Senior Managers and Certification Regime: compliance for smaller firms
June 2017 | EXPERT BRIEFING | BANKING & FINANCE
The Senior Managers Regime (SMR) and Certification Regime (CR) were introduced in March 2016 at relevant firms – namely banks, building societies, credit unions and PRA-designated investment firms. The SMR and CR are a key part of the regulatory response arising from the global financial crisis, the LIBOR and FX-rigging scandals and a desire to more closely scrutinise individual conduct standards in order to improve the stability of the UK’s financial system. The regime has replaced the previous approved persons regime and changed the way that individuals at these firms are regulated. In 2018, the SMR will be extended to apply to all FSMA authorised firms. The Financial Conduct Authority (FCA) is due to publish a consultation paper on how exactly the SMR will apply to these other firms in June 2017. Rather than wait until the release of the consultation paper, the FCA has been encouraging firms to make preparations on the basis of the SMR already in place for relevant firms. The principal requirements of the regime will remain broadly the same and are outlined below.
Senior management functions
Individual senior managers must be assigned one of 18 senior manager functions (SMFs) as specified by the FCA or PRA, such as chief executive (SMF1), compliance oversight (SMF16) or money laundering reporting (SMF17). Certain SMFs will be found in every firm, whereas others will only be relevant for some. SMFs will have responsibilities inherent in the definition of the role itself but will also be allocated prescribed responsibilities identified by the FCA and PRA. Smaller firms will be expected to ensure that one or more of its approved senior managers has overall responsibility for each of the activities, business areas and management functions of the firm. Those senior managers with overall responsibility for a particular function or area of the business should be appointed as an SMF18 (other overall responsibility).
Management responsibilities map
Senior management functions must be mapped by a firm across the whole of its organisation and performed by specified senior managers. The ‘management responsibilities map’ must describe the firm’s management and governance arrangements, and ensure that there are no gaps in those arrangements.
Statement of responsibilities
Each senior manager will need to agree a statement of responsibilities for their function. The statement should clearly outline the areas of the firm’s regulated activities for which that particular senior manager is responsible, with no references to additional documentation. Firms must keep in mind the need to avoid gaps or overlap, and uncertainty, so as to ensure that each senior manager’s responsibilities are properly allocated and understood. The statement should be resubmitted whenever the role changes or there is a reallocation of responsibilities.
Fitness and propriety
The FCA or PRA will consider applications to pre-approve those senior individuals holding SMFs. Applications must be accompanied by the senior manager’s agreed statement of responsibilities, and firms will have to assess a candidate’s fitness and propriety for the role at the outset. Such assessments should include due diligence on the individual, including conducting criminal records checks and obtaining regulatory references from previous employers for the preceding six years of service. This will require a firm to implement processes for assessing the fitness and propriety of individuals throughout the firm. If at any stage during their employment there is a doubt over a senior manager’s fitness and propriety, firms will need to consider whether this falls below the requisite standard and if so, report this fact to their regulator.
From an employee’s perspective, the duty on hiring firms to take up, and on regulated past employers to give, regulatory references is very significant indeed. The reference must state whether disciplinary action was taken that amounted to a breach of individual conduct requirements (such as, for example, the conduct rules), and ‘disciplinary action’ has a wide meaning that includes not only dismissal, but action short of dismissal, reduction in compensation or the application of clawback provisions, as well as suspension.
The new regime has already had a marked effect on the employer/employee relationship at relevant firms where an individual’s conduct is an issue. The consequence for an individual of a negative regulatory reference has the potential to be career threatening, and yet the SMR and CR contains no express appeal mechanism for the employee to invoke if they disagree with the content, though there are other options for legal recourse and employers need to exercise the new responsibilities carefully.
The CR extends the previous approved persons regime to all employees who undertake roles which could pose a risk of significant harm to the firm or any of its customers (for FCA regulated firms) and to anyone who is a significant risk taker (for PRA regulated firms). These individuals are also required to be certified at the point of recruitment and thereafter annually by the firm as fit and proper but it will not be necessary for the FCA or PRA to pre-approve them. Relevant firms already affected by the CR have been building the annual certification requirement into the annual appraisal process. If an individual’s fitness and propriety falls below the necessary standard, firms should refuse to renew their certificate and require the individual to cease to perform the certification function in question.
Conduct rules and training
Both senior managers and individuals covered by the CR, as well as employees at FCA regulated firms (other than ancillary staff), are subject to the conduct rules. These are a set of principles requiring individuals: to act with integrity; to apply due skill, care and diligence; to be open and cooperative with the FCA, the PRA and other regulators; to treat customers fairly; and to observe proper standards of market conduct.
Senior managers are also obliged to take reasonable steps (the duty of responsibility) to: ensure that the business of the firm for which they are responsible is controlled effectively; comply with the relevant requirements and standards of the regulatory system in which their area of the business operates; ensure that any delegation of their responsibilities is made to an appropriate person and that they keep oversight of that delegation; and appropriately disclose any information of which the FCA or PRA would reasonably expect notice.
Firms are also required to notify the regulators if they have taken formal disciplinary action against an individual for breaching a conduct rule. For this reason, it is essential that firms provide training to their senior managers and certified employees to ensure that they fully understand the rules that apply to them and how they will operate during their day-to-day business.
The duty of responsibility
The duty of responsibility is one which senior managers should not take lightly, and has led to criticism that the new regime has created competing tensions between firms and the individuals operating within them. Failure by a senior manager to take reasonable steps could result in enforcement action against them by either the FCA or the PRA.
At a speech to New York University on 31 March 2017, Mark Steward, director of enforcement and market oversight at the FCA, sought to address those criticisms. He emphasised that though the SMR marked an important and decisive shift in the right direction by creating genuine accountability in firms, as well as tackling individual conduct issues, this did not mean that the blame for regulatory breaches or unlawful conduct could be laid solely at the door of the senior managers concerned. In his view, the SMR and CR did not provide regulated firms with a “free pass” from enforcement action and the heavy financial penalties that would inevitably follow.
For the firms that will become subject to the new phase of the SMR in 2018, the amount of work necessary to ensure compliance with the regime should not be underestimated. Firms should work with their legal, compliance and human resources departments to implement processes to identify relevant role responsibilities, assess fitness and propriety, conduct due diligence and develop training programmes to inform their employees about the forthcoming changes to their roles and responsibilities. They also need to consider what reassurance can be given to those who would hold SMFs, bearing in mind the significant additional responsibilities they are being asked to assume, for example, through the firm’s director’s and office’s insurance policy. If firms have not already begun their preparations for the extension of the SMR and CR, they would be wise to do so promptly.
Elinor Lloyd is a partner at CCG Legal. She can be contacted on +44 (0)207 760 7590 or by email: firstname.lastname@example.org. Nick Wilcox is a senior associate at Brahams Dutt Badrick French LLP. He can be contacted on +44 (0)20 3828 0356 or by email: email@example.com.
© Financier Worldwide