On 28 September, the Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA) issued a suite of publications setting out a number of proposed amendments and optimisations to the Senior Managers and Certification Regime (SMCR) for banking firms. In addition to providing feedback on firms' grandfathering submissions they introduce a number of changes which will impact existing Senior Manager Function holders (SMFs).
Below we set out the proposed changes and identify the questions that firms should now be seeking to answer to ensure their SMCR frameworks factor these change in.
Duty of responsibility
The FCA is consulting on adding guidance to the DEPP sourcebook on the statutory duty of responsibility for SMFs including guidance on:
- the circumstances in which the duty will apply;
- the factors that it will bear in mind when determining whether or not a SMF was responsible for the management of the firm's activities in relation to which a breach took place; and
- the factors that it will bear in mind when determining whether or not a SMF took reasonable steps to avoid a breach occurring (or continuing).
Through this proposed guidance, the FCA has clarified a number of points raised in firms' responses to prior consultations on guidance on the presumption of responsibility. Most notably the FCA has stated that the duty of responsibility can apply to activities outside those set out in the SMF's Statement of Responsibilities, recognising that It is possible for SMFs to be responsible for the management of activities at their firm that fall outside their prescribed responsibilities.
The FCA released its final rules on regulatory references for firms under SMCR. The FCA confirmed firms will have to obtain and provide references covering a period of 6 years for individuals seeking SMF and Certified Persons roles. To support firms in this task the FCA has provided a regulatory reference template requiring firms to provide information indicating if individuals have had disciplinary action taken against them or has ever been determined not to meet the relevant requirements of fitness and propriety.
The controversial requirement for firms to update regulatory references where misconduct comes to light after an employee has left remains in place. The FCA has clarified that firms only need to update the current employer (where that firm is a FSMA firm) and that it need only cover a period of six years from the date the individual left the firm.
This reference regime will come into effect on 7 March 2017.
Chief Operations SMF
We have recently seen a number of initiatives and publications from the FCA, the PRA and the FPC focussing on the importance of operations, systems and technology within financial services firms. In recognition of this the PRA has identified a corresponding need to ensure appropriate senior level accountability for these areas within firms. To achieve this the PRA proposes:
- to create an additional, optional, Chief Operations SMF (SMF23), for UK banks and branches of Non-EEA firms; and
- to create a corresponding Prescribed Responsibility for "managing, and ensuring the operational continuity and resilience of, the internal operations, systems and technology of a firm".
Head of Key Business Area (SMF6) new criteria
The PRA has recognised that the current criteria for designating an SMF6 potentially exclude some business lines which would still be considered capable of having an impact on the safety and soundness of a firm on account of their commercial or strategic importance.
Consequently, the PRA is proposing to amend the requirement so that individuals will also be in scope of the SMF6 if the business area they are responsible for either:
- meets both of the existing criteria:
- over £10 billion in gross total assets; and
- accounts for 20% or more of the firm's, or its group's, gross revenues; or
- meets one of the above criteria and satisfies either of the
- it performs a 'critical function' as defined in sections 3(1) and(2) of the Banking Act 2009 (as amended); or
- it is a 'material business unit' as defined in Article 3(6) of the Regulatory Technical Standards for the definition of material risk takers for remuneration purposes.
Extending Conduct Rules to notified Non-Executive Directors (NEDs)
Under current provisions the regulators were unable to extend the new Conduct Rules to notified NEDs, as they are neither 'employees' nor senior managers requiring regulatory pre-approval. The FCA and PRA are now proposing to extend the following Conduct Rules to all NEDs regardless of regulatory status:
- You must act with integrity;
- You must act with due skill, care and diligence;
- You must be open and co-operative with the FCA, the PRA and other regulators;
- You must pay due regard to the interests of customers and treat them fairly;
- You must observe proper standards of market conduct; and
- You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice.
The Legal Function
The FCA has stated that its intention was always that the legal function should be considered a key function of any firm and that responsibility for it should therefore have been assigned to a SMF. However, the FCA has acknowledged that the feedback received from firms highlighted that that this is not explicit and could be unclear.
As a result, Discussion paper DP16/4 'Overall responsibility and the legal function' outlines the key arguments for and against capturing the legal function – including the potential to impinge on the principle of legal privilege – and asks for feedback from industry on whether the legal function should fall under the scope of the SMCR.
Questions to consider
Firms should now be considering the following key questions, taking into account their own structure and business model:
- Have your SMFs received training on the duty of responsibility, reasonable steps and the regulators' guidance in relation to them?
- Does your firm have the capability to provide and obtain regulatory references for SMF and Certified roles? Are your record keeping facilities set-up to retain relevant documentation for up to six years after an individual leaves the firm?
- Is your firm's COO currently an SMF? If responsibility for business continuity, operations, and technology is split between multiple individuals, which individual should take on the new prescribed responsibility?
- Do any of your business units now meet the criteria for allocating an SMF6? Does this bring new senior managers into scope?
- Are your firm's notified NEDs informed of the upcoming application of the Conduct Rules? Are there any corresponding new training needs?
- Is the individual responsible for your firm's Legal Function currently an SMF? If not, who in the organisation holds, or could hold, this responsibility?
Firms should read the latest publications and take this opportunity to comment, with feedback submitted to the regulators by 9 January 2017.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.