On 7 March 2016, two new regulatory regimes governing the accountability of senior managers will take effect—the Senior Managers and Certification Regime will cover the banking sector, and the Senior Insurance Managers Regime will cover insurers.
In a surprising u-turn, the UK government announced in October that it was dropping the most controversial aspect of the Senior Managers and Certification Regime (SMCR): the presumption of responsibility that reversed the burden of proof from regulator to individual. Less surprising was the government’s decision to extend the scope of SMCR to all authorised financial services firms come 2018.
The UK banking sector has seen a marked increase in scrutiny and direct intervention by regulators in recent years intended to address the shortcomings in professional standards exposed by the financial crisis of 2008. The Parliamentary Commission on Banking Standards (PCBS), established in June 2012, concluded that a lack of accountability and poor governance within financial institutions contributed to the mismanagement of key risks and, in turn, a heightened public distrust in the industry.
In response to PCBS recommendations, the Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA or the Regulators) released a joint consultation paper on 20 July 2014 with their specific proposals for creating a new regulatory framework. This framework, the SMCR, was designed to replace the current Approved Persons Regime (APR) and strengthen the regulation of individuals at the top of relevant firms. Currently, the scope of the SMCR captures UK banks (including UK branches of foreign banks), building societies, credit unions, and PRA-approved investment firms (broadly, investments banks). Recent developments at the government level have indicated that the SMCR will be extended to the wider financial services industry in 2018.
The SMCR will replace the APR for banking sector firms beginning 7 March 2016. It will have three main components:
The SMR will directly replace the APR in its application to senior individuals recognised by the FCA or the PRA as performing a senior management function (SMF). The Regulators have specified up to 17 SMFs that firms need to allocate to their senior managers. The Regulators have also identified 30 prescribed responsibilities that must be assigned to SMFs to ensure that an individual is accountable for every aspect of a regulated activity within a firm. SMF holders are those responsible for managing certain areas of a business or involved in decisions that could have a significant impact on the firm or its customers. These include every individual on the board of the relevant firm and, for larger and more complex firms, executive committee members.
All SMFs will be mandatory except for the “other overall responsibility function”; a role otherwise not identified as an SMF where an individual has overall responsibility for one or more key functions or identified risks not managed by one of the mandatory SMFs. The Regulators must pre-approve staff holding SMFs. Firms need to provide for individuals already approved under the APR to be “grandfathered” into SMFs under the SMR. New appointments, or any material change in role for currently approved individuals, will require an application to be filed with the Regulators accompanied by a statement of responsibilities for each candidate and a management responsibilities map. This is intended to remove practical barriers to enforcement and make it easier for the Regulators to hold senior managers personally accountable for a failing of violations.
The Regulators appear to have taken a firmer stance on the applicability of the SMCR to nonexecutive directors (NEDs). In summary, NEDs will fall into one of two categories under the SMCR: (1) pre-approved NEDs and (2) unapproved NEDs. The first category of NEDs require pre-approval by the Regulators and include the chairman, senior independent directors, and those who chair key committees. Unapproved NEDs or “notified” NEDs originally fell outside the scope of the SMCR and Rules of Conduct because they are not considered “employees” for the purpose of the SMCR. The bill has, however, extended the Rules of Conduct’s so that it will apply to all those who sit on a board of a relevant firm (including NEDs). NEDs are already subject to the FCA’s current approved persons regime and risk enforcement action for breach.
The CR will apply to individuals who do not carry out SMFs but are employed in positions where they could pose a risk of significant harm to their firm or any of its customers. This component of the new regime will cover the next level of management and any “material risk takers” to ensure that anyone with the ability to cause “significant harm” within a firm is fit and proper. The CR requires firms themselves to assess the fitness and propriety of individuals allocated “significant harm functions”, both at the recruitment stage and on an annual basis. Unlike the SMR, appointments for certified function holders will not be subject to prior regulatory approval.
Under the SMCR, the Regulators will set out core standards with which the majority of employees who work in relevant firms will be expected to comply. The rules will provide the framework against which the Regulators can judge an individual’s actions and will replace the FCA Statements of Principle and Code of Practice for Approved Persons.
In drawing up the rules, the Regulators appear to have taken different approaches in respect of their scope and enforcement powers, as reflected in their respective rulebooks. Consideration must therefore be given to both the FCA’s Individual Conduct Rules and Senior Management Conduct Rules as set out in the FCA rulebook and the PRA’s Conduct Rules as set out in the PRA rulebook. The Rules of Conduct will apply in conjunction with the SMCR but will also apply to the broader range of staff, the objective being to instil good standards of conduct across the entire financial services industry.
The introduction of criminal sanctions under the Financial Services (Banking Reform) Act 2013 means that, under the SMCR, individuals who hold SMFs or certified functions will be subject to unlimited fines, remuneration clawback, lifetime bans, and up to seven years’ imprisonment for reckless misconduct in the mismanagement of a bank.
Monitoring and Enforcement of the Rules of Conduct
Firms should train staff who will be subject to the rules so that they are able to understand and comply with the rules. Where there is a breach or suspected breach by a senior manager, the Regulators originally proposed that a firm be required to notify the Regulators. However, the position has recently changed. Firms will be pleased to know that the government recently abolished the onerous statutory requirement to report breaches and suspected breaches. According to HM Treasury, the rationale for this decision was that the change would “result in a reduction in the cost to business of complying with” the SMCR.
Nonetheless, firms should keep in mind s64c(1) of the Financial Services and Markets Act 2000 (FSMA), which, beginning 7 March 2016, will require firms to notify the Regulators if they take disciplinary action against an employee for behaviour that amounts to a breach of the Code of Conduct.
The Regulators require each firm to maintain and update a document(s) that summarises the firm’s management and governance arrangements. This is to ensure that the allocation of responsibilities to senior managers within a firm does not leave any gaps in accountability. Firms are advised to act expeditiously in conducting an audit of the existing organisation against the SMCR to develop an interim and long-term plan for compliance with the new regime.
Statements of Responsibility
A senior manager’s application for approval must be accompanied by a statement of responsibility that clearly sets out the area(s) of the firm’s regulated activities that the individual is responsible for. Each individual who holds an SMF must agree with and attest to his or her statement of responsibility and ensure it is upheld continuously. The statement must be updated and resubmitted if there is a significant change in an SMF holder’s responsibility.
Individuals currently subject to the APR can be “grandfathered” into the corresponding SMF roles as long as the roles are equivalent. Broadly, a grandfathering notification form must be submitted to the Regulators by 8 February 2016 accompanied by corresponding statements of responsibility for each individual and the firm’s responsibilities map.
On 6 October 2015, the Regulators issued a joint consultation paper on regulatory references that takes into account the recommendations of the Fair and Effective Markets Review. Key proposals for relevant firms include the following:
All firms must disclose all relevant information in references. The FCA proposes that a failure to comply with the requirement to provide a reference under the new rules should be actionable for damages. The Regulators intend to publish the final rules for regulatory references in a policy statement in early 2016. We will cover this development in detail separately.
On 14 October 2015, the Bank of England and Financial Services Bill was introduced in the House of Lords with proposals to significantly change the scope of the SMCR. The key points in the bill that will affect the SMCR include extending the regime beyond the banking sector and abolishing the proposed controversial “presumption of responsibility” or “reverse burden of proof.”
Abolishing the Presumption of Responsibility
The presumption of responsibility had previously been trumpeted by both the government and the FCA as a key tool under the SMCR to hold all senior managers to a clear standard of professional behaviour. Under the presumption of responsibility, a senior manager was deemed to be individually accountable for his or her senior management function in which a contravention occurred, unless he or she could prove that all reasonable steps had been taken to prevent or mitigate the wrongdoing. Failure to do so could have resulted in enforcement action against the senior manager personally. This was a highly controversial aspect of the Banking Reform Act 2013 when it was introduced.
On 15 October 2015, HM Treasury announced plans to scrap the presumption of responsibility and to replace it with the “duty of responsibility.” This will impose a statutory duty on senior managers to take reasonable steps to prevent regulatory breaches in their area of responsibilities.The burden of proving misconduct will, however, fall on the Regulators, as with other regulatory enforcement actions.
The government has suggested that abolishing the presumption of responsibility is to ensure that the SMCR could be enforced without possible legal challenges as to whether the rules breached European human rights laws. The government has also stated that the presumption of responsibility would mean that firms would “incur greater costs”for compliance,whilethe FCA has suggested that it “risked distracting senior management within firms from implementing both the letter and spirit of the regime.”
Extension of the SMCR
The bill has also outlined the proposal for the 2018 extension of the SMCR beyond banks and PRA-designated firms to encompass all financial institutions authorised by either one of the Regulators. This would include investment firms, asset managers, insurance and mortgage brokers, and consumer credit firms. HM Treasury argues that extending the SMCR across the entire financial services industry “will create a fairer, more consistent and rigorous regime for all authorised financial services firms.”
The scale of this change should not be underestimated. By 2018, approximately 200,000 individuals at around 60,000 UK financial institutions will be subject to the extended SMCR. The key features of the SMCR as it will apply to this new population will be applied subject to the principle of proportionality, which should help reflect the diverse business models then operating in the UK and mitigate the impact on smaller firms. The Regulators will need to consult on the specifics of how the SMCR might apply to the differing types of financial institutions; however, the SMCR will not take effect for these firms until 2018.
In relation to insurers, the Regulators were mandated to update their existing APR by the EU Solvency II Directive, regardless of actions being taken in the banking sector. The PRA has introduced the Senior Insurance Managers Regime (SIMR), a bespoke regime for insurers that aims to (1) ensure that all insurance firms and groups have a clear and effective governance structure and (2) clarify and enhance the accountability and responsibility of individual senior managers and directors.
The PRA Rulebook will contain all the rules underpinning the SIMR when they take effect. Key elements of the regime include the following:
Intriguingly, HM Treasury has indicated that the SMCR will be extended to insurers as of 2018, which suggests a short shelf-life for the SIMR. The government stated that the PRA’s SIMR has paved the way for the application of the SMCR to insurers by incorporating substantive ideas and principles underpinning the banking regime.
1 January 2016
8 February 2016
7 March 2016
7 September 2016
7 March 2017
If you have any questions or would like more information on the issues discussed in this LawFlash, please contact any of the following Morgan Lewis lawyers:
 HM Treasury: Senior Managers and Certification Regime: extension to all FSMA authorised persons (October 2015).
 Statement from the Financial Conduct Authority following the announcement by HM Treasury of changes to the Senior Managers’ Regime (15 October 2015).
 HM Treasury: Senior Managers and Certification Regime: extension to all FSMA authorised persons (October 2015).