In 2015 the Financial Conduct Authority (FCA) extended the SM&CR from banks, building societies, credit unions and investment firms to all regulated financial services firms, including credit-related regulated activities. Locke Lord partner Jo Davis and paralegal Timothy Anson explain the details.
The Senior Managers and Certification Regime (SM&CR) can be sub-divided into three distinct ‘pillars’:
- The Senior Managers Regime (SMR), which require senior roles to be defined and the individuals performing them to be approved by the regulator;
- The Certification Regime (CR), which require individuals capable of causing “significant harm” to either the firm or the firm’s customers to be certified on at least an annual basis by the firm; and
- Conduct Rules, that are applicable to all employees, with a few exceptions, at all levels of a firm.
Senior Managers Regime
Senior Management Functions (SMFs) are to replace Controlled Functions. An individual will be performing an SMF if:
- They are responsible for managing one or more aspects of the firms’ regulated activities, and
- Those aspects involve, or might involve, a risk of serious consequences for the authorised person, or for the business or other interests in the UK.
An SMF can be carried out by both executive functions (such as CEO, CFO etc.) and non-executive functions (chairman, chair of the risk committee etc.). Among these SMF functions, the SMR contains a number of ‘prescribed responsibilities’ that must be shared and allocated as deemed fit between SMFs.
The FCA has extended SMF functions to include all board members and individuals with overall responsibility for one or more ‘key functions’. A list of key functions has been provided by the FCA to help firms determine these individuals within the firm.
Firms will need to do the following:
- Identify your Senior Managers: Who in the organisation is engaging in an SMF? Such persons will be required to apply for approval as a Senior Manager in the same way as currently seen for Approved Persons. As part of the application, Senior Managers will be required to submit a ‘statement of responsibilities’. Firms should start by identifying what responsibilities are currently, or it is intended will be, allocated to each Senior Manager.
- Responsibilities Map: Firms will be required to prepare, maintain and update a Responsibilities Map. This is a single document describing the firm’s senior management arrangements, including details of what specific responsibilities have been allocated to each senior manager and how these duties were assigned. The FCA Handbook contains prescriptive guidance in relation to this document. Firms should prepare by analysing and documenting what responsibilities are allocated to its senior managers and identifying if there are any responsibility gaps where the FCA would expect a specific responsibility to have been allocated.
- Identify applicable prescribed responsibilities: The prescribed responsibilities were initially designed for institutions such as banks and building societies, rather than firms engaging in credit-related regulated activities. On that basis, some amendments may be made for the credit and leasing industry. However, firms should still look at the rules, identify those likely to be easily applied to credit activities, and then assess to which Senior Manager the responsibility should be allocated.
The CR applies to staff engaging in Significant Harm Functions, whereby they could pose a risk of significant harm to the firm or its customers. An individual performing a CR role will not be subject to direct approval by the FCA. Instead, a firm must take reasonable care to ensure that an employee does not perform a CR role without having first been certified by the firm as fit and proper to do so. The CR will apply to:
- Individuals performing functions that would formerly have been an SIF, but would not fall within the scope of the new senior management function.
- Individuals in customer-facing roles who are subject to qualification requirements.
- Anyone supervising or managing a certified person.
As part of assessing fitness and propriety, firms seeking to appoint someone to a senior management or a certification function must request a ‘regulatory reference’ from all previous employers for the past six years of employment. Likewise, potential employers of former employees will request regulatory references from firms, which will need to supply one. Firms will need to do the following:
- Identify who falls within the Certification Regime: Who in the organisation is engaging in a Significant Harm Function?
- Consider how the Fit and Proper test applies in your firm: Begin to plan how to assess whether an individual is fit and proper. Consider how to ensure employee certifications remain up to date, and how fitness and propriety is assessed on an ongoing basis. Finally, consider what process is required if an employee ceases to be considered fit and proper, including requirements in employment contracts.
- Plan how to respond to requests for regulatory references: Identify what you will be required to cover in a regulatory reference. Begin to consider whether your systems currently hold information to satisfy those criteria for at least six years.
The FCA will apply new conduct rules to:
- All individuals approved by the FCA as Senior Managers;
- All individuals covered by the FCA’s Certification Regime; and
- All other employees, except ancillary staff who perform a role which is not specific to the financial services business of the firm (such as receptionists, post room staff and events management).
If covered under the above, the five key conduct rules require every employee to:
- Act with integrity.
- Act with due skill, care and diligence.
- Be open and co-operative with the FCA, PRA and other regulators.
- Pay due regard to the interests of customers and treat them fairly.
- Observe proper standards of market conduct.
Senior Managers of financial services firms will also be required to:
- Take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively.
- Take reasonable steps to ensure the business of the firm for which you are responsible complies with relevant requirements and standards of the regulatory system.
- Take reasonable steps to ensure any delegation of responsibilities is to an appropriate person, and that you oversee the delegated responsibility effectively.
- Disclose appropriately any information of which the FCA or PRA would reasonably expect notice.