UK: Senior Managers And Certification Regime

In July 2018 the UK Financial Conduct Authority (FCA) published its near-final rules on extending the senior managers and certification regime (SMCR) to all firms regulated by the FCA. All FCA regulated firms will need to comply with these rules from 9 December 2019, and with SMCR now on the horizon, both employers and employees, senior managers and other employees within regulated firms will need to understand how it will affect them.

Hosted by our financial services and employment experts, this podcast will give you access to specialist industry speakers.

Topics that will be discussed include:

  • clarifying how the SMCR applies to different tiers of firms;
  • the new categories of senior management functions;
  • the new requirements relating to statement of responsibilities, the responsibilities map, the certification regime, the conduct rules and the prescribed responsibilities;
  • the new training requirements; and
  • the transitional provisions.

Transcript

Ian Mason: Hello and welcome to this Gowling WLG Podcast on the FCA Senior Managers and Certification Regime. My name is Ian Mason. I am a Partner in Gowling and Head of the Financial Services and Regulatory Team.

Jonathan Chamberlain: And I am Jonathan Chamberlain. I am a Partner in the Employment Labour and Equalities Team, and I am going to be talking about some of the people aspects of how these new regimes will be implemented.

Ian: And I am going to be talking about FCA Compliance issues.

Why do you need to worry about the FCA Senior Management Regime? The FCA published its near final rules and guidance on the Senior Managers and Certification Regime in July 2018 for FCA solo regulated firms and insurers. The SMCR applies from 10 December 2018 for insurers and re-insurers and from 9 December 2019 for solo regulated firms, which is going to be most FCA regulated firms. The original Senior Managers Regime was rolled out to banking firms in March 2016 and it has now been extended to all 58,000 firms regulated by the FCA and the near final rules were published in the summer after extensive consultation so nothing much is likely to change, and although December 2019 sounds like a long way away, there will be significant preparation required and our experience is that many clients are now kicking off their projects.

So what is the FCA seeking to achieve? The Senior Managers Regime is a reaction to the financial crisis of 2007/8 on which the perception is that very few individuals at banks and other institutions were held responsible, and one of the reasons for that was that it was not always clear who was responsible at a particular firm, responsibilities were merged or there was no single person responsible. One of the main objectives of SMCR is to impose greater individual accountability, so that it is clear who is responsible for a particular area.

It is also about improving the standards of conduct. Financial Services firms have not covered themselves in glory in areas like LIBOR or the mis-selling of payment protection insurance (PPI), and you hear a lot from the FCA nowadays about culture and tone from the top, and it is also about having documentation in place to show that you understand what your responsibilities are.

So who does the SMCR apply to? Basically if you operate a regulated business which is authorised by the FCA, it will apply to that regulated firm. SMCR applies to all firms in the UK that are authorised under the Financial Services and Markets Act 2000 and regulated by the FCA as well as EEA and third country branches with permission to carry out regulated activities in the UK, but SMCR will not apply to firms that are not authorised under the Financial Services and Markets Act but are payment services firms, and it will not apply to appointed point representatives. Instead those firms will continue to be subject to the approved person's regime. So if you are only an appointed representative of a firm which is FCA authorised, that is you are operating under that firm's regulatory umbrella, it will not apply to you. The FCA has differentiated between the level of regulation under the Senior Managers Regime which applies to you depending upon what type of firm you are. There are three tiers of classification, enhanced, limited scope and core. Enhanced firms are the larger regulated firms, for example, with assets under management of £50 billion. I do not suppose there are too many firms out there that satisfy this category, and the heaviest burden will apply to enhanced firms.

Most firms will be core firms. Those firms will need to comply with the Senior Managers Regime, the Certification Regime and the Conduct Rules, and I am going to explain shortly what these are, and some firms will be limited scope firms, for example, limited permission consumer credit firms, and firms in that tier will be subject to fewer rules than core firms.

Let us have a look now at the senior management function. The most senior people in a firm, those with the greatest potential to cause harm or to impact upon market integrity, are required to hold senior management functions and these break down into governing functions like CEO, executive director and chairs of committees. There are also required functions such as compliance oversight and the money laundering reporting officer, there are additional systems and controls functions, for example, head of internal audit. Any person holding one of these roles will need to be approved by the FCA before they can start their role. I mentioned earlier on that there are certain documents and related materials that you need to have to show that you understand your responsibilities as a senior management function holder. A statement of responsibility is a single document that every senior manager will need to have clearly setting out their roles and responsibilities. There is also a responsibilities map but that only applies to enhanced firms. That is a single document that sets out the firm's management and governance arrangement. Every senior manager also has a duty of responsibility. That is not a document but it basically means that if something goes wrong in an area for which you are the senior manager responsible, you could be held accountable and to impose liability the FCA need to show that you did not take reasonable steps in discharging your responsibility and they will take into account all the circumstances of the case.

There are also prescribed responsibilities so these are specific responsibilities that a firm must give to a senior manager. These include responsibility for the firm's policies and procedures to prevent financial crime and responsibility for client assets.

Turning now to the Certification Regime, this a new requirement and the Certification Regime covers specific functions that are not senior management functions, but could still have a significant impact on customers, the firm or market integrity, and that will include financial advisors as part of the client dealing function. The firm is required to state that they consider the person is fit and proper to perform the certification function and this must be done at least annually. As Jonathan will explain later on, what this means is at the firm you are the regulator and it is your responsibility at the firm to make that judgment and not the regulators.

Turning now to fitness and proprietary, this applies to all firms, and fitness and proprietary includes honesty, integrity and reputation, competence and capability, and financial soundness and you can guess there might be some grey areas here. For example, if a person is convicted of a speeding offence, what impact will that actually have on the performance of their day to day role? Senior managers are also subject to a criminal records check and firms are required to seek a regulatory reference from previous employers for senior managers and staff in certification functions.

Let us now look at the Conduct Rules, and there are two tiers of Conduct Rules that apply to all firms. There is a general set of rules that apply to most employees and directors in a firm. For example, you must act with integrity. You must act with due skill care and diligence and you must be open and cooperative with the FCA. Those of you who are familiar with the FCA Principles will recognise that those rules are very similar. There is also a second tier of rules that apply to senior managers. For example, you must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively and firms are required to train their senior managers and their certification staff on these new Conduct Rules.

Firms are also required to notify the FCA when disciplinary action has been taken against a person for a Conduct Rules breach so this might mean issue of a formal written warning, suspension or dismissal of a person or the claw back of remuneration. Note that this also applies to the firm's unregulated as well as regulated business, so the scope is really quite broad. So that is an overview of the compliance scope. Jonathan is now going to have a look at the people issues.

Jonathan: Thanks Ian. What I would like do is to talk to you about the underlying drivers that are behind the new regime and how it is that you are going to need to take these into account in the way that you manage your people.

I am going to start off with a single word and that word is culture. The FCA published a discussion paper on culture and it contains various essays from all sorts of business thinkers and academics and practitioners on what is culture. I am not going to try and summarise that because the writers will have different perspectives and it is a really interesting read in its own right and I would strongly urge you to have a look at it. My own definition of culture for what it is worth is that culture is what happens in an organisation when no one is looking. What the FCA says about the importance of culture though is crucial. They say culture in financial services is widely accepted as a key root cause of the major conduct failings that have occurred within the industry in recent history, causing harm to both consumers and markets. For markets to work and firms to be successful, it is critical they are seen as trustworthy. Social expectations have changed, I will come back to that a bit later on in this talk, and public interest has raised questions of trust in firms and in the industry as a whole. To increase competence firms need to demonstrate that they are working in the interests of consumers and the market.

So that is what the FCA says about culture, it is critical, but how does that work itself out through the rules. How does that turn itself into a concrete requirement of things that you are supposed to do? Well there are two things we can look at here. Firstly it is the rules themselves, the concepts that lie behind them and secondly, we do now of course have some worked experience of how these rules have been applied in practice because the first tier of institutions in crude summary, the big banks, have already been operating under these regimes for a while now and what I would like to do is share our experience from working with clients who have already been working with these rules, and the first thing to do is to pick up on a couple of points that Ian has mentioned. He set out the framework of the rules here and explained that the Senior Managers Regime is designed to give transparency and accountability and that sitting alongside that and underpinning it, the Conduct Regime is meant to drive behaviours. Now the key thing to appreciate here is this is not simply a transcription of the old regime, the old approved person's regime has not just been bolted on to the Senior Management Regime or vice versa, although a lot of the concepts remain the same, "fit and proper" for example, this is a new way of doing business, an improved way of doing business and organisations which do not understand that are not going to meet the new requirements.

How does that work itself out in practice? Well as Ian said, the questions of fitness and proprietary are in the first line, no longer questions for the regulator, although obviously in enforcement, they will be but questions for the firms themselves. You are the regulator. It is your decision as to whether someone is fit and proper. Now what does that mean in practice? It means two things, one I think following from the other. The first is that under the old regime where the regulators were resource constrained and therefore what they would take into account in fitness and proprietary was resource constrained because the burden has been moved on to individual firms, as far as the regulator is concerned you are an infinite resource. They can simply direct that this is what you do and you will have to adjust your budget to fit, they do not run up against their own cash limits so previously when one looked at questions of fitness and proprietary then putting it crudely, one would look at questions of financial misconduct, did an individual have their hand in the till, were client monies safe, was there financial exposure to the organisation? When the questions of conduct were generally seen as private matters between employer and employee, not something with which the regulator would generally get involved and in one sense that remains the case under the new regime. The regulator will only step in and intervene and take enforcement action within the scope of its own powers and it will be looking at financial regulation funnily enough but in terms of whether a firm is complying with its duty to certify the relevant persons as fit and proper. It expects those firms to take into account much wider questions.

Now how can I be certain of this and can I give you a worked example? Yes I can and it comes conveniently from a letter which the FCA wrote to the chair of the Women and Equalities Committee as recently as September where they make it absolutely clear in their submission to the Committee and its report on sexual harassment in the workplace that sexual harassment is misconduct which can drive a poor culture. It is if you like and this is my paraphrase, not the wording of the FCA, the canary in the coalmine, because someone who is a bully is likely to be someone who does not have due regard to the standards, the standards of behaviour which the FCA have identified as critical in maintaining public confidence in the financial services sector and which have led to the major failures of 10 years ago which, as Ian has explained, all these regimes, all that is in these regimes, is designed to avoid ever happening again. So if you have a trading floor and if you always seen it as just banter and that is what goes on there and you have got to have a pretty think skin and the fact is as you look across the floor it just so happens that 95% of the people on it are men and women do not last very long, you could have a problem, you are very likely to have a problem and it is a problem that the FCA will expect you to tackle.

How can you do that in practice, you are a compliance professional? Where are the necessary skills to change people's behaviours around these sorts of issues? They are to be found in your HR department and if you are a compliance professional working in the organisation, then your HR colleagues are about to become your new best friends and vice versa. If you are the HR professional, then wrap your arms around the compliance people, hold them tight and do not let go. You are now under this regime joined at the hip. HR have to consider the regulatory implications of all employee conduct. Compliance have to consider the regulatory implications of all employee conduct and the big banks who are implementing this regime will tell you that that is what they are doing. We have not yet had the cases coming through the enforcement systems which either means the Employment Tribunals or the FCA's own disciplinary Tribunals on cases about impact of certification of fitness and proprietary being withdrawn but that is only a matter of time and one of the reasons we have not seen them yet is that the big banks are really into this issue, and if an amber warning light in terms of an employee's conduct is flashing then they will jump on that straightaway and either the employee will change their behaviour or they will be managed out of the organisation and we have seen lots and lots of examples of that and in that sense, we can see that the regimes are already working.

There are other ways in which incidentally we can see that they are already working as one head of compliance put it to me, everyone else now has my best lines. Compliance used to be the last item in the management board's agenda whereas now every single senior director of the bank deals with the compliance issues that apply to them as part of their agenda and the compliance officer deals with the systems and processes that support them in that and helps in their dealings with the regulator, writes points on that if you like. So that is a major practical difference to the way organisations manage themselves.

Where might this be heading? One thing as practitioners that we are all waiting for is the first case in this sector and in these circumstances around the right or not to have lawyers in disciplinary hearings, internal disciplinary hearings, of course lawyers regularly appear in the regulator's own Tribunals, because as the law stands at the moment, as you know, employees do not have the right to bring a solicitor into the office with them to accompany them or represent them in an internal disciplinary hearing. That right is reserved to a colleague from the employer or a trade union official and the organisation does not have to recognise trade unions for the individual to have a right to bring one in, it is just something that obviously does not occur all that often in the private sector, but it is there in the statute book. Now there is an exception to that, there is case law which suggests that if an individual's livelihood is at stake as a result of internal disciplinary proceedings, then they do have the right to legal representation in those proceedings and the case law comes out of instances such as teaching where a teacher is accused of sexual misconduct then they can lose their licence to practice as a teacher if you like and the time when that decision is effectively taken is in the internal disciplinary hearing so they have a right then to have legal representation. You can see straightaway how by analogy this might apply in financial services under this new regime. It has not happened yet but the talk in the City is at some point it is inevitable if things get that far. As I said a moment ago, what is happening right now is that as the amber warning light appears on the dashboard, these issues are being dealt with before they get to that stage but sooner or later that issue is going to come up and it is likely to come up in our view in this next wave of firms to be regulated because of course the big banks have enormous HR and compliance teams and are all over this and smaller organisations just do not have the same level of resource so it could well happen one day, it just has not happened yet.

Ian:Thank you Jonathan. So having looked at the compliance and the employment implications what are they key actions for you at FCA firms? Well first of all looking at the senior management roles, how should your firm be categorised? Is it limited scope, core or enhanced? Now in most cases that should not be too hard to work out. You are also going to need to map the controlled functions to a senor manager's functions to identify any gaps or functions that no longer require approval by the FCA, that will be a detailed task but well worth the investment up front because if you get that wrong, the rest is likely to fall down as well and for each senior manager, you need to define and align the roles and responsibilities and prepare the statement of responsibilities, that is a key document. If you have a chair either exec or non-exec, if they are non-exec, you would seek approval for the SMF9 function.

Turning now to certification. You will need to identify if there are any staff where certification is required. It is possible in many small firms that there will be no one in the certification regime. If there are only a handful of senior individuals who will be senior managers supported by admin staff, but most firms are likely to have staff who will need to be certified and this applies to employees of firms including secondees and contractors but excludes non-executive directors. You will need to assess the fitness and proprietary of a person to be certified. You will need to align that with the HR processes. As Jonathan has said, HR has a very important role here to play and this cannot be done in isolation. Assessments need to take place at least annually and individuals must be assessed on an ongoing basis and ensure that senior managers and all staff are aware of expected conduct standards, implement your conduct training programmes and training relevant staff on the conduct roles is a requirement, not an option. You need to identify ancillary staff to whom conduct rules will not apply so that might for example, include receptionists, post room staff and security guards and this is not a once off project, so you need to develop monitoring processes and procedures for compliance to enable you to do that and to develop monitoring and management information to demonstrate ongoing compliance.

Finally, if you put yourself in the position of a senior manager, what should you be doing? Are you clear on your statement of responsibilities? Watch out for project creep, for example, looking after other manager's responsibilities while they are on holiday, that can sometimes turn from a favour into a permanent responsibility and if something goes wrong whilst you are looking after it, you could be left holding the baby in that situation.

Also, how would you prove that you have discharged your responsibilities and taken the reasonable steps that the FCA require? The FCA has a long list of factors they will take into account in terms of reasonable steps. That includes delegation, the establishment of reporting lines and whether external professional advice was obtained, and what management information you receive. How will you monitor and challenge that information in your role? Our experience is that information is often provided very informally, it is not documented and that looks poor where there is an FCA investigation and you have not got anything to produce, you are empty handed. Have you received a handover statement? A firm is required to take all reasonable steps to ensure that a new senior manager has all the materials and information they need to do their job. The back of an envelope is not likely to satisfy that.

So that completes our Podcast. We hope you have enjoyed listening to it and thank you for listening to it.

Read the original article on GowlingWLG.com

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Authors
 
In association with
Related Topics
 
Related Articles
 
Up-coming Events Search
Tools
Print
Font Size:
Translation
Channels
Mondaq on Twitter
 
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
 
Email Address
Company Name
Password
Confirm Password
Position
Mondaq Topics -- Select your Interests
 Accounting
 Anti-trust
 Commercial
 Compliance
 Consumer
 Criminal
 Employment
 Energy
 Environment
 Family
 Finance
 Government
 Healthcare
 Immigration
 Insolvency
 Insurance
 International
 IP
 Law Performance
 Law Practice
 Litigation
 Media & IT
 Privacy
 Real Estate
 Strategy
 Tax
 Technology
 Transport
 Wealth Mgt
Regions
Africa
Asia
Asia Pacific
Australasia
Canada
Caribbean
Europe
European Union
Latin America
Middle East
U.K.
United States
Worldwide Updates
Registration (you must scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions

Mondaq.com (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of www.mondaq.com

To Use Mondaq.com you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.

Disclaimer

The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.

General

Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions