7 March 2017 marked the first anniversary of the implementation of the Senior Managers and Certification Regime. However, rather than coming with cake and candles, this birthday was celebrated with the introduction of the next phase of the regime.

By 7 March 2017, relevant firms (being banks, building societies, credit unions, the larger investment banks regulated by the PRA, and branches of foreign banks operating in the UK) were required to have identified all individuals performing specified “significant harm” functions, and to have issued them with a certificate confirming their status as “fit and proper” for the purposes of performing those functions.

An employee who performs a specified “significant harm” function is one who, for example, is a material risk taker or whose activities involve or might involve a risk of significant harm to either their firm or their firm’s clients.

The requirement to identify and provide certificates for all individuals who perform such functions, also means that firms need to have procedures in place to assess the fitness and propriety of such staff (both at the time they commence employment and annually thereafter).

In addition, the Conduct Rules, which have previously only applied to senior managers and staff subject to the Certification Regime, have now been rolled out to all employees and the regulatory references rules have come into force. These rules require firms to obtain regulatory references when recruiting for certain roles. For our previous update on the final rules on regulatory references, follow this link. If a firm is appointing an individual to perform a controlled function or certain other functions (such as a senior management or “significant harm” function, or certain insurance functions), it must take reasonable steps to obtain regulatory references from the individual’s former employer(s) covering the previous six years. Firms who receive such a request will be required to provide specific information concerning, for example, breaches by the relevant individual of any conduct requirements, or any disciplinary action taken against the individual associated with their fitness and propriety (notwithstanding any agreement (such as a settlement agreement or COT3) that may have been entered into between the departing employee and his/her previous firm(s) about the content of any reference).

In keeping with the regulators’ drive to promote personal accountability and good self-governance in the financial services sector, the latest rules extend the scope of the SMCR to a much broader range of employees. Firms must therefore ensure that support functions like HR, IT, Compliance, and Risk are synchronised across the board, that adequate procedures are in place to ensure fitness and propriety assessments happen annually, that staff are properly trained and understand the regulators’ requirements, and that employment documentation is both appropriate and up to date.