On 9 December 2019, the Senior Managers & Certification Regime (the SM&CR or the Regime) will be extended to the investment management industry and remaining sectors still outside the current regime (socalled FCA solo regulated firms). Plenty is being published summarising the key requirements of the Regime for FCA solo-regulated firms1 – but what can firms who are due to comply with SM&CR by 9 December this year learn from the implementation of the regime by the first and second waves of firms – banks and insurers?
There is much to be learnt from the experience that banks, building societies and insurers have had in implementing the SM&CR. Having worked on a number of SM&CR implementation projects we have had an opportunity to observe at first hand what has worked well, where the devil is hidden in the detail and what pitfalls to avoid!
This Spotlight sets out our top ten tips – as well as some thoughts on the brand new issues that we think the FCA's extension of the Regime will generate for solo-regulated firms.
Ten key observations
1. Less is often more when it comes to SMF Managers
Some first and second wave banks and insurers initially appointed a large number of Senior Management Function (SMF) managers, many of whom reported into further SMF Managers and were several layers below board level. Many of those firms needed to consider reducing that number after implementation, with the consequent notifications to the Regulators.
The Regime aims to capture the most senior individuals with SMF responsibility. The key practical interpretation of how to apply the legislative definition of "senior manager functions" – is who really has the authority, autonomy and responsibility?2
For "Core" category extension firms3 , only directors plus heads of compliance and the MLRO (if such roles were required by the FCA Rules prior to SM&CR) are permitted as SMF Managers in any event, and so the process of conversion will be somewhat automatic. This simplifies allocation, but can be unduly restrictive where very large Core firms have non-directors with significant responsibility and autonomy within a business area. Large Core firms might wish to consider "opting up" to "Enhanced" if they find the Core regime allocation unduly restrictive or not reflective of senior management accountability at the firm.
For Enhanced firms the capture is wider, with a greater number of SMFs specified by the FCA for allocation and the "overall responsibility" rule meaning that an SMF Manager must be responsible for all areas of the business. But SMF Managers should still reflect the uppermost levels of the firm. Some individuals below senior management may fall more appropriately into the "significant management" certified function rather than an SMF function. This certification function is designed to capture individuals with significant responsibility for significant business units (either income generating or support functions) who are not SMF Managers.
Partnerships and allocating SMF Managers is discussed further below – the concept of individual accountability and the SMF Manager definition does not sit easily with the partnership structure and so additional care needs to be taken.
2. Statements of responsibility are not job descriptions
The FCA has said that it will look at statements of responsibility closely in the event of a problem arising, in part to identify which SMF Manager is primarily responsible. 4 Some firms replicated internal job descriptions in the statements of responsibility they submitted to the regulators for SMF Managers. This approach is not optimal for three reasons. First, as has been made clear in feedback publications, the FCA is only interested in what each SMF Manager is responsible for, and not how they carry out their responsibilities. Secondly, many job descriptions contain targets and aspirations which are either not about regulatory compliance, or reflect higher standards or expectations than the FCA sets. Thirdly, the documents need to be kept up to date, and too much detail will make this updating more burdensome. Whilst the FCA has suggested in feedback that large projects undertaken by firms should be reflected in Statements of Responsibility, there is clearly some judgement to be applied as to what type of project merits inclusion.
Statements of responsibility should be consistent with job descriptions, but they are unlikely to be identical.
3. Statements of responsibility are not job descriptions
Governance around how key decisions are taken by firms is inherently linked to who is made the SMF Manager for that area. Some firms may need to consider their governance arrangements so that decision-making processes are consistent with the allocation of responsibility.
For example, there is a risk that, where decisions are made by consensus in a sub-board committee, the FCA could "deem" all members to be SMF Managers. Conversely, firms might look at developing their governance arrangements to support SMF Managers who take key decisions in demonstrating that they are taking reasonable steps in reaching that decision.
For Enhanced firms, governance arrangements need to be reflected on the firm's responsibility map, and this is a good stress test for considering whether the current governance arrangements align with the allocation of SMFs and prescribed responsibilities.
The FCA has repeatedly said that the SM&CR is not intended to cut across company law and board collective responsibility, and on that basis some decisions will continue properly to be taken by the board as a whole.
4. Employment contract/partnership agreement amendments
The employment law impact of SM&CR should not be overlooked. Firms' contractual arrangements with SMF Managers should be updated to reflect the new duties, conduct rules and requirements. Whilst some of this can be reflected in policies, firms will want to put certain key matters on a contractual footing, including conditions for employment (including matters such as obtaining an acceptable regulatory reference, meeting the fitness and propriety assessment and passing a criminal records check); ongoing duties; and exit procedures such as handover and access to material and cooperation.
5. Support Senior Managers now
The duty of responsibility introduces a new test for taking enforcement action against SMF Managers in respect of breaches of its rules by firms: the FCA can discipline an SMF Manager where it shows that the SMF Manager did not take such steps as a reasonable person in their position would take to prevent/end the breach ("Reasonable Steps"). This test inevitably puts more onus on SMF Managers to record the steps they are taking. There are good practical reasons to help SMF Managers grappling with this challenge. SMF Managers who have practical support and are given guidance through processes for recording key decisions, overseeing delegates, and demonstrating consideration of management information are likely to be more comfortable with their allocated roles. In addition, dedicated SMF Manager training with the firm's external advisers can alleviate some of the concerns and provide a forum for questions and guidance.
Thought should also be given to agreeing how SMF Managers will be able to access relevant material in the event of any allegations by the regulator against them – including after they have left the firm. This need not be over-burdensome or complex, but does require some forward planning.
6. Don't leave handover to chance
Whilst the FCA's formal handover requirements only apply to Enhanced Firms, all firms are likely to find that designing a handover process will help new SMF Managers get up to speed and reduce risks arising from handover. New SMF Managers arriving after implementation may even expect a detailed handover document as part of their willingness to take on a role.
Several firms in the first wave of SM&CR experienced an SMF Manager retiring within a few weeks of the Regime becoming live, meaning handover had to take place immediately. Giving thought now to what a template handover document should contain, taking into account both outgoing and incoming SMF Manager's needs, will avoid urgency and provide a neutral template for handover processes. An overly vague handover pro forma will not serve either party well if they are subjected to any regulatory scrutiny.
7. Focus on the detailed definitions for certified persons
Some firms initially focussed on the broad statutory definition of certified function in identifying who should be a certified person. FSMA states that a certification function is one which "requires the person performing it to be involved in one or more aspects of the firm's affairs, so far as relating to a regulated activity, and … those aspects involve, or might involve, a risk of significant harm to the firm or any of its customers". 5 However, in addition to this general definition, the FCA Handbook sets out eight categories of function with detailed definitions and guidance on what constitutes each role.6 Many of these functions will not be relevant to many types of extension firms (for example, algorithmic trading will generally be confined to banks). But others – in particular those for CASS, significant management, client dealing, and functions requiring qualifications – will require detailed application, and in practice may operate in a way some may find counter-intuitive. It is essential to review and apply these in detail.
8. Differentiate in your policies and processes between conduct rules and fitness and propriety
The SM&CR introduces an annual fitness and propriety test for SMF Managers and Certified Persons, and conduct rules for SMF Managers, Certified Persons and all other conduct rules staff. Many firms will also have their own internal rules and standards of behaviour. These concepts sit alongside each other and overlap, but care needs to be taken to design policies and processes which incorporate ways to assess each potential breach on its merits, justify if and why it impacts on the conduct rules and, if the individual is a Certified Person or SMF Manager, on their fitness and propriety.
A firm's refusal to certify an employee will have a profound impact on many individuals' further employment prospects, which increases the risk of an employment claim compared to the previous regime, where the FCA took ultimate responsibility for fitness and propriety. Firms will need to include consideration of consistency and supporting evidence in their disciplinary policies to limit the risk of challenge.
9. Adapt appraisal timings to accommodate certification
Some firms in the first wave of SM&CR found that there was insufficient time to address and resolve issues prior to the deadline for certification. This presented particular difficulties where an appraisal indicated that competency improvements were needed, but not necessarily that the individual was not fit and proper, because time did not allow for training and improvements before a decision was required on the person's certification. To help avoid this urgency, many firms introduced mid-year appraisals to identify any emerging issues and give employees and managers the opportunity to address them. Certification can then be timed to take place shortly after year-end appraisals, which can incorporate the fitness and propriety assessment. This process also provides additional evidence of fairness in circumstances where a decision not to certify someone is subject to challenge by the employee.
10. Take care to identify and consider all the different notification requirements
The SM&CR introduces new notification requirements in respect of breaches of the conduct rules, fitness and propriety and disciplinary action. It also amends existing notification requirements. The nature, knowledge test, and timing of these notification obligations differs depending on whether the individual is an SMF Manager or is subject to the Certification Regime or the Conduct Rules; and the basis for making the notification.7 These are rules contained in in the Supervision (SUP), Senior management arrangements, Systems and Controls (SYSC) and Code of Conduct (COCON) chapters of the FCA Handbook.
When designing policies, processes and guidance for human resources and compliance staff to help them understand what the notification requirements are, it is essential to consider the full range of notification rules which might be triggered in a particular case. In addition to the specific notification rules, firms should always consider the general notification requirements in the FCA Handbook8 more generally, the requirement on FCA authorised firms to be open and cooperative with the regulator9 , and the regulatory references requirements.
Brand new challenges for extension firms
The following issues did not present themselves in the first two waves of implementation, but we anticipate they may present fresh challenges for extension firms.
1. The complexity of conversion
Although the FCA has designed its automatic conversion processes to assist firms and to reduce the paperwork required to convert current approved persons to SMF Managers, firms need to ensure that they have reviewed current entries on the FCA's Financial Services Register10 so that the conversion process operates appropriately. Many clients have found that they have erroneous or out of date entries on the register – these should be corrected as soon as possible and preferably before 9 December. Firms will also want to check that the automatic conversions that the FCA has set out from controlled function to equivalent SMF do indeed reflect their preferred arrangements.
2. The Core Firm group entity conundrum
One of the categories of SMF Manager for Enhanced firms (as well as banks and insurers) is the Group Entity Senior Manager (SMF 7). The definition of this role is "the function of having a significant influence on the management or conduct of one or more aspects of the affairs of a firm in relation to its regulated activities." It applies where an individual is an employee or officer of a different legal entity within the same group as the firm allocating the SMF Manager roles, but has oversight responsibility within that firm. Core firms which are part of a group are not able to appoint an SMF Manager to reflect the oversight and control a person from their parent company may have. Such firms have few options. These include opting up to be an Enhanced firm, making the individual a director or changing the firm's governance and oversight allocation to an existing SMF Manager.
3. Partnerships – consider tax and employment law
Firms need to take care when considering the application of the partner function to their partners – the determination needs to be consistent with the firm's analysis from a national insurance and other tax law perspective.
The FCA has given some guidance on when it thinks partners in unlimited liability partnerships will be SMF Managers (SMF 27). For example, in its initial consultation paper on the extension of the regime the FCA stated that it expected all partners in a firm to be SMF Managers.11 The challenge for some firms is that, in contrast to the current CF4 definition of partner, the new SMF 27 definition is subject to the new overarching definition of SMF Manager contained in FSMA. This defines "Senior Manager" to be "responsible for managing one or more aspects of the authorised person's affairs…and those aspects involve, or might involve, a risk of serious consequences (i) for the authorised person, or (ii) for business or other interests in the UK." 12 Managing one or more aspects of an authorised person's affairs is defined to include "taking decisions, or participating in the taking of decisions, about how one or more aspects of those affairs should be carried on." 13
The FCA has also commented that "if a partner has no involvement in managing the firm and therefore does not meet the overarching FSMA definition of a Senior Manager, then the partner function does not apply and the partner will not need to be a Senior Manager." 14
Similarly, in considering whether partners who are not SMF Managers are certified persons, (for example, within the significant management certified function) consideration needs to be given to the wider implications of determining whether a partner falls within the specific definition of "employee" provided for SM&CR by FSMA.15
4. Applying SM&CR to complex group structures
Larger groups which have several regulated entities, including a mix of Core and Enhanced firms, will need to allocate their SMF Managers on a legal entity by legal entity basis. Limiting SMF Managers to those specified for core firms can be impractical where shared services and individuals employed by another group entity play a significant role in the oversight and management of a firm.
5. Is unregulated business in or out?
Some of the requirements of SM&CR extend to unregulated financial services business. Making individuals responsible for unregulated business is one way the FCA have sought to address the "gap" that has been exposed in some recent enforcement cases in areas such as unregulated lending.
The precise perimeter in SM&CR is not straightforward, and firms should not assume that only regulated business is within scope of either the SMF Manager's liability or the conduct rules. Several rules, including the "overall responsibility" rule for Enhanced firms, and the Senior Manager and Individual Conduct Rules, apply in respect of both regulated and unregulated financial services business.