On 25 October 2018, the Chief Executive Officer of the Prudential Regulation Authority (PRA) Sam Woods delivered an important speech at the Mansion House City Banquet.
Entitled “Good Cop/Bad Cop”, he sent a message to the financial services industry that the PRA and the Financial Conduct Authority (FCA) will increasingly use the Senior Managers and Certification Regimes (SMCR) to deliver the regulators’ supervisory priorities. The PRA has recently used the Senior Managers Regime (SMR) to ask regulated firms who is on the hook if things go badly wrong in the developing areas of crypto-assets, operational resilience and algorithmic trading.
Sam Woods stated that enforcement cases have shown that the PRA can and will take action against Senior Managers if “our red lines are crossed”. However he did note his opinion that the real prudential value of the regime lies in creating opportunities for preventative or remedial action through supervision.
The Regulators are using the SMCR to create positive cultural change in the financial service industry. The overriding purpose of the SMCR is to improve genuine accountability in firms by removing ambiguous or bureaucratic structures that have impeded or obfuscated clear lines of responsibility.
Following the recommendations of the Parliamentary Commission on Banking Standards, the FCA and the PRA introduced the SMCR for Banks in March 2016 and a modified version for insurers. In July 2018, the FCA published its long-awaited rules on extending the SMCR to almost all firms it regulates. HM Treasury announced that the SMCR will apply to Insurers from 10 December 2018 and all FCA solo-regulated firms from 9 December 2019.
This means that the SMCR will apply to approximately 47,000 firms across the UK and will therefore have a major impact on the whole authorised community. This is a radical change of approach with significant implications for regulatory compliance and people management. Transitional arrangements will be put in place for these firms whereby staff performing controlled functions under the Approved Persons Regime can transition across into either Senior Managers or Certified Persons.
Regulatory Responsibilities of Senior Managers
The Senior Managers Regime applies to individuals who perform key senior roles (such as executive roles like CEO and some non-executive roles). The scope of the responsibilities of each Senior Manager must be accurately documented in Statements of Responsibility (SOR). Some regulated firms will also be required to have in place Management Responsibilities Maps (MRM) for their organisation. Regulatory pre-approval is required before a Senior Manager may perform their role.
These regulatory documents have proved challenging to establish and maintain at the banks. Organisations are seldom static – staff may leave, change positions or assume greater responsibilities. Some Senior Managers may want less responsibility as they move towards retirement. Others will assume new responsibilities for businesses and/or functions or share responsibilities with other Senior Managers. Each SOR and MRM must keep up with this fluidity and further regulatory notification and/or approval will be required.
Larger firms’ scale and resources will justify permanent compliance, legal or HR staff ensuring that SMCR documentation is updated promptly and submitted to regulators. For smaller firms however, once the SMCR has gone live, project teams may be disbanded and insufficient resources may be allocated to these on-going regulatory obligations. The SMCR should therefore not be seen as a mere implementation project. Instead, consistent with the regulators’ messaging, the SMCR should be embedded in regulated firms’ DNA as a business as usual processes.
Mindful of these challenges, on 11 October 2018 the FCA published Guidance Consultation (GC18/4) to give practical assistance and information to solo-regulated firms on SORs and MRMs.
The Certification Regime applies to a broader number of employees in regulated firms whose functions have a significant impact on customers, the firm itself or market integrity. Regulated firms are required to certify as fit and proper employees who perform Certification functions.
The teeth of the SMCR are the Conduct Rules. The Conduct Rules are split into Individual Conduct Rules which will apply to almost all staff at regulated firms and the Senior Manager Conduct Rules which apply only to Senior Managers.
The Individual Conduct Rules impose broad behavioural standards on individuals within the financial services industry. The Senior Managers Conduct Rules impose higher obligations on Senior Managers such as a duty of responsibility to take reasonable steps to ensure the firm (and the part of the firm they manage) is not in breach of regulatory requirements.
The Regulators’ rationale for use of the conduct rules include:
- Setting expectations about standards of behaviour through rules is an important tool of both regulators in influencing the behaviour of individuals.
- The rules provide a framework against which regulators will make judgements about an individual’s actions as part of their general supervision of firms.
- Through their impact on the actions of individuals, conduct rules can shape the culture, standards and policies of a firm as a whole and act to promote more positive behaviours that actively support the regulators’ statutory objectives.
- The possibility of enforcement action (for breach of a conduct rule) should also act as a deterrent against actions or omissions that could damage a firm’s prudential position, harm its customers or undermine the integrity of financial markets.
In the first use of the SMCR in an enforcement outcome, on 11 May 2018 the FCA and PRA jointly fined James Staley, Chief Executive of Barclays Group, a total of £642,430. In performing Senior Management Function 1 – Chief Executive, the FCA stated in its final notice that Mr Staley had failed to comply with Individual Conduct Rule 2, which provides that he must act with due skill, care and diligence.
Mr Staley had attempted to identify the author of an anonymous letter received by Barclays in June 2016 that claimed to be from a Barclays shareholder. The letter contained various allegations, some of which concerned Mr Staley. Given his conflict Mr Staley should have maintained an appropriate distance; he should not have taken steps to identify the author. The FCA also found that Mr Staley should have explicitly consulted fully with those with expertise and responsibility for whistleblowing in Barclays and sought express confirmation from them that what he wanted to do was permissible. He failed to do this. The Regulators did not, however, bring action against Mr Staley under Conduct Rule 1 which requires a person to act with integrity.
As a result of the enforcement case, Barclays was subject to special requirements to report annually to the regulators detailing how it handles whistleblowing, with personal attestations required from those Senior Managers responsible for the relevant systems and controls.
In light of the statements of Mr Woods at the Mansion House City Banquet, it is to be expected that both regulators will increasingly use the conduct rules to pursue sanctions both against individuals and regulated firms. The latest Enforcement Report of the FCA has shown an uptick of enforcement investigations open for culture/governance cases.