On 4th July 2018 the FCA published its near-final rules on how it plans to extend the Senior Managers and Certification Regime (SM&CR) to the wider financial services sector.
So what has happened already?
The SM&CR was rolled out to banks, building societies, credit unions, and PRA designated investment firms (called "banking firms") in 2016. A modified version of the regime (the Senior Insurance Managers Regime) was also rolled out to insurers at the same time. The regulators now intend to extend the SM&CR to most financial services firms as well as to dual-regulated insurers.
The FCA already published its draft proposals for extending the SM&CR in last year's consultation papers (CP17/25 and CP17/40). In this briefing we set out a full summary of the key rules as they are now proposed in the FCA's latest Policy Statement (Extending the SM&CR to FCA firms – feedback to CP17/25 and CP17/40, and near final rules - PS18/14). At the end of the briefing we summarise the key changes to the original proposals.
We have prepared a separate briefing on the extension of the SM&CR to dual-regulated insurers.
The proposed timetable for implementation
9 December 2019
Conduct rules apply to SMFs and Certification Staff so before commencement, firms must:
One year from 9 December 2019 to 8 December 2020
During this one year period, firms must:
Post transitional period
9 December 2020
|Post 9 December 2020|| |
Ongoing requirements to:
What are the key changes following the public consultations?
The vast majority of respondents to the consultations supported the FCA's proposals although many asked for further clarification on how the rules will apply. As a result, some changes have been made to the original proposals and a substantial Guide for FCA solo regulated firms has been published. For a summary of the main changes, see Box A at the end of this briefing.
The SM&CR does not apply to Appointed Representatives (ARs) (except for certain Limited Permission Consumer Credit firms that also act as ARs for other businesses).
An outline of the new regime
The three main elements that we expected from the roll out to the banking firms remain, and are called the "core regime":
- The senior managers regime. The most senior people in a firm will be approved by the FCA, with firms also having a responsibility to ensure they are suitable for their role (with a review at least once a year). The senior managers will be required to have:
- A statement of responsibilities – mapping what they are responsible and accountable for;
- A duty of responsibility – meaning that if something goes wrong in an area they are responsible for, the FCA will consider if they took "reasonable steps" to stop it from happening;
- Prescribed responsibilities – these will vary by firm, and are responsibilities that the FCA will require firms to place on their senior managers.
- The certification regime. This will cover people who are not senior managers, but whose jobs mean they have a significant impact on customers, markets, or the firm (called "significant harm functions").
- These roles include proprietary traders, CASS oversight function, functions subject to qualification requirements, client dealing functions, algorithmic traders, material risk takers, and any supervisor or manager of someone who is a certified person
- These individuals will not be approved by the FCA; rather they will be approved by their own firm.Their firm will have to "certify" they are suitable (fit and proper) to carry out their job (with a review taking place at least once a year).
- The conduct rules. These will apply to almost all people working in financial services. The conduct rules will be:
|Row 1|| |
You must act with integrity
|Row 2|| |
You must act with due skill, care and diligence
|Row 3|| |
You must be open and cooperative with the FCA, the PRA and other regulators
|Row 4|| |
You must pay due regard to the interests of customers and treat them fairly
|Row 5|| |
You must observe proper standards of market conduct
Additional conduct rules will also apply to Senior Managers:
|SC1||You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively|
|SC2||You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system|
|SC3||You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee this effectively|
|SC4||You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice|
So what are the key differences going to be?
- Senior managers will be created and they will have more clear individual responsibilities and more clear accountability than previously
- The "approved persons" regime will disappear; being replaced at the senior end by the senior management regime, but for the most part by the certification regime (which will likely include at least as many people as were previously approved persons, probably more)
- Firms take on from the FCA their own responsibility for the certification (and assessing suitability and fitness and propriety) of individuals
- A new duty of responsibility on senior managers, making senior managers more accountable for contraventions in the part of the business for which they are responsible
- New "simple" code of conduct rules will apply to almost everyone in the firm
- The regulatory referencing scheme which has been introduced for banking firms will extend to all firms in the regulated sector, so increasing the obligations around obtaining, and giving, references
And for those who have been looking closely at what banking firms have previously been subject to, what are the key differences?
The core regime is "lighter" than the regime that the banking firms are subject to. Banking firms also have obligations which do not apply to firms covered by the "core regime". These are the obligations to:
- have a full responsibilities map for their business;
- have full handover responsibilities; and
- have a senior manager responsible for every area of their business.
However, although these obligations are removed for firms covered by the core regime, firms who are covered by the "enhanced regime" will need to comply with these obligations. More details are set out below on the "enhanced regime", which essentially applies to the biggest, more complex, firms.
How does the "core regime" vary for firms?
The "core regime" applies as a rule of thumb to all firms.
There are increased obligations for firms covered by the "enhanced regime" (larger and more complex firms) and reduced obligations for firms covered by the "limited scope" regime.
In terms of how firms work out whether they are "core regime", "enhanced regime" or "limited scope", a useful diagram from the FCA Guide is reproduced below (wording underlined indicates the changes made following the FCA's consultation)
An enhanced firm will have:
More senior managers
More prescribed responsibilities for those senior managers
As is referred to above, enhanced firms will also have to have the below in place (similar to banking firms):
- a full responsibilities map for their business (which sets out the firm's management and governance arrangements)
- full handover procedures (to ensure that every senior manager role has the information and materials needed to do the job effectively)
- a senior manager responsible for every area of their business
So what will the SM roles be?
Core regime firms, and enhanced regime firms, are proposed to have the following senior manager roles (far fewer than banking firms), although there is the ability to flex these depending on what is relevant / appropriate for firms:
|Money Laundering Reporting Officer||MLRO|
The requirements for limited scope firms will be lower.
Enhanced firms will also have to review and have as appropriate additional senior manager roles as follows:
|Chief finance function||SMF2|
|Chief risk function||SMF4|
|Head of internal audit||SMF5|
|Senior independent director||SMF14|
|Chair of remcom||SMF12|
|Chair of risk committee||SMF10|
|Chair of audit committee||SMF11|
|Chair of nominations committee||SMF13|
|Group entity senior manager||SMF7|
|Chief operations function||SM25|
|Other overall responsibility||SMF18|
Core regime firms and enhanced regime firms will also have to place "prescribed responsibilities” on the senior managers including the below (limited scope firms will not be subject to this): Responsibility for:
- performance of obligations under the senior manager regime including implementation and oversight
- performance of obligations under the certification regime
- performance of firm in relation to conduct rules
- firm's policies and procedures regarding countering the risk of firm being used for financial crime
- firm's compliance with CASS (as applicable)
- value for money assessments, independent director representation and acting in investors' best interests
Enhanced firms will also have to have responsibilities for:
- compliance with rules relating to firm's responsibilities map
- safeguarding and overseeing independence and performance of internal audit
- safeguarding and overseeing independence and performance of compliance function
- safeguarding and overseeing independence and performance of risk function
- if audit function outsourced, overseeing independence and performance of that
- developing and maintaining firm's business model
- managing the firm's stress tests and ensuring accuracy and timeliness of information provided to the FCA for stress testing
What guidance has the FCA given on the new duty of responsibility?
The FCA will not be making any changes (other than to definitions) to its current guidance on the duty of responsibility currently applying only to banks, as set out in its Decision Procedure and Penalties manual of its handbook (DEPP). The FCA explains its reasoning for this in its guidance set out in SP18/16, also published on 4 July 2018.
What are the proposals re Regulatory References?
The regulatory reference scheme proposed to go along with the new senior manager and certification regimes looks very similar to that brought in for banking firms. This will require firms to request references for regulated individuals from past employers, and also to provide such references.
This is a step up from previous referencing obligations and requirements, and is what enables firms to get the information that they need to work out if someone is fit and proper.
For more information on the Regulatory References regime for banking firms click here.
How will individuals be moved to the new regime?
For the majority of firms, the FCA plans to automatically convert existing relevant controlled functions approved under the Approved Persons Regime (APR) into Senior Manager Functions in the new SM&CR. Of course, the majority of those under existing functions will not automatically convert because those roles will no longer require approval by the FCA and will not be Senior Manager roles. This means the majority of firms will not need to submit anything to the FCA unless they need to change their approved individuals before conversion or apply for new approvals to be effective after Commencement (see below New and in-flight applications).
To keep the conversion process simple, there will be a different approach depending type of firm.
- Core and limited scope firms, conversion to Senior Managers
Key points to note include:
- Senior Managers will be automatically converted wherever possible with no action required by firms
- There will be no need to perform extra checks such as mandatory criminal records checks and regulatory references because firms will already have to ensure that these individuals are, and continue to be, fit and proper
- There is just one exception to the automatic conversion rule: where a CF2 Non-Executive Director is going to perform the SMF9 – Chair function, the firm must notify the FCA using Form K
Enhanced firms, conversion to Senior Managers
For enhanced firms, there will be no automatic conversion to Senior Manager roles. To convert existing approved individuals to new Senior Manager Functions, enhanced firms will need to submit:
- Form K conversion notification
- Statements of responsibilities
- Responsibilities Map
Form K is used to tell the FCA who the firm wants to assign to the new SMFs, but no further approval is required if the proposed SMFs can be mapped directly from the APR. For individuals who hold these so-called "mapped functions", there will be no need to do extra checks when they are converted since firms are already required to ensure that these individuals are, and continue to be, fit and proper.
Failure to submit a conversion notification (Form K) will be a breach of regulatory requirements which means the firm will have no FCA approved individuals, risking possible enforcement action by the FCA. Firms in this situation would then have to follow the full application process for approval of the relevant individuals, including mandatory criminal records checks and regulatory references.
- New and in-flight applications
The FCA guide explains the process if a firm wishes to change their approved individuals before Commencement. The key points to note are as follows:
- The existing processes for applications for controlled functions under the APR will apply right up to Commencement
- The SM&CR application forms will be available for submission before Commencement but any new approvals will only be effective from Commencement
- An APR application submitted but not determined before the start of the new regime will be converted to an application for the relevant SMF at Commencement
What are the next steps?
Firms now have approximately 18 months to prepare for implementation of the new regime so you now need to start your preparations by considering the following:
Who is planning and running your preparations? Do they have a project plan?
What firm-type are you? Core, enhanced or limited? Use the firm checker tool in the FCA Guide.
Consider preparing a responsibilities map. Whilst only enhanced firms are required to produce a full responsibilities map, this could be a good exercise for all firms to carry out as it will make the transition to SM&CR far easier.
Check the appropriate people are in the correct approved functions before conversion of approved individuals to SM roles. This will make conversion much easier and smoother.
Who are your SMs going to be? Are they fit and proper? When are you getting your applications ready? What will their responsibilities be? Are their prescribed responsibilities clearly included in their statement of responsibilities? Check all prescribed responsibilities which apply to your firm are covered. Check every activity, business area and management function has been allocated to an SM under the Overall Responsibility requirement.
Trained your SMs? Do they know what the duty of responsibility is? Do they know that they need to make sure happy with their statements of responsibility? Trained on the Conduct Rules?
Certification regime – which (if any) of the defined Certification Functions apply to your firm? Identify certified persons before Commencement. How will you assess if fit and proper, fitting these into existing HR processes? What will their training be?
Conduct Rules – who will they cover? Identify other Conduct Staff and ancillary staff. Understand conduct rules training and notification requirements.
For enhanced firms, handover procedure, and responsibilities mapping.
From HR perspective – review contracts, policies and procedures; how do you fit criminal records checks and regulatory reference requirements into recruitment processes?
Key Documents and Links
PS18/14 - Extending the SM&CR to FCA firms – feedback to CP17/25 and CP17/40, and near final rules
SM&CR: Guide for FCA solo regulated firms July 2018
PS18/16: The Duty of Responsibility for insurers and FCA solo-regulated firms
Outcome of the July and December 2017 Consultations
The key changes to the FCA's proposals in CP17/40 (July 2017) are:
The main changes to the FCA's proposals in CP17/40 (December 2017) are:
 See page 8 of the FCA Guide for a useful table of firm types
 For example, someone performing a CF10 (Compliance Oversight function) will be eligible to be converted automatically into a SMF16 (Compliance Oversight function)
 E.g. CF10a, CF28, CF29, CF30 and CF2 (Non-Executive Director except SMF9- Chair)
 See page 62 of the FCA Guide for proposed function mapping for Enhanced firms and page 54 for Core and Limited Scope firms (including branches)