The Financial Conduct Authority (FCA) published its Policy Statement (PS18/14) and near final rules on the extension of the Senior Managers and Certification Regime (SM&CR), which is replacing the current "approved persons regime", to all FSMA‑authorised firms in July. Since March 2016, the SM&CR has applied to firms authorised by the Prudential Regulation Authority (the PRA). In July 2017, the FCA proposed that the SM&CR be rolled out to solo‑regulated firms across financial services, including FCA‑regulated energy market participants (EMPs) and oil market participants (OMPs).
The stated aim of the SM&CR is to "reduce harm to consumers and strengthen market integrity by making individuals more accountable for their conduct and competence". The FCA proposes to do this by imposing more individual responsibility on senior managers, and shifting the burden of approving other staff to firms themselves.
The three key elements to the SM&CR are:
- The Senior Managers Regime for those performing Senior Managers Functions.
- The Certification Regime for those performing a Significant Harm Function.
- New Conduct Rules for all staff who work in financial services.
There are three categories of firm subject to the SM&CR, and requirements vary according to which category the firm belongs:
|Category of firm||Examples of firms in this category|
Senior Managers' Regime
Those performing Senior Management Functions (SMFs) (Senior Managers) will be subject to a statutory "duty of responsibility". Senior Managers will therefore need to:
- "Take reasonable steps" to ensure their firms are controlled effectively and comply with relevant requirements and regulatory standards.
- Ensure they only delegate responsibility appropriately.
- Disclose any information to their regulator of which they would reasonably expect notice. Failure to comply will give rise to personal liability. SMFs include "governing functions" (e.g. the chair, chief executive, or partners) and "required functions" (compliance directors and the MLRO).
Firms must produce "Statements of Responsibility" for each Senior Manager and all Senior Managers must be pre‑approved by the FCA.
In its Policy Statement, the FCA confirmed that simply because an individual is a board member does not mean that they will have any prescribed responsibilities.
Last year, the FCA suggested it apply the SM&CR regime to firms' Heads of Legal/General Counsels, however, it has not yet confirmed whether they will be in or out of scope of the regime. Instead, the FCA has promised to consult on the issue before the new regime takes effect.
For limited scope firms, such as EMPs and OMPs, most of the requirements for "core" firms still apply except some requirements are limited in the extent to which they apply to non‑executive directors (NEDs).
The Certification Regime applies to anyone who is not a Senior Manager but is capable of causing "significant harm" to a firm or its customers (i.e. a person performing "significant harm functions") and to those who manage such persons. Significant harm functions include client dealing and material risk‑taking, so will affect most traders and other front office staff. The Certification Regime requires firms to certify staff are "fit and proper persons" but certified staff do not require pre‑approval from the FCA before being appointed. This is a significant change for traders. Under the approved person regime they were approved by the FCA to perform the "customer dealing" function, but under the SM&CR they will no longer be directly approved by the FCA to perform their role, and so will need to carefully consider how they engage with customers, front‑office staff and other key functions.
The FCA has changed its requirements in relation to criminal record checks for certified staff, which will now only be mandatory for proposed Senior Managers. Criminal record checks will not strictly be required for certified staff but firms are free to choose to adopt such checks. There will also be a ten year time limit to some of the questions about civil proceedings which form part of the "fit and proper" assessment for certification staff.
Somewhat illogically, in its Policy Statement, the FCA has stated that even if a firm does not have any certified staff, the prescribed responsibility that relates to the certification regime still needs to be allocated to a Senior Manager.
Another new FCA proposal in the Policy Statement is the introduction of a new public directory of all certified staff, non‑SMF directors, and certain other key categories of personnel, as well as the Senior Managers (who were originally going to be included in the FCA's existing directory, the Financial Services Register (FS Register).
This staff directory will sit alongside the current FS Register for FSMA‑authorised firms. Appointed representatives will remain subject to the current approved person regime, but their approved persons will be transferred to the public directory of certified staff.
Code of Conduct
Under the extended SM&CR there will be a new Code of Conduct applying to all staff except "ancillary staff" (such as receptionists, cleaners, caterers, security staff, and IT support staff). The proposed Code is very similar to the current Statements of Principles and Code of Conduct for Approved Persons (APER), including duties to act with integrity and with due care, skill and diligence, but will apply more broadly. Almost everyone employed in the firm will be subject to the Code of Conduct, whereas currently only those holding "controlled functions" are subject to APER.
There will be a prescribed responsibility in relation to conduct rules, meaning that a Senior Manager will need to accept responsibility for the training of staff and reporting of conduct breaches.
How will the SM&CR apply to EMPs and OMPs?
The FCA has also said that the new rules will be "proportionate and flexible [in] approach to accommodate the different business models and governance structures of firms" and state that both the size and complexity of firms will be taken into account. This means that OMPs and EMPs will be subject to a "limited scope" regime which will not include some of the additional regulatory burdens to which "core" and "enhanced" firms will be subject. For instance, limited scope firms may need to have a Compliance Oversight Function or MLRO under other FCA or regulatory rules. However, if they do not, then they are not required to appoint Senior Managers to these roles for the SM&CR, although they will still be required to implement the three key elements of the regime to some extent.
How will the SM&CR apply to groups?
One of the difficulties for firms who are part of larger groups is in defining individual responsibility in complex governance structures, where there may be opaque lines of responsibility. In some cases, areas of responsibility may feel quite artificial. For example, under the regime for PRA‑regulated firms, in certain circumstances, the MLRO was often not a sufficiently senior role to allow the appointee to effectively oversee money laundering compliance, which resulted in more senior individuals having ultimate responsibility for this role. The FCA has now provided guidance on how to allocate prescribed responsibilities, in particular where, on a practical, day‑to‑day level, they may be split across different departments. The FCA specifically mentions financial crime as an example of this. With regards to the role of the MLRO, FCA Guidance in the Policy Statement indicates that where s/he does not have overall responsibility for all areas of financial crime, then the prescribed responsibility should instead be allocated to the senior manager that has the overall view of "all financial crime matters".
Another issue for groups is what to do where one entity in the group is subject to a lower or enhanced level of compliance than the rest of the group. In its policy statement, the FCA does not prescribe a particular approach for groups that have a combination of enhanced, core and limited scope firms within their structures. The FCA has, however, clarified that firms will be able to voluntarily opt‑up to enhanced or core standards, but must adopt all of those standards and cannot cherry pick which parts of the respective regimes they choose to opt‑up.
What do firms need to do now?
The implementation date for the implementation of the SM&CR to all FSMA‑regulated firms is 9 December 2019. This was confirmed by HM Treasury and by the Economic Secretary to the Treasury in Parliament. However, a formal statutory instrument has yet to be presented before Parliament.
Key tasks before the SM&CR extension comes into effect will include allocating and recording SMFs, amending employment contracts, implementing rigorous internal policies and training programmes, and preparing applications and certifications. This has led some in the commodities and energy space to re‑structure their trading activities so that they fall outside the UK regulatory perimeter and therefore do not need to implement the extended SM&CR regime. Firms could consider which exemptions and exclusions they can rely on to take their trading activities outside the scope of the new regime.