Home > Regulatory briefings > Consultation on extension of the Senior Managers and Certification Regime Part 2 – 17/16
Consultation on extension of the Senior Managers and Certification Regime Part 2 – 17/16
18th August 2017
If the above roles do not apply to a firm, then that firm will not need to apply the Certification Regime. In addition, for overseas employees, the Certification regime will not apply as long as they do not engage with UK clients. The FCA refer to this as the territorial limitation. The only exception to this rule is for Material Risk Takers who must be certified regardless of the location of their clients.
Significant Management Certification Functions
The FCA propose that this function applies to someone with ‘significant responsibility for a significant business unit’. By this the FCA mean people below Senior Managers who are responsible for business units that, on account of their size, nature or impact, are considered ‘significant’ by the firm. Certification functions will not appear on the register under the present proposals.
Firms will need to decide whether a business unit is ‘significant’ by considering the following factors:
- the size and significance of the firm’s business in the UK
- the risk profile of the unit
- the unit’s use of the firm’s capital
- its contribution to the profit and loss account
- the number of employees, Certification Functions or Senior Managers in the unit
- the number of customers in the unit
What firms need to do under the Certification Regime
The Certification Regime will make firms more responsible for assessing that their staff are fit and proper to carry out Certification Functions. FCA approval is not required for anyone who performs a Certification Function.
Firms will need to:
- Identify employees who perform a Certification Function.
- Assess whether those employees are fit and proper to perform their role. Firms need to do this assessment at the point of recruitment (or before a person performs a Certification Function) and on an ongoing annual basis (the FCA discuss the fit and proper assessment in more detail in the following chapter).
- Issue a certificate to the employee if the firm is satisfied that they are fit and proper to perform that Certification Function. The certificate needs to:
- State that the firm is satisfied that the person is a fit and proper person to perform the function the certificate relates to
- Set out what aspect of the firm’s affairs the person will be involved in as part of performing their function.
- If the firm completes a fit and proper assessment and then decides not to issue a certificate to someone, the firm must give the person a notice in writing setting out:
- what steps (if any) the firm proposes to take in relation to the person as a result of the decision
- The reasons for proposing to these steps.
Fit and proper requirements
Anyone performing a Senior Management Function or Certification Function must be fit and proper for their role, this requirement is also proposed to apply to Non-Executive Directors who are not Senior Managers.
Anyone performing such a role will need to be assessed on an ongoing basis, at least once a year. According to each person’s role in the firm, firms must have regard to the qualifications, training, competence and personal characteristics needed. The factors considered when assessing a person’s fitness and propriety are set out in the FIT Handbook, which currently applies to the Approved Persons Regime. The FCA proposes to extend its use to Senior Managers and certified staff in solo-regulated firms.
Currently, firms and candidates are required to declare their criminal record. The FCA now also propose to require firms to undertake criminal record checks as part of each Senior Manager’s application in order to ensure that the candidate has in fact disclosed accurate information. This will also apply to Non-Executive Directors, to whom the fitness test already applies. As a result, firms will need to register with the Disclosure and Barring Service or equivalent agencies. Smaller firms may need to use an umbrella organisation.
For those performing Certification Functions it will be up to the firm’s discretion as to whether to subject them to these checks as well.
As part of the prescribed responsibilities for a Senior Manager, imposing on them the obligation to be accountable for the firms’ regulatory references, the FCA propose to require firms to request for references from Senior Management and Certification Function candidates’ past employers in the past six years.
Firms will be required to disclose information going back six years regarding any disciplinary action taken against a candidate, and findings that a candidate was not fit and proper. In cases of serious misconduct there will be no time limit as to how far back the information will be permitted to be when disclosed by a firm. Firms will need to use their discretion on a case-by-case basis whether they feel it is appropriate to disclose the information.
The FCA have stated that firms have the liberty to decide how they take disciplinary action against an individual and that they are not required to revisit disciplinary action that happened before the referencing requirements come into effect.
These are basic rules applicable to almost every person who works in financial services. The Conduct Rules are about improving the behaviour of all staff in financial services firms. The FCA propose applying a baseline of requirements to every firm, known as the ‘core regime’. This means that the three main elements of the SM&CR will apply to every firm: The Senior Managers Regime, Certification Regime and Conduct Rules.
The FCA also propose extra requirements that will only apply to the largest and most complex firms (fewer than 1% of firms regulated by the FCA). These firms will need to establish and maintain Responsibilities Maps, Handover Procedures, and make sure that there is a Senior Manager responsible for every area of their firm (‘Overall Responsibility’).
The FCA propose replacing the current APER section of the Handbook with Conduct Rules, which will apply to all firms in order to ensure a single standard across the market. Subjecting staff to the Conduct Rules will help shape the culture and standards applied by individuals of firms in financial services, increase their awareness of their possible individual accountability and promote behaviour which supports the FCA’s objectives.
Two tiers of Conduct Rules
The first tier is a general set of rules that will apply to most employees in a firm. The Second tier will consist of rules that only apply to Senior Managers.
The proposed Conduct Rules are the same rules applied to banking firms as the FCA believe that they are high level and are believed to be equally applicable to all individuals in financial services.
Tier one – Individual Conduct Rules
- You must act with integrity
- You must act with due care, skill and diligence
- You must be open and cooperative with the FCA, the PRA and other regulators
- You must pay due regard to the interests of customers and treat them fairly
- You must observe proper standards of market conduct
Tier two – Senior Manager Conduct Rules
- You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively
- You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system
- You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively
- You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice
Activities the Conduct Rules apply to
The Conduct Rules will apply to a firm’s regulated and unregulated financial services activities, including related ancillary activities. The narrower approach for solo-regulated firms is proportionate since there is less evidence of potential harm to consumers or market integrity.
Staff to whom the Conduct Rules apply
- All Senior Managers
- All Certified Functions
- All Non-Executive Directors who are not Senior Managers
- All other employees, except ancillary staff (staff who do not perform a role specific to financial services)
Firms should be able to demonstrate that they apply the spirit and letter of the Conduct Rules by ensuring their staff understand what the rules mean to them in the context of their particular firm.
Training and notification requirements
Firms must notify the FCA of disciplinary action taken only if that action was due to breaches of the Conduct Rules. If the breach is concerned with a Senior Manager the notification must be made within seven business days of the firm becoming aware of the matter. For individuals the FCA propose that the notification must be made every year.
Criteria identifying enhanced firms & additional requirements
The majority of FCA solo-regulated firms will be subject to the core regime, however a small number of solo-regulated firms that meet the relevant criteria will automatically be subject to the enhanced regime subject to a transitional period. These firms are generally larger in size or have more complex structures where weaknesses in accountability or governance could cause greater harm to consumers or impact the market integrity.
The FCA have proposed six criteria in order to identify whether a firm can be deemed as being enhanced. Limited Scope Firms and EEA and non-EEA breaches will not be subject to the enhanced regime, even if they meet one of the criteria.
Criteria to identify enhanced firms
- A firm that is a Significant IFPRU firm
- A firm that is a CASS Large firm
- Firms with Assets Under Management of £50 billion or more (at any time in the previous 3 years)
- Firms with current total intermediary regulated business revenue of £35 million or more per annum
- Firms with annual regulated revenue generated by consumer credit lending of £100 million or more per annum
- Mortgage lenders (that are not banks) with 10,000 or more regulated mortgages outstanding
Firms are therefore required to monitor whether and how the criteria apply to them.
The FCA may still require some large firms that do not meet the criteria above to comply with the enhanced regime if they believe that the extra rules will help mitigate risks posed by the firm. Additionally, firms that meet one of the criteria but do not believe the regime should apply to them, may apply to the FCA for a waiver.
Moving between core and enhanced
A firm that ceases to meet the criteria of an enhanced firm will be required to continue to follow these rules for one year starting from the moment from which they cease to be an enhanced firm. On the other hand, the FCA proposes that a firm that develops such that it meets one of the enhanced criteria will be allowed to continue with their current requirements for six months before it will be expected to meet the enhanced requirements. These rules will provide continuity and minimise businesses having to meet extra requirements.
Senior Management Functions under the enhanced regime
In addition to the Senior Management Functions that apply to core firms, the FCA has proposed to apply six additional Senior Management Functions to roles in enhanced firms that are likely to be performed by separate people and exist in complex businesses.
Senior Managers or any person performing a Senior Management Function might need to seek approval by the FCA if they move in between the core and enhanced regime. If there has not been a change in a person’s role, individuals will simply be required to notify the FCA of the relevant applicable enhanced function.
Additional Senior Management Functions in enhanced regime firms
- SMF2 – Chief Finance Function
- SMF4 – Chief Risk Function
- SMF5 – Head of Internal Audit
- SMF14 – Senior Independent Director
- SMF12 – Chair of the Remuneration Committee
- SMF10 – Chair of the Risk Committee
- SMF11 – Chair of the Audit Committee
- SMF13 – Chair of the Nominations Committee
- SMF7 – Group Entity Senior Manager
- SMF24 – Chief Operations Function
- SMF18 – Other Overall Responsibility
See table 7 for a description each of each of the additional Senior Management Functions.
Prescribed Responsibilities under the enhanced regime
The FCA propose seven additional Prescribed Responsibilities that must be allocated to Senior Managers in enhanced firms.
- Compliance with the rules relating to the firm’s Responsibilities Map
- Safeguarding and overseeing the independence and performance of the internal audit function (in accordance with SYSC 6.2)
- Safeguarding and overseeing the independence and performance of the compliance function (in accordance with SYSC 6.1)
- Safeguarding and overseeing the independence and performance of the risk function (in accordance with SYSC 7.1.21R and SYSC 7.1.22R)
- If the firm outsources its internal audit function, taking reasonable steps to ensure that every person involved in the performance of the service is independent from the persons who perform external audit, including: i) supervision and management of the work of outsourced internal auditors,ii) management of potential conflicts of interest between the provision of external audit and internal audit services
- Developing and maintaining the firm’s business model
- Managing the firm’s internal stress‑tests and ensuring the accuracy and timeliness of information provided to the FCA for the purposes of stress‑testing
The prescribed Responsibilities cannot be allocated to someone performing the ‘Other Overall Responsibility’ Senior Management Function. The only exception to this is the Prescribed Responsibility for CASS compliance.
The FCA proposes to impose an ‘Overall Responsibility’ requirement to enhanced firms that will see them appoint a Senior Manager who will be responsible for every activity, business area and management function. This requirement will make the Senior Manager directly responsible for briefing and reporting to the governing body about their area of responsibility, and for putting matters for decision about their area of responsibility to the governing body. This means that they will be the most senior person responsible for managing the relevant area, however this does not mean that they need to be in daily control of that function. By imposing this requirement, the FCA aimed to ensure that it is clear who the governing of a firm has delegated responsibility to for each area of the firm’s business.
Identifying the person to whom the Overall Responsibility will apply should be done by firms by considering their activities and business areas, and who they believe who has overall responsibility at the most senior level. This will most likely be an existing Senior Manager, however this may not always be the case and as such may require that individual to be approved by the FCA as a Senior Manager under SMF18.
The FCA propose introducing a requirement for enhanced firms to prepare and maintain a ‘Responsibilities Map’, a document setting out the firm’s management and governance arrangements, which includes how the Prescribed Responsibilities have been allocated, who has overall responsibility for the activities and how any responsibilities are shared or divided between different people.
The Responsibilities Map is designed to give a collective view of the allocation of responsibilities across a firm, they ensure the Statements of Responsibilities do not leave any gaps and help us identify who is accountable if something goes wrong.
The FCA propose to introduce a requirement for enhanced firms to obtain a handover note from the predecessor. The purpose of this requirement is to provide Senior Managers with all the information they need and place them in the most ideal position possible in order for them to do their job effectively. Firms will be required to develop a policy compliant with this requirement and maintain records of the steps taken.
Applying the regime to incoming UK branches
Senior Managers in EEA branches
The FCA proposes the following Senior Management Functions for EEA branches which reflect the executive roles that currently apply under the Approved Persons Regime.
Senior Management Functions in EEA branches
- SMF21 – EEA Branch Senior Manager
- SMF17 – Money Laundering Reporting Officer (MLRO)
There will not be any territorial limitation for Senior Managers in EEA branches and will apply to anyone who performs a Senior Manager role, whether based in the UK or overseas.
Certification Regime in EEA branches
The FCA propose applying the Certification Functions to EEA branches. For UK branches, the Certification Regime will be limited to people based in the UK, but will not extend to people based outside of the UK, even if they deal with a UK client.
Conduct Rules in EEA branches
As set out above in chapter 7, the rules will apply to all staff except those performing ancillary roles. The Conduct Rules will not apply to other employees based outside the UK, similarly to the Certification Regime.
Senior Managers in non-EEA branches
The FCA proposes the following Senior Management Functions for non-EEA branches.
- SMF19 – Head of Third Country Branch
- SMF3 – Executive Director
- SMF27 – Partner
- SMF16 – Compliance Oversight
- SMF17 – Money Laundering Reporting Officer
Prescribed Responsibilities under the core regime
- Performance by the firm of its obligations under the Senior Managers Regime, including implementation and oversight
- Performance by the firm of its obligations under the Certification Regime
- Performance by the firm of its obligations in respect of notifications and training of the Conduct Rules
- Responsibility for the firm’s policies and procedures for countering the risk that the firm might be used to further financial crime
- Responsibility for the firm’s compliance with CASS
- Responsibility for management of the firm’s risk management processes in the UK
- Responsibility for the firm’s compliance with the UK regulatory system applicable to the firm
- Responsibility for the escalation of correspondence from the PRA, FCA and other regulators in respect of the firm to the governing body and/or the management body of the firm or, where appropriate, of the parent undertaking or holding company of the firm’s group
- Responsibility for an AFM’s value for money assessments, independent director representation and acting in investors’ best interests
The same scope of the Certification Regime and Conduct Rules for both non-EEA and EEA branches will apply.
Changes that affect banking and solo-regulated firms
There will be a new Prescribed Responsibility for all firms including banking firms that will require them to make sure the Senior Manager makes sure the firm trains their staff in the Conduct Rules and make sure they are compliant with the FCA notification requirements.
The SMF27 – Partner Senior Management Function will now apply to banking firms as well. In cases where a banking firm is established as a partnership, the partner function will also apply to them.
The 12-week rule
The 12-week rule which allows someone to cover for an Approved Persons or Senior Managers without being approved is proposed by the FCA to be carried over to the SM&CR for solo-regulated firms. The FCA will also extend it and make it applicable to responsibilities under the ‘Overall Responsibility’ requirement.
The rule allows firms to appoint a person to perform the Chief Operations Function without the new appointment being approved, and to reallocate the responsibility for the complaints handling process to the same person, or a different person, without them being approved.
Firms are encouraged to undergo a compliance review of their governance and job descriptions in order to identify the individuals who might be caught by the new Senior Managers Regime.
They must identify those holding senior manager roles and have in place certain guidelines which set out each person’s ambit with regards to their respective responsibilities.
In accordance with the Certification Regime, firms must consider putting systems in place that will enable them to identify the functions and staff likely to be caught by the regime, and also put in place systems that would help them determine whether those caught by the regime will satisfy the requirement of being fit and proper.
Finally, firms are advised to review their current policies and procedures in order to ensure compliance with the new Conduct Rules, and ensure that there are provisions available for appropriate action to be taken in case of any breach of those rules.
© CPA Audit LLP 2019.