To FCA Solo-Regulated Firms
Is your firm ready?
On 9 December 2019 the Senior Managers and Certification Regime (“the SM&CR”) was extended to include all Financial Conduct Authority (“FCA”) solo-regulated firms, replacing the UK Approved Persons Regime in its entirety. The purpose of this article is to examine issues raised by this extension of the SM&CR and to consider what, if any, amendment is required to your firm’s insurance coverage because of this change.
Following the financial crisis in 2008 the Parliamentary Commission on Banking Standards recommended that the FCA should develop a new system of regulation, one which was more focused upon senior managers, individual responsibility and accountability. As a result, the FCA devised the SM&CR, which replaced the Approved Persons Regime for the banking sector in March 2016 and was subsequently extended to the insurance sector in November 2018.
The final phase of the roll-out of the SM&CR will include all remaining FCA solo-regulated firms, impacting an estimated 47,000 entities including: investment firms, asset managers, consumer credit firms and mortgage and other brokers. The FCA has stated that the aim of the SM&CR is to reduce harm to consumers and strengthen market integrity by making individuals more accountable for their conduct and competence. It is fair to say, at least in our experience, that the extension of the SM&CR is causing some trepidation amongst many of these entities. That said given that the SM&CR is not a new regime, and that many of the issues that it raises have been known about for some time, we would hope to allay some of those concerns, at least as they pertain to policy coverage.
The first, and most obvious issue, is to identify the entities to whom the SM&CR will apply. It will cover:
- All U.K. FCA solo-regulated firms authorised under the Financial Services and Markets Act 2000 (“FSMA”); and
- In respect of certain provisions only, U.K branches of both EEA and non-EEA firms.
A 3-Tiered Approach
The SM&CR provides for 3 types of firm:
- Enhanced Firms (the largest and / or most complex firms subject to an Enhanced Regime);
- Core Firms (subject to a ‘baseline’ of SM&CR requirements); and
- Limited Scope firms (subject to the fewest requirements).
Legal entities subject to the SM&CR will need to comply with different requirements depending upon which category they fall into.
A key question will, therefore, be whether your firm is a Core Firm or falls within the Enhanced Regime. Core Firms are subject to the “baseline requirements” of the core regime, that is, the Senior Managers Regime, the Certification Regime and the conduct rules. The FCA anticipates that the majority of FCA solo-regulated firms will be classified as Core Firms. Those that fall within the Enhanced Regime will have to adhere to both the baseline requirements and any additional rules and/or Functions that apply. Given the size of Limited Scope Firms this category is unlikely to be of relevance to our clients.
Enhanced Firms include those with assets under management of £50 billion or more as a 3-year rolling average and firms with total intermediary regulated business revenue of £35 million or more per annum, again calculated as a 3-year rolling average. Such firms will, unsurprisingly, be subject to additional rules over and above those faced by Core Firms. Each firm will be responsible for determining the tier it falls into and for notifying the FCA of this and any changes. Once a firm meets the relevant criteria, the enhanced regime will apply to them automatically. This means that firms will need to monitor whether and how the criteria apply to them, particularly where they are close to meeting one of the relevant criteria. The rules in this area are complex and merit careful consideration.
Key Aspects of the Regime
The SM&CR regime consists of three key parts, the:
- Senior Managers Regime;
- Certification Regime; and
- Conduct Rules
The Senior Managers Regime
The FCA describes Senior Managers as the most senior people in a firm with the greatest potential to cause harm or impact on market integrity. The purpose of making a particular function a Senior Management Function is, therefore, to ensure that the FCA knows who a firm's most senior decision-makers are, and to make sure firms clearly allocate responsibilities to those key decision makers. The FCA rules will determine which roles are Senior Management Functions depending upon the type of firm involved. As with the Approved Persons Regime which preceded it, those individuals holding Senior Management Functions must be approved by the FCA before they are appointed to their role. Examples of Senior Management Functions include: the Chief Executive (SMF 1), Executive Directors (SMF 3) and Partners (SMF 27).
Every Senior Manager must have a document, termed a Statement of Responsibility, which clearly states what functions they are responsible and accountable for. The statement must be clear, succinct and standalone i.e. it must not refer to any other documents. The FCA has also devised a number of Prescribed Responsibilities, in addition to the inherent responsibilities that are part of a Senior Manager’s role, which must be allocated to an appropriate Senior Manager. These Prescribed Responsibilities are to ensure that a Senior Manager is held accountable for key conduct and prudential risks.
Each Senior Manager will also have a duty of responsibility. If a firm breaches that duty the FCA will look to the Senior Manager with responsibility for it and will consider whether he or she took reasonable steps to prevent the breach. If not the FCA may consider enforcement action. In bringing enforcement action against Senior Managers, whether under the duty of responsibility, the conduct rules or otherwise, the FCA will consider the individual's Statement of Responsibilities when determining the extent of their responsibilities.
Enhanced Firms must also prepare and maintain a single document that sets out the firm’s management and governance responsibilities. They will also need to ensure that every activity, business area and management function has a Senior Manager with overall responsibility for it. The FCA states that this is to prevent unclear allocation of responsibilities and issues falling between the cracks.
The Certification Regime
The Certification Regime will cover people who are not Senior Managers, but whose role means it is possible for them to cause significant harm to a firm or its customers. The FCA refers to these as "certification functions".
The Certification Regime only applies to employees of firms. The definition in FSMA of an employee covers individuals seconded to firms and contractors but does not, for example, cover Non-Executive Directors. The definition includes anyone who personally provides, or is under an obligation to provide, services to the firm in question and is subject to (or to the right of) supervision, direction or control by the firm. This may include advisers employed by the firm on a contract basis.
If a role meets the definition of a certification function, then a firm needs to ensure that anyone doing that role has been certified. This certification requirement means that the firm must check and confirm (at least annually) that the person is a fit and proper person to carry out their job. Examples of those employees subject to the Certification Regime include those with a client dealing function (e.g. financial advisers and investment managers) and those termed “material risk takers”. It will also include the role of Head of Legal which is an important function, but which was ultimately determined not to be a Senior Management Function because of incompatibility with certain legal requirements of the role.
The Conduct Rules
FSMA gave the FCA new powers to write conduct rules and apply them to all employees within a firm, not just approved individuals. These are a new set of enforceable rules that apply basic standards of good personal conduct against which the FCA can hold individuals to account. It is extremely important to note that these conduct rules apply both to a firm’s regulated and unregulated financial services activities. This means that an employee could potentially breach those rules by, for example, misconduct in the employment arena. There are two tiers of conduct rules, the first of which applies to almost all employees, bar ancillary staff such as receptionist and post-room staff, and the other to Senior Managers. The conduct rules applying to employees include the obligation to: act with integrity and due care, skill and diligence. They also require that individuals co-operate with regulators and observe proper standards of market conduct.
Firms will be required to train their employees, so that they know which conduct rules apply to them. Firms will also have an obligation to notify the FCA when disciplinary action has been taken against a person for a conduct rule breach.
When reviewing your firm’s D&O policy to evaluate the extent of your coverage for the SM&CR the definition of Approved Persons is key and requires careful review. As noted at the outset the SM&CR is not new and so many of the policies that we review have already had the definition of Approved Person amended, at least to some extent, to take account of the extended regime. There are a variety of such definitions in the market and we have given an example of two clauses below:
Approved Person means any natural person employed by or serving any Company to whom the Financial Conduct Authority (FCA), Prudential Regulation Authority (PRA) or any prior or successor entity has given its approval to perform one or more controlled functions, significant influence functions or senior management functions pursuant to Part V of the Financial Services and Markets Act 2000 (or any amendment to, re-enactment thereof or superseding legislation) or within scope of COCON 1.1.2R(1) of the FCA’s Handbook or similar activities in any jurisdictions for a Company.
Any natural person employed or appointed by any Company:
(a) to whom the Financial Conduct Authority, Prudential Regulation Authority or any prior or successor entity has given its approval to perform one or more controlled functions, significant influence functions, senior management or senior insurance management functions for a company pursuant to the Financial Services & Markets Act 2000 or any subsequent amendment;
(b) who has been certified or otherwise approved by any company to perform a significant harm, certification or other function specified by the Financial Conduct Authority, Prudential Regulation Authority or any prior or successor entity or any authorisation given by a similar authority to perform similar activities in any other jurisdiction; or
(c) who is personally subject in their capacity as an employee of any company to all or any of the Conduct Rules or other regulatory requirements of the Financial Conduct Authority and/or Prudential Regulation Authority or any prior or successor entity or any authorisation given by a similar authority to perform similar activities in any other jurisdiction.
There are several important points to note here. The second definition is clearly more comprehensive than the first and captures the baseline requirements of the extended regime. Both definitions apply to “all natural persons” which is important. It ensures that anyone caught by the specified rules are covered, rather than providing coverage by employment status or job title.
Once you have checked that coverage is stated to apply to all persons rather than say by job function (it should as a matter of course) then it is prudent to ascertain which aspects of the SM&CR are covered. This requires checking each element of the Approved Person definition against the baseline referred to above, to ensure each element is covered. In this regard one can see, as previously noted, that the second definition is wider than the first in that it includes functions within (a) the Senior Managers Regime, (b) the Certification regime and also includes at (c) all employees who are personally subject to the conduct rules. In our experience, many definitions in wordings of firms which will caught by this extension of the SM&CR do not include this third limb of the second definition i.e. employees subject to the conduct rules. It is, however, important to carefully check your wording to ensure that all aspects of the regime (the baseline functions) are covered. Retaining reference to Controlled Functions and Significant Influence Functions (as seen in both examples) is also important as it ensures that the previous Approved Persons Regime remains covered.
Whether a firm wishes to amend the definition of Approved Person to cover all employees will require careful assessment. Whilst a firm may be reluctant to open up the D&O policy in this way, it will very much depend upon the entity in question. In particular the size of the firm, the nature of the business and the perceived merits (or demerits) of expanding the Approved Person definition all require careful consideration. It is an important point, with potentially serious ramifications and one that you will want to discuss with us and/ or your lawyers. Indeed, we would recommend a full wording review so that you are satisfied that you remain appropriately covered in respect of any issue that may arise.
The extension of the SM&CR to all FCA solo-regulated firms will present challenges for firms. That said, as previously noted, the regime is not new and many of the lessons that arise from its earlier roll-out to banks and insurers have been learnt and incorporated into wordings more generally. Understanding the regime and how it applies to your firm will require some investment of time, but that will be advantageous in the long run. The issues raised are complex and fact specific and we would recommend early recourse to lawyers and other advisers.
We are here to assist you with the transition to SM&CR, the review of your D&O policy and other issues that may arise from this change in the regulatory regime. Should you require further assistance do not hesitate to contact the writer, Karen Cargill, or other members of the Coverage Team.
The Aon Coverage Team are technical specialists and do not give legal advice. As such the contents of this advisory publication are for reference purposes only and do not constitute legal advice. Specific legal advice should always be sought on your specific circumstances before taking any action based on this advisory note.
Aon UK Limited is authorised and regulated by the Financial Conduct Authority.