The FCA and PRA have begun consultation on:
- a new Senior Managers’ Regime (SMR) to replace the old Approved Persons Regime (APER), but covering a narrower range of individuals than APER;
- a new Certification Regime (CR), whereby firms would have to self-certify certain employees as ‘fit and proper’, and would apply to a wider range of individuals than APER; and
- new banking conduct rules for individuals, based on the rules in APER, but applying to almost all a firm’s employees;
all of which will apply only to banks, building societies and PRA-authorised investment firms. (See below for limits on geographical scope.) APER will be abolished in this sector, but will continue to be in place elsewhere (for the time being, at least: see also below).
The proposed regime change is extremely complicated: the result, perhaps, of combining two different systems (for PRA and FCA) into a scheme of late Byzantine intricacy. We have summarised each aspect of the consultation paper below –a high-level overview rather than an exhaustive analyis – but the highlights of the proposals are:
- the new, statutory 'Presumption of Responsibility' – or reversed burden of proof – where, if a firm has breached a regulatory requirement, the Senior Manager responsible for the area of the breach will have to satisfy the regulators that he took "reasonable steps" to prevent, stop, or remedy that breach – with the possibility of facing individual sanctions if he cannot do so; (this does not entail strict liability: what constitutes "reasonable steps" will be determined on a case-by-case basis;)
- as noted above, a greatly increased scope for the new conduct rules, which are based on (and replace) the APER rules; unlike APER, however, the new rules will apply to almost all employees of a bank, building society or PRA investment firm;
- Senior Managers will now be liable to enforcement action from three separate directions:
- for individual breach of the conduct rules (FSMA ‘Condition A’);
- by being “knowingly concerned” in a breach of rules by the firm (FSMA ‘Condition B’); or
- through breaches occuring in the areas for which they are responsible (FSMA ‘Condition C’)
- Senior Managers are also liable to prosecution for the new criminal offence ‘relating to a decision causing a financial institution to fail’ (s.36 Financial Services (Banking Reform) Act 2013).
Responses to the consultation are required by Friday 31 October 2014.
On 30 July 2014 the FCA and PRA published a joint consultation paper on ‘Strengthening accountability in banking: a new regulatory framework for individuals’ (FCA CP14/13 or PRA CP14/14). It was accompanied by another joint consultation on ‘Strengthening the alignment of risk and reward: new remuneration rules’.
The former consultation paper is intended to implement the recommendations of the Parliamentary Commission on Banking Standards for a Senior Persons Regime (the SMR), a Licensing Regime (the CR) and new banking conduct rules.
These proposed changes will only affect individuals working for UK banks, building societies, credit unions and PRA-designated investment firms, although there has, apparently, already been some informal consideration of extending the SMR to non-banks, and ultimately abolishing APER entirely.
Click here to view graph.
Senior Managers’ Regime (SMR)
The SMR applies to a narrower range of individuals than APER, which it replaces.
The scope of the SMR is slightly complicated, as the FCA and PRA have taken different approaches to how important functions and responsibilities are allocated to regulated individuals.
In brief, there are three main types of responsibility:
- Senior Management Functions (SMFs), which effectively replace the old Significant Influence Functions, e.g. acting as a Chairman or Chief Financial Officer; a person carrying out such a function must be approved by the regulators and subject to the SMR (as was the case with APER);
- Prescribed Responsibilities (PRs), which are important functions other than SMFs, each of which must be allocated to one of the existing SMFs “with which the responsibility is most closely associated” (but not the Significant Responsibility SMF – see below); and
- Key Functions, which are important functions other than SMFs and PRs, each of which – if applicable – must be allocated to a Significant Responsibility SMF.
The regulators have provided exhaustive lists of SMFs, PRs, and Key Functions (see below).
Behind this, the regulators’ intention is that all members of the Board, the second layer of governance (whether structured as an Executive Committee or not) and anyone else carrying out an important function should be made subject to regulation. The Significant Responsibility SMF, in particular, has been designed to bring non-Board members in charge of particular areas into the SMR.
Senior Management Functions
As noted above, SMFs replace the old APER Significant Influence Functions.
SMFs are functions that “require the person performing it to be responsible for managing one or more aspects of the relevant firm’s affairs” which “involve, or might involve, a risk of serious consequences for the authorised person, or for business or other interests in the UK”. This may include non-executive directors or directors in other group entities that participate in taking decisions for the firm.
The regulators have designated the following functions as SMFs. (The SMF for small credit unions is not shown in the table below.)
The only apparent difference between PRA SMFs and FCA SMFs is the question of which regulator is responsible for approving an individual for that SMF. Both regulators will be able to engage with and take enforcement action against a any Senior Manager, regardless of which SMF(s) they are approved for.
Click here to view table.
*Every firm (other than a small credit union) will need at least one or more persons performing a Chief Executive, Chief Finance, and Chairman SMF.
†This SMF applies to individuals managing a business area or division which is so (relatively) large that it could jeopardise the firm’s safety and soundness, and which is so substantial (in absolute terms: managing gross total assets of £10bn or more, and accounting for 20% of the firm or group’s gross revenue) that it warrants an SMF. Where a firm chooses to have a committee or control function, even where this is not required by law, the chairman or head of that committee or function must have the relevant SMF approval.
** This SMF applies to an individual not directly employed by the firm, but who is deemed to exercise ‘significant influence’ over its affairs; this will be assessed by the PRA on a case-by-case basis. (An individual outside the firm may perform some of the other SMFs, e.g. Chairman of the Remuneration Committee.)
‡ These SMFs will, together, cover all board members not covered by one of the other SMFs.
*** A ‘miscellaneous’ SMF responsible for one or more Key Functions (see below for details)
More than one person may be approved for the same SMF, e.g. in case of a job-share. In this case, each individual will be responsible for all the responsibilities conferred by that SMF.
Each of the SMFs described above is narrowly defined in the rules by reference to its core responsibility.
As there are also other important responsibilites at a firm beyond those that fall under the SMFs above, the regulators have drawn up a list of these ‘Prescribed Responsibilities’ (PRs) and require that each PR is assigned to one of the existing SMFs.
There are restrictions on the allocation of PRs to SMFs:
- it is expected that “firms will allocate most [PRs] to the SMF with which the responsibility is most closely associated”;
- some PRs can only be allocated to non-executive SMFs; and
- PRs cannot be allocated to the Significant Responsibility SMF (presumably as this person will be in practice a relatively junior member of the firm, usually below Board level).
The PRA may also require firms to allocate other responsibilities to a specific Senior Manager.
The complete list of PRs is as follows:
Click here to view table.
Key Functions and the Significant Responsibility SMF
As noted above, in order to bring non-Board members who are in charge of particular areas of the firm under the SMR, the regulators have created the ‘Significant Responsibility SMF’.
Presumably because this SMF will be relatively junior, they may not be assigned any PRs. Instead, the Significant Responsibility SMF will be responsible for carrying out one or more Key Functions (see below) where these are applicable.
To be precise, this SMF will apply to individuals to whom the Board has delegated overall responsibility for a Key Function or identified risk, which does not fall under the definition of another SMF, where they are primarily responsible for reporting to the Board about that function or risk.
Just as PRs have to be allocated between the different SMFs (other than the Significant Responsibility SMF), so Key Functions must be likewise allocated between the Significant Responsibility SMFs.
The complete list of Key Functions is as follows:
Click here to view table.
Senior Managers are subject to approval by the regulators before they may begin carrying out a SMF. The process of applying for approval of a Senior Manager “will remain similar to the current process for applying for approval as a SIF under [APER]”. Individuals may perform more than one SMF, but will require separate approvals for each; they can combine these in a single application, however.
As above, whether an SMF is an FCA or PRA SMF determines to which regulator the application should be made. Existing arrangements to minimise the need for making applications to both the FCA and PRA will be continued.
When applying for an individual to be approved for an SMF, or whenever there is a significant change in a Senior Manager’s responsibilities, a firm will need to submit:
- a Statement of Responsibility, which is “a statement setting out the aspects of the affairs of the authorised person concerned which it is intended that the person will be responsible for managing in performing the function”,
- a Responsibilities Map, which sets out how the various responsibilities have been allocated (and to make sure there are no gaps in accountability); and
- other information such as CVs, job descriptions, organisational charts and development plans.
Firms will also be obliged to take reasonable steps to ensure newly-appointed Senior Managers are made aware of all information and risks of regulatory concern.
The approval of an individual Senior Manager may now be made subject to conditions or time limits.
Each regulator will be able to take individual enforcement action against any Senior Manager, if warranted.
As noted in the Executive Summary, there is a new ‘presumption of responsibility’, whereby, if a firm breachs a regulatory requirement, the Senior Manager responsible for the area of the breach can be held individually accountable unless they are able to satisfy the regulators that they had taken ‘reasonable steps’ to stop, prevent, or remedy the breach.
In addition, Senior Managers are subject to a greater number of the new conduct rules than other employees (see below). Enforcement action, therefore, may now come from three different directions: an individual breach of the conduct rules; being “knowingly concerned” in a contravention by the firm; or else a contravention of the rules by the area of the firm for which that Senior Manager is responsible.
Senior Managers will also be liable to prosecution for the new criminal offence of taking (or failing to prevent) a decision causing a financial institution to fail, where one is aware of the risks and one’s conduct fell “far below what could reasonably be expected” (s.36 Financial Services (Banking Reform) Act 2013).
Certification Regime (CR)
The Certification Regime (CR) is essentially the level of regulation below the SMR. (The SMR and CR do not overlap: an individual covered by the SMR will not be covered by the CR for work at the same firm.)
It applies to a wider range of individuals than APER did, and covers a number of ‘significant harm functions’ where a person is “involved in aspects of a firm’s affairs (so far as relating to the regulated activity carried on by the firm) that might involve a risk of significant harm to the firm or any of its customers”.
Individuals caught by the CR will not be subject to regulatory approval (as SMFs are); instead, the firm itself will have to certify that they are fit and proper to perform that role, and renew this on an annual basis.
The regulators have separate Certification Regimes, and have specified that these will apply to:
Click here to view table.
The only apparent difference between the FCA CR and PRA CR is that the PRA CR will cover some individuals at UK firms who are themselves based overseas; while the FCA CR will only apply to inviduals either performing their function from an establishment in the UK, or else dealing with a client based in the UK.
Firms will be able to put in place a single process for certifying employees under either FCA or PRA CR.
Where an employee performs multiple CR functions, they must be assessed as fit and proper for each function, although all the different functions may be covered by a single certificate.
If a person moves from one CR role to another CR role, that person must be certified as fit and proper for the new role immediately; the firm cannot wait until the annual renewal of the certificate.
In exceptional circumstances, a person may perform a CR function for up to two weeks without certification where they are providing cover for a certified person whose absence was reasonable unforeseen. (This does not apply, however, to CR functions that have a qualification requirement – see above.)
Fitness and propriety
Neither regulator is proposing to make fundamental changes to the standard of fitness and propriety, although the PRA is consulting on a new supervisory statement with guidance on its general expectations of fitness and propriety. This is not intended to be a significant, substantial change, however.
Both regulators are intending to introduce new requirements about the evidence firms need to collect:
- firms must run a criminal records check on SMF candidates; and
- firms must request a reference from the previous employer of an SMF or CR candidate, covering their previous five years’ employment history.
The FCA and PRA have proposed new conduct rules for banks, building societies, and PRA-authorised investment firms. These will go into a new section of the Handbook: ‘C-CON’.
The new conduct rules are clearly based on the previous rules for individuals in APER (and also, to a lesser extent, the Principles for Businesses (PRIN) aimed at firms).
The main difference between the new rules and APER is the greatly increased scope of the former (see below).
Obligations for firms
As well as Firms are obliged to
- make individuals aware if they are subject to the new conduct rules, and provide suitable training;
- notify the regulators when they are aware – or suspect – that a person has breached the rules; and
- notify the regulators (within seven business days for Senior Managers, or quarterly for everyone else) when they have taken formal disciplinary action following breach of the conduct rules.
Only the FCA needs to be notified, and it will pass on information to the PRA as required.
The PRA conduct rules (rules 1-3 and SM1-4) will apply to:
- all Senior Managers, whether approved for a PRA or FCA SMF; and
- anyone falling within the PRA CR (i.e. who carries out a ‘significant harm function’ involving a risk to safety and soundness) (rules 1-3 only);
and these will be enforced by the PRA against individuals in these categories.
The FCA, on the other hand, will apply and enforce all conduct rules (rules 1-5 and SM1-4) against all Senior Managers.
In addition, the FCA will apply all the first tier conduct rules (rules 1-5) to all other staff at banks, building societies, credit unions and PRA-authorised investment firms. The only staff excluded from this will be specified ancillary support staff, e.g. receptionists and security guards. (The FCA has provided an exhaustive list all those so exempt.)
The new rules and the old
The new rules will “provide a framework against which regulators will make judgements about an individual’s actions as part of their general supervision of firms”:
Click here to view table.
The rules are admittedly “written at a high level of generality. This is intentional because they will cover a very large group of people doing a wide range of different jobs”.
Both regulators are consulting on further guidance on relevant standards. In the FCA’s case, this guidance is much more detailed and developed than the guidance provided under APER.
Geographical scope of the new regime
Like much of the new regime, the applicability of the above to non-UK firms or staff is not at all straightforward.
There is also a large degree of uncertainty arising from the Chancellor’s declared intention to extend the regime to cover all branches of foreign banks operating in the UK, which is expected to be the subject of a future HM Treasury consultation paper. The FCA is apparently considering how the regimes might be extended as far as possible to UK branches of EEA firms – subject to single market regulations – but appears loath to consider the matter in any detail until after the Treasury consultation.
The situation as it can be ascertained at present, therefore, is as follows:
Click here to view table.