As is well known, Banks have been subject to the Senior Managers and Certification Regime (SMCR) since March 2016, which has necessitated significant changes to Banks' management structures, systems and processes. It has always been the intention to roll-out SMCR to all FCA authorised firms, however there has been no detail of what this might entail.
After much anticipation, the FCA's consultation paper was published on 26 July and this briefing note summarises the proposals under consultation. This consultation is of significant importance to all FCA authorised firms not already captured by SMCR. Firms will need to start to think now about how they will comply with the proposed new regime.
- Recognising that many different types of authorised firms will soon be caught by SMCR, the FCA proposes to modify in some respects the approach already taken in relation to Banks. It is proposed that most firms will be subject to the "core regime", with larger more complex firms subject to an "enhanced regime". The "enhanced regime" comes close to the regime that the Banks are currently subject to.
- The key features of the "core regime" are proposed to be as follows:
- There will be FCA Senior Management Functions allocated to Senior Managers who will be pre- approved by the FCA. Senior Managers will then be allocated certain FCA prescribed responsibilities by the firm.
- Each Senior Manager's role will also be defined by a Statement of Responsibility and each Senior Manager will be under a corresponding individual Duty of Responsibility, non-compliance with which may result in enforcement action and censure.
- The bulk of firms' employees (so called "significant harm function" holders) that are not Senior Managers will need to be certified as "fit and proper" by the firm, rather than the FCA.
- A new Code of Conduct, amending existing Conduct Rules, will be applied to all staff.
- It is proposed that these rules will apply (with modifications) to branches of EEA and non-EEA firms. Appointed Representatives will be the subject of a later consultation.
- There will be a period of consultation to 3 November 2017. The FCA say that they will publish later this year their proposals on how existing controlled function holders will be "grandfathered" into the new regime. The FCA expects to then publish a policy statement with the finalised rules at an unspecified point in 2018.
- These are significant reforms that, if implemented in their current form, will require all FCA authorised firms to reform their documents, processes and structures.
- Tiered Application
It is proposed that the new SMCR rules will apply to all FCA authorised firms. This encompasses a very wide range of different businesses and structures. Sensibly the FCA have opted for a tiered approach:
- The "core regime", has all of the basic features of the SMCR as already applied to the Banks. This will be applied to the bulk of FCA authorised firms.
- The "enhanced regime", comes closest to the SMCR regime that the Banks are currently subject to. It includes a requirement on firms to prepare Management Responsibilities Maps and the overall responsibility function (SMF18). It also includes additional Senior Management Functions and prescribed responsibilities not in the "core regime". The "enhanced regime" regime is proposed to apply to firms based on their size (for example firms with more than £50bn of assets under management, or firms that are "CASS large firms"). It is expected to apply to around 350 firms only.
- The "limited scope" regime, will apply to a narrow band of firms who already benefit from a limited application of the current Approved Persons Regime (APR).
- The Senior Managers Regime
As with the SMCR regime that already applies to Banks, it is proposed that certain key roles are defined as Senior Management Functions (SMF) and key prescribed responsibilities, defined by the FCA, have to be allocated to those who hold these Functions. For most firms, those holding Senior Management Functions will be the existing Significant Influence Function (SIF) holders under the APR. The allocation of responsibilities will be documented through a Statement of Responsibility (and for "enhanced regime" firms, a Management Responsibilities Map).
Whilst there will be "grandfathering" provisions for existing SIFs, any new Senior Managers will have to be approved by the FCA (including the potential for regulatory interview). It is proposed that applications for approval will also need to be accompanied by a Statement of Responsibility. As under the APR, firms will also need to satisfy themselves that their candidates are "fit and proper". This will include taking up a new form of more detailed regulatory reference going back at least 6 years, and arranging for a criminal records check.
The Senior Management Functions proposed for the core regime are familiar from the existing SMCR. These include SMF1 (chief executive), SMF3 (executive) SMF16 (compliance) and SMF17 (money laundering). Notably, other than the Chairman, NEDs will not be Senior Managers. There is no territorial limit to the regime – so it will include those performing senior management roles overseas.
The prescribed responsibilities to be allocated to the Senior Managers under the core regime are also familiar from the SMCR. These are:
- Performance by the firm of its obligations under the Senior Managers Regime, including implementation and oversight.
- Performance by the firm of its obligations under the Certification Regime.
- Performance by the firm of its obligations in respect of notifications and training of the Code of Conduct.
- Responsibility for the firm’s policies and procedures for countering the risk that the firm might be used to further financial crime.
- Responsibility for the firm’s compliance with CASS (if applicable).
- Responsibility for ensuring the governing body is informed of its legal and regulatory obligations.
- Responsibility for a Fund Manager’s value for money assessments, independent director representation and acting in investors’ best interests.
As with the SMCR regime that applies to Banks, it is proposed that each Senior Manager will also be subject to an individual Duty of Responsibility. The Duty of Responsibility allows the FCA to take action against an individual when their firm has breached a requirement in the area for which they have responsibility and the individual is shown not to have taken reasonable steps to prevent that breach. This is a significant duty for senior individuals. There are already cases being brought by the FCA under the Duty of Responsibility as it applies to the Banks.
- The Certification Regime
The proposed blanket application of the Certification Regime (which requires the firm itself to assess "fitness and propriety") in the same way as it is to Banks is surprising. It will impose a significant burden on authorised firms and their processes. It is proposed that the requirement on firms to assess "fitness and propriety" will also extend to the appointment of NEDs.
Banks already subject to SMCR have aligned the certification process with existing (albeit updated) on-boarding, appraisal, notification and disciplinary processes. It seems likely that the same approach will be adopted by other authorised firms in due course. The proposed rules will also impose additional burdens on firms considering whether to grant certification, most notably the requirement to obtain a more detailed form of regulatory reference going back at least 6 years.
Those employees requiring certification (so-called "significant harm function" holders) will include: those dealing with clients, proprietary traders, those with CASS oversight and "material risk takers". Together, this will likely capture the bulk of firms' employees.
Note that in the main the certification only applies to employees based in the UK or (if outside the UK) that are dealing with UK clients. Material risk takers are an exception to this.
Unlike the SMCR regime that applies to Banks, it is proposed that individuals in charge of a significant part of the business of a "core regime" firm need not be Senior Managers (SMF18). Instead it is proposed that these individuals are certified employees. Firm's assessing the "fitness and propriety" of such individuals in due course will have to pay special regard to the significance of their responsibilities. For "enhanced regime" firms, such individuals will have to be Senior Managers (SMF18).
- New Code of Conduct
As with the SMCR regime that currently applies to Banks, the new Code of Conduct will apply to all firm's staff (save to the extent that they are ancillary to the regulated business of the firm). The Senior Managers are also subject to an additional set of key Conduct Rules.
The proposed new Code of Conduct is really a re-statement the existing rules found in the FCA Handbook. They include for all staff familiar requirements to act with integrity and be co-operative with the FCA. The Code of Conduct for Senior Managers includes requirements to take reasonable steps to oversee any person to whom responsibilities have been delegated.
The Conduct Rules are not only relevant to the question of enforcement and fitness and propriety, but breaches also trigger requirements to notify to the FCA. As with the SMCR regime that applies to Banks it is proposed that breaches of the Code of Conduct are notified to the FCA. It is proposed that for certified staff notification to the FCA is on an annual basis. For Senior Managers in breach of Code of Conduct rules, notification must be made within seven days. Note that these notification triggers supplement existing requirements to notify under Principle 11 of the FCA's Principles for Businesses and the FCA's SUP Handbook.
- What next?
The consultation closes on 3 November 2017, with implementation expected at some point during 2018.
Whilst implementation of these reforms may be many months away, it is anticipated that they will necessitate significant changes for all FCA authorised firms. Firms are advised to start to think now about certain key questions, alongside their advisors. This will help position them for the reforms to come. These questions include:
- Will the firm be subject to the "core regime", or the "enhanced" or "limited regime"?
- Which senior individuals will be Senior Managers and which are best placed to deal with the prescribed responsibilities?
- Do the proposed Senior Managers understand their new roles and the attendant responsibilities, including their Statements of Responsibility and the individual Duty of Responsibility?
- Are the firm's systems and management information flows adequate to allow Senior Managers to discharge these prescribed responsibilities?
- What in outline will be the different Statements of Responsibility for Senior Managers and (for "enhanced regime" firms) what will the Management Responsibilities Map look like?
- Which employees will be certified? Has proper thought been given to those based overseas? Do any employees have significant responsibility for a significant business unit, such that they will have to be certified to perform a Significant Management Function or SMF18's?
- Will the firm's existing systems and processes around on-boarding, appraisals, regulatory notifications and discipline accommodate the new certification requirement, or will new changes be required?
- Is the firm gathering and retaining adequate information to comply with the new regulatory reference requirements?
- In what respects will employment contracts and conduct policies have to be amended?
- What new training will be needed for staff caught by the Conduct Rules?
- Do the firms' insurance policies adequately protect it and its people?
We have brought together an experienced, multi-disciplinary team to help our clients with all aspects of the SMCR. If you have any questions about this briefing note or would like to discuss how Mishcon de Reya may be able to assist you or your firm in relation to these new changes please do contact Matt Hancock, or your usual point of contact at the firm.