On 7 March 2016, a new regulatory regime designed to make senior managers in financial services more personally accountable for their firms' failures came into force.
The emphasis on personal accountability increases the risk of senior managers being subject to more investigations into possible misconduct. This could have serious consequences for the individual concerned and expose D&Os and their insurers to claims.
Why has the new regime been introduced?
Following the 2008 financial crisis and the LIBOR scandal, the Parliamentary Commission on banking standards was set up in 2012 to enquire into professional standards and culture within the banking industry. Its report was highly critical of the "approved persons regime" which regulated a large proportion of the financial services industry, and, specifically, the fact that the regime failed to empower regulators to hold senior managers to account.
How will the new regime work?
The regulators to the financial services industry, the Prudential Regulatory Authority (PRA) and Financial Conduct Authority (FCA) will oversee the new regime.
The regime, which applies to UK incorporated banks, building societies, credit unions and PRA designated investment firms in the UK, as well as branches of foreign banks, consists of:
- The Senior Managers Regime (SMR) which focusses on individuals performing a Senior Management Function (SMF). These SMFs are specified by either the PRA or the FCA who will approve individuals wishing to perform those functions before they can be appointed to their specific role
- The Certification Regime which applies to the employees of relevant firms who could pose a risk of significant harm to the firm, or any of its customers. These individuals are not pre-approved by the regulators but must be certified by their firms that they are fit and proper for their roles on an ongoing basis
The insurance industry did not come under as much criticism as the banking sector following the financial crisis. However, the regulators believed it makes sense to align the approved persons regime for insurers with a corresponding regime for banks. The regime applying to insurers is known as the Senior Insurance Managers' Regime (SIMR) and differs in a variety of ways (see below for more details).
What are the key features of the Senior Manager's Regime?
The regime comprises the following key features:
- Individual senior managers are allocated specific "prescribed responsibilities" by their firm. For each senior manager, the firm must provide a form which is summited to the regulator recording precisely what the senior manager is responsible for
- New key controlled functions must be allocated to persons approved to perform such function by the relevant regulator. The firm must draw up a map to include the responsibilities assigned to each SMF and any other information that is relevant to the controlled function they perform
- New conduct rules, in force on 7 March 2016, are designed to hold senior managers to account by means of disciplinary action, including fines and suspension
- Fitness and propriety checks and new rules concerning regulatory references
- New whistleblowing requirements (see Whistleblowing article for more information)
The duty of responsibility
Under the SMR it was originally proposed that a senior manager would be deemed guilty of misconduct if a breach occurred in one of the firm's activities for which they were responsible. The only defence to this would have been for the senior manager to show that they "have taken such steps as a person in their position could reasonably be expected to have taken to avoid the breach".
As originally proposed, the burden was firmly on the individual to prove his or her innocence. However, this so called "presumption of responsibility" has now been reversed by the Bank of England Financial Services Bill which is currently in the final stages of the Parliamentary process. The effect of this new provision is to place the burden of proof on the regulator so that it can only take enforcement action against an individual if it can show that the "senior manager did not take such steps as a person in the senior manager's position could reasonably be expected to take to avoid the contravention occurring (or continuing)".
The duty of responsibility does not currently apply to insurers but the regulators have nevertheless emphasised the importance of clear individual accountability.
The new conduct rules
The new conduct rules apply to all senior managers and staff caught by the SMR, Certification Regime and SIMR. The rules are a key feature of the regime designed to hold individuals to account by means of disciplinary action, including fines and suspension. The regulator can take disciplinary action up to six years from the date on which it becomes aware of the issue.
A person will only be in breach of the conduct rules where they are personally culpable. Personal culpability arises where either:
- A person's conduct was deliberate
- The person's standard of conduct was below that which would be reasonable in all the circumstances
Firms are under a positive obligation to take all reasonable steps to ensure that all staff understand how the new conduct rules will affect them. The prospect of being personally culpable will inevitably lead to more whistleblowing by senior managers, as well as stricter record keeping. Appropriate delegation of responsibilities has been identified as an issue requiring a new conduct rule so senior managers would be well advised to keep records relating to any delegation of their responsibilities.
Fitness and propriety and regulatory references
Senior managers and those falling within the certification regime, as well as those performing a controlled function or key function holders within insurers must meet certain standards of fitness and propriety. The regulators have not made fundamental changes to their existing fitness and propriety standards although both have introduced requirements about the evidence that firms should collect as part of the checks they need to do. One particularly significant check relates to the proposed requirement to obtain references going back six years, applying generally on appointment into a new role (even on an internal transfer). For those firms who have given such a reference, there will be an obligation to keep that reference up to date for six years. These new rules are expected to come into force in the summer of 2016.
What are the key differences between the SIMR for insurers and the SMR for banks?
- Under the SMR there is a new criminal offence of reckless misconduct in the management of a bank
- The duty of responsibility applicable under SMR does not currently apply to an individual performing relevant controlled functions within insurers
- For insurers, the conduct rules only apply to individuals requiring regulator pre-approval, whereas most bank employees will be subject to the new conduct rules
- Insurers are not required to provide verifications for their employees i.e. there is no certification regime for insurers
HM Treasury published a policy paper in October 2015 containing a proposal to extend, by 2018, the SMR (and the related certification regime) to all firms authorised under the Financial Services and Markets Act 2000 (FSMA). This will include all insurers, as well as investment firms, asset managers, insurance and mortgage brokers and consumer credit firms. This means that senior managers of these firms will have an increased risk of personal liability since they will become subject to the duty of responsibility currently only relevant to the SMR.
Deferred Prosecution Agreements (DPAs): An Update
In November 2015, the first UK DPA was announced. Standard Bank Plc (now ICBC Standard Bank Plc) was the subject of an indictment alleging failure to prevent bribery contrary to section 7 Bribery Act 2010.
The charge related to a USD 6m payment by a former sister company of Standard Bank, Stanbic Bank Tanzania, in March 2013 to a local partner in Tanzania. The SFO alleges that the payment was intended to induce members of the Government of Tanzania to show favour to Stanbic Tanzania and Standard Bank's proposal for a USD 600m private placement to be carried out on behalf of the Government of Tanzania.
Following the DPA, Standard Bank will pay financial orders of USD 25.2m and will be required to pay the Government of Tanzania a further USD 7m in compensation on top of the SFO's reasonable costs of GBP 330,000 in relation to the investigation and subsequent resolution of the DPA. Standard Bank also agreed to continue to cooperate fully with the SFO and to be subject to an independent review of its existing anti-bribery and corruption controls and policies.
In July 2014, the SFO announced that it had opened an investigation into the activities of Sweett Group, following allegations of bribery reported in the Wall Street Journal. Sweett's cooperation ultimately came too late and despite hopes for a DPA, the company ended up being prosecuted under Section 7. Sweett Group pleaded guilty and was ordered to pay GBP 2.25m in February 2016. Recently, it was also reported that a DPA could be issued for Sarclad, a British company that provides technology for the metals industry, which is thought to be in negotiations with the SFO. We will watch with interest to see how common such agreements will become in the future.
*Mark Carney, Governor of the Bank of England
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.