On 7 March this year the FCA and PRA’s new Senior Managers Regime (SMR) came into force for banks following a lengthy and extensive consultation. During that consultation we had identified and written about the lack of clarity on the treatment of banks’ legal function. In January the FCA issued a statement noting potential confusion and promising a full paper later in the year. On 28 September, it duly published DP16/4 setting out the pros and cons of including banks’ legal function within the scope of the SMR.
Recap of SMR and its aims
The SMR aims to improve senior individual accountability at banks by requiring them to allocate responsibility for different functions to named senior managers.
The SMR replaces the previous approved persons regime with a three-tier approach:
- Senior Managers must be pre-approved by the relevant regulator. They are subject to a duty of responsibility and additional Conduct Rules.
- Below them, Certification Staff are subject to a bank-led Certification Regime.
- All bank employees are subject to five high-level Conduct Rules.
Responsibility for banks’ legal functions
The SMR specifies 17 Senior Management Functions (SMFs) (e.g. CEO, Director), holders of which must be pre-approved by the relevant regulator. The rules set out 30 prescribed responsibilities that banks must assign to an SMF. Crucially, however, they also require banks to identify any further “business areas, activities or management functions” (Responsibilities) that should also be allocated to an SMF. SMF18 (“Other Overall Responsibilities”) allows firms to allocate overall responsibility for those Responsibilities to someone whose role is not otherwise covered by the other SMFs.
The indicative list of Responsibilities the FCA published during its SMR consultation included responsibility for IT systems and HR. But it did not include responsibility for the legal function. Banks were left to ponder whether responsibility for their legal function needed to be assigned to an SMF and whether their head of legal (or equivalent) needed approval as SMF18. Inconsistent communications from the FCA added to the confusion, which the FCA now acknowledges.
In DP16/4 the FCA:
- clarifies that it had intended responsibility for a firm’s legal function to be allocated to an SMF, with the head of legal needing approval as SMF18 unless already an SMF;
- explains that responses received after publishing its final SMR rules have caused it to reconsider whether this should be the case;
- sets out arguments for and against including responsibility for the management of a bank's legal function within the SMR; and
- seeks views on what the position should be and why.
Arguments identified in DP16/4 for and against including the legal function in the SMR
Arguments in favour
- The legal function does amount to an “activity, business area or management function”. The FCA considers this covers internal functions such as HR and so should also encompass the legal function.
- The person responsible for the legal function manages the provision of legal advice: this “management” should be within the SMR. Management failings (e.g. from inadequate resources) can impact the wider business. Accordingly it would be in line with the objectives of the SMR that an SMF is accountable for it.
- Firms do not have to appoint their head of legal as an SMF. They can allocate overall responsibility to another SMF.
- Concerns about privilege should be minimal: (i) the SMR’s focus is on the operational management of the legal function, not the actual advice given; (ii) the presumption of responsibility has been replaced with a duty of responsibility (where the burden of proving wrongdoing is on the regulator); and (iii) privileged material is protected from disclosure to the regulator by both FSMA and COCON.
- A comparison of the Conduct Rules of the SMR and the SRA’s principles suggests they are consistent. Other professionals such as accountants are subject to dual regulation with no problem.
- The legal function’s role is to provide independent advice to the business. So it does not amount to an “activity, business area or management function”.
- Although in principle other SMFs may be charged with overall responsibility for the legal function (e.g. the CEO), in practice the head of the legal function will be the most suitable person. Bringing them into the SMR may affect the legal function’s ability to provide independent advice. In particular, Rule 4 of the Senior Manager Conduct Rules requires proactive disclosure. This could cut across privilege. Even the mere risk of having to disclose privileged advice could impact on the perceived independence of the legal function.
- Privilege in respect of legal advice will in most circumstances belong to the firm. This could put an SMF who is head of the legal function in a difficult position were they to have to defend their personal actions on a particular issue.
- There is potential overlap and/or conflict with the regulatory regimes lawyers are already subject to.
- It would be sufficient for a bank's lawyers and head of legal to be subject to the Conduct Rules and Certification Regime.
The Law Society, the Association for Financial Markets in Europe and the British Bankers Association have all made statements in favour of excluding the legal function from the SMR.
However, there is a strong argument that including responsibility for the legal function in the SMR would be in line with the SMR’s wider aims. Equally, ensuring an individual is accountable for the management (in particular, resources) of the legal function is potentially desirable for all concerned, not least banks’ lawyers.
However, the FCA paper does not fully address the more difficult issues around dual regulation and privilege:
- See our article for more detail on the potential for conflict between the Conduct Rules and the SRA’s principles. Our view is that the FCA has underestimated the scope for difficulty, in particular for lawyers advising on complaints handling.
- On privilege, if the FCA were able to make out a prima facie case against the person responsible for the legal function for breach, that person might need to rely on privileged advice to rebut that case. The removal of the presumption of responsibility helps but it does not remove the issue entirely.
The FCA analysis supporting inclusion also appears to rely heavily on the argument that the head of legal need not be the individual responsible for the management of the legal function. However, a firm may have to adopt artificial reporting structures to achieve this, which seems counterintuitive to the aims of the SMR.
Finally, it is also worth noting that including responsibility for the legal function (and other ancillary functions such as HR and IT) within the SMR may exceed the FCA’s statutory authority. Section 59ZA FSMA only designates a function as an SMF if it relates to the carrying on of a regulated activity by a firm. Presumably the FCA takes the view that this also covers activities ancillary to a bank’s performance of a regulated activity. However, there appears to be no direct authority on this point and we anticipate it would be likely to be raised in any enforcement action against an individual in charge of one of these areas.
The consultation closes on 9 January 2017. Banks that had already made good faith decisions on who to approve need not need change their approach until after the outcome of DP16/4.
Law stated as at 6 December 2016.