Introduction
On 26 June 2017, the FCA published its consultation paper, “Individual Accountability: Extending the Senior Managers & Certification Regime to all FCA firms”. The deadline for responses is 3 November 2017.
In future, if they are to sleep easily, all Senior Managers will have to be able to prove that they have taken such steps as are reasonable in order to ensure that a regulatory breach has not occurred in relation to the business area(s) for which they have responsibility. The burden associated with this requirement alone will be significant. But this is just one aspect of a regime which, when introduced during the course of 2018, will impact almost every aspect of, and every person working within, any financial services firm. In practice, it will shift much of the burden of regulatory compliance and monitoring from the FCA onto individual firms. As such, everyone working within the industry needs to be aware of the changes looming just over the horizon. A primer on the new regime is provided below.
Scope
The Senior Managers and Certification Regime (“SM&CR”) will replace the existing Approved Persons Regime. Its purpose is to “reduce harm to consumers and strengthen market integrity by creating a system that enables firms and regulators to hold people to account”.
A baseline of requirements will apply to every firm. This is known as the “core regime”. An “enhanced regime”, incorporating additional requirements – such as the requirement to prepare/maintain “Responsibility Maps”[1] and “Handover Procedures – will apply to the largest and most complex firms (estimated to be fewer than 1% of FCA regulated firms – approximately 350 firms in total). A firm will be subject to the “enhanced regime” if it satisfies one or more of the following criteria:
- It is a Significant IFPRU firm;
- It is a CASS Large firm;
- It has AUM of £50 billion or more (at any time in the previous 3 years);
- It has current total intermediary regulated business revenue of £35 million or more per annum;
- It has an annual regulated revenue generated by consumer credit lending of £100m or more; or
- It is a non-bank mortgage lender with 10,000 or more regulated mortgages outstanding.
At the other end of the spectrum, a “Limited Scope” regime will apply a reduced set of requirements to a certain group of firms, such as limited permission, consumer credit firms, sole traders, oil market participants, service companies and subsidiaries of local authorities.
There are three main elements to the SM&CR:
- The Senior Managers Regime;
- The Certification Regime; and
- The Conduct Rules.
The Senior Managers Regime
This element of the SM&CR will focus on the most senior members of a firm. Anyone who holds a Senior Management Function will have to be approved in advance by the FCA. FCA approvals can be time-limited or subject to other conditions. Failure to obtain advance approval can render both the firm and the individual liable. The appointment of a Senior Manager must be accompanied by a “Statement of Responsibilities” (“SoR”), indicating the areas of the business for which the Senior Manager is responsible. The SoR must be updated as the duties of the Senior Manager change. All Senior Managers will be under a duty to take ‘reasonable steps’ to ensure that a regulatory breach does not occur on their watch. This is known as the “Duty of Responsibility”. However, the criminal offence relating to a decision that causes a financial firm to fail (which exists in relation to PRA-regulated firms) will not apply.
An individual can hold more than one Senior Management Function. FCA approval in relation to each function will be required, but separate Statements of Responsibility will not be required. In a partnership, all ‘active’ partners will be Senior Managers.
Senior Management Functions
| Senior Management Function | Limited Scope Firms[2] | Core Firms | Enhanced Firms | Branches of Overseas Firms |
| SMF 1 – Chief Executive | No | Yes | Yes | No |
| SMF 2 – Chief Finance Function | No | No | Yes | No |
| SMF 3 – Executive Director | No | Yes | Yes | Yes*** |
| SMF 4 – Chief Risk Function | No | No | Yes | No |
| SMF 5 – Head of Internal Audit | No | No | Yes | No |
| SMF 7 – Group Entity Senior Manager | No | No | Yes | No |
| SMF 9 – Chair | No | Yes | Yes | No |
| SMF 10 – Chair of the Risk Committee | No | No | Yes | No |
| SMF 11 – Chair of the Audit Committee | No | No | Yes | No |
| SMF 12 – Chair of the Remuneration Committee | No | No | Yes | No |
| SFM 13 – Chair of the Nominations Committee | No | No | Yes | No |
| SMF 14 – Senior Independent Director | No | No | Yes | No |
| SMF 16 – Compliance Oversight | Yes | Yes | Yes | Yes*** |
| SMF 17 – Money Laundering Reporting Officer | Yes | Yes | Yes | Yes**/*** |
| SMF 18 – Other Overall Responsibility* | No | No | Yes | No |
| SMF 19 – Head of Third Country Branch | No | No | No | Yes*** |
| SMF 21 – EEA Branch Senior Manager | No | No | No | Yes** |
| SMF 24 – Chief Operations Function | No | No | Yes | No |
| SMF 27 – Partner | No | Yes | Yes | Yes*** |
| SMF 29 – Limited Scope Function | Yes | No | No | No |
* Enhanced firms will need to ensure that every activity, business area and management function has a Senior Manager with overall responsibility for it.
** Applies to EEA Branches
***Applies to non-EEA Branches
Prescribed Responsibilities
“Prescribed Responsibilities” are specific FCA-defined responsibilities that a firm must give to a Senior Manager. A Senior Manager can be allocated more than one Prescribed Responsibility but, normally, Prescribed Responsibilities should not be shared. However, Prescribed Responsibilities cannot be allocated to someone performing the ‘Other Overall Responsibility” Senior Management Function (with the exception of the Prescribed Responsibility for CASS compliance – see below).
Each Prescribed Responsibility should be given to the Senior Manager who is the most senior person responsible for that issue. Prescribed Responsibilities are in addition to the inherent responsibilities of each Senior Manager and should be detailed in Statements of Responsibility. The FCA’s proposed Prescribed Responsibilities are as set out below:
| Prescribed Responsibilities | Limited Scope Firms[3] | Core Firms | Enhanced Firms | Branches of Overseas Firms |
| Performance by the firm of its obligations under the SM&CR, including implementation and oversight* | No | Yes | Yes | Yes*** |
| Performance by the firm of its obligations under the Certification Regime* | No | Yes | Yes | Yes*** |
| Performance by the firm of its obligations in respect of notifications and training of the Conduct Rules* | No | Yes | Yes | Yes*** |
| Responsibility for the firm’s policies and procedures for countering the risk that the firm might be used to further financial crime* | No | Yes | Yes | Yes*** |
| Responsibility for the firm’s compliance with CASS (if applicable)* | No | Yes | Yes | Yes*** |
| Responsibility for ensuring the governing body is informed of its legal and regulatory obligations* | No | Yes | Yes | No |
| Acting as the firm’s whistleblowers’ champion** | No | Yes | Yes | No |
| Responsibility for management of the firm’s risk management processes in the UK | No | No | No | Yes*** |
| Responsibility for the firm’s compliance with the UK regulatory system applicable to the firm | No | No | No | Yes*** |
| Responsibility for the escalation of correspondence from the PRA, FCA and other regulators in respect of the firm to the governing body and/or the management body of the firm or, where appropriate, of the parent undertaking or holding company of the firm’s group | No | No | No | Yes*** |
| Responsibility for an AFM’s value for money assessments, independent director representation and acting in investor’s best interests* | No | Yes | Yes | Yes*** |
| Compliance with the rules relating to the firm’s Responsibilities Map* | No | No | Yes | No |
| Safeguarding and overseeing the independence and performance of the internal audit function (in accordance with SYSC 6.2)** | No | No | Yes | No |
| Safeguarding and overseeing the independence and performance of the compliance function (in accordance with SYSC 6.1)** | No | No | Yes | No |
| Safeguarding and overseeing the independence and performance of the risk function (in accordance with SYSC 7.1.21R and SYSC 7.1.22R)** | No | No | Yes | No |
If the firm outsources its internal audit function, taking reasonable steps to ensure that every person involved in the performance of the service is independent from the persons who perform external audit, including:
|
No | No | Yes | No |
| Developing and maintaining the firm’s business model* | No | No | Yes | No |
| Managing the firm’s internal stress-tests and ensuring the accuracy and timeliness of information provided to the FCA for the purposes of stress-testing* | No | No | Yes | No |
* Normally allocated to an Executive Director or Partner
** Normally allocated to a Non-Executive Director or Partner without management responsibilities
*** Applies to Non-EEA Branches
Statement of Responsibilities
A Statement of Responsibility is a single document which every Senior Manager must have. It will set out the role of the Senior Manager, as well as the areas for which he/she is responsible (including Prescribed Responsibilities). A Statement of Responsibilities must form part of every application to the FCA for the appointment of an individual as a Senior Manager. To the extent that the role of a Senior Manager undergoes any significant change, an amended Statement of Responsibilities must be lodged with the FCA.
The Certification Regime
The Certification Regime applies to individuals[4] who, whilst not Senior Managers, can have “a big impact on customers, markets or the firm” by reason of their job and in relation to a regulated activity. These are known as “Certification Functions” or “Significant harm Functions”. Firms must certify, at least annually, that such individuals remain fit and proper to perform their role and must ask for regulatory references from previous employers before appointing an individual to a Significant Harm Function. Individuals who are subject to the Certification Regime will not be approved by the FCA (even if they previously “Approved Persons”) and so will no longer appear on the FCA Register. The Certification Regime does not apply to non-executive directors. An individual can perform more than one Certified Function, but must be certified as ‘fit and property’ for each one.
| Certification Function | Overview |
| Significant Management Function (based on current CF29) – someone with significant responsibility for a significant business unit | These individuals perform functions that would have been Significant Influence Functions under the Approved Persons Regime.
|
| Proprietary traders (also covered by current CF29) | |
| CASS oversight function (current CF10a) | |
| Functions subject to qualification requirements | This includes, for example, mortgage advisers, retail investment advisers and pension transfer specialists. |
| The client dealing function | This function will be expanded from the current CF30 function to apply to any person dealing with clients, including, retail and professional clients and eligible counterparties. |
| Anyone who supervises or manages a Certified Function (directly or indirectly) but isn’t a Senior Manager | |
| Material Risk Takers | These are “Remuneration Code Staff” as defined under SYSC 19 |
| Algorithmic trading | This function includes people with responsibility for approving the deployment and use of a trading algorithm or a material part of one |
| Benchmark submission and administration |
The ‘Fit and Proper’ Test
The ‘fit and proper’ test applies to Senior Managers, Non-Executive Directors and individuals under the Certification Regime. The test must be performed at least annually. Certain evidence will have to be collected when assessing candidates for the above positions, including:
| Evidence | Senior Managers | Non-Executive Directors | Certification Regime Individuals |
| Criminal records checks[5] | Yes | Yes | No |
| Regulatory References | Yes | Yes | Yes |
The Conduct Rules
Two tiers of conduct rules exist. The first are basic guidance which apply to almost every person working in financial services, except ancillary staff such as cleaners and security guards[6]. Additional conduct rules apply only to Senior Management. The conduct rules apply to a firm’s regulated and unregulated financial services activities – a narrower application than exists under the banking regime, where the conduct rules apply to everything done on behalf of the firm. Breaches of the conduct rules should be reported to the FCA.
| First Tier – Individual Conduct Rules | |
| 1 | You must act with integrity. |
| 2 | You must act with due care, skill and diligence. |
| 3 | You must be open and cooperative with the FCA, the PRA and other regulators. |
| 4 | You must pay due regard to the interest of customers and treat them fairly. |
| 5 | You must observe proper standards of market conduct. |
| Second Tier – Senior Manager Conduct Rules | |
| SC1 | You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively. |
| SC2 | You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system. |
| SC3 | You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively. |
| SC4 | You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice. |
[1] A single document that sets out the firm’s management and governance arrangements
[2] Exact Senior Management Functions depend on the type of Limited Scope Firm under consideration.
[3] Exact Senior Management Functions depend on the type of Limited Scope Firm under consideration.
[4] Either (a) Material Risk Takers (wherever based and irrespective of whether they deal with UK client), (b) non-Material Risk Takers based in the UK or (b) non-Material Risk Takers based outside the UK who dealing with UK clients
[5] Unless the firm is a limited scope firm where this requirement does not apply
[6] An exhaustive list of ancillary staff is provided at paragraph 7.14 of the consultation paper
