Senior Managers and Certification Regime: A Review and Next Steps for Firms

July 23, 2020

Click for PDF

The Senior Managers and Certification Regime (“SMCR”) has applied to Financial Conduct Authority (“FCA”)-solo regulated firms since 9 December 2019. Individuals from across firms will no doubt remember the level of engagement required to prepare firms for the SMCR. Over six months on from implementation, firms are testing their SMCR implementation and assessing what is required to ensure continued compliance. This client alert:

  • provides a brief overview of the key changes that firms should have already implemented;
  • summarises key lessons from the FCA’s approach to enforcement of the regime against the banks; and
  • details the steps that firms should be undertaking prior to the extended deadline of 31 March 2021.

Reminder of key changes

  • Firms are split into three categories – limited scope firms, core firms and enhanced firms. Most solo-regulated firms are “core firms”.
  • Persons carrying out senior management functions (“SMFs”), such as the CEO and Head of Compliance, require prior FCA approval to perform their roles. Each senior manager has a “statement of responsibilities” detailing the areas they are responsible for.
  • Enhanced firms must also have a “responsibilities map”, setting out the firm’s management and governance arrangements.
  • “Prescribed responsibilities” are allocated to certain, but not all, senior managers.
  • Senior managers have a “duty of responsibility” to take reasonable steps to prevent, or stop, a breach of rules in their area. If they fail to do so, the FCA could hold them responsible for the breach and take enforcement action.
  • The Certification Regime covers specific functions that are not SMFs but can, nonetheless, have a significant impact on customers, the firm and/or market integrity. Certified staff do not need to be approved by the FCA. However, firms must check and certify that these employees are “fit and proper” to perform their role.
  • The conduct rules are a new set of enforceable rules that set basic standards of good personal conduct. They apply to almost every person who works in a financial services business. Some conduct rules apply to everyone within scope, while others only apply to senior managers. Firms must give training on the conduct rules and notify the FCA if they have taken disciplinary action against an employee for breach of them.
  • Firms must assess whether senior managers, non-executive directors and certified staff are “fit and proper”, on an ongoing and at least annual basis. As part of the initial fit and proper assessment, firms should request regulatory references to cover the last six years of employment.

Lessons from the FCA’s approach to the SMCR relating to banks

In undertaking an assessment of their firm’s implementation of SMCR, clients find it helpful to review the implementation issues encountered by banks and, in particular, the FCA’s review into the embedding of the SMCR in the banking sector. There are several points arising from the review of particular interest.

Dividing line between non-executive and executive directors

Some non-executive directors expressed concern that the regime expected too much from the board. They perceived a risk that the line between a non-executive and executive could become blurred as board members become more involved in operations of the business.

The FCA clarified, however, that the SMCR does not seek to redefine the roles of non-executives. In particular, it does not expect non-executives to act more like executive directors. Indeed, it views the oversight role of non-executive directors and their ability to challenge management as a key safeguard for the interests of firms’ stakeholders. The FCA did note that, especially in larger firms, the responsibilities of SMF non-executive directors are often likely to be considerable.

Meaning of “reasonable steps”

The FCA stated that a number of senior managers expressed concern around understanding the meaning of “reasonable steps” in the context of their business. In response to this, the FCA pointed to guidance in its Decision Procedure and Penalties Manual. In determining what would constitute taking “reasonable steps” to avoid a contravention occurring or continuing, the FCA will consider, amongst other things:

  • such steps that a competent senior manager would have taken at that time and in all the circumstances;
  • whether the senior manager exercised reasonable care when considering the information available to them;
  • the nature, scale and complexity of the firm’s business; and
  • whether the senior manager took reasonable steps to (i) ensure that any delegation of their responsibilities, where this was itself reasonable, was to an appropriate person with the necessary capacity, competence, knowledge, seniority and skill; and (ii) oversee the discharge of the delegated responsibility effectively.

However, the FCA noted that it is not possible nor helpful to provide an exhaustive list to cover every situation. It stressed that appropriate controls and processes are an important part of senior managers doing what they reasonably can to prevent misconduct, although they need to “think more broadly and…create an environment where the risk of misconduct is minimised, for example through nurturing healthy cultures”.

The SMCR and firm culture are intrinsically linked. SMCR implementation gave firms an opportunity to also take stock of their own culture, whereas before the SMCR arrived, culture was perhaps fairly low down on the agenda for some firms.

In its feedback on the review, the FCA does specifically discuss its findings relating to firms’ culture. Whilst it reported that firms have struggled to find appropriate ways of measuring culture, it was noted that many firms described a stronger tone and ownership from the top – there was a change in the level of detail, clarity and quality of conversations on culture and expected behaviours. All of the firms talked about the work they had done to create a culture of challenge, escalation and providing a safe environment for staff to raise issues.

Certification

The FCA noted that whilst there were positive developments, such as firms having widened their approach to assessment of staff beyond solely technical skills, most firms could not demonstrate the effectiveness of their assessment approach, use of subjective judgement or how they ensure consistency across the population.

There is no harm in solo-regulated firms taking the opportunity now to take a look at their certification procedures to ensure that they are sufficient (particularly given that firms still have time before the first certificates need to be issued for certified staff – see “Next steps for firms prior to 31 March 2021” below).

Conduct rules

In its findings, the FCA specifically flagged that the main weaknesses identified in the review related to the implementation of the conduct rules. Three key issues were particularly troubling to the FCA:

  •  evidence suggested that firms had not sufficiently tailored their conduct rules training to staff’s job roles;
  •  there was insufficient evidence to be confident that firms have clearly mapped the conduct rules to their values, to “bring the conduct rules to life”; and
  •  firms were often unable to explain what a conduct rule breach looked like in the context of their business.

This is a clear signal to solo-regulated firms to ensure that they focus on ensuring proper implementation of the conduct rules. Indeed, the FCA states that it will increase its supervisory focus here. As noted below, firms are required to train all remaining staff on the conduct rules prior to them coming into force. Crucially, it is particularly evident from the FCA’s findings that such training be as tailored as possible.

Enforcement action to date

There has only been once successful enforcement action under the banking SMCR regime. This related to James Staley, the Chief Executive of Barclays Group (in May 2018). Mr Staley was fined a total of £642,430 for failing to act with due skill, care and diligence in the way he acted in response to a letter containing various allegations, received by Barclays in June 2016.

Whilst the FCA, therefore, has been relatively quiet from an enforcement perspective to date, firms should not be drawn into a false sense of security. This is particularly the case given that the extension of the regime brought within scope a significant number of firms (approximately 47,000). Additionally, a number of these firms are also more likely to be viewed as “low hanging fruit” by the FCA – some firms will perhaps have less sophisticated governance procedures in place (meaning potentially more breaches) and it will be much easier for the FCA to identify the decision-making processes of these solo-regulated firms when it is investigating breaches.

Post-31 March 2021, therefore, we anticipate an increase in enforcement action from the FCA against solo-regulated firms, as we move away from the implementation phase of the SMCR (indeed, we understand that there are currently a number of enforcement actions under way within the Enforcement Division and, therefore, we can expect related final notices in due course).

Next steps for firms prior to 31 March 2021

Initially, the rules set out below were set to apply as from 9 December 2020. On 30 June 2020, however, the FCA announced that, in light of the COVID-19 pandemic, the deadline for solo-regulated firms to undertake the first assessment of the fitness and propriety of their certified persons has been delayed until 31 March 2021.

In order to make sure that various SMCR deadlines remain consistent, the FCA also stated that intends to consult on extending the deadline for the following requirements from 9 December 2020 to 31 March 2021:

  • the date the conduct rules come into force for non-senior managers; and
  • the deadline for submission of information about directory persons to the register.

Firms should continue with their programmes of work in these areas and, if they are able to certify staff earlier than March 2021, they should do so. The FCA emphasised that firms should not wait to remove staff who are not fit and proper from certified roles.

The FCA will still publish details of certified employees of solo-regulated firms on the financial services register from 9 December 2020 and, where firms can provide this information before March 2021, they are encouraged to do so.

The below summary assumes (as will almost certainly be the case) that the deadlines discussed will indeed be extended.

Certification process

  • Firms need to check and certify that individuals holding certification functions are “fit and proper” to perform their role at least once a year.
  • Firms must complete certification assessments and issue certificates by 31 March 2021.

FCA Directory

  • The FCA has established a directory of individuals.
  • This will include all certified staff and directors who are not performing senior management functions (both executive and non-executive) as well as appointed representatives and sole traders who are undertaking business with clients and need a qualification to do so.
  • Solo-regulated firms must submit their data by 31 March 2021. It will include information such as employer details, the person’s role and workplace location. This should be done by completing a prescribed template and uploading it to the FCA’s online portal (known as CONNECT).

Conduct rules

  • Firms will be familiar with the training requirements for senior manager and certified staff.
  • Conduct rule staff must be trained on the conduct rules before 31 March 2021. Training is a key tenet of the SMCR, to ensure that all relevant persons sufficiently understand their responsibilities.

 


Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments.  Please contact the Gibson Dunn lawyer with whom you usually work in the firm’s Financial Institutions practice group, or any of the following:

Michelle M. Kirschner – London (+44 (0)20 7071 4212, [email protected])
Martin Coombes – London (+44 (0)20 7071 4258, [email protected])
Chris Hickey – London (+44 (0)20 7071 4265, [email protected])

© 2020 Gibson, Dunn & Crutcher LLP

Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.