The UK’s Financial Conduct Authority (FCA) has published proposed rules1 to extend the senior manager & certification regime (SMCR) to all financial services firms.
In the extension to SMCR, the FCA proposes to apply principles consistent with the existing SMCR for banks but in a three tier regime under which the rules are applied in a manner which is proportionate to the size and business model of the firms in each tier.
The current SMCR model for banking firms will apply only to “enhanced SMCR firms,” (for example, asset managers with assets under management of at least £50 billion). Other firms will be subject to a lighter, less prescriptive regime.
The extension of SMCR also extends the “certification regime” under which individual firms and their senior managers (rather than the FCA) will be responsible for assessing and certifying the fitness and propriety of individuals carrying out a “certification” function on an ongoing basis. This is proposed to cover individuals presently registered under the approved person customer function as well as several other categories, including anyone who may be a material risk taker for the purposes of the FCA Remuneration Code.
New conduct rules, based on those which are currently applicable to banking firms, will apply to all firms and all of their staff except ancillary staff who do not perform a financial services role (such as receptionists, cleaners, HR administrators etc.). These rules will be directly enforceable and firms will be responsible for ensuring that staff are trained on them.
The FCA’s original intention was to roll out the extension of SMCR in the first quarter of 2018, in parallel with MiFID II coming into force. However, the FCA has indicated that SMCR will not be final form until Summer 2018, with HM Treasury to set an implementation date later in 2018.
The FCA has requested comments on its proposed rules by 3 November, 2017.
The FCA has proposed three regimes:
- The Core Regime: applying a standard set of requirements to all FCA solo-regulated firms2 (“Core SMCR Firms”).
- The Enhanced Regime: applying extra requirements for a small number of solo-regulated firms whose size, complexity and potential impact on consumers warrant more attention (“Enhanced SMCR Firms”).
- The Limited Scope Regime: applying a reduced set of requirements to firms carrying out few regulated activities (“Limited Scope Firms”).
1. The Core Regime
The Core Regime will apply to all solo-regulated firms, unless the firm is exempt from the current approved persons regime, or subject to a limited application of the approved persons regime.
2. The Enhanced Regime The Enhanced Regime will apply to firms that satisfy one of the following criteria:
- A firm that is a Significant (IFPRU) Firm.3
- A firm that is CASS Large Firm.4
- Firms with assets under management of £50 billion or more per annum (at any time in the previous 3 years).
- Firms that have total intermediary regulated business revenue of £35 million or more per annum.
- Firms that have annual regulated revenue generated by consumer credit lending of £100 million or more per annum.
- Mortgage lenders that are not banks with 10,000 or more regulated mortgages outstanding.
3. The Limited Scope Regime
A firm that is currently subject to a limited application of the approved persons regime (for example, an internally managed AIF) is a Limited Scope Firm5.
Firms currently exempt from the approved persons regime are not in scope of the SMCR.
The Regime Requirements
1. The Core Regime
(a) Senior Managers - Approval, Functions and Prescribed Responsibilities
The following senior management functions (“SMFs”) are proposed.
Four "governing functions":
- SMF9: Chair
- SMF1: Chief executive
- SMF3: Executive director
- SMF27: Partner
Two "required functions":
- SMF16: Compliance oversight
- SMF17: Money laundering reporting officer (MLRO)
Persons who wish to carry out SMFs will continue to need prior FCA approval. There is no territorial limitation on the scope of SMFs.
The FCA has also proposed that the firm should undertake a criminal records check for each applicant who will carry out a SMF. Regulatory references will also be required for persons performing SMFs. A person performing a SMF may hold more than one SMF.
Every person performing a SMF will need to have a "statement of responsibilities," setting out his or her role. This will need to be submitted to the FCA as part of the SMF approval process.
In addition, the FCA has proposed a list of prescribed responsibilities (“PRs”). These responsibilities must only be performed by a person approved to carry out a SMF, but a firm is free to decide which of its persons holding a SMF should be responsible for each of them.
Seven prescribed responsibilities are proposed for the Core Regime:
PR1: Performance by the firm of its obligations under the senior manager’s regime, including implementation and oversight.
PR2: Performance by the firm of its obligations under the certification regime.
PR3: Performance by the firm of its obligations in respect of notifications and training of the Conduct Rules.
PR4: Responsibility for the firm's policies and procedures for countering the risk that the firm might be used to further financial crime.
PR5: Responsibility for the firm's compliance with Protection of Client Assets and Money (CASS) obligations, if applicable
PR6: Responsibility for ensuring the governing body is informed of its legal and regulatory obligations.
PR7: Responsibility for an authorised fund manager's value for money assessments, independent director representation and acting in investors' best interests.
If there is only one senior manager in a firm, that person will need to fulfil all of the PRs.
Duty of responsibility
Each person holding a SMF will have a statutory duty of responsibility. This means that, if the firm breaks one of the FCA's rules, the person performing the SMF responsible for that area could be held accountable if that person failed to take "reasonable steps" to prevent or stop the breach. The burden of proof for establishing the lack of reasonable steps remains with the FCA.6
Therefore, in applying the duty of responsibility, the relevant statement of responsibility will be crucial in establishing the scope of an individual’s responsibility.
(b) Certification Regime
A certification regime will apply to those staff who do not carry out SMFs, but who carry out functions that involve, or might involve, a risk of significant harm to the firm or any of its customers (“Certification Functions”).
Firms will be responsible for certifying at least once a year that these people are suitable to carry out the respective Certification Function.
The following are proposed as Certification Functions:
- Significant management function (based on CF 29).
- Proprietary traders (also covered by current CF 29).
- CASS oversight function (current CF 10a).
- Functions subject to qualification requirements.
- Client dealing function.7
- Algorithmic traders.
- Material risk takers.
- Anyone who supervises or manages anyone performing any a Certified Function (directly or indirectly) but is not carrying out a SMF.
The Certification Functions only apply where the firm has people in these roles. Therefore, it is possible that in very small firms there will be no one in the Certification Regime if there are only a handful of senior individuals (who will be carrying out the SMFs).
(c) Conduct Rules
Conduct Rules will apply to persons carrying out SMFs and Certification Functions and also to all other staff other than ancillary staff.
The Conduct Rules set out the expected behavioural standards and are similar to the existing Statements of Principle applicable to approved persons under the approved persons regime.
There are two tiers of rules: The first tier applies to persons carrying out SMFs and Certification Functions and other staff other, while the second applies only to persons performing SMFs:
First Tier – Individual Conduct Rules
- You must act with integrity.
- You must act with due care, skill and diligence.
- You must be open and cooperative with the FCA, the PRA and other regulators.
- You must pay due regard to the interests of customers and treat them fairly.
- You must observe proper standards of market conduct.
Second Tier – Senior Manager Conduct Rules
SC1. You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively.
SC2. You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system.
SC3. You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively.
SC4. You must disclose appropriately any information of which the FCA or PRA would reasonable.
The FCA has proposed that the Conduct Rules apply to a firm's regulated and unregulated business, including any related ancillary activities.
2. The Enhanced Regime
Obligations applicable to Enhanced SMCR Firms will include those under the Core Regime, together with a number of additional roles characterised as a SMFs. The number and type of prescribed responsibilities are also increased.
The following functions are SMFs in Enhanced SMCR Firms:
- SMF2: Chief finance function
- SMF4: Chief risk function
- SMF5: Head of internal audit
- SMF14: Senior independent director
- SMF12: Chair of the remuneration committee
- SMF10: Chair of the risk committee
- SMF11: Chair of the audit committee
- SMF13: Chair of the nominations committee
- SMF7: Group entity senior manager
- SMF24: Chief operations function
- SMF18: Other overall responsibility
Enhanced SMCR Firms will need to appoint a senior manager to have overall responsibility for every area, business activity and management function of the firm. In addition, such firms will need to put in place "responsibilities maps": a single document that will set out the firm's management and governance arrangements.
The following are prescribed responsibilities:
PR8: Compliance with the rules relating to the firm's responsibilities map.
PR9: Safeguarding and overseeing the independence and performance of the internal audit function (in accordance with SYSC 6.2).
PR10: Safeguarding and overseeing the independence and performance of the compliance function (in accordance with SYSC 6.1).
PR11: Safeguarding and overseeing the independence and performance of the risk function (in accordance with SYSC 7.1.21R and SYSC 7.1.22R).
PR12: If the firm outsources its internal audit function, taking reasonable steps to ensure that every person involved in the performance of the service is independent from the persons who perform external audit, including:
- supervision and management of the work of outsourced internal auditors.
- management of potential conflicts of interest between the provision of external audit and internal audit services.
PR13: Developing and maintaining the firm's business model.
PR14: Managing the firm's internal stress-tests and ensuring the accuracy and timeliness of information provided to the FCA for the purpose of stress-testing.
The FCA expects firms to allocate the prescribed responsibilities to an Executive Director or Partner, with the exception of PR9, PR10 and PR11, which should be allocated, where possible, to a Senior Manager who is a Non-Executive Director of the firm or a Partner who does not have management responsibilities.
3. The Limited Scope Regime
Limited Scope Firms will be subject to the Conduct Rules. The only required SMF roles and required approval here are for persons carrying out functions falling under SMF16, SMF17 and SMF29.
Prescribed responsibilities will not apply to Limited Scope Firms.
What Firms Need to be Doing
The extension of SMCR will have a significant impact on firms. To be ready for its introduction, firms will need to do a number of things, including:
- Assess whether they are caught by the Core, Enhanced or Limited Scope Regime.
- Identify if an individual is performing or going to perform a Senior Management Function.
- Assess that individual to ensure they are fit and proper and ensure they understand their responsibilities.
- Prepare a statement of responsibilities and apply to the FCA for approval for the individual.
- Ensure that the statements cover all prescribed responsibilities (if appropriate).
- Identify who is performing a certification function.
- Assess whether they are fit and proper and, if so, issue a certificate to that effect covering prescribed matters.
- Put in place systems (including HR and IT systems) to ensure that:
- an annual fit and proper assessment is carried out for senior managers and staff performing certification functions;
- all staff are trained on their conduct rules;
- changes are updated in the senior management statements of responsibility and resubmitted to the FCA.
- If subject to the Enhanced Regime, firms will also need to prepare responsibility maps, handover procedures and ensure that a senior manager is responsible for every area of the firm.
Despite the potentially delayed introduction, firms should now be considering the likely impact of the extension of SMCR on their business and appointing a project team to prepare a project plan and ensure that the firm is ready by likely implementation in the second half of 2018.