The extension of the Senior Managers and Certification Regime (SM&CR) to Financial Conduct Authority (FCA) solo-regulated firms will affect over 45,000 financial companies.
But how will the extension impact your firm?
In short, every employee at a firm regulated by the FCA will be affected by the regime. The SM&CR is created to hold every one of financial sector employees to certain standards of conduct and to hold senior managers answerable for any misconduct that falls inside of their area of responsibility.
Here are some answers to SM&CR extension to solo-regulated firms questions:
When is the regime effective for solo-regulated firms?
The extension of the SM&CR to solo-regulated firms will begin on 9 December 2019.
Do the same requirements involve all solo-regulated firms?
No, the requirements are being employed proportionally. The FCA is categorising firms depending on to their size and complexity. Depending on the firm categorisation the regime will apply differently.
There are 3 categories:
- Limited scope: this categorisation will apply to firms who already have exemptions under the Approved Persons Regime. Firms within this category will be exempt from some baseline requirements and will generally have fewer senior management functions.
- Core: firms in this particular tier will have to abide by the baseline requirements. The majority of solo-regulated firms will fall into this category.
- Enhanced: this category will concern a small number of firms whose size, complexity and potential influence on consumers or markets warrant more focus. These firms will have extra requirements.
How is the firm’s categorisation established?
The FCA is providing each firm with it’s assessment of the firm’s categorisation, however, the assessment is indicative. Firms are in charge of assessing which tier they come under based upon the rules. If businesses disagree with the FCA’s assessment they must inform the FCA. The FCA has provided an online tool to assist firms in their categorisation at.
What are the biggest changes for firms?
The new certification regime, the extension of conduct rules to all staff with the exception of those in ancillary roles and for Senior Managers, and the new duty of responsibility.
To what activities do the Individual Conduct Rules and Senior Manager Conduct Rules apply?
The conduct rules relate to an individual’s activities in connection with the firm’s regulated and unregulated financial services activities (including any activities carried on in connection with a regulated activity).
Which staff will fall under the Certification Regime?
The Certification Regime will apply to people whose roles the FCA has established could cause harm to customers, the firm itself or the markets it operates in. The FCA has defined a series of “certification functions”. The regime will also apply to anybody who supervises or manages a Certified Function, that isn’t a Senior Manager.
Not all of the certification functions will apply to all firms and firms are only required to apply those that relate to them. It is possible that in very small firms there will be no one in the Certification Regime if there are only a handful of senior individuals (who will be Senior Managers) supported by administrative staff. Also if the firm is a sole trader with no employees, the Certification Regime won’t apply to them.
The Certification Regime only applies to employees of firms, it doesn’t apply to Non-Executive Directors.
In a partnership structure, will all partners need to be senior managers?
All partners must be senior managers, unless they are what the FCA rules uncharitably call “partners without influence”, i.e. they play no part in the management of the firm. In this case they are “unlikely” to be performing the partner function. The FCA’s view is that most partners will have some engagement in managing a firm, though it recognises that this will not apply in every partnership. Partnerships will have to think carefully about how their governance and management arrangements work in practice, and decide whether any of their partners definitely play no part in the firm’s management
How does the Certification Regime differ from the Approved Persons Regime?
Firms must determine every year whether anyone that is to conduct a certification function is fit and proper to perform their role and issue a certificate to them if they are. A few of the staff in the scope of the Certification Regime may previously have undergone FCA approval under the Approved Persons Regime. This will no longer be required under the Certification Regime. This reinforces that firms, rather than the regulator, are in charge of ensuring their staff are fit and proper.
What is the Duty of Responsibility?
Every Senior Manager will have a Duty of Responsibility due to the Financial Services and Market Act (FSMA). This means that if a firm breaches one of the FCA’s requirements, the Senior Manager responsible for that area could be incriminated if they did not take reasonable steps to prevent or stop the breach.
The Duty of Responsibility specifies that the FCA can act against a Senior Manager where they can show that:
- There was misconduct by the Senior Manager’s firm
- At the time of the misconduct or during any part of it, the Senior Manager was in charge of the management of any of the firm’s activities in relation to which the misconduct occurred
- The Senior Manager did not take such steps as a person in their position could reasonably have been expected to take to avoid the misconduct occurring or continuing.
The burden of proof for all these elements rests on the FCA. The Senior Manager does not need to show that they took reasonable steps, it is for the FCA to prove that they did not.
What records do senior managers need to take to adhere to the duty of responsibility?
One of the most difficult practical issues for senior managers in banks is how to record that they are, on a day-to-day basis, taking reasonable steps to prevent regulatory breaches in their areas (the so-called “duty of responsibility”). Senior managers’ understandable concerns that the regulator may seek evidence of compliance years after the fact have led, in some cases, to a culture of excessive paperwork and unnecessary making and recording of challenges during the decision-making process.
In response to concerns about this raised during the consultation, the FCA states that the duty of responsibility does not impose additional obligations to keep records explaining or justifying steps taken (or not taken). It goes on to say, however, that it may be in senior managers’ interests to keep records of relevant steps they take. Furthermore, the FCA explains that senior managers (and significant influence function holders under the current regime) are obliged to take reasonable steps to ensure that their business area abides by the FCA’s rules, including the requirement to keep records allowing the FCA to monitor the firm’s compliance with its rulebook.
It is unlikely that firms or their senior managers will take comfort from the FCA’s statement on these points. They will have to strike a balance between the need to keep reasonable evidence of compliance and the need to run their business efficiently and effectively.
Will firms need to appoint someone to each Senior Management Function?
The SM&CR provides a more granular list of Senior Management Functions (SMFs) than the current list of controlled functions. This has prompted some firms to ask whether they are required to have individuals fulfilling each function. The FCA has confirmed that they do not: the general principle is that if a person is to carry out a role that is designated as an SMF they must be approved as such, but otherwise there is no general requirement to appoint individuals to hold SMFs.
This means that those firms that are not currently required to have a Compliance Officer or Money Laundering Reporting Officer are not required to appoint them under the SM&CR. Likewise, although there are designated SMFs for the chairs of the Risk, Audit, Remuneration and Nominations Committees, the SM&CR does not itself require firms to establish such committees or appoint individuals as their chairs.
Can an individual be both a Senior Manager and a Certified Person?
Yes, if a senior manager performs a role within their firm that is subject to the certification regime, and that role is not related to their Senior Management Function, then they will also need to be certified.
What is a Statement of Responsibilities?
A Statement of Responsibilities (SoR) is a single document that every Senior Manager must have, which clearly sets out their role and responsibilities and what they are accountable for. Statements of Responsibilities must be submitted to the FCA when a Senior Manager is being approved and when there is a significant change. It must be kept up to date. In March 2019 the FCA published final guidance to assist solo-regulated firms when preparing their Statements of Responsibilities.
Do firms need to appoint someone to each Senior Management Function?
The SMFs applicable to each firm vary according to SM&CR firm type. Seventeen SMFs apply to Enhanced firms, six apply to Core Firms and three SMFs apply to the Limited Scope tier. If a person is to undertake a role that is designated as an SMF for their firm type they must be approved as such, but otherwise there is no general requirement to appoint individuals to hold SMFs.
The FCA will automatically convert most firms Approved Persons Regime (APR) functions to the corresponding Senior Management Functions (SMFs), but some firms will need to complete a form to convert individuals manually.
Can a Senior Manager hold more than one SMF?
Yes, it is possible to hold more than one SMF. For example, an SMF3, Executive Director may also hold the SMF17, Money Laundering Reporting Officer function. The need for this will be determined by the governance structure of the firm. Where this is the case, the individual will need approval from the FCA for each function. The Senor Manager will only need one Statement of Responsibilities, but this must clearly describe all their responsibilities.
What is the 12-week rule?
The Senior Managers Regime allows someone to cover for a Senior Manager without being approved where the absence is temporary or reasonably unforeseen, where the appointment is for less than 12 consecutive weeks. (SUP 10C.3.13 R in the FCA Handbook provides more information).
The regime applies on a legal entity basis, what does this mean to firms?
The FSMA requires the SM&CR to be applied at a legal entity level and not at group level. This means that firms with group structures will need to consider the impact of SM&CR applicable to each legal entity.
For groups with several legal entities the SM&CR could apply in varying way to each company. This means that there will be groups which will contain firms in different tiers of the new regime. Groups may choose to apply the highest tier of the regime to all entities in their group, as an example, to make all entities Enhanced firms. However, there is no expectation or requirement for firms to do this.
How should firms assess the fitness and propriety of different levels of staff?
The FCA notes that firms should apply the certification requirements proportionately to different functions, and do not need to adopt the same criteria for fitness and propriety regardless of a person’s seniority or role. It gives the example of a trainee retail investment adviser, who may be certified as fit and proper on the condition that they continue to meet basic standards and work under supervision.
Does the regulatory reference requirement contravene employment law or the GDPR?
One of the more onerous requirements of the SM&CR is that firms are required to give a “regulatory reference”, i.e. a detailed reference in a standard template, in relation to a former employee or director who is applying for a senior management or certification function at another firm. Firms are also required to update these references if new information turns up. The reference must contain all information relevant to the assessment of an individual’s fitness and propriety (although the FCA says that this is an existing requirement).
In response to concerns around employment law and GDPR compliance, the FCA states that its rules only require firms to disclose information that has been properly verified, and there is therefore no conflict with duties under the general law to former employees or firms seeking references. The FCA also believes that the requirement does not contravene the GDPR, as the information employers are required to give is proportionate, storage of the information is for an appropriate amount of time, and it is appropriate to store it and provide it to a new employer, in order to comply with regulatory rules.
Are there any training requirements?
Yes, firms must make individuals who are subject to the Conduct Rules cognizant that this is the case, and take all reasonable steps to ensure that they comprehend how the rules concern them and their role. There are 2 tiers of Conduct Rules, individual conduct rules, which apply to the majority of individuals working in the financial services sector and Senior Manager conduct rules which apply only to Senior Managers.
Four Conduct Rules apply to senior managers and a further five individual conduct rules apply to all non-ancillary employees within a firm. Ancillary employees, in roles such as post room staff, receptionists, catering staff and cleaners are not required to comply with the Conduct Rules.
Senior Managers and Certification Staff will need to have been trained, and abide by the Conduct Rules from the start of the new regime at 9 December 2019. Firms will have 12 months to put in place processes to comply with the training and reporting requirements, and train their other staff on the Conduct Rules.
What is the new handover procedures requirement?
This requirement only relates to firms categorised as ‘Enhanced’. Such firms must take all reasonable steps to make sure that a person taking on a Senior Manager role has all the information and materials they could reasonably expect to have to do their job effectively. One way of carrying out this may be for the predecessor to prepare a suitable handover note. Enhanced firms are also required to have a policy which explains how it complies with this requirement, and maintain adequate records of the steps it has taken.
Are there any transition arrangements?
The FCA has confirmed transitional provisions to help firms move to the new regime:
While Senior Managers and Certification Staff will need to have been identified and trained and abide by the Conduct Rules from the start of the new regime, firms have 12 months to train their other staff on the Conduct Rules.
Firms have to identify their Certification Staff and ensure they meet the Conduct Rules by 9 December, however they have 12 months to complete assessments and complete the certification process.
Article by Compliance Consultant.
Marketing teams – will also have implications for financial promotions and marketing activity?