As will now be well known, a central aspect of the new Senior Managers and Certification Regime ("SMCR") is the Code of Conduct Rules ("COCON") that apply to Senior Managers, certified employees and (from March 2017) certain other employees.
There are five individual COCON rules, with an additional four Senior Conduct rules applying to those performing a senior management function (an "SMF Manager"). As matters stand, NEDs do not fall within the scope of COCON unless they perform certain senior management functions (see below). However, the FCA and PRA are consulting on changing the rules to bring all other NEDs (so-called "standard NEDs") within the scope of COCON. The proposal is that all NEDs be subject to the five COCON rules and to Senior Conduct rule 4 (requiring an individual to "disclose appropriately any information of which the FCA or PRA would reasonably expect notice").
As matters stand under the current rules, NEDs are Senior Managers only if they perform the following roles: Chairman, Senior Independent Director and Chair of the Risk, Audit, Remuneration and Nomination Committees. There are other relevant roles for insurers not covered here. The regulators identify certain anomalies created by the current regime. First, NEDs that are not Senior Managers are not pre-approved by the FCA and as such, whilst they could be banned by the FCA in the event of misconduct, they could not be fined. This puts the UK in breach of MiFID II that requires regulators to be able to impose financial penalties against members of the management body, including all NEDs. Second, there is an obvious unfairness in a regime that will from March 2017 subject a lower level employee (such as a clerk) to COCON but which exempts a board member. Third, under the Approved Persons Regime (APR) all NEDs were subject to conduct rules (such as those in APER). In light of this, both regulators present the proposals to apply COCON to standard NEDs very much as tying up loose ends.
However, one anomaly will remain even if these changes are implemented.
- A COCON breach by a standard NED would not require to be notified to the FCA "as soon as practicable and, in any case, within seven business days" as a breach by a SMF Manager would (see SUP 10C.14.18R). Instead, such a COCON breach would only need to be reported to the FCA annually (as the position would be for certified employees and other conduct staff).
- By contrast, where there is a COCON breach by a standard NED, the PRA proposes to require notification within 7 days of the firm "determining that the relevant requirement applies" (interpreted as meaning the date of the disciplinary action for breach of COCON). The PRA's justification for this is that misconduct at board level, even if by a NED, needs to be assessed as soon as reasonably practicable, to enable the regulator to assess the safety and soundness of the firm and the regulatory system. The PRA also notes that such misconduct may be symptomatic of wider governance issues within the firm that require consideration. These seem like sensible points. We will have to see if this remaining anomaly is redressed by the FCA in their final rules.
More generally, the importance of effective non-executive directors to good board governance is very well established. That all NEDs should be subject to conduct requirements seems not only fair but an obvious way of ensuring that they discharge their responsibilities effectively. Given that NEDs were subject to individual conduct requirements under the APR, it seems unlikely that these changes (assuming implemented) will deter individuals from taking these roles.