This is the second in our series of Senior Mangers & Certification Regime (SM&CR) articles that we will be releasing in the run up to the 9 December 2019 commencement date. Our first article, which was published last month, looked at four fundamental elements of the regime and can be found here.
In this article we will be focusing on six tasks that your firm should be considering now, with 6 months to go before the implementation date.
As most of the firms we deal with are SM&CR Core firms, the advice in this article has been tailored as such. If you are a Limited, Enhanced or an EEA/Third Country branch firm, slightly different rules apply and we would be happy to discuss these with you personally. As before, we are framing our article around the application of the new regime to general insurance intermediaries.
Task 1: Brief your prospective Senior Management Function holders (SMFs) on the implications for them including the new Duty of Responsibility
Once your firm has decided which individuals will hold SMFs, you should meet with these Senior Managers and outline what the implications are for them.
Your discussions should detail the following matters:
- that a SMF is a new type of controlled function under SM&CR, which replaces the old Approved Persons Regime (APR) and that the FCA has prescribed particular SMFs, so that the regulator knows who the firm’s most senior decision makers are and to make sure firms clearly allocate responsibilities to those key individuals;
- which SMF or SMFs the individual will be holding;
- discuss and agree with the individual their roles and responsibilities as a SMF. This information should also be documented in the Statements of Responsibilities;
- which Prescribed Responsibilities will be allocated to the SMF. Explain that they are in addition to inherent responsibilities that are an essential part of the Senior Manager’s role and that the FCA have prescribed these responsibilities to make sure Senior Managers are personally accountable for key conduct and prudential risks;
- every Senior Manager will have a new “Duty of Responsibility” under SM&CR. This means that if a firm breaches one of the FCA requirements, the Senior Manager responsible for that area could be held personally accountable, if they did not take reasonable steps to prevent or stop the breach;
- Senior Managers must meet the ongoing fit and proper requirements to do their jobs;
- emphasise that Senior Managers have an important part to play in establishing and embedding the right culture and governance within the firm and to improve the standard of conduct at all levels;
- individuals holding SMFs will be subject to the two tiers of the Conduct Rules and if a Senior Manager breaches these rules, the firm could take disciplinary action and the FCA will be notified.
Task 2: Brief those individuals whose roles will no longer require FCA approval (e.g. certain non-executive directors) on the implications for them
As mentioned above SM&CR will replace the old APR, meaning there will be certain individuals who required FCA approval in the old regime, who will no longer be required to be approved under SM&CR. These individuals will no longer be “Approved Persons” and therefore should be informed of this change and what this means for their responsibilities and accountability.
From an administrative perspective, with regard to notifications or applications to the regulator, there is nothing your firm needs to do when an individual no longer requires FCA approval. However, your firm should be mindful that this person may be captured by the Certification Regime.
Task 3: Identify individuals who will be subject to the Certification Regime
Firms will need to identify their Certification staff at the start of the new regime, but you have 12 months from the commencement date to complete the initial certification process.
Certification Functions will apply where a firm has individuals performing relevant roles. This could mean it is possible for small firms to have no one in the Certification Regime, e.g. if there is only a handful of Senior Manager supported by administration staff.
The Certification Regime applies to employees and contractors but does not apply to Non-Executive Directors.
For general insurance intermediaries the Certification Functions that could apply to your firm include:
- people below Senior Managers, who are responsible for business units, that because of their size, nature, or impact, are considered significant by the firm. Significant business units are not just limited to ones that carry on commercial activities with customers or third parties, or that generate revenue. A significant business unit can also be an internal operations department, for example HR, IT or Compliance.
- anyone who supervises or manages a Certified Function (directly or indirectly) but isn’t a Senior Manager.
If these roles do not apply to your firm, then you will not have any Certified Staff and you do not need to apply the Certification Regime.
For Core SMCR firms, individuals currently holding CF29 under APR could potentially become a Certified Staff under SM&CR.
The APR Systems & Controls Function (CF28) ends of all firms, except Enhanced firms. Some CF28s could potentially become Certified, if they meet the definition.
Task 4: Brief individuals who will be Certified staff and explain the implications for them
Once you have decided with individuals within your firm will become Certified staff, you will need to explain to these individuals what the Certification Regime is and the implications for them.
You will need to outline to your Certified Staff that their role does not require FCA approval, but firms will need to check and certify, at least once a year, that these individuals are suitable to do their job. Each time a firm is satisfied the individual is fit and proper, they will be issued with a certificate.
You will also need to inform Certified staff that they will be subject to the First Tier of the Conduct Rules. If they breach these rules, firms may have to notify the FCA of the breach.
As part of your firm’s fit and proper assessments, you may consider the following checks and balances:
- Criminal records checks are not mandatory for Certified Functions, but firms may choose to conduct these checks, when they are legally allowed to do so;
- Request a Regulatory Reference from all previous employers in the past 6 years for an individual who will become Certified staff.
The FIT section of the FCA Handbook sets out detailed guidance about the types of things firms should consider as part of assessing a person’s fitness and propriety. Essentially this needs to cover their ongoing competence to perform the role, as well as their honesty, integrity, reputation and financial soundness. This may be partly covered by your existing regular performance appraisal processes. We have helped firms build on these to cover the full F&P scope.
Task 5: Identifying which of your staff are subject to the Conduct Rules
You will need to identify which employees are captured by the new Conduct Rules. The Conduct Rules will apply to the majority of your employees and will apply to a firm’s regulated and unregulated financial services activities, including any ancillary activity carried on in connection with a regulated activity.
The Conduct Rules apply to:
- All Senior Managers
- All Certified Staff
- All NEDs who are not Senior Managers
- All other employees, except ancillary staff (those who do not perform a role specific to financial services, which includes Receptionists, Postroom Staff, Personal Assistants and Secretaries). An exhaustive list can be found in the FCA SM&CR Solo Firms guidance.
Two Tiers of Conduct Rules apply to firms. The first Tier is a general set of rules that applies to most employees and directors at the firm. The second Tier consists of rules that only apply to Senior Managers. There is also one Senior Managers rule, SC4, that applies to NEDs who are not Senior Managers.
- You must act with integrity
- You must act with due care skill and diligence
- You must be open and cooperative with the FCA, the PRA and other regulators
- You must pay due regard to the interests of customers and treat them fairly
- You must observe proper standards of market conduct
SC1: You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively.
SC2: You must take reasonable steps to ensure that the business of the firm of which you are responsible complies with the relevant requirements and standards of the regulatory system.
SC3: You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively.
SC4: You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice.
Task 6: Train those identified individuals on the Conduct Rules and the implications for them
Senior Managers and Certification Staff will need to have been trained and abide by the Conduct Rules from the start of the new regime. Firms will have 12 months to train their other staff on the Conduct Rules.
The method your firm uses for Conduct Rules training to staff greatly depends on the size of your firm. It could be carried out in group presentations, on a one to one basis or via e-learning.
The training should include the following;·
- What the Conduct Rules are, which Tier is applicable to the relevant individual and that these rules are intended to improve the standards of individual behaviour in financial services;
- How the Conduct Rules apply to an individual’s role;
- An explanation that the Conduct Rules are a new set of enforceable rules that set basic standards of good personal conduct, against which the FCA can hold individuals to account.
We hope you have found this article useful as a starting point and if you have any questions about anything raised in this article, or more general SM&CR questions please do get in touch. In our next SM&CR article we will discuss the development and delivery of your HR processes in support of SM&CR.