Community
Following the banking crisis in 2008, the Parliamentary Commission for Banking Standards (PCBS) recommended the creation of a new framework focused on increasing senior management accountability. Based on this recommendation, Parliament passed legislation in December 2013 that prompted the primary regulators of the financial services sector, the Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA), to implement a Senior Management and Certification Regime (SM&CR).
When this legislation passed the Approved Persons (AP) regime had already been in place for several years. It was designed to ensure that providers of financial services had directors who could manage their businesses with integrity and honesty and had the necessary skillset to ensure consumer protection.
What the Approved Persons regime did not do was hold other employees to account, particularly those who held Senior Management (SM) or Significant Harm (SH) functions.
As such, the SM&CR was created to ensure accountability at all levels within regulated firms. In order to achieve this a number of new areas were created, including;
Following further changes to legislation made by Parliament in May 2016, the SM&CR has now been extended to all Financial Services and Markets Authority (FSMA) authorised firms.
In December 2018 SM&CR replaced the Approved Persons regime for dual-regulated insurers (those regulated by both the PRA and FCA). Further to this, from the 9th December 2019, all regulated financial firms must comply with the SM&CR.
What do firms need to do to prepare?
There are a number of steps firms need to take in order to ensure they are ready for the implementation date set by the FCA.
First, firms must identify which of three categories they fall into. ‘Limited Scope’ accounts for businesses that provide financial services but not as their main operation e.g. sole traders, oil market participants and service companies. There are approximately 33k firms in this category. ‘Core’ is for firms that sell financial services as their main operation. There are approximately 14k firms in this category. Finally, ‘Enhanced’ applies to firms which, due to their size, complexity and possible impact on consumers, are subject to additional regulatory requirements. This includes firms who manage assets of £50 billion or more, mortgage lenders (excluding banks) with 10k or more regulated mortgages outstanding and all Client Assets Sourcebook (CASS) firms. There are approximately 350 firms in this category.
The category dictates the provider’s required action; there are a number of additional elements that Enhanced firms will need to implement. All firms, however, will need to decide which individuals will fall under the Senior Management and Certification functions.
The FCA has indicated that current Approved Persons will be able to ‘Grandfather’ across into the SM functions and have suggested that Approved Persons should be reviewed and validated now, removing the need to make additional applications once SM&CR is implemented.
SM&CR Requirements
Each of the SM functions will require a ‘Statement of Responsibility’. For this, the FCA has produced a template document setting out roles and responsibilities. These must be submitted to the FCA when applying for an SM function to be approved (or converted from an Approved Person).
These Statements of Responsibility must be kept up to date and resubmitted to FCA whenever there is a significant change to a SM’s responsibilities.
In addition to the requirement Statement of Responsibilities, the FCA has mandated a number of Prescribed Responsibilities. These Prescribed Responsibilities must be allocated to one or more of the SM functions to ensure accountability, but one SM can be responsible for more than one.
The Prescribed Responsibilities are:
Under SM&CR, firms are required to assess individuals in SM and Certification functions to confirm that they are fit for their roles. In addition, the FCA suggests that firms should assess any non-executive directors who are not Senior Managers.
The FCA is proposing a simple roll out of the existing rules to authorised firms, which are expected to determine their own strategy for assessing competence. This means that firms will need to consider how best they can assess the qualifications, training and personal characteristics of an individual for any Senior Manager or Certification role that they are performing.
As part of this process, there is a new requirement for firms to perform criminal record checks on each Senior Manager applying for approval.
As previously referenced, SM&CR introduces regulatory references for all SM&CR functions.
Firms will be required to obtain references from previous employers on all SM, CR and non-exec directors for a period of 6 years. There is also an obligation on the previous employer to provide references if any significant new information comes to light.
If a reference is requested, the previous employer must disclose whether:
A key consideration here is how firms log, monitor and manage this flow of information.
Conduct Rules
Two tiers of conduct rules have been introduced. Tier 1 rules are intended to cover all employees and Tier 2 are specific rules for individuals in an SM function.
Individual conduct / Tier 1 rules
Senior Manager / Tier 2 conduct rules
In order to ensure understanding of these conduct rules and individual requirements, firms are obligated to ensure that full staff training is performed.
Finally, under the Senior Management and Certification Regime, firms are required to report any disciplinary action taken against a person for any breach of the conduct rules to the FCA. For Senior Managers this notification must be within seven business days; for all other individuals notification should be made annually. This notification requirement does not affect firms' existing obligation under Principle 11.
A common misconception is that if a financially regulated firm is outsourcing processes, these updated rules apply only to the outsourcing partner. This is not the case – all financially regulated firms must implement the SM&CR, even if all their financial products are managed externally.
Despite this, regulated firms working with best of breed outsourced service providers remain at an advantage, as these companies will provide guidance and support throughout the process.
Next Steps
By 9th December 2019, all firms should have identified all their SM and CR individuals and ensured that these individuals are appropriately trained on the requirements, in particular the conduct rules and Prescribed Responsibilities.
By 9th December 2020, all other employees should have received training and be aware of their obligations under the Tier 1 conduct rules, and assessments should have been conducted on the Senior Management and Certification functions.
Although there is much to consider, this is a positive and significant step in ensuring enhanced accountability for the financial services market and, following successful implementation within the banking sector, is expected to strengthen firms and protect consumers.
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Ellison Anne Williams CEO at Enveil
30 October
Damien Dugauquier Co-Founder & CEO at iPiD
Kyrylo Reitor Chief Marketing Officer at International Fintech Business
Prashant Bhardwaj Innovation Manager at Crif
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.