Insurers, reinsurers and managing agents (which we will refer to in this article as “insurers”) will be fully within the scope of the Senior Managers and Certification Regime (“SMCR”) regime from 10 December 2019, following a staggered implementation period which started on 10 December 2018, with compliance with all aspects required by 10 December 2019.
Insurers were previously subject to the less stringent Senior Insurance Managers Regime (“SIMR”), which was driven by the EU Solvency II Directive. In this article, we first summarise the key changes as a result of the SMCR for Solvency II insurers (i.e. those insurers who are caught by the Directive) and large Non-Directive Firms (i.e. those smaller insurers outside of the scope of the Directive, but who have nonetheless applied for authorisation under it), and then suggest some important steps to take to ensure your firm is on track.
Personal regulatory duties for everybody
The extension of personal regulatory duties beyond approved persons will feel like the most significant change for most people working at insurers, most of whom have never been accountable directly to the regulators for their personal conduct.
The FCA’s and PRA’s Conduct Rules – contained in the Code of Conduct sourcebook (COCON) of the FCA Handbook and the Conduct Part of the PRA Rulebook respectively – currently apply only to Senior Management Function (“SMF”) holders, non-executive directors and certification staff. However, with effect from 10 December 2019, the Individual Conduct Rules will apply to all staff (except those carrying out a small number of purely administrative roles that are specified in the FCA’s rules). A failure to meet the standards imposed under the Individual Conduct Rules will mean that an employee could be liable to regulatory enforcement action. In addition, any employee will be susceptible to disciplinary action by the PRA or FCA if they are found to have been “knowingly concerned” in a breach by the insurer. These changes significantly extend exposure to personal regulatory action beyond the members of senior management, and require careful explanation and messaging from firms to their staff.
Insurers themselves have a statutory obligation under the new regime to provide suitable training to their Conduct Rules staff (i.e. those employees within scope of the Conduct Rules), to help them to understand their personal regulatory duties. This training will need to be provided by 10 December 2019. Insurers will also need to put a process in place to train new joiners, individuals who change roles and in relation to refresher training.
In the post-SMCR world, insurers must also notify the FCA and/or PRA if they take disciplinary action (the definition of which includes the issuance of a formal written warning) against a person relating to any action, failure to act, or circumstance that amounts to a breach of any of the Conduct Rules.
The new Certification regime
The new Certification regime requires insurers to identify which of their staff are performing certification functions (see below), and to assess the fitness and propriety of each individual to perform their roles, at least on an annual basis. The requirement to certify is being brought in alongside the existing requirement under SIMR (which the PRA has retained under the new regime) that firms should require their key function holders (i.e. those individuals who are responsible for discharging a key function) to observe certain of the PRA’s Conduct Rules and ensure their ongoing fitness and propriety.
Certification functions are defined by statute as “significant harm functions”, i.e. functions that allow the people performing them to pose a risk of significant harm for a firm or to any of its policyholders. The PRA and FCA have each been given statutory power to specify the functions they consider to be certification functions (which they have done in their respective rulebooks).
If, for whatever reason, a certification staff member cannot be certified fit and proper to perform their role at the annual certification deadline, they will need to be removed from their role or temporarily re-deployed. Regulatory references will also need to be obtained for new certification staff (i.e. those who were not already in role at the time of commencement) and insurers should have a written policy in place to address this.
Insurers were required to identify and provide Conduct Rules training to their certification staff by 10 December 2018, and must now put in place a process to certify them as fit and proper by 10 December 2019.
From our experience advising banks on the first wave of SMCR implementation, we expect the certification regime to necessitate various amendments to insurers’ HR policies and procedures, including appraisal forms, staff handbooks and employment contracts. It will also require difficult judgment calls to be taken in the event that there are questions over an individual’s fitness and propriety - it is worth thinking through in advance some scenarios where this may arise.
Are you on track to be SMCR-ready?
We have set out below 10 questions for insurers to consider when assessing whether they are currently complying with the requirements of SMCR (effective since 10 December 2018) and to use when planning towards the required full implementation by 10 December 2019:
- Have all the Prescribed Responsibilities already been assigned to SMF holders? Remember there were additional Prescribed Responsibilities specified by the PRA and FCA that will need to be allocated under SMCR, that did not exist under SIMR.
- Have you identified all of your certification staff and are you putting in place a process to assess their fitness and propriety? Remember, whilst fit and proper certificates are not required until 10 December 2019, certification staff should have been identified by 10 December 2018 and you now have a year to devise and implement a certification process (to cover both existing staff and new joiners).
- Have you updated your Management Responsibilities Map (previously known as your Governance Map under SIMR)? In particular, is there a clear identification and allocation of “overall responsibility”, as required by the new FCA rules?
- Have all the Statements of Responsibilities (previously known as Scope of Responsibilities) for SMF holders (and key function holders) been updated? These must align with the Management Responsibilities Map and may be scrutinised by the regulators.
- Have you put in place a written policy in relation to the requirement for SMF handovers?
- Do you have a suitable regulatory reference policy in place? This should also cover incoming certification staff.
- Have your SMF holders and certification staff received the required training on their regulatory responsibilities? Remember that certification staff, as well as SMF holders, were required to abide by the Conduct Rules from 10 December 2018.
- Have you identified your Conduct Rules staff who will come into scope of the new rules on 10 December 2019, and do you have plans to ensure they receive training on the Conduct Rules before that date (including planning for refresher training, and training for new staff members/or those who move roles).
- Do you have a plan for amending your appraisal documents and employment contracts to take into account adherence to the SMCR? This may include references to fitness and propriety assessments, compliance with the Conduct Rules and handover requirements.
- Are you planning similarly to update other relevant HR/Compliance policies and procedures (for example, your fit and proper policy), and has responsibility for them been assigned to specific functions?
From our experience helping banks to prepare for the implementation of the SMCR in March 2016 and insurers ahead of the 10 December 2018 initial commencement date, implementing these requirements takes longer than you would think. Our advice is to start as soon as you can.
This article was originally published by Thomson Reuters © Thomson Reuters