Francis Kean, Executive Director at Willis Towers Watson
I’m usually no fan of hyperbole but perhaps it’s justified this time. On 26th July the Financial Conduct Authority (FCA) finally published its long awaited Consultation Paper on extending the Senior Managers and Certification Regime (SM&CR).
When the regime comes into force (on a date still to be confirmed) it will apply to some 56,000 businesses and affect several hundred thousand employees in the UK financial services sector. Those who were hoping for ‘SMR-lite’, on the basis that many of these businesses are tiny compared with the banks, will be disappointed. The FCA does nothing to disguise the impact of this consultation, making it clear that “…almost every firm that offers financial services and is regulated by the FCA will be affected by these changes…”.
Under the Consultation Paper, every firm to which the new regime will apply will have to address the following three inter-related sets of requirements drawn straight from the existing regime:
- The Senior Managers Regime
Core elements of the regime include the allocation of senior management functions to the most senior people in the organisation. Each such individual will need to have a document stating what they are responsible and accountable for and will also be subject to a ‘Duty of Responsibility’ which means that if something goes wrong in an area for which they are responsible, they may be subject to disciplinary action.
- Certification Regime
This covers people who are not senior managers but whose job means that they can have a big impact on customers, markets or the firm. Unlike under the current ‘Approved Persons’ regime it will be the firms that will need to check and certify annually that they are suitable to do their job. Again, this is very similar to the certification regime as it applies already to banks and building societies.
- Conduct Rules
As the FCA puts it, “…these are basic rules that will apply to almost every person who works in financial services. They include things like acting with integrity and treating customers fairly…”. In paragraph 7.14 of the Consultation Paper, the FCA gives an exhaustive list of those roles that are outside the scope of conduct rules. They include security guards, vending machine staff, cleaners and catering staff. From this you get a hint as to the reason for the FCA’s confidence that the conduct rules will “…apply to almost every person who works in financial services…”.
Core Firms and Enhanced Firms
Recognising that the FCA regulates a vast array of financial services firms ranging from single traders to global asset managers, the FCA has proposed a two-tier regime. The first so-called ‘core regime’( as summarised above) will apply to all FCA regulated entities, the second ‘enhanced regime’ will only apply to larger institutions of which the FCA estimate there are 350 which fall into one or more of the following categories:
- The firm that has a significant ‘IPFRU’ firm;
- A firm that is a CASS large firm;
- Firms with assets under management of £50 million or more (at any time in the previous three years);
- Firms with current total intermediary regulated business revenue of £35million or more per annum;
- Firms with an annual regulated revenue generated by consumer credit lending of £100million or more; or
- Mortgage lenders (that are not banks) with 10,000 or more regulated mortgages outstanding.
Rather than attempting to summarise all the recommendations in the consultation paper which runs to 392 pages, a few key points warrant highlighting.
- Even for core-firms i.e. small companies including sole practitioners, a minimum of one senior manager will always be required and this single individual must in each case accept each of the following seven core prescribed responsibilities:
|1||Performance by the firm of its obligations under the Senior Managers Regime, including implementation and oversight|
|2||Performance by the firm of its obligations under the Certification Regime|
|3||Performance by the firm of its obligations in respect of notifications and training of the Conduct Rules|
|4||Responsibility for the firm’s policies and procedures for countering the risk that the firm might be used to further financial crime|
|5||Responsibility for the firm’s compliance with CASS (if applicable)|
|6||Responsibility for ensuring the governing body is informed of its legal and regulatory obligations|
|7||Responsibility for an AFM’s value for money assessments, independent director representation and acting in investors’ best interests|
To give an idea of the scale and reach of this new regime, the FCA give as an example a dentist practice that has limited permission to offer credit. For such a practice the FCA concede that a single senior manager would suffice!
- Senior Manager Conduct Rules will apply to all senior managers including those described in (i) above. The relevant rules are:
|SC1.||You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively|
|SC2.||You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system|
|SC3.||You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively|
|SC4.||You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice|
These enhanced conduct rules are identical to those under the regime currently in force for banks. We have yet to see how the FCA will seek to apply these rules in a disciplinary context but SC4 is particularly noteworthy. It is not difficult to imagine that the FCA will seek to allege the rule has been breached in circumstances where information has come to its attention after the event and other than via the senior manager responsible. Note also that this particular rule applies to all non-executive directors.
- The Conduct Rules are also identical to those already applicable to banks. These are that:
First Tier – Individual Conduct Rules
|1||You must act with integrity|
|2||You must act with due care, skill and diligence|
|3||You must be open and cooperative with the FCA, the PRA and other regulators|
|4||You must pay due regard to the interests of customers and treat them fairly|
|5||You must observe proper standards of market conduct|
These rules apply to everyone in the industry with exception of vending machine operators and similar categories specifically excepted by the FCA. What is also potentially concerning is the FCA’s proposal that the rules be applied not simply to a firm’s regulated activities but also to its unregulated and ancillary activities. Whilst the FCA makes the point at paragraph 7.11 that this is a narrower requirement than that under the Banking Regime, it could nevertheless cause some real headaches for firms that are engaged in a range of different activities.
- In addition to all the core requirements which apply (including those referenced above) to all regulated firms, the FCA is proposing additional regulation in respect of its newly designated category of ‘enhanced firms’. Some of this is uncontroversial because it entails the creation of additional senior management functions similar to those already in existence under the regime insofar as it applies to banks covering functions such as chief risk function, chief finance function and chairs for various committees including remuneration, risk and audit. More controversially, the FCA is proposing a new ‘overall responsibility’ requirement to all enhanced firms. This would mean that they would “…need to ensure that every activity, business area and management function has a senior manager with overall responsibility for it. This is to prevent unclear allocation of responsibility that could result in issues falling between the cracks.” (Emphasis added). Again, the proposal is that this new overall responsibility rule will apply not simply to the firm’s regulated activities but also to its unregulated financial services activities and related ancillary activities. This proposal, if it survives the consultation,may cause significant headaches for enhanced firms seeking to grapple with and identify individuals prepared to accept responsibility for each single activity, business area, and management function of the firm as a whole. Incidentally, that would include those carried out from an overseas branch and all transactions that take place overseas whether in full or in part.
- The Consultation Paper addresses separately the position of overseas employees, a subject that has given rise to a lot of controversy and uncertainty already.The good news is that the FCA makes it clear that if a person is based overseas and does not deal with UK clients, the CertificationRegime would not apply to them. By contrast, if an employee is either based in the UK or, if based outside the UK, deals (i.e. has contact) with UK clients, the regime will apply to them. The sting in the tail is that the regime could also apply to an employee regarded as a ‘material risk taker’ under one of the FCA’s remuneration codes even if such individual is (a) based overseas and (b) does not deal with a UK client. None of this is easy. The FCA recognises that “in complex global businesses such as asset managers… drawing these lines can sometimes be difficult.” Feedback is invited!
So what does all this mean for the personal accountability (and ultimately the liability) of those individuals caught up by the new regime? Well, Annex 1 to the consultation runs through the potential benefits of the regime as seen by the FCA. Among these at para 26 is the following comment:
we expect misconduct to be more easily identified. Also, the wider application of our ConductRules, combined with other SM & CR tools (for example, Statements of Responsibilities, and Prescribed Responsibilities) will broaden the scope for, and increase the focus and effectiveness of, FCA disciplinary actions, where appropriate. We expect misconduct will more likely be caught and sanctioned, reducing misconduct and so reducing harm to consumers.”(Emphasis added).
The FCA is certainly right about the increased effectiveness of the new regime in terms of enforcement. The new tools in its arsenal are formidable. The challenge both for individuals and entities subject to the regime is to try to avoid getting caught up in a formal investigation in the first place.
What should you do?
Apart from digesting and responding to the consultation itself, directors and executives to whom the regime will apply (i.e. just about everyone!) can and should prepare for the new regulatory focus on their individual conduct. A good starting point would be to take responsibility for clarifying their own responsibilities and reporting lines as well as understanding the detail of the personal liability protection available to them through Directors&Officers insurance or employer’s indemnity.
To help, below is a 10-point checklist which covers the most important questions that senior individuals may wish to consider with their employers.
- With which categories of employee at what level of seniority do I share the D&O limit purchased by the company on my behalf?
- Is my D&O limit also shared with the company itself and, if so, in what respects and to what extent?
- Is access to my D&O insurance policy dependent on a failure or refusal by the company to indemnify me?
- Does the company agree to indemnify me in respect of all legal expenses (including, where I consider it necessary, seeking independent legal advice) in my capacity as a senior manager to the extent legally permissible?
- In pre-enforcement dealings with regulators, what cover (if any) is available to me to seek independent legal advice under the employer’s D&O insurance programme?
- If the answer to 4 and/or 5 above is ‘No/None’, has the company considered purchasing additional legal expenses for me in pre-enforcement dealings with regulators?
- What restrictions are imposed (both by indemnity and insurance) on my freedom to select lawyers of my choice and in the conduct and control of my defence?
- Does the policy provide a mechanism under which insurers will advance all defence costs and legal representation expenses to me pending resolution of any dispute between the company and the insurers as to the extent of such costs ultimately covered under the policy?
- What protection do I have against future claims against me if I retire or resign during the policy period or if during such period the company is the subject or object of mergers and acquisitions activity?
- Does my D&O policy contain provision enabling me to take proceedings to clear my name in appropriate cases?