July 23, 2020
The Senior Managers and Certification Regime (“SMCR”) has applied to Financial Conduct Authority (“FCA”)-solo regulated firms since 9 December 2019. Individuals from across firms will no doubt remember the level of engagement required to prepare firms for the SMCR. Over six months on from implementation, firms are testing their SMCR implementation and assessing what is required to ensure continued compliance. This client alert:
Reminder of key changes
Lessons from the FCA’s approach to the SMCR relating to banks
In undertaking an assessment of their firm’s implementation of SMCR, clients find it helpful to review the implementation issues encountered by banks and, in particular, the FCA’s review into the embedding of the SMCR in the banking sector. There are several points arising from the review of particular interest.
Dividing line between non-executive and executive directors
Some non-executive directors expressed concern that the regime expected too much from the board. They perceived a risk that the line between a non-executive and executive could become blurred as board members become more involved in operations of the business.
The FCA clarified, however, that the SMCR does not seek to redefine the roles of non-executives. In particular, it does not expect non-executives to act more like executive directors. Indeed, it views the oversight role of non-executive directors and their ability to challenge management as a key safeguard for the interests of firms’ stakeholders. The FCA did note that, especially in larger firms, the responsibilities of SMF non-executive directors are often likely to be considerable.
Meaning of “reasonable steps”
The FCA stated that a number of senior managers expressed concern around understanding the meaning of “reasonable steps” in the context of their business. In response to this, the FCA pointed to guidance in its Decision Procedure and Penalties Manual. In determining what would constitute taking “reasonable steps” to avoid a contravention occurring or continuing, the FCA will consider, amongst other things:
However, the FCA noted that it is not possible nor helpful to provide an exhaustive list to cover every situation. It stressed that appropriate controls and processes are an important part of senior managers doing what they reasonably can to prevent misconduct, although they need to “think more broadly and…create an environment where the risk of misconduct is minimised, for example through nurturing healthy cultures”.
The SMCR and firm culture are intrinsically linked. SMCR implementation gave firms an opportunity to also take stock of their own culture, whereas before the SMCR arrived, culture was perhaps fairly low down on the agenda for some firms.
In its feedback on the review, the FCA does specifically discuss its findings relating to firms’ culture. Whilst it reported that firms have struggled to find appropriate ways of measuring culture, it was noted that many firms described a stronger tone and ownership from the top – there was a change in the level of detail, clarity and quality of conversations on culture and expected behaviours. All of the firms talked about the work they had done to create a culture of challenge, escalation and providing a safe environment for staff to raise issues.
The FCA noted that whilst there were positive developments, such as firms having widened their approach to assessment of staff beyond solely technical skills, most firms could not demonstrate the effectiveness of their assessment approach, use of subjective judgement or how they ensure consistency across the population.
There is no harm in solo-regulated firms taking the opportunity now to take a look at their certification procedures to ensure that they are sufficient (particularly given that firms still have time before the first certificates need to be issued for certified staff – see “Next steps for firms prior to 31 March 2021” below).
In its findings, the FCA specifically flagged that the main weaknesses identified in the review related to the implementation of the conduct rules. Three key issues were particularly troubling to the FCA:
This is a clear signal to solo-regulated firms to ensure that they focus on ensuring proper implementation of the conduct rules. Indeed, the FCA states that it will increase its supervisory focus here. As noted below, firms are required to train all remaining staff on the conduct rules prior to them coming into force. Crucially, it is particularly evident from the FCA’s findings that such training be as tailored as possible.
Enforcement action to date
There has only been once successful enforcement action under the banking SMCR regime. This related to James Staley, the Chief Executive of Barclays Group (in May 2018). Mr Staley was fined a total of £642,430 for failing to act with due skill, care and diligence in the way he acted in response to a letter containing various allegations, received by Barclays in June 2016.
Whilst the FCA, therefore, has been relatively quiet from an enforcement perspective to date, firms should not be drawn into a false sense of security. This is particularly the case given that the extension of the regime brought within scope a significant number of firms (approximately 47,000). Additionally, a number of these firms are also more likely to be viewed as “low hanging fruit” by the FCA – some firms will perhaps have less sophisticated governance procedures in place (meaning potentially more breaches) and it will be much easier for the FCA to identify the decision-making processes of these solo-regulated firms when it is investigating breaches.
Post-31 March 2021, therefore, we anticipate an increase in enforcement action from the FCA against solo-regulated firms, as we move away from the implementation phase of the SMCR (indeed, we understand that there are currently a number of enforcement actions under way within the Enforcement Division and, therefore, we can expect related final notices in due course).
Next steps for firms prior to 31 March 2021
Initially, the rules set out below were set to apply as from 9 December 2020. On 30 June 2020, however, the FCA announced that, in light of the COVID-19 pandemic, the deadline for solo-regulated firms to undertake the first assessment of the fitness and propriety of their certified persons has been delayed until 31 March 2021.
In order to make sure that various SMCR deadlines remain consistent, the FCA also stated that intends to consult on extending the deadline for the following requirements from 9 December 2020 to 31 March 2021:
Firms should continue with their programmes of work in these areas and, if they are able to certify staff earlier than March 2021, they should do so. The FCA emphasised that firms should not wait to remove staff who are not fit and proper from certified roles.
The FCA will still publish details of certified employees of solo-regulated firms on the financial services register from 9 December 2020 and, where firms can provide this information before March 2021, they are encouraged to do so.
The below summary assumes (as will almost certainly be the case) that the deadlines discussed will indeed be extended.
Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work in the firm’s Financial Institutions practice group, or any of the following:
© 2020 Gibson, Dunn & Crutcher LLP
Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.