The much awaited Consultation Paper (CP17/25) Individual Accountability: Extending the Senior Managers & Certification Regime ('SM&CR' or 'the Regime') was published on 26 July 2017 and closes on 3 November 2017.
View the full paper
The new SM&CR is replacing the current Approved Persons Regime and is set to come into force at a date to be decided in 2018 once the FCA publishes the final rules. The FCA will also consult on the operational aspects of the new regime, including how firms will transition into the regime. The FCA want the new regime to be proportionate and flexible enough to accommodate the different business models and governance structures of firms. In order to do so they have used the tools and principles from the earlier banking regime to create a consistency across financial services but have tailored them to reflect the different risks, size and complexity of firms subject to the extension of this regime.
Aim/Objective
The aim of the regime is to reduce harm to consumers and strengthen market integrity by creating a system that enables firms and regulators to hold people to account, by:
- encouraging staff to take personal responsibility for their actions
- improving conduct at all levels
- making sure firms and staff clearly understand and can demonstrate who does what.
The Regime
The Regime will apply to almost all financial services firms and all existing Approved Persons. It also affects incoming branches of non-UK firms that have permission to carry out any activities that the FCA regulate in the UK as well as people working in those branches. This paper does not affect approved persons of appointed representatives of firms. The FCA has said that they intend to release a new consultation in respect of this category at a later date.
The proposal is for the application of a baseline of requirements that every firm will be subject to, known as the 'core regime'. The FCA propose a reduced set of requirements for a group of firms defined as 'Limited Scope' and an 'Enhanced Regime' for larger more complex firms. Accordingly there are three main elements of the core regime that will apply to every firm, which are:
1. Senior Managers Regime
- Anyone who holds a Senior Management Function needs to be approved by the FCA prior to starting their role, as with the current Approved Persons Regime. The Firm will need to ensure that Senior Managers are fit, proper and suitable for their roles.
- A 'Statement of Responsibilities' (SoR) document will need to be in place for every Senior Manager, outlining individual responsibilities and accountability. Firms will be required to provide the SoR to the FCA when a senior manager applies to be approved, and whenever there is a major change to their responsibilities.
- Every Senior Manager will also have a 'Duty of Responsibility' so where there is an issue in an area of personal responsibility the FCA will consider whether that Senior Manager took 'reasonable steps' to prevent any issues occurring.
- The FCA also propose some new responsibilities that Senior Managers will need to be provided with, known as 'Prescribed Responsibilities'. These will be dependent upon the size of the firm.
The FCA is proposing the following Senior Management Functions for all firms (except Limited Scope Firms):
Governing functions
- SMF9 – Chair
- SMF1 – Chief Executive
- SMF3 – Executive Director
- SMF27 – Partner
Required functions
- SMF16 – Compliance Oversight
- SMF17 – Money Laundering Reporting Officer (MLRO)
Where a person holds more than one Senior Management Function, for example being the Executive Director and MLRO, the person will need to apply to the FCA for each function. This can be undertaken at the same time, but there is only one Statement of Responsibility required and it must clearly describe all of the candidates' responsibilities.
Non-UK Senior Managers overseas
There is no territorial limitation on the Senior Managers Regime which means that the Senior Managers Regime applies to anyone who performs a Senior Manager role regardless of whether they are based in or outside of the UK.
Prescribed Responsibilities for core firms
FCA are proposing six extra responsibilities ('Prescribed Responsibilities') that must be given to Senior Managers. These responsibilities are new and firms will need to carefully consider which Senior Manager is the best person to hold one or more of each of these Prescribed Responsibilities. Each of the responsibilities described should be given to the Senior Manager who is the most senior person responsible for that issue. These responsibilities do not apply to Limited Scope Firms.
| PR | Description |
| 1 | Performance by the firm of its obligations under the Senior Managers Regime, including implementation and oversight |
| 2 | Performance by the firm of its obligations under the Certification Regime |
| 3 | Performance by the firm of its obligations in respect of notifications and training of the Conduct Rules |
| 4 | Responsibility for the firm's policies and procedures for countering the risk that the firm might be used to further financial crime |
| 5 | Responsibility for the firm's compliance with CASS (if applicable) |
| 6 | Responsibility for ensuring the governing body is informed of its legal and regulatory obligations |
| 7 | Responsibility for an AFM's value for money assessments, independent director representation and acting in investors 'best interests' |
Limited Scope Firms (currently holding CF8 Apportionment and Oversight and expected to come under SMF29) are defined as:
- Sole traders
- Authorised professional firms whose only regulated activities are in non-mainstream regulated activities
- Oil market participants
- Service companies
- Energy market participants
- Subsidiaries of local authorities or registered social landlords
- Insurance intermediaries whose principal business is not insurance intermediation and who only have permission to carry on insurance mediation activity in relation to non-investment insurance contracts
- Internally managed AIFS.
Enhanced regime
Those firms falling within the definition of 'enhanced regime' will have additional requirements placed upon them, such as additional senior management functions and additional prescribed responsibilities, overall responsibility, responsibility maps and handover procedures. Firms that have been proposed as 'enhanced firms' are:
- Firms that are 'significant investment' (IFPRU) firms
- Firms that are 'CASS Large firms'
- Firms with Assets Under Management of £50 billion or more
- Firms with total intermediary regulated business revenue of £35 million or more per year
- Firms with annual regulated revenue generated by consumer credit lending of £100 million or more per year
- Mortgage lenders (that are not banks) with 10,000 or more regulated mortgages outstanding.
2. Certification Regime
The Certification Regime is applicable to members of staff whose role enables that person to have a significant impact on customers, markets or the firm. The FCA will not 'approve' these people, but firms will need to certify that these individuals are suitable for their role. Suitability will need to be assessed annually with a certificate held on file for each person who holds such a position. Where someone is performing more than one Certification Function, a firm will need to certify and document that person as fit and proper to carry out each function although only one certificate covering all functions is required.
The Financial Services and Markets Act (FSMA) defines a Certification Function as 'one that requires the person performing it to be involved in one or more aspects of the firm's affairs, so far as relating to a regulated activity, and those aspects involve, or might involve, a risk of significant harm to the firm or any of its customers.'
The FCA proposes to make the following roles Certification Functions:
| Certification Function | Overview |
| Significant Management Function (based on current CF29) |
These individuals perform functions that would have been Significant Influence Functions under the FCA Approved Persons Regime. These important roles can seriously impact the way the firm conducts its business. |
| Proprietary traders (also covered by current CF29) | |
| CASS oversight function (current CF10a) | |
| Functions subject to qualification requirements | This includes, for example, mortgage advisors, retail investment advisers and pension transfer specialists. The full list is set out in the FCA's current Training and Competency Sourcebook. |
| The client dealing function |
This function will be expanded from the current CF30 function to apply to any person dealing with clients, including retail and professional clients and eligible counter-parties. This will cover people who:
|
| Anyone who supervises or managers a Certified Function (directly or indirectly) but is not a Senior Manager | This will ensure that people who supervise certified employees are held to the same standard of accountability. It also ensures a clear chain of accountability between junior certified employees and the Senior Manager ultimately responsible for that area. For example, if a firm employs a customer-facing advisor, every manager above them in the same chain of responsibility will have to be certified (until the Senior Manager approved under the SMR is reached). |
| Material Risk Takers | The concept of material risk takers (also known as Remuneration Code staff) already exists under SYSC 19 but they are not currently controlled functions that the FCA approve. They are a category of staff that fall under AIFMD, UCITS, IFPRU and BIPRU are required to identify under the current FCA regime. These firms need to consider all types of risk when identifying their material risk takers, including those of a prudential, operational and reputational nature. All of these material risk takers will be covered by this certification function. |
| Algorithmic trading |
This function includes people with responsibility for:
|
The Certification Regime only applies to employees of firms and does not apply to Non-Executive Directors. If the above roles do not apply to your firm, then you will not have any certified staff and you will not be required to apply the Certification Regime.
The FCA has proposed that Significant Management Certification Functions applies to someone with 'significant responsibility for a significant business unit'. That is people who are below Senior Managers who are responsible for business units that, on account of their size, nature or impact, are considered 'significant' by their firm.
3. Conduct Rules
These are basic rules that will apply to almost every person who works in financial services. They include 'acting with integrity' and 'treating customers fairly'. The Conduct Rules are about improving the behaviour of all staff in financial services firms.
FCA are proposing to apply two tiers of Conduct Rules to all firms.
| First Tier – Individual Conduct Rules | |
| 1 | You must act with integrity. |
| 2 | You must act with due care, skill and diligence. |
| 3 | You must be open and cooperative with the FCA, the PRA and other regulators. |
| 4 | You must pay due regard to the interests of customers and treat them fairly. |
| 5 | You must observe proper standards of market conduct. |
| Second Tier – Senior Manager Conduct Rules | |
| SC1 | You must take reasonable steps to ensure that the business of the firm for which you ae responsible is controlled effectively. |
| SC2 | You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system. |
| SC3 | You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively. |
| SC4 | You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice. |
Who the conduct rules apply to
The FCA propose that the Conduct Rules apply to:
- all Senior Managers
- all Certified Functions
- all Non-Executive Directors who are not Senior Managers
- all other employees, except ancillary staff (ie people who do not perform a role specific to financial services).
There are some exceptions to these Conduct Rules and the FCA has listed a comprehensive but not exhaustive list of those roles that they consider are ancillary and therefore out of scope of the Conduct Rules. They comprise:
| Receptionists | Events management | Medical staff |
| Switchboard operators | Security guards | Active records management |
| Post room staff | Invoice processing | Drivers |
| Print room staff | Audio-visual technicians | Corporate Social Responsibility staff |
| Facilities management | Vending machine staff | Data controllers and processors under the Data Protection Act |
| Cleaners | Personal assistants and secretaries | Human Resources administrators/processors |
| Catering staff | Information Technology Support (ie helpdesk) |
Fit and proper requirements
One of the key features of the SM&CR is to reinforce the need for firms to take responsibility for their staff being fit and proper to undertake their roles. There are currently numerous rules around qualifications, training, competence and personal characteristics that already appear in the FCA’s Handbook, FIT. As such, the FCA has stated that at this stage they do not propose introducing any new rules. However, new requirements are outlined in the consultation paper requiring firms to collect new forms of evidence when assessing candidates for Senior Management roles, Certification Functions or Non-Executive Directors (even if they are not a Senior Manager). These new requirements comprise:
Criminal records checks for Senior Managers
- Current Approved Person applications require firms to declare if a candidate has a criminal record (including any spent convictions for which there is a legal right to make the employer aware). This will continue for Senior Manager applications. However, the FCA is also proposing that firms undertake a criminal records check as part of each Senior Manager application for approval. This requirement will also apply to Non-Executive Directors who are not Senior Managers where a fitness requirement already applies to them.
- As a result of the above firms will have to register with the Disclosure and Barring Service (DBS) and the equivalent agencies in Scotland and Northern Ireland. FCA has stated that smaller firms may need to use an umbrella organisation as an intermediary.
- The FCA are also proposing that where a candidate has spent a considerable amount of time working or living outside the UK firms should consider taking an equivalent check with the appropriate overseas regulatory body where available.
- Criminal record checks for Certification Functions are not currently being considered to be mandatory.
Regulatory references for Senior Managers and Certification Functions
- In line with the recommendations of the Fair and Effective Markets Review (FEMR) the FCA propose to require firms to request a reference from Senior Management and Certification Function candidates' past employers – known as 'regulatory references'. These will also apply to Non-Executive Directors who are not Senior Managers.
- The proposed new rules require firms to:
- request a reference from all previous employers in the past six years for people applying for Senior Manager, Certification and non-approved Non-Executive Director roles
- share information between firms in a standard template
- disclose certain information going back six years, including details of any disciplinary action taken due to breaches of the Conduct Rules and any findings that the person was not fit and proper.
- disclose any other information relevant to assessing whether a candidate is fit and proper (e.g. the number of upheld complaints), covering the previous six years (unless it relates to serious misconduct, in which case there is no time limit) – firms will need to use their judgement when considering what is relevant, on a case-by-case basis
- retain records of disciplinary and fit and proper findings going back six years
- not enter into arrangements that conflict with their disclosure obligations (e.g. non-disclosure agreements)
- In addition firms will need to update regulatory references where new, significant information comes to light.
- A Senior Manager will also be accountable for the firm's regulatory reference obligations as this is part of Prescribed Responsibilities 1 and 2.
Training and notification requirements
FSMA requires firms to make individuals who are subject to the Conduct Rules aware that this is the case, and train them in how the rules apply to them. FSMA also requires firms to notify the FCA when disciplinary action has been taken against a person for any reason specified by the FCA. The FCA propose to require notification of disciplinary action only if that action was because of breaches of the Conduct Rules. For Senior Managers, the FCA are proposing that firms notify them of any such breaches within seven business days of the firm becoming aware of the matter. The method and forms to use for such notifications will form part of the technical consultation paper that will be published later this year.
Preparation for SM&CR
Whilst these matters are under consultation, there are some steps a firm can take to prepare for SM&CR:
- Determine which regime your firm will be subject to
- Categorise your staff, who will be Senior Managers and Certified Staff
- Determine what training will be required
- Determine which Senior Managers will be affected by the Prescribed Responsibilities
- Consider mapping the management responsibilities and reviewing current job descriptions to aid with the drafting of SoRs.
