The UK Senior Managers & Certification Regime – what does it mean for international firms with a UK presence?
13 September 2017
The UK regulator – the Financial Conduct Authority (the FCA) – has published a consultation paper setting out how it intends to extend the Senior Managers & Certification Regime to all UK financial services firms.
Whilst this controversial new regime is focussed upon a firm’s UK activities, it may have a significant impact upon the wider group, and non-UK individuals (who may not perceive themselves to be affected) may nevertheless find themselves held accountable for future regulatory breaches in the UK.
In the aftermath of the Global Financial Crisis, the previous UK regulator – the FSA – was widely criticised for its inability to hold senior bank executives to account for the failures that led to the (quasi) collapse of a number of UK banks and building societies.
In 2016, new regime for individuals – the Senior Managers & Certification Regime (the ‘SM&CR’) – was introduced in the UK, to replace the Approved Persons Regime within banks, building societies and other dual-regulated firms.
Key purposes of the SM&CR are to:
- Provide much greater clarity as to who is responsible for what within a firm;
- Ensure that all areas of the business are under the oversight and responsibility of an appropriately senior manager; and
- Place greater personal accountability upon those senior individuals within a firm – i.e. make it easier to take action against senior managers whose negligence or incompetence has failed to prevent a regulatory breach
It is this regime, which the FCA is now proposing to roll out to the wider financial services industry.
What does the SM&CR look like?
The SM&CR broadly consists of three layers, as explained below:
1) The Senior Managers Regime – this regime applies to those most senior individuals who are ultimately responsible for the running of the firm. These individuals will require pre-approval from the FCA and will need to have documented statements of responsibility (in effect, a regulatory job description), which is signed and submitted to the FCA. Larger firms will also need to produce and maintain a Management Responsibilities Map (in effect a regulatory governance manual), which is submitted to the FCA. The regime also introduces a ‘duty of responsibility’ whereby if a breach were to occur, the senior manager with responsibility for that area could be held accountable if they did not take ‘reasonable steps’ to prevent or stop the breach.
2) The Certification Regime – this regime applies to those staff who are not senior managers, but whose role may pose a risk of significant harm to the firm or its customers. Staff caught by the Certification Regime (i.e. performing ‘certification functions’) will not need FCA approval. Rather, firms are required to put in place a robust framework for assessing the fitness and propriety of certified individuals both at the point of appointment and on an ongoing basis thereafter. This assessment will need to focus on both honesty & integrity / financial soundness considerations and also the individual’s wider competence and capability to perform the role.
3) The Conduct Rules – the FCA is introducing a new set of conduct standards which will apply not just to individuals performing a senior management or certification function, but also to almost every other person within the firm, barring those performing a purely ancillary function such as catering or security. Breaches of these Conduct Rules may result in regulatory action against the individual in question – and also may need to be disclosed in regulatory references provided to future employers.
When will the SM&CR come into force?
The consultation does not state when the regime will come into force. However, previous communications have indicated that the expected implementation of the new regime will be from 2018. The FCA’s consultation runs until 3 November 2017, after which the FCA will consider the feedback it has received before publishing its final rules in the summer of 2018. This means that any implementation will not be before Q4 2018 – possibly with some sort of transitional arrangement carrying over into 2019.
Does the regime apply outside of the UK?
The SM&CR focusses on UK regulated entities – and is applied at an ‘entity level’. However because a key aspect of the regime is to identify those individuals who are ‘ultimately responsible for XYZ’, there is no territorial limitation for senior managers. This means that for international groups, where matrix management and centralised control functions are commonplace, careful thought will need to be given as to who is indeed the person who is ‘ultimately responsible for XYZ’ for the UK regulated entity – that individual may be located outside of the UK – or even formally employed by a different group entity.
Conversely, the Certification Regime does have a territorial limitation to the UK. This means that the Certification Regime only applies to individuals who are either located in the UK, or who are dealing with clients in the UK. Again, this can create complexity, because the FCA has set out that anyone who manages a Certified Individual is in turn a Certified Individual (unless they are an approved Senior Manager). It is not unusual to see individuals in the UK, who report to somebody else within the wider group, who may be located outside of the UK – this may be at odds with the requirements under the Certification Regime.
At first sight, the SM&CR may seem reasonably straightforward and it is hard to argue with what the regime is trying to achieve. However, our previous experience helping banks to implement the SM&CR as shown, the implementation of the regime can be quite challenging in practice – and for more complex group structures, significant changes to the governance framework may be required. Whilst the final rules will not be finalised until the summer of 2018, it is intended that the regime will come into force later on in 2018. This means that firms who wait until the rules are finalised will have very little time to properly implement the new requirements.
More complex firms / groups would be strongly advised to start thinking about this now, as structural changes to governance frameworks can take time – as indeed can the process of convincing senior managers that they are indeed ‘ultimately responsible for XYZ’.