Sushil Kuner
Principal Associate
UK Financial Services Regulation
Head of UK FinTech Accelerator
Article
26
The Financial Conduct Authority (FCA) published its Final Rules on the extension of the Senior Managers and Certification Regime (SMCR) to all solo-regulated firms in July 2019[1]. All FCA solo-regulated firms authorised under the Financial Services and Markets Act 2000 (FSMA) will, from 9 December 2019, be subject to the SMCR which aims to strengthen individual accountability in financial services. It is therefore a culture and governance issue as much as a compliance and legal issue.
In this article, Sushil Kuner and Simon Stephen summarise the key changes and explore the practical considerations for solo-regulated firms.
Firms should treat the implementation of the SMCR seriously. One of the main purposes of the SMCR is to make it easier for the FCA to bring enforcement action against senior management and other accountable individuals. There is therefore a risk that Senior Managers who have been allocated responsibility for implementation of the SMCR also face potential enforcement action.
To put it into context the FCA's Enforcement Annual Performance Report for 2017/18[2] highlighted a stark increase in the number of open investigations relating to firms' culture and governance, demonstrating the high priority the FCA is giving to culture and governance issues. As at 31 March 2018, there were 61 such cases open compared to only 15 as at 1 April 2017.
The SMCR replaces the FCA's Approved Persons Regime (APR) and already applies to insurers, UK banks, building societies, credit unions, branches of foreign banks operating in the UK and the largest investment firms regulated by the Prudential Regulation Authority (PRA) and the FCA.
The SMCR introduces three categories of firm; Limited Scope, Core and Enhanced. Obligations of firms under the SMCR will depend on what category they fall into.
Most firms are likely to be Core firms, which will have a baseline of SMCR requirements applied.
Broadly speaking, Limited Scope firms will be subject to the fewest requirements under the SMCR and this covers all firms that currently have a limited application of the APR, including limited permission consumer credit firms, Claims Management Companies, sole traders and authorised professional firms whose only regulated activities are non-mainstream regulated activities.
A small proportion of solo-regulated firms will be Enhanced firms due to their size, complexity and potential impact to consumers and financial markets. These firms will be subject to extra rules. Key examples of Enhanced firms include:
Under the APR, the FCA approves individuals to carry out certain 'controlled functions'. These generally comprise two kinds of Approved Persons; the CF30 or 'Customer' function and the 'Significant Influence Functions' that are carried out by those closely involved in the running of the firm, for example, Directors and those in charge of compliance. Under the APR, Approved Persons are subject to the FCA's Statements of Principles and Code of Conduct for Approved Persons (APER) which set out standards of behaviour the FCA expects of them. They also need to ensure that they meet and abide by the rules laid out in the FCA's sourcebook relating to the Fit and Proper test for Approved Persons (FIT).
The SMCR replaces the APR and creates two new categories of controlled function - 'Senior Management Functions' (SMFs) and 'Certified Functions'.
People who hold a SMF ("Senior Managers") will generally be the most senior people in the firm with the greatest potential to cause harm or impact upon market integrity and will need to be approved by the FCA before starting their role. The FCA has prescribed a number of SMFs and which SMF a firm needs will depend on the category of firm, i.e. whether it is a Limited Scope, Core or Enhanced firm.
The FCA has confirmed that the head of legal function is not a SMF, due to the difficulty in applying the Senior Managers Regime to lawyers as a result of restrictions arising from legal privilege. Those performing this function will instead be subject to the Certification Regime and Conduct Rules (see below).
Every Senior Manager will have a 'Statement of Responsibility' which will need to clearly set out what the Senior Manager is responsible and accountable for. These will need to be sent to the FCA when applying for the Senior Manager to be approved under the SMCR. Senior Managers will also have 'Duty of Responsibility' under FSMA.
Core and Enhanced firms will also be subject to certain 'Prescribed Responsibilities' which are in addition to the inherent responsibilities that are an essential part of a Senior Manager's role. The FCA prescribes these responsibilities to ensure that a Senior Manager is accountable for key conduct and prudential risks. Notably, the Prescribed Responsibilities include accountability for the performance by the firm of its obligations under the Senior Managers Regime, including implementation and oversight, and performance by the firm of its obligations under the Certification Regime.
A Certified Function will be held by any employee whose role means that it is possible for them to cause significant harm to the firm or its customers. The FCA has prescribed the various Certification Functions and not all of those will apply to all firms; firms will only be required to apply those that are relevant to their business. Unlike the SMFs, holders of a Certified Function will not require pre-approval from the FCA. This will apply to the current APR CF30/Customer Function such that they will no longer require approval from the FCA. Instead, firms will need to check and confirm ('certify') that these individuals are fit and proper to perform their role at least once a year, and issue them with a certificate allowing them to perform the 'Client Dealing Function' once satisfied of their fitness and propriety.
Firms will therefore need processes in place to ensure that those responsible for certification are promptly made aware of anything which may impact the assessment (including a breach of the Conduct Rules).
It should be noted that in its recent Policy Statement 19/20, the FCA made clear that the scope of the Client Dealing Function excludes an individual who has no scope to choose, decide or reach a judgement on what should be done in a given situation and whose tasks do not require them to exercise significant skill.
Senior Managers and Certified Functions will have to continue to abide by the rules contained in FIT as to fitness and propriety, Under the SMCR the scope of conduct rules is, however, much broader. All of a firm's employees, including SMFs, Certified Functions and Non-Executive Directors, but not ancillary staff (e.g. receptionists), will need to comply with the FCA's Code of Conduct for Staff Sourcebook (COCON). So, for example, all employees (and not just the senior management) will need to comply with the obligation to treat customers fairly.
This therefore establishes a new set of minimum standards of individual behaviour in financial services. All employees - whether conducting regulated or unregulated activities - may therefore be held to account by the FCA. Internal consequence management will need to take this into account and firms will need to be able to report on conduct breaches internally as well as to the FCA.
Breaches of conduct rules are also likely to have to be reflected in regulatory references (including updating references already given when subsequent breaches are uncovered). This includes references requested for employees moving from a non-certified role to a certified role - further demonstrating the need for accurate tracking and linked up processes.
The table below summarises the key final SMCR requirements for each category of solo regulated firm, from a practical perspective.
Final SMCR Requirements for Solo Regulated Firms | Enhanced | Core | Limited Scope |
---|---|---|---|
Senior Managers Regime | |||
Pre-approval by the FCA of SMFs, except to allow cover for an SMF where the absence is temporary or unreasonably unforeseen and the appointment is for less than 12 consecutive weeks | ✔ | ✔ | ✔ |
Assessment of fitness and propriety before application to the FCA for approved of an individual as an SMF | ✔ | ✔ | ✔ |
Annual assessment of fitness and propriety of SMFs | ✔ | ✔ | ✔ |
Criminal record checks before application to the FCA for approval of an individual as an SMF[3] | ✔ | ✔ | ✔ |
Regulatory references to be obtained before appointing an individual as an SMF and to be given where another FCA authorised firm makes such a request[4] | ✔ | ✔ | ✔ |
Statements of responsibilities for each SMF holder [N.B. these must be submitted as part of any application to the FCA to approve an individual as an SMF. It should be updated after any approval when there has been any significant change in the responsibilities of the SMF] | ✔ | ✔ | ✔ |
Allocation of certain prescribed senior management responsibilities among SMFs | ✔ | ✔ | |
Criminal records checks before the appointment of any board director who is not an SMF | ✔ | ✔ | |
An up-to-date comprehensive Responsibilities Map to be maintained which describes a firm's management and governance arrangements | ✔ | ||
Ensuring that, at all times, one or more of a firm's SMFs has overall responsibility for each of the activities, business areas and functions of the firm | ✔ | ||
Ensuring that a person becoming an SMF has all the information and material that they could reasonably expect to have to perform their responsibilities | ✔ | ||
Certified Functions | |||
Ensuring that any employee performing a certification function is issued with a certificate before performing that function[5]. | ✔ | ✔ | ✔ |
Annual renewal of certificates for all employees continuing to perform certification functions[6] | ✔ | ✔ | ✔ |
Assessment of fitness and propriety before issuance or renewal of certificates for certified functions[7] | ✔ | ✔ | ✔ |
Regulatory references to be obtained before appointing an individual to perform an FCA certification function, and to be given if asked by another firm making such a request[8] | ✔ | ✔ | ✔ |
Reporting information to the FCA about the firm's Directory Persons, including its certification employees | ✔ | ✔ | ✔ |
Conduct Rules | |||
COCON directly applies to firms' employees, other than ancillary staff | ✔ | ✔ | ✔ |
Breaches of COCON to be reported to FCA | ✔ | ✔ | ✔ |
Sufficient notification to all persons subject to COCON of the rules that apply to them | ✔ | ✔ | ✔ |
All reasonable steps taken to ensure that all persons subject to COCON understand how COCON applies to them | ✔ | ✔ | ✔ |
Individuals at Core and Limited Scope firms (including branches) will be automatically converted wherever possible, with no action required by firms. As such, all firms should consider whether any changes to their current approvals are required ahead of the Commencement Date. If there has been no substantive change in a currently approved individual's role before and after the Commencement Date, firms will not have to apply for re-approval. Individuals who are not currently approved, or require additional approvals, will need to apply for each new SMF.
Enhanced firms will need to notify the FCA who they want to assign to the new SMF regime, but they will not have to re-apply for approval if the proposed SMFs can be mapped directly from the APR.
The FCA has specified, for all firms, which current controlled functions under the APR may be mapped across to the SMCR. These differ depending on whether the firm is a Limited Scope, Core or Enhanced firm.
All affected solo-regulated firms will move to the SMCR from 9 December 2019 ("the Commencement Date"). By the Commencement Date, all solo-regulated firms will have to:
In addition to the above, Core firms will need to:
Enhanced firms will have higher duties and in addition to responsibilities to responsibilities of Core firms, should:
It should be noted that Form K must be submitted by 23.59 on 24 November 2019 and that it is already available on the FCA's Connect portal.
Senior Management Functions will appear on the FCA's Financial Services Register on 9 December 2019. Therefore, on or shortly after 9 December 2019, firms should check the FCA Register to ensure they have the correct Senior Management Functions.
There is much that firms need to do in order to comply with the SMCR and as such, firms should do what they can, as early as they can, to be ready. This means that many firms will, in practice, need to overhaul their internal procedures to ensure that, not only do they reflect the SMCR and COCON, but that they are joined up and aligned. SMCR is also not just a 'compliance' issue but is something the whole firm will need to be part of. For example, information relating to misconduct investigations or disciplinary sanctions will need to feed into both the certification and reference processes.
MI is a key part of managing conduct risk and Senior Managers will also need to be suitably informed with relevant data and information in order to carry out their duties. Firms should review how MI is tracked and reported.
Firms will also need to think about how to create a culture of accountability. Senior Managers will play a key role with the 'tone from the top' and leading by example and firms should plan how this would work within their culture.
Some of the practical considerations for firms include:
If you are affected by the SMCR, now is the time to start planning for implementation. We would be delighted to advise you on how the SMCR applies specifically to your business, how to practically implement it and to review all relevant firm policies and procedures to ensure they are compliant under the new regime.
Footnotes
[1] FCA Policy Statement PS19/20 - 'Optimising the Senior Managers & Certification Regime - Feedback to CP19/4 and Final Rules' dated July 2019
[2] FCA - Enforcement annual performance report 2017/18
[3] This requirement does not apply to sole traders without employees
[4] The obligation to ask for regulatory references does not apply to sole traders without employees
[5] This does not apply to internally managed Alternative Investment Funds and certain firms that only carry out benchmark activities
[6] This does not apply to internally managed Alternative Investment Funds and certain firms that only carry out benchmark activities
[7] This does not apply to internally managed Alternative Investment Funds and certain firms that only carry out benchmark activities
[8] This requirement does not apply to sole traders without employees
CECI NE CONSTITUE PAS UN AVIS JURIDIQUE. L'information qui est présentée dans le site Web sous quelque forme que ce soit est fournie à titre informatif uniquement. Elle ne constitue pas un avis juridique et ne devrait pas être interprétée comme tel. Aucun utilisateur ne devrait prendre ou négliger de prendre des décisions en se fiant uniquement à ces renseignements, ni ignorer les conseils juridiques d'un professionnel ou tarder à consulter un professionnel sur la base de ce qu'il a lu dans ce site Web. Les professionnels de Gowling WLG seront heureux de discuter avec l'utilisateur des différentes options possibles concernant certaines questions juridiques précises.