July 12, 2018

The Extension of the Senior Managers and Certification Regime to all FCA regulated firms

On 4th July 2018 the FCA published its near-final rules on how it plans to extend the Senior Managers and Certification Regime (SM&CR) to the wider financial services sector.

So what has happened already?

The SM&CR was rolled out to banks, building societies, credit unions, and PRA designated investment firms (called "banking firms") in 2016.  A modified version of the regime (the Senior Insurance Managers Regime) was also rolled out to insurers at the same time. The regulators now intend to extend the SM&CR to most financial services firms as well as to dual-regulated insurers. 

The FCA already published its draft proposals for extending the SM&CR in last year's consultation papers (CP17/25 and CP17/40).  In this briefing we set out a full summary of the key rules as they are now proposed in the FCA's latest Policy Statement (Extending the SM&CR  to FCA firms – feedback to CP17/25 and CP17/40, and near final rules - PS18/14). At the end of the briefing we summarise the key changes to the original proposals.

We have prepared a separate briefing on the extension of the SM&CR to dual-regulated insurers.  

The proposed timetable for implementation

Commencement

9 December 2019

Conduct rules apply to SMFs and Certification Staff so before commencement, firms must:

  • Identify Senior Managers and Certification Staff
  • Train them on the Conduct Rules
  • Review contracts of employment

Transitional period

One year from 9 December 2019 to 8 December 2020

During this one year period, firms must:

  • train all other Conduct Rules staff in preparation for when it applies to them at the end of the transitional period
  • assess existing Certification Staff
  • identify new in-period Certification Staff
  • assess Certification Staff hired during transitional period

Post transitional period

9 December 2020

  • Conduct Rules apply to all staff
  • Initial Certification Assessments completed
  • Firms must check that the firm's information is correct on the Financial Services Register after automatic conversion
Post 9 December 2020

Ongoing requirements to:

  • train new staff in the Conduct Rules and
  • re-certify Certification Staff as fit and proper at least annually

What are the key changes following the public consultations?

The vast majority of respondents to the consultations supported the FCA's proposals although many asked for further clarification on how the rules will apply.  As a result, some changes have been made to the original proposals and a substantial Guide for FCA solo regulated firms has been published. For a summary of the main changes, see Box A at the end of this briefing.

Appointed Representatives

The SM&CR does not apply to Appointed Representatives (ARs) (except for certain Limited Permission Consumer Credit firms that also act as ARs for other businesses).

An outline of the new regime

The three main elements that we expected from the roll out to the banking firms remain, and are called the "core regime":

  • The senior managers regime.  The most senior people in a firm will be approved by the FCA, with firms also having a responsibility to ensure they are suitable for their role (with a review at least once a year).  The senior managers will be required to have:

- A statement of responsibilities – mapping what they are responsible and accountable for;

- A duty of responsibility – meaning that if something goes wrong in an area they are responsible for, the FCA will consider if they took "reasonable steps" to stop it from happening;

- Prescribed responsibilities – these will vary by firm, and are responsibilities that the FCA will require firms to place on their senior managers.

  • The certification regime.  This will cover people who are not senior managers, but whose jobs mean they have a significant impact on customers, markets, or the firm (called "significant harm functions"). 

- These roles include proprietary traders, CASS oversight function, functions subject to qualification requirements, client dealing functions, algorithmic traders, material risk takers, and any supervisor or manager of someone who is a certified person

- These individuals will not be approved by the FCA; rather they will be approved by their own firm.Their firm will have to "certify" they are suitable (fit and proper) to carry out their job (with a review taking place at least once a year).

  • The conduct rules.  These will apply to almost all people working in financial services.  The conduct rules will be:
Row 1

You must act with integrity

Row 2

You must act with due skill, care and diligence

Row 3

You must be open and cooperative with the FCA, the PRA and other regulators

Row 4

You must pay due regard to the interests of customers and treat them fairly

Row 5

You must observe proper standards of market conduct

Additional conduct rules will also apply to Senior Managers:

SC1 You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively
SC2 You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system
SC3 You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee this effectively
SC4 You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice

So what are the key differences going to be?

  • Senior managers will be created and they will have more clear individual responsibilities and more clear accountability than previously
  • The "approved persons" regime will disappear; being replaced at the senior end by the senior management regime, but for the most part by the certification regime (which will likely include at least as many people as were previously approved persons, probably more)
  • Firms take on from the FCA their own responsibility for the certification (and assessing suitability and fitness and propriety) of individuals
  • A new duty of responsibility on senior managers, making senior managers more accountable for contraventions in the part of the business for which they are responsible
  • New "simple" code of conduct rules will apply to almost everyone in the firm
  • The regulatory referencing scheme which has been introduced for banking firms will extend to all firms in the regulated sector, so increasing the obligations around obtaining, and giving, references

And for those who have been looking closely at what banking firms have previously been subject to, what are the key differences? 

The core regime is "lighter" than the regime that the banking firms are subject to.  Banking firms also have obligations which do not apply to firms covered by the "core regime".  These are the obligations to:

  • have a full responsibilities map for their business;
  • have full handover responsibilities; and
  • have a senior manager responsible for every area of their business.

However, although these obligations are removed for firms covered by the core regime, firms who are covered by the "enhanced regime" will need to comply with these obligations.  More details are set out below on the "enhanced regime", which essentially applies to the biggest, more complex, firms. 

How does the "core regime" vary for firms?

The "core regime" applies as a rule of thumb to all firms.

There are increased obligations for firms covered by the "enhanced regime" (larger and more complex firms) and reduced obligations for firms covered by the "limited scope" regime.

In terms of how firms work out whether they are "core regime", "enhanced regime" or "limited scope", a useful diagram from the FCA Guide is reproduced below (wording underlined indicates the changes made following the FCA's consultation)[1]

An enhanced firm will have:

More senior managers

More prescribed responsibilities for those senior managers

Other requirements

As is referred to above, enhanced firms will also have to have the below in place (similar to banking firms):

  • a full responsibilities map for their business (which sets out the firm's management and governance arrangements)
  • full handover procedures (to ensure that every senior manager role has the information and materials needed to do the job effectively)
  • a senior manager responsible for every area of their business

So what will the SM roles be?

Core regime firms, and enhanced regime firms, are proposed to have the following senior manager roles (far fewer than banking firms), although there is the ability to flex these depending on what is relevant / appropriate for firms:           

Chair SMF9
CEO SMF1
Exec Director SMF3
Partner SMF 27
Compliance oversight SMF16
Money Laundering Reporting Officer MLRO

The requirements for limited scope firms will be lower.

Enhanced firms will also have to review and have as appropriate additional senior manager roles as follows:

Chief finance function SMF2
Chief risk function SMF4
Head of internal audit SMF5
Senior independent director SMF14
Chair of remcom SMF12
Chair of risk committee SMF10
Chair of audit committee SMF11
Chair of nominations committee SMF13
Group entity senior manager SMF7
Chief operations function SM25
Other overall responsibility SMF18

Core regime firms and enhanced regime firms will also have to place "prescribed responsibilities” on the senior managers including the below (limited scope firms will not be subject to this): Responsibility for:

  • performance of obligations under the senior manager regime including implementation and oversight
  • performance of obligations under the certification regime
  • performance of firm in relation to conduct rules
  • firm's policies and procedures regarding countering the risk of firm being used for financial crime
  • firm's compliance with CASS (as applicable)
  • value for money assessments,  independent director representation and acting in investors' best interests

Enhanced firms will also have to have responsibilities for:

  • compliance with rules relating to firm's responsibilities map
  • safeguarding and overseeing independence and performance of internal audit
  • safeguarding and overseeing independence and performance of compliance function
  • safeguarding and overseeing independence and performance of risk function
  • if audit function outsourced, overseeing independence and performance of that
  • developing and maintaining firm's business model
  • managing the firm's stress tests and ensuring accuracy and timeliness of information provided to the FCA for stress testing

What guidance has the FCA given on the new duty of responsibility?

The FCA will not be making any changes (other than to definitions) to its current guidance on the duty of responsibility currently applying only to banks, as set out in its Decision Procedure and Penalties manual of its handbook (DEPP).  The FCA explains its reasoning for this in its guidance set out in SP18/16, also published on 4 July 2018.

What are the proposals re Regulatory References?

The regulatory reference scheme proposed to go along with the new senior manager and certification regimes looks very similar to that brought in for banking firms.  This will require firms to request references for regulated individuals from past employers, and also to provide such references. 

This is a step up from previous referencing obligations and requirements, and is what enables firms to get the information that they need to work out if someone is fit and proper.

For more information on the Regulatory References regime for banking firms click here.

How will individuals be moved to the new regime?

For the majority of firms, the FCA plans to automatically convert existing relevant controlled functions approved under the Approved Persons Regime (APR) into Senior Manager Functions in the new SM&CR[2].  Of course, the majority of those under existing functions will not automatically convert because those roles will no longer require approval by the FCA and will not be Senior Manager roles[3]. This means the majority of firms will not need to submit anything to the FCA unless they need to change their approved individuals before conversion or apply for new approvals to be effective after Commencement (see below New and in-flight applications).

To keep the conversion process simple, there will be a different approach depending type of firm.

  • Core and limited scope firms, conversion to Senior Managers

Key points to note include:

- Senior Managers will be automatically converted wherever possible with no action required by firms

- There will be no need to perform extra checks such as mandatory criminal records checks and regulatory references because firms will already have to ensure that these individuals are, and continue to be, fit and proper

- There is just one exception to the automatic conversion rule: where a CF2 Non-Executive Director is going to perform the SMF9 – Chair function, the firm must notify the FCA using Form K

  • Enhanced firms, conversion to Senior Managers

For enhanced firms, there will be no automatic conversion to Senior Manager roles. To convert existing approved individuals to new Senior Manager Functions, enhanced firms will need to submit:

- Form K conversion notification

- Statements of responsibilities

- Responsibilities Map

Form K is used to tell the FCA who the firm wants to assign to the new SMFs, but no further approval is required if the proposed SMFs can be mapped directly from the APR.[1]  For individuals who hold these so-called "mapped functions", there will be no need to do extra checks when they are converted since firms are already required to ensure that these individuals are, and continue to be, fit and proper.

Failure to submit a conversion notification (Form K) will be a breach of regulatory requirements which means the firm will have no FCA approved individuals, risking possible enforcement action by the FCA.  Firms in this situation would then have to follow the full application process for approval of the relevant individuals, including mandatory criminal records checks and regulatory references.

  • New and in-flight applications

The FCA guide explains the process if a firm wishes to change their approved individuals before Commencement.  The key points to note are as follows:

- The existing processes for applications for controlled functions under the APR will apply right up to Commencement

- The SM&CR application forms will be available for submission before Commencement but any new approvals will only be effective from Commencement

-  An APR application submitted but not determined before the start of the new regime will be converted to an application for the relevant SMF at Commencement

What are the next steps?

Firms now have approximately 18 months to prepare for implementation of the new regime so you now need to start your preparations by considering the following:

  • Who is planning and running your preparations? Do they have a project plan?

  • What firm-type are you? Core, enhanced or limited? Use the firm checker tool in the FCA Guide.

  • Consider preparing a responsibilities map. Whilst only enhanced firms are required to produce a full responsibilities map, this could be a good exercise for all firms to carry out as it will make the transition to SM&CR far easier.

  • Check the appropriate people are in the correct approved functions before conversion of approved individuals to SM roles. This will make conversion much easier and smoother.

  • Who are your SMs going to be? Are they fit and proper? When are you getting your applications ready? What will their responsibilities be? Are their prescribed responsibilities clearly included in their statement of responsibilities? Check all prescribed responsibilities which apply to your firm are covered. Check every activity, business area and management function has been allocated to an SM under the Overall Responsibility requirement.

  • Trained your SMs? Do they know what the duty of responsibility is?  Do they know that they need to make sure happy with their statements of responsibility? Trained on the Conduct Rules?

  • Certification regime – which (if any) of the defined Certification Functions apply to your firm? Identify certified persons before Commencement. How will you assess if fit and proper, fitting these into existing HR processes? What will their training be?

  • Conduct Rules – who will they cover? Identify other Conduct Staff and ancillary staff. Understand conduct rules training and notification requirements.

  • For enhanced firms, handover procedure, and responsibilities mapping.

  • From HR perspective – review contracts, policies and procedures; how do you fit criminal records checks and regulatory reference requirements into recruitment processes?

Key Documents and Links

  • PS18/14 - Extending the SM&CR to FCA firms – feedback to CP17/25 and CP17/40, and near final rules

https://www.fca.org.uk/publications/policy-statements/ps18-14-extending-senior-managers-certification-regime-to-fca-firms

  • SM&CR: Guide for FCA solo regulated firms July 2018

https://www.fca.org.uk/publication/policy/guide-for-fca-solo-regulated-firms.pdf

  • PS18/16: The Duty of Responsibility for insurers and FCA solo-regulated firms

https://www.fca.org.uk/publications/policy-statements/ps18-16-duty-of-responsibility

Box A

Outcome of the July and December 2017 Consultations

The key changes to the FCA's proposals in CP17/40 (July 2017) are:

  • The Prescribed Responsibility (that only applied to Core firms) to inform the governing body of their legal and regulatory requirements has been removed
  • There is now an easy process for firms to tell the FCA they wish to voluntarily apply a higher regime tier (e.g. if a Core firm wishes to opt into the Enhanced tier they can do so using a notification process and a new form O, but they must be ready to comply with all the rules of the higher regime 3 months after the date Form O is submitted)
  • Three of the Enhanced criteria have been amended to smooth single-year anomalies (see updated table above where the changes have been underlined)
  • The time period for a firm to implement the Enhanced tier once they have met relevant criteria has been lengthened from 6 to 12 months. This aligns the entry transition period with the exit transition period (which applies once a firm no longer meets the relevant criteria)

The main changes to the FCA's proposals in CP17/40 (December 2017) are:

  • A number of regulatory forms have been adjusted following specific feedback
  • The REP008 reporting period for Limited Permission Consumer Credit firms have been aligned with their annual return

 

[1] See page 8 of the FCA Guide for a useful table of firm types

[2] For example, someone performing a CF10 (Compliance Oversight function) will be eligible to be converted automatically into a SMF16 (Compliance Oversight function)

[3] E.g. CF10a, CF28, CF29, CF30 and CF2 (Non-Executive Director except SMF9- Chair)

[4] See page 62 of the FCA Guide for proposed function mapping for Enhanced firms and page 54 for Core and Limited Scope firms (including branches)