Regulatory update: CP17 / 25 – Individual Accountability – Extending SM&CR to all FCA-Regulated Firms

Posted: 28th July 2017

Background

On the 26th June 2017, the FCA released its publication on extending the Senior Managers & Certification Regime (SM&CR) to all FCA regulated firms (barring those with only limited permissions and exemptions).

The new regime introduces a greater focus on individual accountability amongst senior management and obligates firms to ensure their staff are ‘fit and proper’ to perform in their roles. It also introduces a new set of conduct rules to which all staff members must adhere. SM&CR will replace the Approved Persons Regime (APER) entirely.

The aim of the new regime is ultimately to reduce harm to consumers, prevent businesses from failing and strengthen market integrity. The FCA proposes to achieve this by making senior individuals truly accountable for the business areas and management functions they are responsible for, and improving conduct at all levels.

Jonathan Davidson, Executive Director of Supervision, Retail and Authorisations at the FCA, said:

“Culture and governance in financial services and its impact on consumer outcomes is a priority for the FCA. The extension of the Senior Managers and Certification Regime is key to driving forward culture change in firms.

“This is about individuals, not just institutions. The new Conduct Rules will ensure that individuals in financial services are held to high standards, and that consumers know what is required of the individuals they deal with.  The regime will also ensure that Senior Managers are accountable both for their own actions, and for the actions of staff in the business areas that they lead."

Key Points

Broken down, SM&CR consists of three primary elements:

· The Senior Managers Regime

·      The Certification Regime

·         Conduct rules

The Senior Managers Regime

When SM&CR goes live, the two key tools of the Senior Managers Regime are the ‘duty of responsibility’ and Statements of Responsibility. These will enable firms and the FCA to better clarify who is responsible for what within a firm. Senior managers are to be allocated specific roles (e.g. Senior Management Function 3 – CEO), which will have to be pre-approved by the regulator, akin to Controlled Functions under APER. These roles are pre-defined by the regulator, and those firms who are subject to the Enhanced Regime (see below) will have a more extensive list of senior managers.

In effect, when someone becomes a Senior Management Function (SMF), they inherit a duty of responsibility. Consequently, if the FCA identifies a failure in the area of business for which that SMF is responsible, then the SMF must be able to demonstrate that they took ‘reasonable steps’ to prevent this failure. Each SMF must then submit to the regulator a Statement of Responsibilities, making it is clear how the business is set up, which specific areas of the business individuals are responsible for and the governance structures that are in place.

Prescribed responsibilities will also have to be allocated to the relevant individuals (an example of a Prescribed Responsibility: “Responsibility for the firm’s policies and procedures for countering the risk that the firm might be used to further financial crime”). Current approved persons are unlikely to have to apply for a new approval under SM&CR, but instead there will be transitioning arrangements put in place. The FCA has committed to consulting on this specific issue later in 2017.

The Certification Regime

The Certification Regime will apply to staff who are not SMFs, but whose jobs mean that they could have a significant impact on the firm’s customers, markets or the firm itself (also called ‘Significant Harm Functions’).

These individuals are not approved by the regulator, and the FCA has placed an onus on firms to certify these individuals as suitable to do their jobs at least once a year. Ultimately, this means that each year, a firm’s senior management must satisfy itself that individuals performing these roles are suitable and appropriate by ‘certifying’ them as fit and proper. A typical example of a ‘certified role’ would include functions that are subject to qualification requirements.

Conduct Rules

These basic rules will apply to almost everyone who works in financial services (excluding ancillary staff, for example, security guards or post room staff). The rules are split into two tiers, with the first covering five Individual Conduct Rules which apply to all staff, and the second applying a further four Senior Manager Conduct Cules. These rules are relatively high-level and principle-based, for example; “you must act with integrity.”

The key thing to note about the Conduct Rules is that all staff must be measured against them on an ongoing basis, and where any breach of these occurs throughout the business, firms are required to notify the regulator of its response / action taken because of the breach.

‘Core’ and ‘Enhanced’ Regimes

For the largest and most complex firms (fewer than 1% of regulated firms, or approximately 350), the FCA is advocating additional and more stringent requirements under the ‘Enhanced Regime’. The qualifying criteria for being an enhanced firm is as follows:

·         Firms that are 'significant investment (IFPRU) firms’

·         Firms that are ‘CASS Large firms’

·         Firms with Assets Under Management of £50 billion or more

·         Firms with total intermediary-regulated business revenue of £35 million or more per annum

·         Firms with annual regulated revenue generated by consumer credit lending of £100 million or more p.a

·         Mortgage lenders (that are not banks) with 10,000 or more regulated mortgages outstanding

Being an enhanced firm means that implementing all of the base requirements of the Core Regime, but in addition to these there are additional required Senior Management Functions, an increased list of Prescribed Responsibilities and firms must submit an overarching Responsibilities Map which draws together the governance structure of the entire business. To add to this, Enhanced firms also need to make sure that there is a senior manager with overall responsibility for every area, business activity and management function of the firm (Overall Responsibility), and have rigorous handover procedures for new staff coming into Senior Management roles.   

Regulatory Next Steps

The FCA is calling for the industry to provide feedback on their proposals by 3 November 2017. They will take into consideration all of the feedback received and intend to publish their final rules in 2018. The FCA also plan to consult separately on the operational aspects of the new regime, including how firms will transition into the regime.

Considerations for firms

SM&CR will require firms to give serious thought to how they are structured from a governance perspective, particularly whether current structures and individual responsibilities are logical and would stand up to challenge by the FCA.

This is a challenging requirement that should be given due focus by the whole business, particularly HR and Compliance departments, who will play a key role in the successful implementation of SM&CR. The Senior Managers Regime will require firms to consider and define the roles of relevant individuals, ensuring they hold the appropriate responsibilities. The Certification Regime and Conduct Rules will require firms to review, and potentially change, systems and controls to enable the annual attestations, training and effective fitness and propriety assessments.

Firms will have considerable planning to do in order to ensure they can evidence a culture of individual accountability and robust governance, and therefore should now be defining a clear path to success.

Read the full consultation paper