified by the firm in relation to their suitability to perform the Head of Legal role where that role is "significantly different" from the role for which they are approved as a Senior Manager.
- For any Heads of Legal who were not approved because they are Head of Legal but who may be performing other SMF roles (e.g. director), consideration needs to be given to this and an application for approval for those other roles submitted as soon as possible if it is determined that they meet the criteria for an SMF. As above they may also need to be certified.
- For those Heads of Legal who were approved as SMF18s or SMF22s solely due to their responsibility for the legal function, this approval is likely to be able to be removed but they will instead need to be added to the firm's category of Certification Staff and treated accordingly.
- For those Heads of Legal who were not approved as SMF18s or SMF22s and whose only potential Senior Manager role concerned their legal function, no change is needed. If they are not currently treated as Certification Staff then they should be assessed and certified and then treated as such going forward.
- In each of the above cases firms should confirm that associated documents such as terms of reference for committees and job descriptions are consistent with the approach taken.
- Subject to further clarification of the issue noted above around how the duty of responsibility applies to this responsibility, it will also be necessary to: (i) add this to Statements of Responsibility in the section covering Other Overall Responsibilities; and (ii) update Management Responsibilities Maps to include allocation of this responsibility.
- For those individuals who are changing to a different category (i.e. Senior Manager to Certification) they will need to be appropriately trained and the firm's records updated.
For Affected Firms that are not yet subject to SMCR, they will, as part of their implementation process, need to consider who is responsible for provision of legal services and what other roles and responsibilities they have:
- Individuals who only perform the Head of Legal role can be included in the Certification Staff pool.
- Individuals who are Head of Legal, but also (i) perform other roles (e.g. Head of Compliance) which meet the definition of an SMF or (ii) hold other responsibilities which would require their approval as an SMF18/22, should be treated as needing approval as such. As noted above, where the Head of Legal role is "significantly different" from their Senior Manager role they may need to be certified for it. In terms of whether individuals will be subject to the duty of responsibility in respect of responsibility for the legal function clarification is needed, but in the meantime it may be best to assume they will.
- In both cases firms should check that associated documents such as terms of reference and job descriptions are consistent with the approach above.