Senior Managers and Certification Regime
The commencement date of 9 December 2019 for the extension of the Senior Managers and Certification Regime (SMCR) to solo-regulated firms is fast approaching. The SMCR will replace the existing Financial Conduct Authority (FCA) Approved Persons regime for solo-regulated firms and require firms to focus on the existing governance, compliance and human resources arrangements to ensure these will comply with the requirements under the SMCR. A Senior Manager may be personally liable for breaches of the FCA’s requirements that took place within their area of responsibility if the FCA finds the Senior Manager failed to discharge his or her duty of responsibility. A Senior Manager may be so liable even if he or she was not personally involved or implicated in the breach. While the SMCR does not fundamentally alter the personal liability under the existing individual accountability rules, it does expand their scope and underline the FCA’s focus on firms’ culture and commitment to attribute responsibility for breaches of regulatory requirements to individuals in the most senior positions in the firm.
While the individuals currently exercising certain key functions as Approved Persons will be transitioned automatically into the new regime as Senior Managers, new Senior Managers will need to be separately approved by the FCA. In addition, firms will be required to certify the fitness and propriety of employees who are not Senior Managers, but who may cause significant harm to the firm or its customers due to the nature of their roles. A new set of Conduct Rules will apply to virtually all staff, many of whom will not previously have been subject to conduct regulation by the FCA. Certified Staff and staff subject to the Conduct Rules will also be personally liable to the FCA for the breach of the Conduct Rules.
To whom does this apply: The SMCR will apply to all UK firms authorised by the FCA. This will include UK alternative investment fund managers (AIFMs) or investment firms, including UK based sub-advisory entities of US and Asian investment management groups. The rules will also affect some non-UK staff of UK firms, including directors of UK entities and material risk takers of a firm, even if they are based outside of the UK.
Proportional approach: The implementation of the SMCR in a firm will reflect its business and operations, its organisational and governance structure, and its size and complexity. The SMCR consists of three main elements: Senior Managers Regime; Certification Regime and Conduct Rules.1
- Senior Managers Regime: An FCA-authorised firm will need to obtain prior approval by the FCA for the most senior staff members whose roles include the performance of “Senior Management Functions.” Such approval may be granted for a limited time period, or subject to conditions. The Senior Management Functions include the Chairman function (SMF9), the Chief Executive function (SMF1), the Executive Director function (SMF3), the Partner function (SMF27), the Compliance Oversight function (SMF16) and the Money Laundering Reporting Officer function (SMF17). The Senior Managers Regime applies to anyone who performs a Senior Management Function, whether that person is in the UK or overseas.
Statement of responsibilities – Firms must prepare a Statement of Responsibilities (SoR) with respect to each Senior Manager. Firms must provide the SoR to the FCA when a Senior Manager applies to be approved, and when there is a significant change to his or her responsibilities, except where the Senior Manager is converted automatically at commencement. If a Senior Manager holds more than one Senior Management Function, he or she will only be required to have a single SoR describing all his or her responsibilities.
Duty of responsibility – Senior Managers will be subject to a duty of responsibility under s.66A(5) of the Financial Services and Markets Act 2000 (as amended). This means that if a firm is in breach of its obligations under the FCA’s rules or principles, the Senior Manager for the area in which the breach took place could be held accountable. The FCA would have to show that the Senior Manager did not take the steps that a person in his or her position could reasonably be expected to take to avoid the breach occurring.
Prescribed responsibilities – the FCA proposes six “Prescribed Responsibilities” (PRs) for core firms.2 Firms will be required to assign each of the applicable PRs to the Senior Manager who is the most senior person responsible for the relevant area.
- Certification Regime: The Certification Regime will apply to employees3 who are not Senior Managers, but whose role means that it is possible for them to cause significant harm to the firm or its customers. Certification Functions include the significant management function, the client dealing function, proprietary traders and material risk takers.4 Firms will need to assess staff carrying out “Certification Functions” at least annually and certify that they are fit and proper to perform their roles. In contrast to the existing regime, the FCA will not approve these individuals.5 The Certified Staff will be included in a register that firms are required to keep updated.
- Conduct Rules: The Conduct Rules are high-level guidance, and largely replicate the principles currently applicable to Approved Persons. The Conduct Rules are enforceable by the FCA against individuals and will apply to almost all staff. The Conduct Rules will apply in relation to a firm’s regulated and unregulated financial services activities. Firms will be required to train all staff subject to the Conduct Rules to ensure they understand how the Conduct Rules apply to them.6
Record keeping: Regulatory references: Firms will be required to request a reference from the past employers of an individual who is a prospective Senior Manager or Certification Regime employee for the preceding six years. The rules on regulatory references will require firms to share information with other FCA-authorised firms in a standard template, including details of any disciplinary action taken due to breaches of the Conduct Rules. Firms will also be required to update regulatory references if new and significant information concerning a previous employee comes to light. A Senior Manager will be accountable for the regulatory reference obligations as part of the Prescribed Responsibilities PR1 and PR2.
Criminal record checks: The FCA proposes requiring firms to undertake a criminal records check as part of each Senior Manager application for approval, and for Certified Staff as appropriate.
Head of Legal: The FCA issued a consultation paper in January (CP19/4)7 where it proposed to allow the Head of Legal to not be treated as a Senior Manager with respect to that role. The FCA reminded readers that in-house lawyers will already be subject to the Conduct Rules and the Head of Legal will also fall under the Certification Regime.8 The proposed carve-out does not amount to lawyers being excluded from the scope of any other Senior Management Functions. For example, the Head of Legal who also performs another Senior Management Function (e.g. the Chief Operations Officer or the Head of Compliance) will be a Senior Manager with respect to the same.
The Directory: After consultation, the FCA has decided to proceed with the Directory, which will include information relating to Certified Staff, directors who are not Senior Managers and relevant sole traders or appointed representatives, under the SMCR. The existing Financial Services Register will continue to set out details for firms and their permissions, as well as listing Senior Managers. The FCA’s objective is to enhance consumer protection and facilitate checks on individuals by firms and consumers by publishing this information on an ongoing basis. While the accuracy of the Directory will depend on the quality of the information submitted by the firms and the promptness of the submissions, it should make it easier for firms to check the employment history of new hires, complementing the regulatory references regime. This will mean an increased compliance burden on firms as they will be required to report on changes to their Certified Staff and other relevant persons within seven days of the change taking effect. There is an administrative charge of £250 for a one-off breach of the obligation to submit information to be included in the Directory and the FCA has said that it will take all necessary action in respect of repeated breaches. The Directory is expected to be accessible for solo-regulated firms in December 20209.
If you have any questions concerning this alert, please contact:
1 Firms are divided into three categories: “core regime,” “limited scope” and “enhanced regime” firms. As most firms are likely to be “core regime” firms, this note will outline the requirements applicable to “core regime” firms. The largest and most complex firms will be subject to certain additional requirements under the enhanced regime. Enhanced regime firms will include “significant investment (IFPRU) firms” and firms with assets under management of £50 billion or more.
2 Performance by the firm of its obligations under the Senior Managers Regime; Performance by the firm of its obligations under the Certification Regime; Performance by the firm of its obligations in respect of notifications and training of the Conduct Rules; Responsibility for the firm’s policies and procedures for countering the risk that the firm might be used to further financial crime; Responsibility for the firm’s compliance with the Client Assets Sourcebook (CASS) (if applicable); and Responsibility for an Authorised Fund Manager’s (AFM’s) assessments of value, independent director representation and acting in investors’ best interests (as applicable).
3 The FCA proposes to apply the Certification Regime only to employees of a firm. “Employees” includes anyone who personally provides, or is under an obligation to provide, services to a firm under an arrangement made between the firm and the person providing the services, or another person, if the “employee” is subject to the firm’s supervision, direction or control as to the manner in which he or she provides the services.
4 Staff other than Material Risk Takers who are based outside the UK will only be within the scope of the Certification Regime if they have contact with UK clients or spend more than 30 days a year in the UK.
5 This requirement will begin 12 months after the commencement of the SMCR, but the Conduct Rules will apply from commencement. This means that while firms will not therefore need to have certified relevant staff when the SMCR comes into effect, the appropriate individuals must have been identified.
6 The Conduct Rules are divided into two tiers, the first tier being applicable to all staff and the second tier being applicable to Senior Managers only.
7 A policy statement is expected in Q3 of this year.
8 As either a Material Risk Taker or Significant Management Function.
9 Banking firms, insurers and their appointed representatives must upload their relevant information by 9 March 2020.