On 4 July 2018, the Financial Conduct Authority (“FCA”) released ‘The Senior Managers and Certification Regime: Guide for FCA solo-regulated firms’ on the extension of the Senior Managers and Certification Regime (“SM&CR”) to the all FCA solo-regulated firms authorised under FSMA, as well as EEA and third country branches. Additionally, to deliver the cultural, operational and organisational changes required, the FCA has confirmed that firms should already be formulating their SM&CR strategy and change programmes for an implementation date of 10 December 2018 for insurers and 9 December 2019 for asset and wealth managers.
As there have been no significant changes in the near final rules compared to the initial proposals (CP17/42) the FCA are minded that no forbearance or leniency will be given to firms who are not wholly compliant with the new rules and requirements on the implementation dates noted above. Coupled with this, the FCA have been generous with the exceedingly long lead time given to firms to implement the regulation.
The FCA’s intended outcomes for SM&CR are to prevent consumer harm and strengthen market integrity. This is intended to be achieved by increasing the accountability of senior managers, focusing on robust governance and by setting higher (if not stricter) conduct standards for staff at all levels within organisations.
Responding to calls from the industry to clarify the application of the conduct rules, the FCA has provided additional guidance and industry specific examples. Now, firms need to develop their own internal conduct risk frameworks and test them to ascertain whether they are likely to meet the FCA’s intended outcomes.
Clarifying the scope of rules for firms that conduct both regulated and unregulated business, the FCA has confirmed that the rules under SM&CR only relate to regulated activities and those functions that support regulated business, such as middle or back office functions.
Proportionality – Defining your firm’s type
Within the FCA’s near final rules, they have published a tool for individuals to assess their SM&CR firm type. If you are a firm that is currently subject to a limited application of the Approved Persons Regime, then you will be a Limited Scope SM&CR firm. If your firm is not and you are a firm that is not currently exempt, then you will be a Core SM&CR firm. Although, your firm will be an Enhanced SM&CR firm if any one of the following bullet points apply:
- You are a ‘Significant IFPRU Firm’;
- You are a ‘CASS Large Firm’;
- Your firm has Assets Under Management of £50 billion or more based on a three-year rolling average (The submission date (return due date) of the first FSA038 return that takes the firm over a three-year rolling average of £50 billion assets under management);
- You are a firm with total intermediary regulated business revenue of £35 million or more per annum, calculated as a three-year rolling average (The submission date (return due date) of the first RMA-B return that takes the firm over a three-year rolling average of £35 million intermediary revenue.);
- Your firm has an annual revenue generated by regulated consumer credit lending of £100 million or more calculated as a three-year rolling average (The submission date (return due date) of the first CCR002 return that takes the firm over a three-year rolling average of £100 million consumer credit lending revenue); or
- You are a mortgage lender or administrator (that is not a bank) with 10,000 or more regulated mortgages outstanding.
A firm’s first steps should include an analysis of the impact of the requirements under SM&CR on the firm’s current arrangements. This would include the firm’s structure in its current form, proposed scope under SM&CR (‘Limited’, ‘Core’ or ‘Enhanced’), policies & procedures, systems & controls, reporting & management information.
When it comes to SM&CR programmes, firms need to ensure they have senior management buy-in and include representatives from all key business areas, including legal, compliance, HR and IT.
The FCA identifies Senior Management Function (SMF) roles as the most senior people in a firm with the greatest potential to cause harm or impact upon market integrity. Under the SM&CR regime the FCA will continue to approve such individuals before they perform an SMF role at a firm. The SM&CR introduces the requirement for firms to consider and produce a Statement of Responsibility (SoR); a single document that each Senior Manger must have to outline what they are responsible and accountable for. Firms will need to submit this to the FCA when they are making a Form A application for an SMF. Firms will also need to keep this up to date and resubmit it when there is a significant change to a Senior Managers responsibility.
Prescribed Responsibilities and the sharing of responsibilities
The FCA will publish all Prescribed Responsibilities within SYSC 24 of the FCA Handbook and each firm should review this and assign responsibilities to the relevant Senior Manager as appropriate.
In the near final rules, the FCA has provided guidance on how responsibilities can be allocated. They have paid special attention to areas that have different departments having responsibility for different parts of a process chain. In the publication, the regulator commented that responsibilities should not be shared across different ‘lines of defence’. For example, if an Executive Director has oversight of financial crime policies and procedures, the fact that compliance is involved in the process does not mean they [compliance] should have the responsibility for that area split with them. Instead, in this instance, the role of compliance would be included in the Supplementary Information part of the Statement of Responsibilities.
When it comes to culture, the FCA has confirmed that there is no prescribed responsibility for this area. Culture is the responsibility of everyone within a firm and not of a particular individual.
For employees of the firm that are not approved by the FCA for an SSMF, but whose activities have a significant impact on customers, the firm and/or market integrity under SM&CR, the firm will be required to certify such individuals on at least an annual basis.
Firms will need to consider and issue certificates to staff members whose role meets the definition of a Certification Function. The FCA has issued guidance in terms of factors that firms should consider as part of the certification process and also detail with regard to the information that should be included with the certificates issued by the firm. The FCA highlight that if the firm does not have any individuals performing a Certification Function then the Certification Regime will not apply.
Whilst firms will have to identify staff subject to the Certification Regime when the SM&CR is implemented, firms will have 12 months from this date to complete the initial certification process.
Fitness & Propriety and Reasonable Steps
Under SM&CR firms must ensure that all staff are fit and proper to perform their roles. It will be mandatory for firms to undertake criminal record checks for SMF roles and they should consider undertaking them if appropriate for Certification Functions.
Additionally, firms should ensure they obtain a regulatory reference for an individual who is seeking to perform an SMF. The FCA is prescriptive about the information such a reference should include.
Conduct rules are to apply to all staff within a firm except for ancillary staff (cleaners, receptionists etc.). The conduct rules will be split into two clear tiers; Individual Conduct Rules and Senior Manager Conduct Rules. This in essence mirrors the current regime of Principles and Code of Practice for Approved Persons. The second tier which focuses on SMF holders is attempting to achieve the aim of reflecting that their duty is to oversee and run the firm effectively.
Firms must ensure Senior Managers and Certification Staff have been trained on the new Conduct Rules at the date of SM&CR implementation.
Firms should note that they will be required to report to the FCA when disciplinary action has been taken against a person for a breach of the Conduct Rules. If the breach was by a Senior Manager this should be notified within seven business days. For breaches by all other individuals these should be reported to the FCA via the new REP008 GABRIEL return.
Due to the nature of the regulation when it comes to scope and territoriality, in some situations, overseas based senior managers and certified persons will be captured by SM&CR, although the FCA is continuing with its proposed approach to the territorial limitations for certified and conduct staff. The FCA is waiting until there is clearer guidance relating to Brexit before it will give further guidance for UK branches of EEA firms.
As we make our way towards 9 December 2019, we will continue to update this article or produce additional ones as and when further information becomes available.
Firm should consider the impact SM&CR will have upon their firm and any action that they are required to take to ensure full compliance with the regime upon implementation. If you have any questions or would like assistance in making such assessment or project planning for SM&CR, please contact us at: firstname.lastname@example.org