The Senior Managers & Certification Regime – Righting Regulatory Wrongs?
As of 9 December 2019, the Senior Managers and Certification Regime (SMCR) became applicable to almost all firms regulated by the Prudential Regulation Authority and the Financial Services Authority, demonstrating that individual accountability remains a key priority for regulators. Chris Brennan (partner) and Zeena Saleh (associate) of White & Case LLP outline the key changes and implications for us.
The global financial crisis spurred a flurry of regulatory activity – large cross-border investigations, record fines and a thirst for more individual accountability – giving further credence to the third law of regulation; for every market action, there is an equal and opposite regulatory reaction.
While regulators have long been successful at holding firms to account for wrongdoing, they have had much less success holding individuals to account. The view from the regulator was that the failure to discipline individuals is often caused by difficulties in attributing control failings to particular individuals, for example, because of collective decision-making.
SMCR was established following the recommendations of the Parliamentary Commission on Banking Standards. The regime seeks to reduce the pool of senior individuals directly approved by the regulators, while encouraging individuals to take greater responsibility for their own actions. It is also designed to make it easier for firms and regulators to hold particular individuals to account for a regulatory failure within a firm. It was first applied to banks from March 2016 and later applied to all dual-regulated firms from December 2018.
To further ensure (as far as possible) a consistent approach across the financial services industry, as of 9 December 2019, the regime was extended again to apply to the 47,000 solo-regulated firms. Firms will have one year (until 9 December 2020) to take certain steps required by the regime. So, what are the implications of this for soloregulated firms and what measures should firms be taking, if they have not done so already?
SMCR aims to “…encourage greater individual accountability and sets a new standard of personal conduct in financial services …” with a view to strengthening confidence in the financial services industry and ultimately reduce harm to consumers.
The extended regime applies to a vast and varied group of firms. The FCA has taken this into account proposing a proportionate and flexible approach to the application of the regime. This is demonstrated by the FCA’s categorisation of firms – limited, core or enhanced – with the regulations under SMCR applying to such firms accordingly.
This short article does not seek to set out all the changes brought about by SMCR. However, the key changes can be summarised into the following three categories:
1. Conduct Rules – – the Conduct Rules replace the Statements of Principle and Code of Practice for Approved Persons (APER) and applies to a broader group of employees.
2. Senior Managers Regime – Senior Management Functions (SMF) replace the previous Significant Influence Functions. Each senior manager must obtain pre-approval from the FCA prior to starting the role. The regime introduces prescribed responsibilities to be allocated to SMFs and the concept of a ‘Statement of Responsibilities’ for enhanced firms which should clearly articulate what that individual is responsible and ultimately accountable for.
3. Certification Regime – The Certification Regime applies to employees in positions where it is possible for them to cause significant harm to the firm, its customers and the market more generally. These individuals will not require pre-approval from the regulator before starting the role but must be certified as fit and proper by the firm.
While it is certainly hoped that, in practice, firms and their senior individuals were acting in a way that reflects the spirit of the new regime, SMCR still arguably constitutes a significant practical change – expanding its reach, placing more responsibility on firms and a greater emphasis on individual accountability. Some key implications include:
1. Conduct rules have a broader reach, applying to a larger pool of employees when compared to the previous APER regime. Firms will need to ensure that its employees are aware of the conduct rules as they apply to them.
2. SMCR has effectively reduced the number of SMFs requiring FCA approval and increased the number of employees that would fall within the certification regime. This places a greater onus on firms. While those holding a SMF will need to obtain the FCAs pre-approval before taking on the role, the burden of assessing a certified employee’s fitness and propriety is now on a firm. Although previously firms would always make an assessment of an individual’s fitness and propriety, the regulator would always have the final say. Firms are now required to reach their own decision on this issue and face the consequences if they get it wrong. Firms are also required to provide regulatory references to a new employer and, given the new employer’s degree of reliance on the reference, will need to carefully consider what information to include and the appropriateness or adequacy of such information.
3. In terms of individual accountability, it should be easier for regulators to identify who is responsible for any given issue within a firm. However, the assessment of whether an individual is culpable for a regulatory failing remains the same. While the new regime introduces some specific rules, any enforcement action is likely to focus on the question of whether the person took reasonable steps. While this is not always easy to demonstrate, it is a relatively low threshold. The problem is that although the FCA has to establish that the individual failed to take reasonable steps, the practical burden will always fall on the senior manager to demonstrate what they did to fulfil their regulatory obligations.
IS IT ENOUGH TO RIGHT PAST WRONGS?
The introduction of SMCR is a positive step for the industry in many ways. Establishing who is responsible for what within a firm, provides clarity for regulators, firms and individuals alike. However, in larger firms, the ability to attribute culpability for a control failing is unlikely to be as ‘black and white’ as it might appear on a Statement of Responsibilities. The regulator must be careful to avoid trying to create a culture of strict liability. The fact that an issue is said to be the responsibility of a particular individual, does not mean that individual has to take the blame. Life is never that simple – not even in politics.