The Senior Managers & Certification Regime (SM&CR) is being extended with effect from 9 December 2019 to firms that are solo-regulated by the Financial Conduct Authority (FCA) (except for benchmark firms which will be subject to the regime from 7 December 2020). As a result, solo-regulated firms will be subject to an individual accountability regime similar to that which was brought in for banks in March 2016, although adapted to take account of the broad range of firms which are solo-regulated to ensure a proportionate application of the regime.
As the implementation date approaches, as well as bespoke client training, we have prepared a suite of briefings to help you understand how the SM&CR will impact your firm and what things you need to be thinking now as part of your implementation planning. In this briefing, Grania Baird and Katy Ruddell provide an overview of the SM&CR for solo-regulated firms.
Aspects of the SM&CR are considered in more detail in related articles published on our website.
1.1 The new individual accountability regime under the SM&CR derived from the Parliamentary Commission on Banking Standards (PCBS) report – “Changing banking for good”. The recommendations in the PCBS report led to the new accountability regime for banks under SM&CR focusing on individual responsibility at all levels with a particular focus on senior management.
1.2 SM&CR replaces the existing approved persons regime and has been in force for UK banks and UK branches of overseas banks since March 2016. The government announced the extension of the SM&CR to all other FCA regulated firms in December 2015.
1.3 SM&CR is implemented through the Financial Services and Markets Act 2000 (FSMA) as amended by the Bank of England and Financial Services Act 2016, and through changes to the FCA Handbook of rules and guidance. HM Treasury has recently published commencement regulations which were made on 17 July 2019 in respect of the extension of the SM&CR. The FCA will shortly publish their final rules and update the FCA Handbook.
1.4 The FCA has stated that the aim of the SM&CR is to reduce harm to consumers and strengthen market integrity by creating a system that enables firms and regulators to hold individuals to account. As part of this, the SM&CR aims to:
- 1.4.1 encourage staff to take personal responsibility for their actions;
- 1.4.2 improve conduct at all levels; and
- 1.4.3 make sure firms and staff clearly understand and can demonstrate who does what.
1.5 The FCA has said that it does not intend the extension of SM&CR to require firms to change how they organise themselves, do business, or make new hires, but it does intend the regime to clarify and reinforce governance structures which firms have in place.
1.6 All firms authorised under FSMA and regulated by the FCA will be affected by the extension of the SM&CR. However, the FCA has stated that the extension of the SM&CR is to apply in a flexible and proportionate way and, as a result, the requirements which apply will depend on the categorisation of the firm and its type (see further below). This briefing does not cover benchmark firms.
1.7 Firms which are not authorised under FSMA, for example, payment services firms, are not covered by the SM&CR. Appointed representatives also fall outside of the SM&CR.
2. Key elements of the SM&CR
2.1 The new individual accountability framework under SM&CR involves three key elements:
2.1.1 Senior Managers Regime – this covers the top tier of management within the firm who have ultimate accountability for the actions and decisions of the firm. Senior Managers are those who hold FCA specified senior management functions (SMFs), and who must be pre-approved by the FCA. The roles and requirements as regards Senior Managers are set out in more detail below.
2.1.2 Certification Regime – this covers those individuals whose roles pose a risk of significant harm to customers, the firm and markets. These individuals will not be pre-approved by the FCA but must be certified as fit and proper by their firm before taking on a role subject to the Certification Regime, as well as on an annual basis and whenever a material change occurs to their role.
2.1.3 Conduct Rules – these are a new set of enforceable high level conduct rules which will apply to almost all staff at a firm (other than ancillary staff). The intention of the Conduct Rules is to raise standards across the board by requiring all individuals to take personal responsibility for their actions and so improve conduct at all levels.
2.2 The new fitness and propriety rules and requirements under SM&CR incorporate existing concepts but are enhanced under the regime and include an increased emphasis on competency. The obligation is on the firm to carry out the fitness and propriety assessments in respect of Senior Managers, staff within the Certification Regime and, for most firms, non-executive directors. Guidance concerning the criteria to be used to assess fitness and propriety is contained in the FCA’s FIT sourcebook. Firms must also carry out a criminal record check on Senior Managers and, for most firms in respect of their non-executive directors, regulatory reference requirements also apply.
3. FCA approach to the extension of the SM&CR
3.1 When designing the extension of the SM&CR, the FCA recognised the range and diversity of the circa 47,000 firms which will be brought within the regime and decided that it would apply the regime in a flexible and proportionate manner. As a result, the FCA is applying the extension of the SM&CR in a tiered manner.
3.2 A standard set of requirements will apply to most firms, known as Core firms. Additional requirements will apply to a smaller number of firms whose size, complexity and potential impact on consumers warrant more attention, known as Enhanced firms (anticipated to be about 390 firms). These requirements include additional SMFs and prescribed responsibilities, the overall responsibility requirement as well as the requirement to have a management responsibilities map and to have hand over procedures for Senior Managers. A reduced set of requirements will apply to smaller firms or those with particular permissions, including firms that currently have a limited application of the approved persona regime, known as Limited Scope firms.
3.3 There are some exclusions relevant to the Enhanced category, for example, EEA branches and non-EEA branches fall outside of the Enhanced category. A firm whose only permission covers being a full scope alternative investment fund manager (AIFM) of an unauthorised alternative investment fund (AIF) or an authorised AIF that is only marketed to investors that are professional clients, is also excluded from the Enhanced category.
3.4 Firms will be able to opt into the Enhanced category should they wish to, and this is available to both Limited Scope and Core firms. Firms wishing to opt up will need to notify the FCA using Form O. However once opted up, a firm must comply with all aspects of the Enhanced regime; it cannot pick and choose. The FCA has made it clear that there is no expectation or requirement for firms to choose to apply the highest tier across all group entities.
3.5 An important first step for firms is to identify in which category they fall. The SM&CR applies at the legal entity level rather than at group level. Each firm will need to decide in which category it falls at legal entity level. The FCA has said that it intends to contact firms prior to commencement of the new regime to inform firms which category the FCA considers they fall into.
3.6 Although the extension of the SM&CR is designed to be flexible and proportionate, there are certain aspects of the regime as set out in FSMA in respect of which the FCA has no discretion, including certain requirements relating to Senior Managers (see further below) and the Certification Regime (see further below).
3.7 The FCA has issued some useful guidance and checklists for solo-regulated firms available on the FCA website.
4. Senior Managers
4.1.1 This aspect of SM&CR applies to those who are at the top tier of management within a firm, principally at board level. However, in larger more complex firms it may also include those one tier down below the board. The FCA wishes to know who within a firm are the most senior decision-makers, and make sure that firms clearly allocate responsibilities to those individuals. SM&CR includes a number of requirements to implement these aims.
4.1.2 There is no territorial limitation to the Senior Managers Regime; it covers a person carrying on the role of Senior Manager whether in the UK or overseas. There are specific rules for branches of overseas firms.
4.2 Senior Management Functions
4.2.1 A senior management function is defined in FSMA as: "… in relation to the carrying on of a regulated activity by an authorised person, if (a) the function will require the person performing it to be responsible for managing one or more aspects of the authorised person’s affairs, so far as relating to the activity, and (b) those aspects involve, or might involve, a risk of serious consequences (i) for the authorised person, or (ii) for business or other interests in the United Kingdom" (section 59ZA FSMA).
4.2.2 The FCA has set out specific senior management functions (SMFs) in SUP10C of the FCA Handbook.
4.2.3 To hold an SMF an individual must be pre-approved by the FCA.
4.2.4 The SMFs which apply to firms will depend on the firm’s categorisation under SM&CR:
(a) only some SMFs will apply to Limited Scope firms (and those that apply will depend on the firm’s activities and permissions;
(b) a core number of SMFs will apply to Core firms; and
(c) additional SMFs (11 in total) will apply to Enhanced firms.
4.2.5 A Senior Manager will normally have certain inherent responsibilities as part of the SMF they hold. An SMF can hold a number of SMFs and where this is the case, the Senior Manager will need to be approved by the FCA for each function. This can be done using one form.
Senior Management Functions (SMF)
Additional SMF's - Enhanced firms
4.3 Prescribed responsibilities
4.3.1 Under the SM&CR, there are specific responsibilities defined in SYSC 24 of the FCA Handbook that must be allocated to a Senior Manager. These are called “prescribed responsibilities”. The FCA has specified these prescribed responsibilities to ensure that a Senior Manager is responsible for key conduct and prudential risks. These prescribed responsibilities should be allocated to the firm’s Senior Managers and included in their Statements of Responsibilities.
4.3.2 Again, the categorisation of the firm will have an impact as to which prescribed responsibilities apply. Core firms have five prescribed responsibilities, with an additional one for authorised fund managers of FCA authorised funds. Enhanced firms have seven additional prescribed responsibilities. These include certain prescribed responsibilities which the FCA would normally expect to be given to non-executive directors. However, the FCA recognises that this may not always be possible where a firm does not have non-executives, and in that case the prescribed responsibility should be allocated to another Senior Manager.
4.3.3 Prescribed responsibilities do not apply to Limited Scope firms or EEA branches.
4.3.4 When determining the allocation of prescribed responsibilities, they should be allocated to a Senior Manager who is the most senior person responsible for that issue.
4.4 Statement of Responsibilities (SoR)
4.4.1 Irrespective of the firm’s category, FSMA requires an SoR to be prepared for each Senior Manager. The SoR is a single document which sets out the Senior Manager’s role and responsibilities. It will list the SMF’s prescribed responsibilities, as well as any overall responsibilities (for Enhanced firms) and can include information about other responsibilities and information where relevant.
4.4.2 The SoR must be submitted to the FCA when applying for regulatory pre-approval as a Senior Manager. The SoR needs to be kept up-to-date, and an updated version must be submitted to the FCA where there is a significant change to the Senior Manager’s responsibilities.
4.4.3 The SoR is a key document and will enable the FCA to identify the relevant Senior Manager(s) responsible for an area where a breach has occurred. The template SoR will be available on the FCA website. The SoR should be kept up to date and filed with the FCA whenever a change is made.
4.5 Duty of responsibility
4.5.1 Under SM&CR every Senior Manager has a duty of responsibility, for aspects of the firm for which they are responsible. This is derived from FSMA which in summary provides at section 66A(5) that:
- where there has been (or continues to be) a breach of a regulatory requirement,
- the Senior Manager at that time responsible for the management of any of the firm’s activities in relation to which the contravention occurred,
- can be held responsible where the Senior Manager did not take such steps as a person in the Senior Manager’s position could reasonably be expected to take to avoid or prevent such contravention occurring or continuing.
4.5.2 Where the circumstances described in section 66A(5) of FSMA apply, the Senior Manager can be held accountable. The time period during which the FCA can take action is increased under SM&CR to six years from the date the FCA knew of the misconduct, where the misconduct occurred after the implementation of SM&CR. For misconduct which occurred before the implementation of SM&CR, the relevant period is three years.
4.5.3 The burden of proof lies with the FCA to determine that a Senior Manager did not take the steps a person in his/her position could reasonably be expected to take. The key point for Senior Managers is to take such “reasonable steps” and ensure they can evidence that they took reasonable steps to prevent the breach occurring or continuing.
5. Overall responsibility
5.1 An additional requirement for Enhanced firms is the “overall responsibility” requirement. This requires Enhanced firms to ensure that every activity, business area and management function has a Senior Manager with responsibility for it.
5.2 Enhanced firms are also required under SM&CR to take all reasonable steps to ensure that a person taking a Senior Manager role has all the information and materials they could reasonably expect to do their job effectively. Firms must have a policy covering this requirement.
6. Certification Regime
6.1 The Certification Regime applies to those individuals performing a significant harm function, being one that “will require the person performing it to be involved in one or more aspects of the firm’s affairs, so far as relating to the activity, and those aspects involve, or might involve, a risk of significant harm to the authorised person or any of its customers” (section 63E FSMA).
6.2 The FCA has provided in its rules the functions which are significant harm functions and these are referred to in the rules as “certification functions”. To undertake a certification function, the firm must assess whether the person to carry out the role is fit and proper to undertake the role, and issue a certificate confirming that this assessment has been met. Firms must also carry out an annual assessment of fitness and propriety and whenever the role changes.
6.3 The Certification Regime applies to employees as defined in section 63E(9) of FSMA. This is a broad definition and covers not only employees but also normally includes consultants, contractors and secondees.
6.4 The regime covers many of the roles undertaken by individuals under the approved persons regime but is considerably wider. The obligation to assess individuals within the Certification Regime lies solely with the firm. Individuals subject to the Certification Regime are not approved by the FCA for that role.
6.5 A Senior Manager will only be subject to the Certification Regime, where they perform a role separate and distinct to their SMF. In that case they will fall within the regime and need to be assessed as fit and proper to undertake the relevant Certification Function in addition to being a Senior Manager.
7. Conduct Rules
7.1 Another key aspect of the SM&CR are the Conduct Rules. These are a set of enforceable high-level rules which apply to almost all staff within an organisation (save for ancillary staff) with the aim of improving conduct and standards of behaviour across the board.
7.2 There are two tiers of conduct rules; the individual conduct rules which apply to most individuals within a firm including non-executive directors, and then an additional tier of senior conduct rules which only apply to Senior Managers (and one of those rules also applies to most NEDs).
7.3 The Conduct Rules are contained in the FCA Code of Conduct (COCON) sourcebook and are set out below.
7.4 Firms must train their staff on the Conduct Rules and how they apply, including the practical application of specific rules to their work.
7.5 Firms must notify the FCA where they take disciplinary action (defined as a formal written warning, or suspension or dismissal or reduction or recovery of remuneration) as a result of any actual or suspected breach of the Conduct Rules by a Senior Manager within seven business days and any other relevant staff on an annual basis.
8. Transitional and conversion arrangements
8.1 The FCA has indicated that conversion to SM&CR on 9 December 2019 for solo-regulated firms should be simple, clear and proportionate, and for most firms will involve little interaction with the FCA.
8.2 The transitional arrangements depend on the categorisation of the firm under SM&CR, with Limited Scope and Core firms transitioning with little contact needed with the FCA. For these firms, there will be automatic mapping across to the equivalent SMF where possible. For example, an executive director holding the CF1 controlled function at a Core firm on transition will map across to the senior management function SMF 3. Existing FCA controlled functions under the approved persons regime which do not map across will cease.
8.3 As regards a non-executive chair, the CF2 function does not map across and firms must submit a Form K regarding the Chair function (SMF 9). If firms do not want an individual to map across, they should submit a Form C. For individuals taking up new SMFs post commencement where there is no mapping across, a Form A and SoR must be submitted, and criminal record checks undertaken.
8.4 Where Senior Managers map across under the transitional arrangements there is no need for firms to reapply for regulatory pre-approval for those individuals, nor is there a need for extra checks to be undertaken. Firms must remember, however, that even though there are these helpful transitional provisions, they must ensure that they have SoR in place for their Senior Managers even though these may not need to be submitted to the FCA at implementation of the new regime.
8.5 For Enhanced firms, the transition is not quite as straightforward. Where the existing controlled function maps across to an SMF, Enhanced firms will need to submit a Form K conversion notification. This must include the individual’s SoR. However, provided this conversion form is submitted there is no need to re-apply for approval, nor do extra checks on individuals.
8.6 A large number of controlled functions, such as CF30, do not map across under SM&CR and will lapse on implementation. Individuals who previously held these roles are likely to fall within the Certification Regime.
8.7 As the existing approved persons regime will apply up until commencement of SM&CR, firms should continue to obtain approval for controlled functions in the normal way until implementation. At implementation the FCA proposes to convert in-flight applications at commencement to the applicable SMF.
8.8 As at implementation firms must have identified all staff within the Certification Regime. Fitness and propriety certificates for those staff do not have to have been issued by that date but must be issued by 9 December 2020.
8.9 In relation to the application of the Conduct Rules these will apply to Senior Managers and staff within the Certification Regime from implementation, and they should have been notified about the Conduct Rules which apply to them and have been given training by that date. In respect of all other staff subject to the Conduct Rules, these will apply from 9 December 2020.
9. Practical steps to consider when preparing for SM&CR
Scoping and preparation
- Confirm whether your firm is subject to the Limited Scope, Core or Enhanced regime
- Decide on implementation team – HR/Legal/Compliance and senior management
- Remember this is an ongoing regime, prepare for implementation and beyond
Training and guidance
- Consider the content and timing of training for different categories of staff
- Training on SM&CR as a whole, specific training for Senior Managers, Certification Regime staff, and other staff.
- Training on Conduct Rules, which should be tailored to different categories of staff, Remember the Conduct Rules are a key part of the regime and apply to nearly all staff
- Consider an SM&CR Manual or additions to staff handbook
- Identify Senior Managers
- Agree allocation of SMFs
- Agree allocation of relevant prescribed responsibilities and, if relevant, other overall responsibilities
- Review job descriptions as part of this project
- Prepare statement of responsibilities and consider content, this should focus on what Senior Managers are responsible for, not how they will conduct their roles
- Will there be sharing of roles or responsibilities, is this justified, and are the divisions clear?
- Will you have a management responsibilities map even if not an Enhanced firm?
- Review Directors and Officers insurance cover re legal expenses and Senior Managers
- Identify staff who will be carrying out certification functions
- Are any overseas employees within scope?
- Consider employees dealing with UK clients
- Identify Material Risk Takers (MRTs)
- Do not leave this until the end
Fitness and Propriety
- Review/prepare fitness and propriety procedures
- Check if you have process to get consent for criminal records checks for Senior Managers
- Consider whether changes need to be made to recruitment and annual appraisal processes
- Consider and be aware of consequences when an individual fails a Fit and Proper assessment, and reporting and notification obligations which apply
Review employment contracts and disciplinary procedures
- Review employment contracts and staff handbook
- Review disciplinary procedures to cover circumstances of a breach of a Conduct Rule and failure of Fitness and Propriety assessment
- Review appeals process
- Check regulatory reference procedures are up to date
To download a copy of the briefing, please click here.
This publication is a general summary of the law. It should not replace legal advice tailored to your specific circumstances.
© Farrer & Co LLP, July 2019