At a Glance…
The UK Financial Conduct Authority (FCA) has published its long-awaited consultation paper on extending the senior managers and certification regime (SMCRE) to all authorised firms. A separate consultation paper has been published for insurers.
The SMCRE will consist of a “core regime”, an “enhanced regime” and a “limited scope regime” to reflect the size, scale and complexity of the firms that will be subject to this regime. The consultation is open until 3 November 2017 and the final rules are expected to be published next year1.
The core regime
The Senior managers regime
The SMCRE will require FSMA-authorised firms (Firms) to allocate specific senior management roles and prescribed responsibilities (SMFs) to senior managers.
The consultation paper identifies a number of core SMFs that will apply to all Firms unless a specific exemption applies. The core SMFs include: (a) chief executive; (b) executive director; (c) partner; (d) non-executive chair; (e) chief compliance officer; and (f) MLRO. This will mean that some non-executive directors (NEDs) that are currently registered with the FCA as approved persons will no longer need to be registered.
Seven prescribed responsibilities are identified including responsibility for financial crime procedures, certification compliance and CASS2 compliance. The senior manager responsible for CASS compliance under the CASS-prescribed responsibility regime must not also carry out the CASS oversight function (which will be a certified function).
SMFs must be approved by the FCA following an assessment of their fitness and propriety. A statement of responsibilities document (SoR) must be prepared for all senior managers and this will be reviewed by the FCA as part of its assessment process. The SoR should be a self-contained document prepared by the Firm and must clearly assign prescribed responsibilities to each SMF.
SMFs will be subject to a duty of responsibility. SMFs will therefore be at risk of enforcement action for breaches of their areas of responsibility unless they can prove that they took “reasonable steps” to prevent the contravention from occurring or continuing.
The certification regime
Individuals other than senior managers whose role means that they could pose a risk of significant harm to the Firm or its customers are not subject to prior regulatory approval, but their fitness and propriety needs to be vetted by the Firm both at the time of appointment and on an ongoing basis, and the Firm needs to issue a certificate confirming that the individual is fit and proper.
The certification regime is intended to apply to, among others, (i) individuals performing the significant management function; (ii) the individual performing the CASS oversight function; (iii) proprietary traders whose activities involve, or might involve, a risk of significant harm to the Firm or any of its customers; (iv) individuals in customer-facing roles who are subject to qualification requirements (such as retail investment advisors); (v) anyone who supervises or manages a certified person directly or indirectly if they are not a senior manager; (vi) material risk takers; and (vii) algorithmic traders.
In the consultation paper, the FCA asks Firms to indicate whether additional certified functions should be allocated and queries whether information on certified individuals should be made public (e.g., whether individuals and their functions should be disclosed on the FS register). Certification will be required on an annual basis.
Fitness and propriety assessment
In assessing fitness and propriety, a Firm will be required to consider whether the person has obtained a relevant qualification, has undergone training, possesses a level of competence or has the personal characteristics required by the FCA’s general rules.
The fitness and propriety test will be extended to NEDs even if they are not authorised as senior managers.
Firms will be required to conduct criminal record checks on each senior manager and NEDs who are not senior managers where a fitness requirement already applies to them.
As part of the assessment of fitness and propriety, Firms seeking to appoint someone to either a SMF or a certification function will be required to request a “regulatory reference” from all previous employers, covering the past six years of employment. This requirement will also apply to NEDs.
On receipt of a request for a reference, Firms will be required to provide all the prescribed information relevant to the hiring firm’s fit and proper assessment, including details of any misconduct. Regulatory references should focus on regulatory matters only.
This will mean that performance management and disciplinary procedures should be carefully documented and maintained.
Under the SMCRE the existing statements of principle and code of practice for approved persons will be replaced with a two-tier set of conduct rules (Conduct Rules). The SMCRE will be required to allocate a senior manager to ensure that the Firm trains staff on the Conduct Rules and complies with the FCA notification requirements.
The first-tier Conduct Rules will apply to all relevant employees (including senior managers, certified persons and all other employees except for ‘ancillary staff’) and the second tier conduct rules will apply to senior managers only. The Conduct Rules will apply to a Firm’s regulated and unregulated activities including any related ancillary activities.
Firms will be required to notify the FCA of certain breaches of the Conduct Rules and the FCA may take disciplinary action against any relevant employee who breaches the Conduct Rules or is knowingly concerned in a regulatory contravention by the Firm. HR, compliance and the business will need to work more closely together to ensure that the Firm properly discharges its responsibility in this regard.
Staff will need to be trained to ensure that they understand the scope of their responsibilities and what it means to be subject to the Conduct Rules. Providing training to staff will provide some protection for the Firm from the charge from individuals that they did not fully understand the scope of their responsibilities under the SMCRE.
The enhanced regime
Enhanced firms will be subject to certain additional requirements over and above the core regime (summarised above) to reflect their respective size and complexity.
The consultation paper defines an “enhanced firm” as a Firm that satisfies one or more of the following criteria: (a) it is a significant IFPRU firm3; (b) it is a CASS large firm; (c) it has assets under management of £50 billion or more (at any time in the last three years); (d) it has intermediary regulated business revenue of £35 billion or more per year; (e) it has an annual regulated revenue generated by consumer credit lending of £100 million or more; or (f) it is a non-bank mortgage lender with 10,000 or more regulated mortgages outstanding. The FCA indicates that this is likely to capture approximately 350 Firms.
Six additional responsibilities must be given to senior managers in enhanced firms and seven additional prescribed responsibilities will apply (e.g., compliance with the Map requirement, and safeguarding and overseeing the independence of the (a) internal audit function, (b) the compliance function and (c) the risk function).
Enhanced firms will be required to prepare and maintain a ‘map’ showing the Firms’ overall governance and management arrangements (Map). The Map should include information such as: (i) a list of all approved SMFs; (ii) a checklist showing that all prescribed responsibilities have been allocated; and (iii) a list of reporting lines from all senior managers, including, as relevant, the nature, purpose, remit and interaction of committees or any other governance arrangement. The Map must show how the various responsibilities have been allocated and the Firm must ensure that, when looked at with the SoRs, there are no gaps in accountability.
Finally, enhanced firms will be required to have a handover procedure in place for those performing a SMF. This procedure will require individuals performing a SMF to prepare a handover note to their successors to enable a smooth transition of responsibilities.
The limited scope regime
There will be fewer SMFs for limited scope firms such as limited-permission consumer credit firms, oil market participants, energy market participants and sole traders. The requirements relating to the allocation of prescribed responsibilities for SMFs will not apply and NEDs at limited scope firms will not be subject to the fitness and propriety, criminal records and regulatory references requirements.
Firms will have to determine whether they are subject to the core, enhanced or limited scope regime.
The SMCRE will require more engagement from senior management and certified persons as well as some changes to a Firm’s governance policies, procedures and arrangements (including how they are documented and maintained) and a review of certain employees’ employment contracts may be necessary.
In addition, employees will need to be trained on the SMCRE to ensure that they understand their respective responsibilities.
Implementation of the SMCRE to banks and other financial institutions was a long, protracted and complex process, so Firms are well advised to start work on implementation as soon as possible now that the consultation paper has been published. The FCA will be holding a number of forums with Firms to discuss the proposals in the consultation paper.