The UK’s new regulatory regime for individuals Part 2: How does it apply to (re)insurers? Legal Update 15 October 2015 This legal alert will be of interest to UK (re)insurers, including UK branches of non-EEA (re)insurers. It will primarily be of interest to Solvency II firms but non-Directive firms should note that the regime will also apply to them, albeit in a streamlined approach for smaller non-Directive firms. Key points: (a) Solvency II imposes governance requirements on (re)insurers, including a requirement to have a clear allocation of responsibilities and to ensure that key individuals are fit and proper to perform their roles. (b) The requirements of Solvency II are combined with a new regulatory regime for individuals who work in financial services firms in the UK which will apply to UK (re)insurers subject to Solvency II, including UK branches of non-EEA (re)insurers. (c) The UK’s new regulatory regime will also apply in a similar way to (re)insurers outside the scope of Solvency II, although there will be a streamlined approach for smaller non-Directive firms with assets of £25 million or fewer. (d) The Solvency II requirements come into force on 1 January 2016. The new regime will come into operation on 7 March 2016 but there are some transitional provisions – see further sub-paragraph (h) below. (e) There are four key elements to the regime: (i) Solvency II obliges (re)insurers to identify key function holders. Such key function holders may also be within the scope of the FCA and PRA’s regimes for individuals. (ii) The Senior Insurance Managers’ Regime focuses on the most senior decision makers (Senior Insurance Manager Function (“SIMF”) holders) and is governed by the PRA. (iii) The FCA has made changes to its existing Approved Persons Regime for Significant Influence Function (“SIF”) holders. (iv) Conduct Rules will apply to SIMF and SIF holders from 7 March 2016. (f) In terms of deadlines, (re)insurers: (i) may send the regulators new applications for SIMF and SIF holders (with Scope of Responsibilities statements) who will take up their posts after 7 March 2016 from 1 January 2016; (ii) must have governance maps in place from 1 January 2016; (iii) must notify the regulators of the individuals who are to be grandfathered into the new regime by 8 February 2016; (iv) must submit Scope of Responsibilities statements to the PRA for grandfathered SIMF holders and make such statements available to the FCA for grandfathered SIF holders by 7 September 2016. 2 mayer brown 1. This is the second in a series of legal alerts looking at how the UK’s new regulatory regime for strengthening accountability in certain financial services firms, which generally comes into force on 7 March 2016, affects specific individuals. We consider the application of the regime to UK (re)insurers and UK branches of non-European Economic Area (“EEA”)1 (re)insurers. The first in our series of legal alerts was The UK’s new regulatory regime for individuals Part 1: How does it apply to UK branches of EEA and non-EEA banks and PRA-designated investment firms? 2. In the context of (re)insurers, the requirements of the UK’s new regulatory regime are combined with the requirements of the Solvency II Directive (“Solvency II”)2 . Solvency II comes into force on 1 January 2016 and introduces a new solvency and supervisory regime for EU (re)insurers. One of its aims is to ensure that (re)insurers are under sound and prudent management and have an effective system of governance (Articles 40 – 50 Solvency II). To that end, Solvency II requires all individuals in senior management positions to be ‘fit and proper’ to fulfil their management role. UK Solvency II firms will thus be subject to a combined regulatory regime for individuals which comes into force in stages with key dates being 1 January and 7 March 2016. 3. The new regime consists of four elements: (a) the identification of key function holders who must be reported to the Prudential Regulation Authority (“PRA”); (b) a Senior Insurance Managers Regime (“SIMR”) governed by the PRA; (c) a revised Approved Persons Regime (“APR II”) governed by the Financial Conduct Authority (“FCA”); and (d) Conduct Rules.”. Both the APR II and SIMR apply to the most senior individuals in UK (re)insurers. The final rules for the APR II and SIMR were published on 13 August 20153. (Re)insurers affected will have until 8 February 2016 to notify the UK regulators of the individuals who are eligible to transfer from the old Approved Persons Regime (“APR I”) to the new APR II and SIMR. 4. In August 2015, the PRA published a policy statement containing its final rules on the SIMR for the approximately 100 (re)insurers that are not subject to Solvency II4 known as non-Directive firms (“NDFs”). In essence, the largest NDFs with assets over £25 million in respect of regulated activities will be subject to a similar SIMR as Solvency II firms, whilst the smaller NDFs will be subject to an abridged version. In the same month, the UK regulators also published further consultation papers on the FCA’s APR II and the PRA’s SIMR for (re)insurers not subject to Solvency II5 . Responses to the consultation papers are requested by 12 October 2015 and the FCA will publish its final rules in autumn 2015. 1 At the time of writing, the EEA consists of the 28 Member States of the European Union plus Iceland, Liechtenstein and Norway. 2 Directive 2009/138/EC which can be found here: http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32009L0138&from=en as modified by Directive 2014/51/EU (“Omnibus II”) which can be found here: http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32014L 0051&from=EN. 3 The PRA published a policy statement on strengthening accountability in insurance (PS22/15) and the FCA published a policy statement on changes to its approved persons regime for Solvency II (re)insurers (PS15/21). The PRA also published a supervisory statement (SS35/15) that sets out the PRA›s expectations of (re)insurers as regards the SIMR. 4 PS21/15 5 PRA CP26/15 and FCA CP15/25. mayer brown 3 5. We address below all points that we anticipate are of interest to UK (re)insurers and UK branches of nonEEA (re)insurers. Readers who wish to focus on specific areas should click on the links below to be directed to the relevant section of this legal alert : Links Background...................................................................................................................................................para. 6 Differences between the regime for banks and the regime for (re)insurers...................................para. 10 Scope...............................................................................................................................................................para. 11 The new regime............... ............................................................................................................................. para. 13 Key function holders...................................................................................................................................para. 14 PRA’s SIMR: Senior insurance management functions .....................................................................para. 23 FCA’s APR: Significant Influence Functions ........................................................................................para. 32 SIMR: Allocation of prescribed responsibilities..................................................................................para. 36 Scope of Responsibilities statement........................................................................................................para. 41 Governance maps.........................................................................................................................................para. 44 UK branches of non-EEA firms..................................... ...........................................................................para. 47 The new conduct regime • PRA regime .............................................................................................................................................para.54 • FCA regime .............................................................................................................................................para. 60 Grandfathering ............................................................................................................................................para. 61 What happens next?....................................................................................................................................para. 66 Background 6. The background to the UK’s new regulatory regime for individuals in specified financial services firms was discussed in detail in our alert on The UK’s new regulatory regime for individuals Part 1: How does it apply to UK branches of EEA and non-EEA banks and PRA-designated investment firms? 7. In brief, the UK’s new regulatory regime for individuals in (re)insurers stems from a UK government review of the banking sector’s professional culture and practice. The government established the Independent Commission on Banking (“ICB”) in June 2010 to advise it on how to reduce systemic risk and to propose structural reforms to promote financial stability in the banking sector. Its findings and recommendations were published in the Vickers Report in September 2011. The government supported many of the recommendations, notwithstanding some nuances, and these were incorporated into the Financial Services (Banking Reform) Bill (the “Bill”) which was introduced into Parliament on 4 February 2013. Various amendments were made to the Bill, mainly as a result of the recommendations of the Parliamentary Commission on Banking Standards (“PCBS”), which was established on 17 July 2012 to opine on the Bill. Accordingly, a new regulatory regime for individuals in banks and large investments firms was created by what is now the Financial Services (Banking Reform) Act 2013 (which amended the Financial Services and Markets Act 2000 (“FSMA”)). 4 mayer brown 8. The UK regulators were already required to update their regime for individuals in (re)insurers in order to implement Solvency II but, in November 2014, the PRA proposed that it would develop a SIMR akin to that developed for banks and large investment firms, despite the fact that the amendments made to FSMA by the Financial Services (Banking Reform) Act 2013 did not extend to (re)insurers. The PRA was of the view that those who run regulated firms should have clearly defined responsibilities and behave with integrity, honesty and skill regardless of whether they work for banks, investment firms or (re)insurers. It also recognised that many groups contain both banks and (re)insurers so that operating two very distinct regulatory regimes for individuals would be complex and inefficient for such groups (and for the regulators themselves). The PRA made clear, however, that the regime for (re)insurers should be based on, but not be identical to, the regime for banks: recognising the different legislative frameworks, business models and risks posed by banks and (re) insurers. 9. The new regime for banks, large investment firms and (re)insurers will hinge on ensuring that individuals who undertake the main responsibilities in a firm within scope are identified, understand their responsibilities and formally accept them. It is possible that eventually the new regime will be applied to all regulated financial services firms in the UK. The regulators’ will to extend the regime to (re)insurers despite the lack of a legislative underpinning lends credence to this hypothesis. Differences between the regime for banks/large investment firms and the regime for (re)insurers 10. There are a number of key differences between the main regime for banks/large investment firms and the regime for (re)insurers. These are set out below: (a) The lack of a legislative underpinning means that the criminal sanctions set out in FSMA have not been incorporated into the SIMR. Thus, the new criminal offence relating to a decision which causes a bank or large investment firm to fail does not apply to individuals within the scope of the SIMR. (b) The presumption of responsibility which reverses the burden of proof in situations of regulatory breach does not apply to individuals working in (re)insurers. Senior managers in banks and large investment firms, unlike senior managers in (re)insurers, will be accountable when regulatory requirements are contravened in areas for which they are responsible unless they can show that they positively took reasonable steps to prevent or stop a contravention. (c) The new regime for (re)insurers does not have an equivalent of the certification regime which applies to individuals in banks and large investment firms who are outside the scope of the Senior Managers Regime but are capable of causing significant harm to the firm or its customers. (d) The application of the Conduct Rules to individuals working in (re)insurers is more limited than is the case in respect of banks and large investment firms: the Conduct Rules only apply to the individuals in (re)insurers requiring regulatory pre-approval, not all staff. There are some additional requirements for (re)insurers, most notably in respect of key functions, which reflect the requirements of Solvency II but overall the regime for (re)insurers is neither as extensive nor as extraterritorial as that imposed on banks and large investment firms. mayer brown 5 Scope 11. The new regime will affect UK (re)insurance firms and groups who are subject to Solvency II, the Society of Lloyd’s, managing agents, insurance special purpose vehicles and UK branches of non-EEA (re)insurers (apart from Swiss (re)insurers6), although the regime is not as extensive for UK branches of non-EEA (re) insurers and this update will deal with those separately. UK branches of EEA (re)insurers are unaffected by this new regime unless a rule specifically indicates otherwise. 12. The new regime will also apply in a similar way to NDFs with assets of more than £25 million in respect of regulated activities, whilst there will be a more streamlined approach to NDFs with assets of £25 million or fewer. Most of these (re)insurers are mutuals and many of them are registered as friendly societies. The application of the regime to NDFs is not covered in this legal alert. The new regime 13.`The existing APR requires the UK regulators to approve persons carrying out a ‘controlled function’ in a financial services firm. Controlled functions are specified functions carried out by a person that relate to the carrying out of an activity that is regulated in the UK. The PRA will no longer operate an APR. All PRA-controlled functions will also be ‘senior insurance management functions’ (“SIMF”). The FCA will pre-approve all individuals in Solvency II (re)insurers who take up executive and certain other controlled functions that the PRA has not otherwise approved. The FCA has maintained the majority of its existing controlled functions and they will remain known as ‘significant influence functions’ (“SIF”). In addition and to reflect the requirements of Solvency II, all senior individuals who are effectively running a (re)insurer or who have responsibility for other ‘key functions’ at those (re)insurers will be known as key function holders. Key function holders 14. n order to comply with the requirements of Solvency II, each (re)insurer must identify all key function holders and notify the PRA about key function holders who take up post after 1 January 2016. Some, but not all, key function holders will also be SIMF and / or SIF holders and thus require regulatory pre-approval. The list of key function holders will, however, be wider than the lists of SIMF and SIF holders and not all key function holders will require regulatory pre-approval before taking up their posts. 15. The PRA has defined the term “key function” as meaning: (a) the risk management system function; (b) the compliance function; (c) the internal audit function; (d) the actuarial function; (e) the function of effectively running the (re)insurer7 ; and/or (f ) any other function which is of specific importance to the sound and prudent management of the (re)insurer. 6 PRA Rulebook, Insurance – Senior Insurance Management Functions 1.1. 7 This would normally include all the members of the governing body, plus those individuals on the governing body of a parent or other group company who are SIMF7 holders. It would also include members of the senior management (such as the CEO) who are responsible for high level decision making and for implementing the strategies devised and the policies approved by the board. At least two persons must be performing this key function. 6 mayer brown 16. The PRA requires (re)insurers to cover at least the following key functions: (a) risk-management; (b) compliance; (c) internal audit; and (d) actuarial. This is not intended to be an exhaustive list. (Re)insurers and groups should consider whether there are any additional key functions of specific importance to their business, such as an investment function, IT function or a claims management function. 17. The PRA expects (re)insurers when deciding on whether any additional key functions exist to have regard to: (a) whether the function is essential for the proper functioning of the (re)insurer or group considering its risk profile and business; (b) whether the function assumes material or complex financial market risks as part of its activities or assumes material credit risk through the activity of providing loans; (c) whether a competence that is difficult to replace is required to perform the function; or (d) whether the failure in the operation or effectiveness of the function may seriously threaten the interests of the (re)insurer, its group or policyholders. The PRA expects that investment managers and traders who either oversee or undertake significant or frequent investment (or currency) activities on behalf of the (re)insurer (or any of its clients or policyholders) would normally be considered to be a key function holder. 18. Normally, a key function holder would report to a SIMF holder. Two or more individuals may perform the same key function. The (re)insurer must be able to clearly explain how the function is shared, justify this as appropriate and have clear reporting lines and lines of responsibility for each individual. In general, a (re) insurer should make sure to organise key functions as is most effective for an efficient and prudent system of governance. 19. All key function holders, including SIMF holders, must be assessed by the (re)insurer for whom they are performing the function to ensure that they are fit and proper to carry out their function effectively8 . (Re) insurers should examine an individual’s honesty, integrity and reputation; competence and capability; and financial soundness to determine whether they have the personal characteristics, the level of knowledge and experience, the qualifications and the training to perform their key function effectively. This analysis will include looking into past business conduct and adherence to Conduct Standards (see paragraphs 54 - 59 below on the new Conduct regime) or criminal convictions whether from inside or outside the UK9 – although everything must be looked at in context and a past criminal conviction does not automatically preclude a person from being fit and proper. The assessment must be tailored to the role for which the person is applying– in other words he must be fit and proper to perform his particular role. 20. Fitness and propriety must be monitored on an ongoing basis. Internal tools, such as appraisals and conduct records, can be used for ongoing assessment, although they will not provide enough information in isolation. All material generated and examined in relation to the (re)insurer’s fitness and propriety assessment should be made available to the PRA on request. 8 PRA Rulebook, Insurance – Fitness and Propriety 2.1. 9 The consent of the relevant individual may be needed for access to their records – see the PRA Rulebook, Insurance - Fitness and Propriety 2.4. mayer brown 7 21. (Re)insurers must notify the PRA of changes to the identity of key function holders and provide the PRA with all the information needed to assess whether the new key function holder is fit and proper, as well as a summary of the significant responsibilities allocated to that person. Complete applications for pre-approval will contain the information required to satisfy this notification requirement for key functions which are also SIMFs and/or SIFs. Where a (re)insurer become aware of information, including any breaches of the PRA’s Conduct Rules, that would reasonably be expected to be material to the assessment of a current or former key function holder’s fitness and propriety, they must notify the PRA as soon as reasonably practicable. Further, a (re)insurer must notify the PRA as soon as reasonably practicable where it replaces a key function holder because it considers that that person is no longer fit and proper. 22. Performance of a key function may be outsourced in accordance with the Solvency II level 2 legislation but there must be sufficient oversight of the outsourced functions. Outsourcing must be recorded in the governance maps – see paragraphs 44 and 46 below. The PRA’s SIMR: Senior insurance management functions 23. The PRA has identified a list of SIMFs. In general, UK re(insurers) must ensure that at least one person performs each of the following SIMFs: PRA SIMFs10 Description Existing controlled function(s) Chief Executive function (SIMF1) The function of having responsibility, under the immediate authority of the governing body, for managing the conduct of the (re) insurer Chief executive (CF3) Chief Finance function (SIMF2) The function of having responsibility for the management of the financial resources of the (re)insurer and reporting to the governing body about financial affairs Director (CF1) PRA Systems and Controls (CF28) Chairman (SIMF9) The function of having responsibility for chairing and overseeing the performance of the (re)insurer. This function must be performed by a non-executive director (“NED”) who is expected to devote a larger amount of time to their role than other NEDs as it is so crucial to the safety and soundness of the business. Non-executive director (CF2) 10 PRA Rulebook, Insurance – Senior Insurance Management Functions contains the definitions of all SIMFs. 8 mayer brown 24. The following are also designated as SIMFs and must be appointed within a (re)insurer, where appropriate: PRA SIMFs11 Description Existing controlled function(s) Chief Risk function (SIMF4) The function of having responsibility for overall management of the risk management system Director (CF1) PRA Systems and Controls (CF28) Head of Internal Audit function (SIMF5) The function of having responsibility for the management of the (re)insurer’s internal audit Director (CF1) PRA Systems and Controls (CF28) Group Entity Senior Insurance Manager function (SIMF712) The function of having significant influence on the management or conduct of one or more aspects of the affairs of a (re)insurer in relation to its regulated activities (and not while performing another SIMF) while being an employee/officer of a parent or group undertaking. This function may be performed by a NED but this will be unusual. Director (CF1) Non-executive director (CF2) Chairman of Risk Committee function (SIMF10) The function of having responsibility for chairing and overseeing the performance of any committee responsible for the oversight of the risk management system. This function must be performed by a NED. Non-executive director (CF2) Chairman of Audit Committee function (SIMF11) The function of having responsibility for chairing and overseeing the performance of any committee responsible for the oversight of the internal audit function. This function must be performed by a NED. Non-executive director (CF2) Chairman of Remuneration Committee function (SIMF12) Te function of having responsibility for chairing and overseeing the performance of any committee responsible for the oversight of the design or implementation of remuneration policies and practices of a (re) insurer. This function must be performed by a NED and responsibility for oversight of remuneration must go to a NED even where no Committee exists. Non-executive director (CF2) Senior Independent Director (SIMF14) The function of performing the role of a senior independent director and having particular responsibility for leading the assessment of performance of the person performing the Chairman function. This function must be performed by a NED. Non-executive director (CF2) Chief Actuary function (SIMF20) The function of having responsibility for the actuarial functions from Conditions Governing Business 613 Director (CF1) PRA Actuarial function holder (CF12) PRA Lloyd’s Actuary (CF12B) FCA Significant Management (CF29) 11 PRA Rulebook, Insurance – Senior Insurance Management Functions contains the definitions of all SIMFs. 12 The PRA indicated in Supervisory Statement 35/15 that this function is likely to include the chairman of the group or the chair of a key group board committee if that committee has direct oversight of areas of the (re)insurer. It will also include any senior persons in the group who are responsible for some aspect of the group’s safety or soundness. 13 Conditions Governing Business 6 can be found here: http://media.fshandbook.info/Legislation/2015/PRA _2015 _20.pdf. It comes into force on 1 January 2016. mayer brown 9 With-Profits Actuary (SIMF21) The function of having responsibility for advising the governing body of a (re)insurer transacting with-profits insurance business on the exercise of discretion. PRA With-Profits Actuary (CF12A) Chief Underwriting Officer (SIMF22) The function of having responsibility for the underwriting decisions in respect of the (re) insurer’s general insurance business Director (CF1) FCA Significant Management (CF29) Underwriting Risk Oversight (Lloyd’s) (SIMF23) The function of overseeing and influencing underwriting plans by managing agents in respect of risks borne by members Director (CF1) PRA Lloyd’s Actuary (CF12B) FCA Significant Management (CF29) 25. The range of individuals that is subject to PRA pre-approval will, therefore, be more limited than currently but the narrower scope could indicate that SIMF holders will be subject to greater scrutiny. FCA consent to the pre-approval remains necessary. 26. (Re)insurers should bear in mind that persons based overseas might be performing SIMFs, most likely SIMF7, if they exercise significant influence over the affairs of the UK (re)insurer but the scope of the SIMFs only applies in relation to UK-regulated activities. Accordingly, the application of the SIMR to individuals in a UK (re)insurer’s parent firm or group entities, particularly those based overseas, is limited. Further, the PRA will not require the pre-approval of individuals whose responsibilities in the UK are limited to developing group strategy. The PRA’s focus is on those individuals who, irrespective of their location, are directly responsible for implementing the group’s strategy at UK firms. Accordingly, an individual who is directly responsible for taking decisions about how a UK (re)insurer should conduct its UK-regulated activities and has not delegated this responsibility to a UK-based Senior Insurance Manager is likely to require pre-approval, probably as SIMF7, irrespective of his location. 27. As indicated above, NEDs may only perform certain SIMFs and certain SIMFs may only be performed by NEDs. NEDs must generally only perform oversight functions and should not be directly responsible for the areas they oversee in order to prevent them from taking on de facto executive responsibility. NEDs without specific responsibilities for internal board committees are not included within the SIMR. 28. SIMF holders, including those who are performing a function which has also been designated a key function, must be pre-approved to do so by the PRA. The PRA will only approve persons whom it finds to be ‘fit and proper’ to perform their function. The same thresholds and criteria apply as where (re)insurers must perform their assessment of persons performing key functions (see paragraph 16 above) – the only difference is that the assessment is the responsibility of the PRA rather than the (re)insurer. The (re)insurer must provide the PRA with all the evidence it has which is relevant to this assessment, along with a prescribed form, Form A14. There is a specific requirement for the (re)insurer to provide the PRA with regulatory references as part of this evidence, which it must take reasonable steps to obtain from the relevant individual’s previous employers. The requirements around the substantive content of these references are still under consultation15. Where the person requiring approval is a NED, references must also be obtained from any firm for whom he has previously acted as a NED. 14 The electronic version of Form A to be submitted online is not yet available, but a link to a copy of each form for the new regime can be found here: http://www.bankofengland.co.uk/pra/Pages/authorisations/simr/default.aspx. 15 CP15/31: Strengthening accountability in banking and insurance: regulatory references. 10 mayer brown 29. If the PRA considers, once they have looked at all the evidence, that any person is not fit and proper to perform their function they can take action in a range of ways. The PRA may raise concerns with the Chairman of the (re)insurer (if the potential SIMF holder is a NED) or seek additional information from the applicant or (re)insurer. They may, in extreme circumstances, use the prohibition power in section 56 of FSMA which will prohibit the relevant individual from performing the specified function. 30. SIMFs can be performed by more than one person but the same caveats as for the sharing of key functions apply (see paragraph 18 above): job-sharing is only permitted where it clearly delineated and can be justified in the interests of sound and prudent management. The allocation and sharing of the responsibilities included in the SIMF must be done efficiently and must be clear on all relevant documents. Each person may hold more than one SIMF but certain combinations of SIMFs may not be performed by the same person because of the risk of a conflict of interests. SIMFs may also be performed by one person in relation to more than one (re)insurer if the PRA considers that the person has sufficient time, resources and capabilities to do so but individuals must again take care not to create a conflict of interests. 31. The PRA has emphasised that the requirements of the SIMR are in addition to pre-existing requirements for boards and directors and should not conflict with anything under, for example, the Companies Act 2006. They are particularly concerned to ensure that the regime is applied proportionately to NEDs so as not to compromise their independence or discourage potential candidates from taking on the NED roles. Both (re) insurers and the PRA should take these points into account when assessing whether individuals are capable of performing certain roles. The FCA’s APR: Significant Influence Functions 32. To complement the new regime designed by the PRA, the FCA has adapted its existing APR so that the two regimes work together and do not conflict. The FCA will pre-approve all individuals in Solvency II (re)insurers who take up executive and certain other controlled functions that the PRA has not otherwise approved. The majority of existing controlled functions have been maintained by the FCA in the reformed regime, even where the PRA has not maintained the equivalent function, as the FCA considers that the types of people who could significantly impact their regulatory objectives will not change under Solvency II. The FCA is introducing two new NED SIFs, the chair of the nominations committee function and the chair of the with-profits committee function. Otherwise the FCA, like the PRA, is not including NEDs within its regime. mayer brown 11 33. The key FCA SIFs that apply to Solvency II (re)insurers are: FCA SIFs16 Description Existing controlled function(s) FCA Director function (CF1) The function of acting in the capacity of a director (other than a NED) Director (CF1) Chair of the nomination committee function (CF2a) The function of acting in the capacity of the non-executive chairman of the nomination committee. This does not mean that a (re)insurer must establish a nomination committee but that, where there is such a committee, its Chair will be subject to preapproval. This function must be performed by a NED. This function may not apply if the person performing the function is approved to carry out a PRA SIMF (see paragraph 35 below). Non-executive director (CF2) Chair of the with-profits committee function (CF2b) If the (re)insurer has a with-profits committee, the Chair of the with-profits committee function is the function of acting in the capacity of a non-executive chairman of the committee. Thus this function must be performed by a NED. This function may not apply if the person performing the function is approved to carry out a PRA SIMF (see paragraph 35 below). Non-executive director (CF2) Compliance (CF10) The function of acting in the capacity of a director or senior insurance manager who is allocated the function FCA Compliance (CF10) CASS Operational Oversight (CF10a) The CASS operational oversight function is the function of acting in the capacity of a person to whom is allocated the function FCA CASS Operational Oversight (CF10a) Money Laundering Reporting Officer (CF11) The money laundering reporting function is the function of acting in the capacity of the money laundering reporting officer of a (re) insurer. FCA Money Laundering Reporting Officer (CF11) CF29s no otherwise approved by the PRA The significant management function is the function of acting as a senior manager with significant responsibility for a significant business unit described in SUP 10A.9.9 where the activities subject to the function are not covered by any other PRA or FCA controlled function. FCA Significant Management (CF29) Customer function (CF30) The customer (or customer-dealing) function relates to a regulated activity carried out by the (re)insurer and involves the person performing it dealing with the (re)insurers’ customers or those customers’ property. FCA Customer function (CF30) 16 PRA Rulebook, Insurance – Senior Insurance Management Functions contains the definitions of all SIMFs. 12 mayer brown 34. There will be one point of entry for applications or notifications for the regimes of both the PRA and the FCA in order to minimise the administrative burden on the (re)insurers and the regulators. The process for SIMF and SIF approval will be very similar – and the Form to be submitted will be almost identical. The most significant difference is that the PRA will require criminal record checks as part of the assessment of fitness and propriety and the FCA will not. SIFs will be assessed for fitness and propriety by the FCA under the same criteria and using the same evidence as the PRA uses for SIMFs (see paragraph 28). The FCA Handbook provides guidance to help (re)insurers to perform their own fitness and propriety assessment for controlled function holders who are not SIF holders and for SIF holders before sending the application for approval to the regulators17. 35. Where a person needs both FCA and PRA approval for separate functions then the individual will only need to be approved by the PRA if certain other conditions are met18: essentially, the FCA function will be absorbed within the PRA function. This will lessen the administrative burden on (re)insurers and the regulators but will also ensure that the relevant parts of both functions are considered both at the approval stage and on an ongoing basis as the FCA function is included in the PRA function rather than falling away. Details of the FCA function which the person will be performing should be included in their Scope of Responsibilities statement. SIMR: Allocation of prescribed responsibilities 36. The key responsibilities of a (re)insurer must be allocated among the key function holders and SIMF holders in a way that reinforces the decision-making structure and effective governance of the (re)insurer. The assumption of certain responsibilities will be inherent in the definition of a particular SIMF or key function but other responsibilities will need to be separately assigned. Where a senior individual delegates all or part of a responsibility assigned to him then he will be ultimately accountable for the actions of the delegates. 37. Certain responsibilities prescribed by the PRA (“Prescribed Responsibilities”) must be allocated to SIMF holders (or SIF holders – see the section above on the FCA regime) and within this requirement some Prescribed Responsibilities must be allocated to NEDs approved under the SIMR. These responsibilities generally derive from the NED roles of chair or senior independent director and include responsibility for the development and oversight of remuneration policies (see below at sub-paragraph ((k)) and maintenance of the independence, autonomy and effectiveness of the (re)insurer’s whistle-blowing rules (see below at subparagraph ((j)). 38. The full list of Prescribed Responsibilities19 is as follows: (a) Responsibility for ensuring that the (re)insurer has complied with its obligation to ensure that every person who performs a key function is ‘fit and proper’. (b) Responsibility for leading the development of the (re)insurer’s culture by the governing body as a whole. (c) Responsibility for overseeing the adoption of the (re)insurer’s culture in the day-to-day management of the (re)insurer. (d) Responsibility for the production and integrity of the (re)insurer’s financial information and regulatory reporting. (e) Responsibility for management of the allocation and maintenance of the (re)insurer’s capital and liquidity. (f) Responsibility for the development and maintenance of the (re)insurer’s business model by the governing body. 17 There is guidance in the FIT section of the FCA Handbook which can be found here: https://fshandbook.info/FS/html/FCA/FIT. 18 Set out in SUP 10A.11.12R are satisfied. 19 PRA Rulebook, Insurance - Allocation of Responsibilities 3.1 mayer brown 13 (g) Responsibility for performance of the (re)insurer’s own risk and solvency assessment (“ORSA”). (h) Responsibility for leading the development and monitoring the effective implementation of policies and procedures for the induction, training and professional development of all of members of the (re)insurer’s governing body. (i) Responsibility for monitoring the effective implementation of policies and procedures for the induction, training and professional development of all of the firms key function holders (other than members of the (re)insurer’s governing body.) (j) Responsibility for oversight of the independence, autonomy and effectiveness of the (re)insurer’s policies and procedures on whistle-blowing including the procedures for protection of staff who raise concerns from detrimental treatment. This responsibility must be assigned to one or more NED. (k) Responsibility for overseeing the development and implementation of the (re)insurer’s remuneration policies and practices. This responsibility must be assigned to one or more NED. 39. It is up to each (re)insurer to define any further key responsibilities which are specific to their business. Both the Prescribed Responsibilities and any other responsibilities identified by the (re)insurer must be allocated to individuals with the necessary time, resources and capabilities to perform them properly. Where the PRA considers that a responsibility has been inappropriately allocated they may question the allocation and ask the (re)insurer to justify it. 40. The PRA expects that, in general, (re)insurers will allocate Prescribed Responsibilities to the SIMF (or SIF) holder to which they are most closely linked. For example, the PRA expects firms normally to allocate the following prescribed responsibilities to the Chairman: (a) leading the development of the (re)insurer’s culture; and (b) leading the development and monitoring the effective implementation of policies and procedures for the induction, training and professional development of board members. Scope of Responsibilities statements 41. When an application is made to the PRA or the FCA for the approval of a prospective SIMF or SIF holder, it is necessary to include with the application a ‘Scope of Responsibilities’ statement which details all of the SIMF / SIF holder’s responsibilities. In the case of SIMF holders, this will include both Prescribed Responsibilities and any other key responsibilities the (re)insurer has allocated to him. It should contain materially more detailed information on the areas of the business for which a senior manager is responsible than is contained in the governance map (see paragraphs 44 -46 below). The statement must be signed by the (re)insurer and the SIMF or SIF holder so that there is a documented consensus as to each senior managers’ responsibilities. 42. The PRA and FCA have provided a template form and require that the statement be practicable for the regulators’ use. There is a supplementary section to the template in which responsibilities can be further explained. The PRA has indicated that a 300 word limit for the description of each responsibility should be sufficient – in many cases responsibilities will be self-explanatory. A Scope of Responsibilities statement will have to be submitted with each application for a SIMF from 1 January 2016 and with each application for a SIF from 7 March 2016. Those being grandfathered20 into the new regime have until 7 September 2016 to prepare their Scope of Responsibilities statements – and they only have to provide them to the FCA if the FCA so requests. The statement should be submitted as an attachment to Form A or Form E21. It is anticipated that statement will be a valuable tool for the regulators’ supervision and enforcement purposes. 20 See ‘What happens next?’ for more information on grandfathering. 21 Form E is used when a existing SIMF or SIF holder individual is moving to a new SIMF or SIF. 14 mayer brown 43. Scope of Responsibilities statements must be updated every quarter or every time a significant change occurs to any of the information on it. Governance maps 44. A (r e)insurer must produce a ‘Governance Map’ by 1 January 2016 which sets out its governance structure in terms of roles and responsibilities. The PRA specifies22 that it must include at least: (a) the key functions at the (re)insurer, highlighting those which involve effectively running the (re)insurer; (b) the key function holders; (c) how any key functions have been outsourced and who is responsible for overseeing this; (d) anyone performing the function of ‘effectively running’ the (re)insurer; (e) SIMF holders; (f) SIF holders; (g) lines of accountability and reporting; (h) allocation of responsibilities for all of the above persons – both Prescribed and firm-specific – including how such responsibilities are divided if they are allocated to more than one person; and (i) how the governance of the (re)insurer fits into the wider group (if there is one). 45. A Governance Map does not have a set format but the regulators require it to be ‘clear and coherent’. It should not conflict with individual ‘Scope of Responsibilities’ statements and needs to include a summary of their content. The Governance Map must be submitted with any application to perform a SIMF and must be available to the FCA on request. It is intended to facilitate effective and comprehensive supervision and management both internally and externally and so must be updated at least quarterly or whenever a significant change within the (re)insurer occurs. A copy of the relevant part of the Governance Map must be provided to the PRA once it has been updated and made available to the FCA on request. 46. The FCA requires records, including the Governance Map and any ‘Scope of Responsibilities’ statements, to be kept by a (re)insurer for at least ten years to enable the identification of historic regulatory breaches and to identify correctly who should be held accountable for such breaches23 Third country branches 47. As mentioned, there are certain differences to the regime for UK branches of non-EEA firms which make it less extensive in application. Aside from the differences in scope indicated in this section, the regime is the same for UK branches of non-EEA firms as it is for UK (re)insurers. 22 PRA Rulebook, Insurance – Allocation of Responsibilities 5. 23 The PRA will consult on a similar rule later in 2015. mayer brown 15 48. A ‘key function’ is defined slightly differently for a third country branch. Each of the following, in relation to the carrying on of a UK regulated activity by the branch, are ‘key functions’: (a) the risk management system function; (b) the compliance function; (c) the internal audit function; (d) the actuarial function; (e) the function of effectively running the operations effected by the third country branch; (f) the function of being the authorised UK representative; and/or (g) any other function which is of specific importance to the sound and prudent management of the third country branch. 49. Branch key function holders will need to be assessed for fitness and propriety and notified to the PRA in the same way as UK (re)insurer key function holders. As a ‘key function’ is defined in relation to a UK regulated activity, key function holders will be laregly limited to persons located in the branch as most persons performing UK regulated activities will be located in the UK. 50. The SIMFs for UK branches of non-EEA firms are less extensive than those for UK (re)insurers. Such a branch must have the following SIMFs: PRA SIMFs24 Description Existing controlled function(s) Head of Third Country Branch function (SIMF19) The function of having responsibility for the conduct of all activities of the third country branch that is subject to the UK regulatory system. Each third country branch must have at least one person performing this function. With-Profits Actuary (SIMF21) If the branch is transacting with-profits insurance business then it must have at least one person approved to perform the function of having responsibility for advising the governing body of a (re)insurer transacting with-profits insurance business on the exercise of discretion. PRA With-Profits Actuary (CF12A) 51. A UK branch of a non-EEA firm is not required to have any SIMFs but it must notify the PRA of the identity of all other key function holders. Such a branch may also have other SIMFs. It may, for example, have a person(s) performing the Group Entity Senior Insurance Manager function (SIMF7) as described at paragraph 24 above. It may also have a Chief Finance Officer, Chief Risk Officer, Chief Actuary, Chief Underwriting Officer or Head of Internal Audit whose role is dedicated to the branch’s operations in the UK. In these instances, the individuals performing such roles needs PRA approval. A third country branch may also elect to have additional individuals approved as SIMF holders by the PRA where it needs to allocate Prescribed Responsibilities to them. 24 PRA Rulebook, Insurance – Senior Insurance Management Functions contains the definitions of all SIMFs. 16 mayer brown 52. There is no territorial limit on SIMFs, meaning that a person who is based overseas may be performing a SIMF in relation to a UK branch of a non-EEA firm: in which case, he will need to be approved by the PRA. As explained earlier, the PRA has differentiated between overseas persons who are ‘setting’ the strategy of the branch and persons who are ‘implementing’ that strategy: the former will not be performing a SIMF and will not need approval but the latter will be and will need approval, probably as SIMF7. 53. The only Prescribed Responsibilities which a branch must allocate to SIMFs (or persons approved by the FCA) are the following: (a) Responsibility for ensuring that the (re)insurer has complied with its obligation to ensure that every person who performs a key function is ‘fit and proper’. (b) Responsibility for the production and integrity of the (re)insurer’s financial information and regulatory reporting. (c) Responsibility for management of the allocation and maintenance of the (re)insurer’s capital and liquidity. (d) Responsibility for the development and maintenance of the (re)insurer’s business model by the governing body. (e) Responsibility for performance of the (re)insurer’s own risk and solvency assessment (“ORSA”). These must be allocated to the senior person responsible for the relevant area of business in relation to the branch. The New Conduct Regime PRA regime 54. The PRA has revised its Conduct Standards to bring them more in line with those that will apply to individuals in banks and large investments firms25. It has added a new responsibility for the oversight of the discharge of any delegated responsibilities, along with a responsibility related to the PRA’s insurance objective of contributing to the securing of an appropriate degree of protection for policyholders. 55. Unlike banks and large investment firms where the new conduct rules will apply to all apart from ancillary staff, the PRA’s Conduct Standards for (re)insurers will apply only to key function and SIMF holders. Whether an individual’s performance is in accordance with Conduct Standards must be taken into account when assessing the fitness and propriety of all persons performing key functions26. Compliance with these standards should always be assessed contextually – the circumstances of each case, the characteristics required for the performance of the relevant key function and the behaviour expected of the individual are all important considerations. 56. A breach of the Conduct Standards occurs where an individual to whom they apply is personally culpable – meaning that they deliberately conducted themselves in a way which caused the breach or their standard of behaviour was below that which could reasonably be expected of them. The (re)insurer should have appropriate procedures in place to monitor the conduct of relevant individuals and take relevant action where Conduct Standards are not being observed. (Re)insurers should take all reasonable steps to gather and consider relevant information related to Conduct Standards and if any conduct matter is identified which might be relevant to a fitness and propriety assessment (including failure to observe a Conduct Standard), this should be promptly and fully investigated. Outside of the (re)insurer, the wider behaviour of an individual may be considered where relevant to determining whether he has breached a requirement. 25 PRA Rulebook, Insurance – Conduct Standards. 26 PRA Rulebook, Insurance – Fitness and Propriety 2.3(2). mayer brown 17 57. There are three Conduct Standards which apply to all those performing a key function, called Individual Conduct Standards. Five further Conduct Standards apply also to all key function holders, including SIMF holders and SIF holders (except CF10a, CF11 and CF29). These Conduct Standards are known as Senior Insurance Manager Conduct Standards. NEDs who have not been pre-approved by the regulators and all members of the (re)insurer’s management body are expected to observe Conduct Standards 3.1 – 3.3 and 3.7 – 3.8 as a minimum. The eight Conduct Standards are laid out below: Individual Conduct Standards You must act with integrity27 (Conduct Standards 3.1) You must act with due skill, care and diligence (Conduct Standards 3.2) You must be open and cooperative with the FCA, the PRA and other regulators (Conduct Standards 3.3.) Senior Insurance Manager Conduct Standards You must take reasonable steps to ensure that the business of the (re)insurer for which you are responsible is controlled effectively (Conduct Standards 3.4) You must take reasonable steps to ensure that the business of the (re)insurer for which you are responsible complies with the relevant requirements and standards of the regulatory system (Conduct Standards 3.5) You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively (Conduct Standards 3.6) You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice (Conduct Standards 3.7) When exercising your responsibilities, you must pay due regard to the interests of current and potential future policyholders in ensuring the provision by the (re)insurer of an appropriate degree of protection for their insured benefits (Conduct Standards 3.8) 58. (Re)insurers are under an obligation to inform all persons subject to the Conduct Standards about their responsibilities and to provide training where appropriate. Conduct Standards should be included in the staff handbook and, from the time the new regime comes into force, in the employment contracts of any employee subject to them. They should be taken into account when performing employee appraisals or setting individual objectives. Minor breaches in relation to key functions are less relevant than the effect of any breach (however minor) on the ongoing assessment of the individual’s fitness and propriety. Where an individual is not PRA-approved it is up to the (re)insurer to ensure that they comply with all the Conduct Standards and the regulator considers that this is best done through ongoing fitness and propriety assessment. 59. Breaches of Conduct Standards, related disciplinary action and any other material information about conduct should always be notified to the PRA as information which is material to fitness and propriety assessment28. Disciplinary action should be notified separately from the notification of the breach. Known breaches, even where the person concerned has left the (re)insurer, should always be reported to the PRA. 27 There is further guidance on each of the Conduct Standards in PRA Supervisory Statement 35/15 at pages 17 to 21. This can be found here: http://www.bankofengland.co.uk/pra/Documents/publications/ps/2015/ps2215.pdf. 28 PRA Rulebook, Insurance – Fitness and Propriety 4.3. 18 mayer brown FCA regime 60. The FCA has new Conduct Rules for Approved Persons in Solvency II (re)insurers. These Rules are very similar to the PRA Conduct Standards: there are five Individual rules which apply to all FCA and PRA approved persons in (re)insurers and four further rules for SIF holders and all PRA approved persons. They mirror those developed for banks and large investment firms and are laid out below: Individual Conduct Rules You must act with integrity You must with due skill, care and diligence You must be open and cooperative with the FCA, the PRA and other regulators You must pay due regard to the interests of customers and treat them fairly You must observe proper standards of market conduct SIF Conduct Rules You must take reasonable steps to ensure that the business of the (re)insurer for which you are responsible is controlled effectively You must take reasonable steps to ensure that the business of the (re)insurer for which you are responsible complies with the relevant requirements and standards of the regulatory system You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice Grandfathering 61. As mentioned above, persons who have regulatory approval under the existing regime can be grandfathered into the new regimes so that their existing approval is translated into an approval for the equivalent SIMF or SIF. A person who is currently approved for a function which is not equivalent to the function they wish to perform under the new regimes will need to apply for a new approval. These provisions apply to NEDs in the same way as to executives. 62. Each (re)insurer must submit one grandfathering notification (Form K) to both regulators which lays out all individuals who wish to grandfather into the new regime for that (re)insurer. The deadline for this notification for individuals wishing to be SIMF holders or SIF holders is 8 February 2016. (Re)insurers have until 7 September 2016 to submit the Scope of Responsibilities statements required by the PRA or to have them available to the FCA but an outline of the new roles and responsibilities of all of these individuals must be in the (re)insurer’s governance map by 1 January 2016. 63. The provisions about the absorption of FCA functions into PRA functions (see paragraph 35) also apply here, meaning that an individual who was previously FCA approved may now only need to be PRA approved if this approval covers all of his responsibilities. Individuals who are currently approved to perform a FCA SIF or controlled function that maps across to the same SIF or controlled function and will continue to perform the same function need not take any action. mayer brown 19 64. Taking on new responsibilities within the same controlled function does not preclude an individual from being able to grandfather into the new regime but the allocation of new responsibilities must be consistent with the new equivalent function for which the individual is approved in order to use the grandfathering provisions. If an individual is taking on new responsibilities which means that they will be performing a new SIMF or SIF that is not equivalent to the controlled function for which they are already approved, a new application for approval will be required. What happens next? 65. Most of the new regime will come into force on 7 March 2016, in line with the regime for banks and large investment firms, but some key provisions will come into force on 1 January 2016 in accordance with Solvency II. There is thus little time before the new regulatory regime for individuals comes into force. (Re)insurers will want to act soon to identify the entities and individuals within the scope of these rules so they can begin to prepare for a regime that is designed to ensure that individuals have a new sense of responsibility for which they can more easily be held to account. If you have any questions on the key reforms, please contact: Alexandria Carr Of Counsel, London E: firstname.lastname@example.org T: +44 20 3130 3398 Mark Compton Partner, London E: email@example.com T: +44 20 3130 3388 Chris Fisher Partner, London E: firstname.lastname@example.org T: +44 20 3130 3724 Mayer Brown is a global legal services provider advising many of the world’s largest companies, including a significant portion of the Fortune 100, FTSE 100, DAX and Hang Seng Index companies and more than half of the world’s largest banks. Our legal services include banking and finance; corporate and securities; litigation and dispute resolution; antitrust and competition; US Supreme Court and appellate matters; employment and benefits; environmental; financial services regulatory and enforcement; government and global trade; intellectual property; real estate; tax; restructuring, bankruptcy and insolvency; and wealth management. Please visit www.mayerbrown.com for comprehensive contact information for all Mayer Brown offices. This Mayer Brown publication provides information and comments on legal issues and developments of interest to our clients and friends. The foregoing is not a comprehensive treatment of the subject matter covered and is not intended to provide legal advice. Readers should seek legal advice before taking any action with respect to the matters discussed herein. Mayer Brown is a global legal services provider comprising legal practices that are separate entities (the “Mayer Brown Practices”). The Mayer Brown Practices are: Mayer Brown LLP and Mayer Brown Europe-Brussels LLP, both limited liability partnerships established in Illinois USA; Mayer Brown International LLP, a limited liability partnership incorporated in England and Wales (authorized and regulated by the Solicitors Regulation Authority and registered in England and Wales number OC 303359); Mayer Brown, a SELAS established in France; Mayer Brown Mexico, S.C., a sociedad civil formed under the laws of the State of Durango, Mexico; Mayer Brown JSM, a Hong Kong partnership and its associated legal practices in Asia; and Tauil & Chequer Advogados, a Brazilian law partnership with which Mayer Brown is associated. Mayer Brown Consulting (Singapore) Pte. Ltd and its subsidiary, which are affiliated with Mayer Brown, provide customs and trade advisory and consultancy services, not legal services. “Mayer Brown” and the Mayer Brown logo are the trademarks of the Mayer Brown Practices in their respective jurisdictions. “Mayer Brown” and the Mayer Brown logo are the trademarks of the Mayer Brown Practices in their respective jurisdictions. © 2015 The Mayer Brown Practices. All rights reserved. 0825fin
Register now for your free, tailored, daily legal newsfeed service.
Questions? Please contact email@example.comRegister
The UK’s new regulatory regime for individuals part 2: how does it apply to (re)insurers?
To view this article you need a PDF viewer such as Adobe Reader.
Popular articles from this firm
If you would like to learn how Lexology can drive your content marketing strategy forward, please email firstname.lastname@example.org.
Related topic hubs
Labor & Employment Counsel
The Boeing Company
"The newsfeeds are extremely relevant. They address both legislative and judicial updates and offer an experienced, thoughtful analysis of directions or trends. The articles are all extremely well done and provide a practical viewpoint, not just an academic one. Most topics have at least 3-5 articles from various law firms, so there's an opportunity to read different perspectives and analyses."