Senior Manager and Certification Regime (SM&CR): an overview
Regulatory compliance - our view on changes...
Following the 2008 financial crisis, the UK financial industry was lined up for a regulatory review and in June of 2013, The Parliamentary Commission on Banking Standards published its final report (Changing Banking for Good – available here) on improving the conduct of the UK banking sector. This report, was been based on evidence, primarily spanning our of LIBOR manipulation and PPI scandal, made 4 key recommendations towards improving industry conduct:
Strengthening individual accountability - to increase accountability at all levels;
Reforming corporate governance – to increase board and senior management oversight;
Securing better outcomes for consumers – primarily through enhanced competition;
Enhancing financial stability – including review of the regulatory bodies' objectives;
The SM&CR will replace the APR system for all FCA solo-regulated firms from 9 December 2019.
Following the report, the Government choose to replace the Approved Person Regime (APR), with a new system that kept the Commission’s findings at heart, thus strengthening senior management and individual responsibility.
The new system created is the Senior Management and Certification Regime (SM&CR), which came into force for banks, building societies, credit unions and PRA-designated investment firms in March 2016.
The SM&CR is now being implemented for all remaining FCA solo-regulated firms, such as insurance brokers, claims management companies, self-employed advisers and so on. The SM&CR will replace the APR system for such firms from 9 December 2019.
Objective of SM&CR Regime
The overarching aim of the SM&CR Regime is to reduce harm to consumers and to strengthen market integrity. In particularly, the FCA stated that:
“The SM&CR aims to reduce harm to consumers and strengthen market integrity by creating a system that enables firms and regulators to hold people to account. As part of this, the SM&CR aims to:
encourage staff to take personal responsibility for their actions
improve conduct at all levels
make sure firms and staff clearly understand and can show who does what”
(Guide for solo regulated firms – available here)
This is achieved by raising standards for everyone who works in the financial services sector, by enhancing senior management arrangements and by making senior managers accountable for their (and the employees’) conduct, competence and actions. As one of the key changes, Non-Executive directors will also be captured by the enhanced standards.
How will SM&CR apply to different firms?
The FCA considered two key, but somewhat contradicting elements when proposing the system. These are consistency between firms and recognition of difference between different firms’ sizes, expertise and activity (risk level to consumer). To achieve a fair outcome for firms (and thus for consumers), the FCA will class firms into three categories:
Limited Scope (Regime): this will apply to firms who already have exemptions under the Approved Persons Regime. These firms will be exempt from some SM&CR requirements. Firm’s typically classed as Limited scope are sole-traders, small firms, service companies, internally managed AIFs, and so on).
Core (Regime): most firms regulated by the FCA will be classed as “Core Firms”.
Enhanced (Regime): the largest firms in the UK financial sector will be subject to the “Enhanced Regime”, which is akin to the same provisions as is applied to the banking sector. Firms captured include CASS large firms, IPRU firms, firms with regulated business revenue in excess of £35 million.
Whilst the FCA will contact firms with their assessment and classification, firms remain responsible to confirm with the FCA whether the classification is correct.
The FCA has also created a tool, with a series of questions that firms can work through to determine which category they fall into.
The Core Regime
As most firms will be subject to the Core Regime, we opted to provide a high level overview of how the system will look like.
The Core Regime of SM&CR will consist of three main elements: Senior Managers Regime (SMR), Certification Regime (CR), and Conduct Rules.
Senior Managers Functions (SMFs)
This element is relevant for the firms’ most senior managers only (typically, the Board of Directors) who are the ultimately decision makers. These roles are the Senior Management Functions (SMF) which is equivalent to the current APR's Controlled Functions (CF). Under the Core Regime, the FCA has designated a number of defined senior management function roles to cover individuals who are deemed by the regulator to pose the greatest potential risk to customers or market integrity.
The key elements of the SMR:
Statements of Responsibility: as a new requirement, firms would need to document what the SMFs are responsible and accountable for. This document must be kept up-to-date at all times; and where required, shared with the regulator;
Prescribed Responsibilities: In addition to the inherent responsibilities of a senior manager, the FCA will require firms to allocate several ‘prescribed responsibilities’ to their Senior Managers. These will vary depending on the size and complexity of the firm, however they must be allocated to competent SMFs whilst considering that “sharing of PRs” are only permitted in exceptional circumstances.
Important: There is no territoriality limitation under SMR; Senior Managers performing a role overseas would still remain in scope.
Certified Functions (CFs)
The purpose of this regime is to formally establish responsibility on firms to ensure the key individuals are (and remain so) competent to discharge their role.
The key considerations include:
Individuals within firms who ‘are not Senior Managers but whose job can cause significant harm to the firm or its customers’ are subject to the Certification Regime. The following functions will be Certified Functions under the SM&CR:
Significant management function;
CASS oversight function;
Functions subject to qualification requirements under the T&C regime;
Client dealing function;
Anyone who supervises or manages a Certified Function (directly or indirectly), but isn’t a Senior Manager;
Those meeting the definition of a Material Risk Taker (MRT);
Annual Certification requires firms to check and confirm (‘certify’) that certified staff are suitable to do their job on an annual basis.
Prescribed Responsibility (PR) for the CR must be allocated to a Senior Manager, who will be personally accountable for the regime.
The new conduct rules retain considerable resemblances with the APER regime. However, under the SM&CR regime, regardless of firms’ classification, the following rules will apply to almost every person who works in financial services, apart from ancillary staff (e.g. receptionists, cleaners, caretakers, and security staff). They are listed below:
1. Tier 1: Individual Conduct Rules
a. CR1 - You must act with integrity
b. CR2 - You must act with due skill, care and diligence
c. CR3 - You must be open and co-operative with the FCA, the PRA and other regulator
d. CR4 - You must pay due regard to the interests of customers and treat them fairly
e. CR5 - You must observe proper standards of market conduct
2. Tier 2: Senior Manager Conduct Rules
a. SM1 - You must take reasonable steps to ensure that the business of the firm for which you are
responsible is controlled effectively
b. SM2 - You must take reasonable steps to ensure that the business of the firm for which you are
responsible complies with the relevant requirements and standards of the regulatory system
c. SM3 - You must take reasonable steps to ensure that the business of the firm for which you are
responsible complies with the relevant requirements and standards of the regulatory system
d. SM4 - You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice
Practical annual training: Under the new rules, firms must train all relevant staff to understand how the conduct rules are relevant to their individual roles, therefore the training should be both practical and tailored. In addition, a Senior Manager will be personally responsible for ensuring compliance with this under the assigned PR; For individuals holding SMF, they must receive this training by 9 December 2019, covering both Tier 1 and Tier 2 rules, whilst other staff must receive their training (and where applicable, be formally Certified) by 9 December 2020.
Disciplinary Reporting Firms must report disciplinary actions taken due to a breach of the conduct rules to the FCA. This must be completed within seven days for Senior Managers, and on an annual basis for all other staff (for the later, a report must be made to the FCA, even if it would be "nil return";
Self help for firms
The FCA has issued a practical guide for firms (SM&CR Guide for solo-regulated firms) which is a summary of the final rules and guidance on SM&CR. It gives an overview of how the SM&CR works and how firms and individuals will move to the new regime.
Over the next months, we will review how the FCA will convert Core firms to the new, SM&CR Regime and what are the typical areas firms should pay particular attention to.
At RRCA, we have extensive experience in understanding various Board arrangements. We can offer extensive support to ensure full compliance, from self-assessment, remote support to on-site readiness review.
If you have any questions about how the SM&CR impact you, or merely you want us to confirm your understanding or arrangements, please feel free to get in touch!