The UK’s Senior Managers and Certification Regime (SMCR) is extended to the insurance and reinsurance sectors as of today, December 10. A package of regulatory rules and standards, SMCR is designed to fundamentally change the culture of firms and improve standards by ensuring that key responsibilities are clearly assigned to individuals, who are personally accountable, and that staff in certain positions are fit and proper to perform their roles and comply with mandatory standards of behaviour. Originally introduced in the UK banking sector in 2016 in an effort to ward off another financial crisis, SMCR is now being rolled out to the insurance and reinsurance sectors, and will be rolled out further to remaining FCA-regulated firms in December 2019.
SMCR applies from today to insurers and reinsurers proportionately to their size and risk to the markets. A full-scope SMCR regime applies to all Solvency II firms and large non-directive firms (NDFs), and a streamlined regime applies to small NDFs, small run-off vehicles, and insurance special purpose vehicles. All insurers, however, regulated by the UK’s Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) are affected.
SMCR builds on and replaces the existing regulatory framework of the Senior Insurance Managers Regime (SIMR) and Approved Persons Regime (APR). While many of the concepts of SMCR will therefore be familiar ground for insurers, there are important distinctions between the regimes, and the new certification regime is a fundamental change in approach requiring significant planning and administration.
The principal changes under the new regime for insurers are the following:
Regulatory Approval
As with SIMR, senior managers performing key roles (senior management functions) need regulatory approval before commencing their roles. Key function holders, however, and other categories of roles such as material risk takers no longer require regulatory approval. Instead, individuals occupying these roles need to be certified by the firm itself under the certification regime (see below).
Functions
SMCR introduces a number of new senior management functions (SMFs), including executive director (SMF3), compliance oversight (SMF16), money laundering reporting officer (SMF17), conduct risk oversight (SMF23b), and other overall responsibility (SMF18). The relevance and applicability of these functions will vary between firms.
New Duty of Responsibility
In keeping with the aim of SMCR to increase individual accountability, a new duty of responsibility is introduced for those identified as senior managers. In the event a regulator determines that a senior manager did not take reasonable steps to prevent wrongdoing in an area for which they are responsible, the senior manager can now be held personally accountable by the regulator and subject to direct enforcement action.
New Handover Rules
Given the focus on personal accountability (and the consequence of getting it wrong), particularly for senior managers, it is important that new incumbents to senior manager roles are properly prepared for their duties. For large insurers, SMCR introduces new handover rules, requiring firms to take reasonable steps to ensure that a person taking on a senior manager role has all the relevant material they could reasonably expect to have to do the job effectively.
New Certification Regime
The certification regime replaces the current APR, extends to a greater number of employees, and shifts the regulatory burden of certification directly on to insurers. The regime applies to all individuals other than senior managers (who must be preapproved by the regulator) performing certification functions (CFs) – in essence, any employee whose role may have an impact on customers, markets, and the insurer, including those currently designated as key function holders under SIMR and material risk takers.
Insurers need to assess and self-certify (on at least an annual basis) that each employee carrying out a CF is fit and proper to do so. Fitness and propriety are to be assessed by reference to PRA and FCA guidance, and include consideration of an individual’s honesty, integrity, and reputation; competency and capability; and financial soundness. This assessment can include a broad array of considerations, including behaviour unrelated to the certified employee’s particular role.
New Conduct Rules
Approved persons in insurers were already subject to conduct rules under SIMR and APR. SMCR’s conduct rules, however, apply to a much broader range of employees, covering all employees working in financial services (other than ancillary staff), and cover any activities (whether a regulated activity or not) that could affect the integrity of the UK financial system or impair or affect the firm’s ability to meet certain regulatory requirements. Each in-scope employee who fails to comply with the conduct rules could find themselves subject to direct enforcement by the FCA or PRA. Insurers need to ensure that each of their employees is aware of whether they are subject to the conduct rules and, for those in scope, provide training so that each employee has a broad understanding of the rules and how they apply in practice to their specific role.
Rebranding of Regulatory Documents
Scope of responsibilities documents and governance maps under SIMR are replaced under SMCR by statements of responsibilities and management responsibilities maps. This is largely a rebranding exercise, the essential purpose of each document remaining the same. Insurers need to submit a statement of responsibilities with each approval application for a new senior manager. Large insurers must also submit a management responsibilities map – a single document setting out the firm’s management and governance processes, including the allocation of regulator-prescribed responsibilities. Firms are required to update their statements of responsibilities and management responsibilities maps on an ongoing basis and significant updates must be resubmitted to the regulator.
Dealing with the black letter requirements of SMCR is only part of the picture, though. The extension of SMCR to the insurance and reinsurance sector, and (from December 2019) to the regulated financial services sector more broadly, is intended to change the culture of firms – one where personal accountability is the norm. And the FCA is expecting to see this shift in firms’ cultures.
With the formalisation of personal accountability under SMCR, it is expected that individuals will improve their conduct, rigour, and standards of decisionmaking, benefiting not only the firm but clients, customers, and consumers. It is also a top-down affair, requiring leadership and compliance from the very top in senior managers through to more junior ranks in the certified employee population.
The FCA expects leadership to set the tone, and individual accountability at all levels.
If you have any questions or would like more information on the issues discussed in this LawFlash, please contact any of the following Morgan Lewis lawyers:
London
Louise Skinner
Thomas Twitchett