The FCA recently released the latest in a long series of papers relating to the Senior Managers and Certification Regime (“SMCR”). FCA Consultation Paper CP19/4 sets-out new measures designed to “optimise” the SMCR ahead of the next wave of SMCR implementation when, on 9 December 2019, in what will undoubtedly be one of the biggest changes to the UK regulatory landscape in recent years, all FCA-solo regulated financial services firms (referred to generally below as “firms”) will be brought fully within the scope of the SMCR. This deadline will be followed by a staggered implementation period, requiring firms to comply with all aspects of the SMCR by 9 December 2020.
The SMCR will replace the existing FCA Approved Persons regime for FCA solo-regulated firms and require wholesale changes to firm’s governance, HR and compliance arrangements. Critically, the changes that SMCR brings will significantly extend the exposure of individuals within such firms to personal regulatory action, and will require careful explanation and messaging from firms to their employees.
In this article, Polly James, Adam Jamieson and Samantha Paul in BCLP’s Investigations, Financial Regulation and White Collar Group summarise the key changes as a result of the SMCR and highlight some of the key implementation challenges that will need to be addressed to ensure your firm is on track.
Increased personal regulatory exposure and obligations of firms
From 9 December this year, the FCA’s Conduct Rules – contained in the Code of Conduct sourcebook (COCON) of the FCA Handbook – will apply to Senior Management Function holders (“SMFs”), non-executive directors (“NEDs”) and certification staff. These Conduct Rules will effectively replace the Statements of Principle for Approved Persons (APER). A failure to meet the standards imposed under the Conduct Rules will mean that an individual could be liable to regulatory enforcement action. In addition, these individuals will be susceptible to disciplinary action by the FCA if they are found to have been “knowingly concerned” in a breach by the firm.
SMFs will also be subject to a new “Duty of Responsibility” which could lead to them being subject to personal regulatory enforcement action if a regulatory failing occurs within their area of responsibility and they fail to take such steps as a person in the SMF’s position could reasonably be expected to take to avoid the contravention occurring (or continuing).
SMFs will be required to summarise their responsibilities on a formal “Statement of Responsibility”, a document which will be signed by the SMF and the firm, and will need to include reference to any prescribed responsibilities that they hold (these are specifically designated FCA responsibilities that firms will be required to allocate to an SMF).
Firms themselves have a statutory obligation under the new regime to provide suitable training to SMFs, NEDs and certification staff to help them to understand their personal regulatory duties. This training will need to be provided by 9 December 2019.
Firms will also be required to notify the FCA if they take disciplinary action (the definition of which includes the issuance of a formal written warning) against a person relating to any action, failure to act, or circumstance that amounts to a breach of any of the Conduct Rules. This is likely to require close interaction between HR and Compliance teams.
With effect from 9 December 2020, the Individual Conduct Rules will apply to all staff (except those carrying out a small number of purely administrative roles that are specified in the FCA’s rules). The extension of personal regulatory duties beyond approved persons will feel like the most significant change for most people working at firms, most of whom have never been accountable directly to the regulators for their personal conduct.
The new Certification regime
The new Certification regime requires firms to identify which of their staff are performing certification functions (see below), and to assess the fitness and propriety of each individual to perform their roles, at least on an annual basis.
Certification functions are defined by statute as “significant harm functions”, i.e. functions that allow the people performing them to pose a risk of significant harm for a firm or to any of its customers. The FCA has been given statutory power to specify the functions they consider to be certification functions (which they have done in their handbook).
If, for whatever reason, a certification staff member cannot be certified fit and proper to perform their role at the annual certification deadline, they will need to be removed from their role or temporarily re-deployed. Regulatory references will also need to be obtained for new certification staff (i.e. those who were not already in role at the time of commencement) and firms should have a written policy in place to address this.
Firms are required to identify and provide Conduct Rules training to their certification staff by 9 December 2019, and must now put in place a process to certify them as fit and proper by 9 December 2020.
We expect the certification regime to necessitate various amendments to firms’ HR policies and procedures, including fit and proper assessment procedures (e.g. for new joiners), appraisal forms, staff handbooks and employment contracts. It will also require difficult judgment calls to be taken in the event that there are questions over an individual’s fitness and propriety - it is worth thinking through in advance some scenarios where this may arise.
Are you on track to be SMCR-ready?
The first thing for firms to do, sooner rather than later, is to determine which category of firms they are for the purpose of the SMCR. The FCA has divided firms into three categories – Limited Scope, Core and Enhanced – and the most onerous requirements under the SMCR apply to just the Enhanced firms. You can use the FCA’s firm checker tool to assist in determining which category of firm you are. The FCA has also published a helpful practical guide for firms to assist in determining their category.
Following this determination, we have set out below 10 questions for firms to consider when assessing whether they will be compliant with the first phase of SMCR which comes into force on 9 December 2019:
- Have you completed the process of identifying which current approved persons will become SMFs and which individuals who were not previously approved persons (if any) will now need to be approved — and are the required regulatory notifications ready to be sent out (if the functions do not automatically map across)?
- Have you identified all of your certification staff? Remember, whilst fit and proper certificates are not required until 9 December 2020, certification staff should have been identified by 9 December 2019.
- Have all the Prescribed Responsibilities been assigned to SMF holders? Remember there are additional Prescribed Responsibilities that will need to be allocated under SMCR, which did not exist under SIMR.
- Have you drafted your Management Responsibilities Map? In particular, is there a clear identification and allocation of “overall responsibility”, as required by the new FCA rules? This will need to be submitted to the FCA.**
- Have all the Statements of Responsibilities for SMF Holders been produced? For enhanced firms, these must align with the Management Responsibilities Map and may be scrutinised by the regulators.
- Have you put in place a written policy in relation to the requirement for SMF handovers?**
- Do you have a suitable regulatory reference policy in place? This should also cover incoming certification staff.
- Have your SMFs, NEDs and certification staff received the required training on their regulatory responsibilities? Remember that certification staff and NEDs, as well as SMFs, will be required to abide by the Conduct Rules from 9 December 2019.
- Have appraisal documents and employment contracts been amended to take into account adherence to the SMCR? This will include references to fitness and propriety assessments and compliance with the Conduct Rules.
- Have other relevant policies and procedures been updated (for example, your fit and proper policy to ensure that SMFs are properly vetted), and responsibility for them been assigned to specific functions?
** This requirement only applies to an “enhanced firm” under SMCR.
From our experience helping banks to prepare for the implementation of the SMCR in March 2016 and insurers ahead of their 10 December 2018 initial commencement date, implementing these requirements takes longer than you would think. Our advice is to start as soon as you can.