The UK Government recently announced that it would introduce a new statutory duty of responsibility on senior managers in all financial institutions and repeal the presumption of responsibility that would have applied to senior managers in banks and large investment firms. Senior managers will need to take reasonable steps to prevent a significant breach of a regulatory requirement in their area from occurring or continuing. The onus will be on the regulators to prove that the individual did not take reasonable steps. This note discusses the practical implications for firms and the individuals working in them of the senior managers regime as now proposed.
The Senior Manager and Certification Regime ("SM&CR") will apply from 7 March 2016 to banks, building societies, credit unions and certain large investment firms1 established in the UK, including UK subsidiaries of overseas firms ("SMR firms"). It will also apply to UK branches of third-country or European Economic Area ("EEA") SMR firms ("incoming SMR branches") in a modified format. The SM&CR does not apply to subsidiaries of SMR firms that are established outside of the UK.
SMR firms and incoming SMR branches must act now to adapt their processes or implement new governance arrangements. There is a deadline of 8 February 2016 by which to notify the UK regulators of the identity of senior managers under the new regime.
The UK Government recently announced that it would implement certain changes to the SM&CR by amending the legislative provisions, originally published at the end of 2013, that introduced the framework of the SM&CR. Alongside those changes, the Government intends to extend the SM&CR to all UK authorised financial institutions from 2018. The proposed changes are set out in a Bill that has been laid before Parliament. It remains to be seen whether all of the proposed amendments, particularly the removal of the reverse burden of proof, come about.
Details of the changes and the potential implications of the new regime are discussed below followed by a brief examination of the regimes that other jurisdictions have in place to ensure that individuals in financial institutions are accountable for misconduct.
The "Reasonable Steps" of a Senior Manager
Senior managers will be those individuals who are responsible for managing one or more aspects of the firm's regulated activities which pose a risk of serious consequences for the firm or for business or other interests in the UK. This includes taking decisions or participating in taking decisions about how any regulated activity should be carried on and covers board members, directors, heads of key business lines,2 senior leaders and other decision-makers. Each of the responsibilities prescribed by the PRA and Financial Conduct Authority ("FCA") must be allocated to an individual who will be carrying out a Senior Manager Function ("SMF"). A list of SMFs and prescribed responsibilities is set out in the Annex.
A statutory duty of responsibility will be introduced for all senior managers. They will be required to take reasonable steps to prevent regulatory breaches in the area of the firm for which they are responsible. The regulators will have the burden of proving, on the balance of probabilities,3 that: (i) the senior manager's firm committed a regulatory breach; (ii) the senior manager was a senior manager at the time of the regulatory breach; (iii) the senior manager was responsible for the management of any of the firm's activities in relation to which the breach occurred; and (iv) the senior manager did not take such steps as a person in the senior manager's position could reasonably be expected to take to avoid the contravention occurring (or continuing).
The extent of the duty of responsibility and its implications are uncertain at this stage. For example, it is not yet clear whether the regulators would need to establish a causative link between the senior manager's failure to take reasonable steps and the breach before considering enforcement action. However, it is clear that, although the burden of proof would be on the regulators, senior managers will need to be in a position to have identified and addressed actual or suspected regulatory breaches in a timely manner.
The guidance published by the regulators in the context of the previous presumption of responsibility test included actions that the regulators would consider being reasonable steps. It is hoped that further guidance from the regulators will be forthcoming, particularly if they wish to avoid firms requiring to focus attention on creating paper trails.
In the interim, senior managers may draw guidance from liability regimes under the Bribery Act 2010 and the Money Laundering Regulations 2007 ("MLR 2007") which, to a certain extent, allow firms to discharge their obligations by implementing certain preventative systems and controls. Under section 7 of the Bribery Act 2010, a company may be liable for failing to prevent bribery by its "associated persons"4 unless the company can show it had "adequate procedures" to prevent associated persons from engaging in such conduct. The UK Government's guidance on what amounts to "adequate procedures" provides that companies will be expected to, for instance, implement and communicate to any employees and other associated persons clear anti-bribery policies and supplement this information with appropriate anti-bribery training.5 Similarly, regulation 45(4) of the MLR 2007 provides that a firm will not be liable for breaches of certain obligations under MLR 2007 if it can show that it has taken "all reasonable steps and exercised all due diligence to avoid committing the offence." Early guidance provided by the Financial Services Authority, later reiterated by the Joint Money Laundering Steering Group ("JMLSG"), suggested that the regulator would not expect firms to operate a "zero failure regime" and that firms would be likely to satisfy their obligations under the MLR 2007 by putting in place effective risk-based systems and controls that identify and mitigate money laundering risk.6
The reverse burden of proof for senior managers of SMR firms and incoming SMR branches will be repealed from the Financial Services and Markets Act 2000 ("FSMA") prior to the SM&CR coming into effect. The presumption of responsibility for senior managers under wording originally contained in the Financial Services (Banking Reform) Act 2013 reversed the burden of proof by holding senior managers responsible for a firm's regulatory breaches, unless they could prove that they took reasonable steps to prevent the breach from occurring or continuing. HM Treasury has stated that amendments will be made to the legislation to ensure that the presumption of responsibility does not come into effect on 7 March 2016.7
1. Investment firms designated by the Prudential Regulation Authority ("PRA").
2. A key business area is one with gross total assets greater than or equal to £10 billion; and which either account for more than 20% of the firm's gross revenue or, if the firm is part of a group, is greater than 20% of the total gross revenue of the group.
3. The Upper Tribunal confirmed this year in the case of Carrimjee v the FCA  UKUT 0079 (TCC) that, despite the FCA having power to impose serious sanctions, such as industry bans or substantial fines, FCA proceedings are not quasi-criminal in character and the civil standard should always apply. Previous FCA jurisprudence suggested that a "sliding scale" standard of proof could be applied, whereby the civil standard could be varied to a standard close to its criminal equivalent in the event of serious regulatory breaches.
4. Section 8 of Bribery Act 2010 defines "associated persons" broadly as any persons who perform services for or on behalf of the company, including its employees, agents or subsidiaries.
5. The UK Government's guidance on what constitutes "adequate procedures" is available here.
7. By an amendment to the Financial Services (Banking Reform) Act 2013 (Commencement No. 9) Order 2015.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.