The Senior Managers & Certification Regime (SM&CR) will apply to buy-side firms in 2018 to assist the regulators in holding senior management to account and enshrine conduct rules that broadly apply to most employees. While we wait for a consultation on draft rules, this briefing highlights aspects of the existing banks' regime that are likely to suggest the direction of the final rules for the buy-side. We also put forward some action points for firms to consider now.
- Principle of proportionality
- Three tiers of employees
- Duty of responsibility for senior managers
- No regulatory approval for certification staff
- New set of conduct rules applying to all employees
- Reporting conduct rule breaches to the regulator
- Staff training
In March 2016, the SM&CR came into effect for deposittakers after having attracted widespread industry attention. HM Treasury has confirmed that it will extend the SM&CR across all regulated financial services firms from 2018. The extension is likely to affect up to 60,000 firms including asset managers, hedge funds, private equity and other investment firms.
The Approved Persons Regime (APR) will be replaced by one framework regulating individuals industry-wide in the financial services sector. By doing this, the government hopes to assist the regulator in overcoming perceived barriers to enforcement against senior individuals under the APR. In particular, the SM&CR will ensure that the responsibilities of each senior individual are clearly documented and therefore, make it easier for the regulator to establish personal culpability.
The FCA is developing its approach to extending the SM&CR and plans to consult on its proposals during 2017. This leaves buy-side firms with a relatively short period of time to develop and implement an SM&CR compliant framework by 2018. Therefore, despite the lack of guidance or draft rules from the FCA, it is not surprising that buy-side firms have turned their attention to the SM&CR and its anticipated implications.
HM Treasury and the FCA confirm that the extended SM&CR will introduce the principle of proportionality. This means that the regulator intends the regime to appropriately reflect the diverse business models operating in the UK and be proportionate to the size and complexity of firms. Therefore, while there is currently no further guidance, the extended SM&CR is unlikely to be identical to that which applies to deposit-takers. However, there is no doubt that certain key aspects will be carried-over if the regime is to achieve its intended purpose of holding senior individuals to account.
TIERS OF EMPLOYEES
The SM&CR categorises employees into three categories set out below.
Senior Managers - require approval by the regulator prior to performing senior roles. These senior roles are known as `senior management functions' and replace the concept of `significant influence functions' under the APR. Each Senior Manager must have a statement that clearly sets out his / her responsibilities. Such statements are, in theory, designed to enable the regulator to identify senior management responsibility in the event of a failure of a firm, or an area within a firm.
Certification Staff - do not require any regulatory approval, although firms must assess the fitness and propriety of individuals performing `significant harm functions'. These are nine prescribed functions which the regulators designed to capture individuals whose roles could pose a risk of significant harm to the firm or its customers. Fitness and propriety assessments must be carried out by the firm before an individual begins performing his / her function, and annually thereafter.
Conduct Rules Staff - a firm's remaining employees (subject to some exceptions) outside of the Senior Manager and Certification Staff categories. Individuals in this category must comply with five `conduct rules' which also apply to Senior Managers and Certification Staff. This is the first time all employees, including those performing unregulated roles, are personally required to comply with rules relating to their conduct.
The conduct rules are similar to the Statements of Principle for Approved Persons and reflect the regulator's core standards expected of all staff. Senior Managers, Certification Staff and Conduct Rules Staff must comply with the five individual conduct rules. Senior Managers must comply with a further four conduct rules that reflect the management responsibilities that they hold.
Firms are required to report to the regulator when they take disciplinary action against a Senior Manager, Certification Staff or Conduct Rules Staff member for a breach of the conduct rules. Firms are also required to provide tailored, role-based training to all three tiers of staff on the conduct rules.
Individual conduct rules
- You must act with integrity.
- You must act with due skill, care and diligence.
- You must be open and cooperative with the FCA, PRA and other regulators.
- You must pay due regard to the interests of customers and treat them fairly.
- You must observe proper standards of market conduct.
Senior Manager conduct rules
- You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively.
- You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system.
- You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively.
- You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice.
SENIOR MANAGERS' DUTY OF RESPONSIBILITY
The SM&CR introduces a new statutory duty of responsibility on Senior Managers to take reasonable steps to prevent a regulatory breach in their area of responsibility. In light of the Senior Manager conduct rules and the similarities with the Statements of Principle under the APR, the practical effect of the statutory duty remains to be seen. Nonetheless, it is clear that the regulator will hold Senior Managers to high standards under the SM&CR. This means that being able to demonstrate reasonable steps were taken will be imperative for a Senior Manager should they ever find themselves under the regulator's spotlight.
While buy-side firms wait for the FCA's draft rules on the extended SM&CR, they might usefully start to:
- identify key internal stakeholders to form a working group, for example, representatives from HR, Risk, Secretariat, Compliance and Legal;
- engage with senior management to ensure sufficient levels of `buy-in';
- review the existing governance structure and reporting lines for adequacy and transparency;
- consider how fitness and propriety assessments of Certification Staff will be carried out and monitored. While the standards have not changed under the SM&CR, there is a greater risk for firms given that they will be solely responsible for `approving' these employees;
- ensure Senior Managers and Certification Staff have up-todate job descriptions;
- review existing HR policies and procedures in light of the conduct rules and the need to report disciplinary action to the regulator;
- consider employment contract changes, particularly for Senior Managers; and
- consider suitable training packages for all three tiers of staff.
It will be interesting to see how the SM&CR continues to unfold for the banking sector. No doubt, we are likely to see a shift in focus from implementation to enforcement. In the meantime, buy-side firms are in the fortunate position of being able to benefit from the lessons learned by deposit-takers during their implementation projects.
While we wait for details of the extended regime, in particular on the application of proportionality, planning ahead and investing time now is likely to put buy-side firms in strong stead for implementation of the SM&CR by 2018.