The Senior Managers and Certification Regime (“SMCR”) and the Senior Insurance Managers Regime (“SIMR”) are a range of policy and rule changes introduced by the Financial Conduct Authority (“FCA”) and the Prudential Regulation Authority (“PRA”), to increase the accountability of senior individuals within the banking and insurance sectors respectively.
Background to the SMCR The SMCR was introduced to address a strong perception, following the financial crisis, that the legal framework around the identification and allocation of responsibilities to Senior Managers in the banking sector was inadequate. The UK Parliamentary Commission’s 2013 report on Banking Standards found that “the public are angry that senior executives have managed to evade responsibility. They want those at the highest levels of the banks held accountable for the mis-selling and poor practice”.
To address this, that report recommended introducing a “new Senior Persons Regime, replacing the Approved Persons Regime, to ensure that the most important responsibilities within banks are assigned to specific, senior individuals so they can be held fully accountable for their decisions and the standards of their banks in these areas”.
Implementing the Senior Managers Regime
Implementing the SMCR requires firms to identify all individuals performing Senior Management Functions (“SMFs”). SMFs can be carried out by both executive and non-executive directors. The SMCR also lists a number of Prescribed Responsibilities and key functions to be allocated to the appropriate Senior Managers. Firms also need to satisfy themselves that the relevant candidate is a “fit and proper” person to perform the function. Then, similarly to the former Approved Persons scheme, firms need to obtain prior FCA approval for each person being appointed to perform one or more SMFs. When applying for approval, firms are required to provide a Statement of Responsibilities for each Senior Manager and a management responsibilities map, documenting the senior management responsibilities for the firm as a whole.
Timeline for Implementation
Over the past eighteen months the SMCR and SIMR regimes have been brought into force in stages. The majority of the SMCR and SIMR regimes came in to effect on 7 March 2016 for firms that accept deposits and dual regulated investment firms (i.e. banks and building societies). As such, it currently applies to banks, building societies, credit unions, the largest investment banks regulated by the PRA and branches of foreign banks operating in the UK. Then, following new rules on whistleblowing coming into force on 7 September 2016, the Conduct Rules were widened to apply to all firm staff (save for purely ancillary staff) on 7 March 2017. This was also the deadline for firms to issue certificates to staff in the Certification Regime.
Expanding the SMCR
The FCA’s 2017/2018 Business Plan and other FCA speeches have emphasised that the implementation and expansion of the SMCR is a key regulatory priority. As part of this process, on 3 May 2017, the FCA published a series of policy statements addressing outstanding aspects of the SMCR for banks and insurers and also finalising the rules on remuneration and on whistleblowing in branches of overseas firms. Following on from an earlier consultation paper (CP 16/27), this included extending most of the Code of Conduct sourcebook (COCON) to apply to “standard” nonexecutive directors in the banking and insurance sectors with effect from 3 July 2017.1
Clearly the FCA is trying to avoid the general election and Brexit negotiations delaying implementation of the expanded regime. This means that all non-bank (and non-insurer) FCA authorised firms will need to start focusing on the SMCR in anticipation of its implementation and providing appropriate training.
Then, on 26 July 2017, the FCA and PRA published a consultation on extending the SMCR to all FSMA regulated firms (such as investment firms, mortgage brokers and consumer credit firms) and further developing the SIMR for insurers. Implementation of the expanded regime is expected for early in 2018.
Details of the proposals contained in the July 2017 consultation paper are summarised in this article.
On the same day, the PRA and FCA also published consultation papers on extending the SMCR to insurers (effectively replacing the SIMR). A summary of the proposals contained in this consultation can be found here.
The impact of the SMCR
According to the FCA, it appears that implementing the SMCR has already assisted firms to identify overlapping or unclear corporate structures or inappropriate delegation of responsibilities. In a speech on 13 July 2016 Jonathan Davidson, Director of Supervision at the FCA said that “…for a number of firms, the process of applying the regime helped clarify their own management accountability and governance structures, or highlighted improvements that were or are now being made”.
Clarifying the responsibilities and key functions of Senior Managers at the outset should avoid responsibilities falling between managers or being duplicated. In theory, this should make it more straightforward for the FCA to identify a breach by a Senior Manager and to take the appropriate enforcement action.
The SMCR also has a role to play in achieving cultural change throughout firms. The FCA reported earlier this year that it has already “…seen strong progress in relation to firms adopting a culture of individual accountability through their implementation of the regime”.
Embedding an appropriate culture within firms will help Senior Managers to be more comfortable that they, and their teams, are acting reasonably. It should also help to identify earlier where further changes might be needed to improve the culture, for example, if a firm’s pay structure encourages inappropriate risk taking.
Following the implementation of the SMCR, firms are required to report conduct rule breaches and disciplinary actions to the FCA on an annual basis. The FCA’s Annual Report and Accounts for 2016/2017 disclosed that as of the first reporting date (31 October 2016), of those covered by the regime 32 firms reported 75 conduct rule breaches and 89 disciplinary actions for the period 7 March to 31 October 2016. However, it will be some time before the FCA publishes a full year’s breach statistics for all staff who are subject to the conduct rules.
Will Senior Managers now be in the firing line for every corporate breach?
Senior Managers and their insurers might be concerned that under the SMCR they will be liable for every corporate breach.
However, a Senior Manager is not automatically liable just because the firm is liable. This is because a senior manager’s liability arises under the Conduct Rules if he or she failed to take “reasonable steps” for a person in his or her position to prevent a regulatory breach by the firm occurring, and the burden of proof to demonstrate this lies with the regulator. Clearly the breach by the Senior Manager must be related to or a factor in the firm’s breach but the Senior Manager cannot be liable without the firm also being in breach. It must also be remembered that the FCA still continues to have the ability to take enforcement action against a Senior Manager who (i) has failed to comply with rules applicable to them and/or (ii) has been knowingly concerned in a contravention by a firm of a requirement imposed on it by or under FSMA (see section 66 and 66A).
In a speech on 31 March 2017, Mark Steward, Director of Enforcement and Market Oversight at the FCA explained that “corporate fiduciary duties of care and diligence imposed on company directors are probably the closest statutory precedent for senior management liability”. He also confirmed that the SMCR is not intended to be a means for firms to shift their corporate liability onto senior management, “there is no free pass for firms…the [SMCR] does not mean there will be an end to action against firms, including heavy penalties”.
This is helpful, although the real test for the SMCR will be when the FCA exercises its powers of enforcement.
This process is only just beginning; the FCA has started investigations into two individuals who are Senior Managers.2 Once the outcomes of these investigations are published, Senior Managers, their firms and the public will see if the regime does ensure that blame is allocated appropriately. This also comes against a backdrop of the announcement by Mark Steward, Director of Enforcement and Market Oversight at the FCA in a speech on 20 September that there has been a 75% increase in the number of FCA investigations over the past year (a large proportion of which will be investigations of individuals). We now also have the benefit of the Policy Statement published in May 2017 which set out the amendment to the FCA’s Decision Procedure and Penalties Manual (DEPP) to explain how the FCA intends to enforce the SMCR duty of responsibility. Importantly, this guidance has confirmed that standards will not be applied retrospectively and a long list of factors which will be taken into account when determining whether the senior manager has taken such steps as a person in their position could reasonably be expected to take to avoid contravention.
In the meantime, it is promising to hear that the implementation of the regime might be helping to clarify responsibilities and identify corporate misconduct at an early stage, as this might reduce the largescale banking scandals seen over the past decade.
The consultation period for the current round of consultation papers closes on 3 November 2017 and it is anticipated that the regulators will publish policy statements together with final rules and implementation proposals during 2018.