As readers will know, Senior Managers and Certification Regime ("SM&CR") replaced the Approved Persons Regime ("APR") for the majority of solo-regulated firms on 9 December 2019. The Certification Regime ("CR") applies to employees whose role (broadly) means it is possible for them to cause significant harm to the firm, its customers or the market more generally. Unlike its predecessor, the APR, the CR places the responsibility on firms to assess and certify that the relevant individuals are fit and proper to perform their role at least once a year. Importantly, it requires firms to engage with what fitness and propriety means and how, practically, they will go about assessing this, knowing it is highly likely the FCA, be it Supervision or Enforcement, may scrutinise the decision it makes.
The FCA has recently published 'positive' and 'negative' indicators relating to the way in which it expects firms to assess the fitness and propriety of their Senior Managers and Certified Persons. See here for the full list which is summarised below.
In light of this and HM Treasury agreeing that the deadline for firms to assess the fitness and propriety of their Certified Persons will be delayed from 9 December 2020 to 31 March 2021, firms have an opportunity to ensure they have effective systems and controls to make the best business decisions and to withstand potential scrutiny from the FCA.
The full list of indicators can be found in the FCA's publication and should be read by SMCR firms. However, in summary, the key indicators are:
- Rubber stamp exercise: The FCA does not want certification to be a "rubber stamp exercise" where "nothing new" is identified. There should be the scope for certified individuals to fail the certification test.
- Oversight: Whilst the FCA will understand that senior managers are likely to delegate this responsibility, it does expect the appropriate senior managers with the relevant responsibilities to have "adequate oversight".
- Integration into performance management process: The FCA expects that the fitness and propriety process has been "introduced and integrated into existing HR/performance management processes" and not just assumed to have been covered by the existing framework.
- Fitness and propriety panels: The FCA expects panels, which "include senior managers" to be used in "marginal cases". This is understandable in showing considered decision making given the harm a certified person could cause.
- Regulatory references: The FCA expects that a regulatory reference discloses misconduct/relevant concerns and that they are produced in a timely manner. References that do not would defeat the purpose.
Whilst the indicators should be read in full, there are two key themes that require further consideration.
- Systems and controls: Firms to have appropriate systems and controls to address the new certification requirements.
Considered fitness and propriety assessments can and should be challenging from time to time and involve difficult judgments. For example, when do comparatively low level competence or conduct issues cumulatively trigger concerns about fitness and propriety? Ought firms ever give individuals a "second chance" when it comes to fitness and propriety? The FCA is not offering answers to these difficult questions. Rather, it is sensibly urging firms to put in place proper documented systems and controls, to enable a decision within a reasonable range. The corollary of this approach must be that where firms do get a certification decision "wrong" they will be less vulnerable to FCA scrutiny if their systems and controls are robust.
The salient question for firms then is how existing systems and controls, including traditionally human resources-led systems such as appraisals, disciplinary and grievance processes, will be enhanced or re-configured in light of these new indicators? For example, will the architecture related to performance management processes be amended given the need to assess competence? How will non-financial misconduct (as a component of fitness and propriety) that takes place both within and outside the workplace, which is a key focus of the FCA in its culture agenda, be integrated into this framework? How will an integrated approach to assessing fitness and propriety, both annually and on ad-hoc basis, by risk, compliance, legal and human resources teams work in practice to ensure consistency of decision making?
- Senior management involvement: Meaningful senior management involvement.
Oversight of the firm's compliance with the certification regime is a prescribed responsibility (PR 2) that must be allocated to the appropriate Senior Manager(s). The prescribed responsibilities are applicable to all firms but Limited Scope Firms and EEA branches. The FCA has always said that Senior Managers may delegate with oversight, whilst retaining ultimate responsibility. The indicators make clear that the FCA anticipates that Senior Managers (not necessarily just those with the prescribed responsibility) have meaningful information and involvement in the certification process. This is not something that can be operated simply by the human resources function. This also means that all Senior Managers, but particularly those with the prescribed responsibility for certification must understand not only the regulatory requirements but also understand and be engaged with the firms systems and controls for dealing with certification.