OFAC revokes so-called U-turn authorization for Cuba-related financial transactions
OFAC published a final rule that modifies the Cuban Assets Control Regulations to revoke the so-called "U-turn" authorization.
On July 26, 2017, the Financial Conduct Authority (FCA) published its long-awaited Consultation Paper (CP 17/25) setting out its proposals for introducing the Senior Managers, Certification and Conduct Regime (SMCR) to the majority of firms operating in the UK financial services industry.
On October 15, 2015 HM Treasury published a policy paper, Senior Managers’ and Certification regime: extension to all Financial Services and Markets Act 2000 “FSMA” authorised persons, stating that the SMCR would in the future be applied to all sectors of the financial services industry during 2018. HM Treasury stated that the principle of proportionality would be particularly important and that the extended regime would “reflect the diverse business models operating in the UK market”. The FCA subsequently said that it would consult on the extended regime during the course of Q2 2017 although in fact the regulator delayed publishing its much anticipated proposals until late July 2017.
The policy announcement in the HM Treasury paper that the SMCR would be extended to all financial services firms was expected as it was previously trailed in reports criticising the Approved Persons Regime. Following the papers published by the Commission led by Sir John Vickers that looked into the UK banking industry the House of Commons approved a joint resolution on July 16, 2012 which established a Parliamentary Commission on Banking Standards the “Parliamentary Commission”.
The Parliamentary Commission published its final report, Changing banking for good, on June 19, 2013. Arguably, this report is one of the most important papers published after the 2008 financial crisis and it was particularly critical of the UK’s banking industry. In relation to the Approved Persons Regime the Parliamentary Commission observed that the regime had “created a largely illusory impression of regulatory control over individuals, while meaningful responsibilities were not in practice attributed to anyone”. The Parliamentary Commission added that, as a result, “there was little realistic prospect of effective enforcement action, even in many of the most flagrant cases of failure”. In light of these failings, the Parliamentary Commission recommended the creation of a new individual accountability regime that would become the SMCR. It also called for a more effective sanctions regime against individuals arguing that such a move was essential for restoring public trust and confidence in the UK banking sector. A key component of the new sanctions regime would be a new criminal offence that would apply to senior persons carrying out their professional responsibilities in a reckless manner with the power to fine or imprison individuals on conviction.
Importantly, the Parliamentary Commission’s final report noted that the deficiencies that it had found in the Approved Persons Regime were not limited to the banking sector. The final report stated: “There may be a strong case for applying some of the reforms to other areas of the financial services sector and it is plausible to suppose that the deficiencies of the Approved Persons Regime are replicated beyond banking”. However, the Parliamentary Commission also noted that a wider review of individual accountability in the financial services industry was outside the scope of its remit and that such work could delay any reforms to the UK banking industry. It stated:
“there is a risk that an extension of reform would delay the timetable for reforms, both due to the wider interests involved and the operational flaws of the current Approved Persons Regime.We therefore recommend that the arrangements for a Senior Persons Regime, for a Licensing Regime and for a register, reflecting the operation of these regimes, be put in place in the first instance separately from the Approved Persons Regime, which should cease to apply to banking. It is for the regulators to advise on the merits of the new schemes’ wider applicability.”
The Government broadly accepted the recommendations of the Parliamentary Commission in a paper co-published by HM Treasury and the Department for Business Innovation and Skills in July 2013. In particular, the Government shared the Parliamentary Commission’s concerns that the failures of the Approved Persons Regime were not limited to the banking sector but that to undertake a wider reform programme would delay the reforms to the banking industry. The Government paper stated:
“While the Commission’s recommendations relate to standards in the banking sector, they consider it plausible that the weaknesses of the Approved Persons Regime affect not just the banking sector but other parts of the financial services industry too. The Government agrees with this and notes that many of the failures identified by the Commission were not limited to the banking sector. The Commission proposed that, to avoid delay to banking reforms, the Commission’s recommendations should initially be put in place for banking only. In fact, because the relevant FSMA provisions apply to all parts of the financial services industry, it would be simpler legislatively and operationally to apply any reforms to the framework for regulating individuals to the financial services industry as a whole. The Government will therefore consider with the regulators whether to amend the relevant FSMA provisions to allow for wider application of the proposed reforms.”
The Government also accepted the Parliamentary Commission’s recommendation on introducing a criminal sanction for reckless misconduct in the management of a bank. In
particular, the Government agreed with the Parliamentary Commission that only individuals performing the functions of a Senior Person would be criminally liable for this offence.
It is worth briefly mentioning that both the Parliamentary Commission’s final report and the Government’s response advocated a “reversal of the burden of proof”, whereby a senior manager could be found liable for a regulatory breach if he/she could not show the regulator that he or she took the steps that it was reasonable for a person in their position to take to prevent the breach occurring or continuing (i.e. assumed guilty until proven innocent), thus reversing the normal burden of proof. However, this approach, understandably, caused some concern in the market and ultimately the Government changed its position to mirror what has always existed under the Approved Persons Regime, namely that an Approved Person/Senior Manager has a regulatory responsibility to take reasonable steps in discharging their duties. Further, that it is for the FCA to prove that a Senior Manager had not taken such reasonable steps (i.e. innocent until proven guilty). The only change that the Government did make to the existing Approved Persons reasonable steps duty in the SMCR was to elevate it from being a purely regulatory duty to a statutory duty described in the HM Treasury policy paper published in October 2015 as the “duty of responsibility”.
The SMCR was implemented for Banks and significant insurance firms (i.e. those entities regulated by both the FCA and PRA) in a first phase on March 7, 2016 with subsequent phases of implementation occurring thereafter the “Bank Regime”
As it is relevant to commentary that follows in this note, it is worth commenting on the additional work that the FCA has done since implementation of the Bank Regime.
Immediately following the first phase of implementation, the FCA and/or PRA (but primarily the FCA) wrote to in-scope banks/insurers with queries/concerns as to how they had implemented the requirements of the Bank Regime “First Soft Thematic Review”. This was not a formal thematic review and the output of the FCA’s concerns/queries was a very short web article.1 However, the FCA’s expectations of firms were highlighted in their supervisory work.
Secondly, simultaneously with the implementation of the second phase of the Bank Regime (namely for certification staff), the FCA conducted a formal thematic review of in-scope firms’ preparedness for the certification regime “Second Thematic Review”. The key elements from that thematic review are noted in this Bulletin. As at the date of this note, the FCA has not formally presented its findings back to the industry.
The FCA has yet to conduct a thematic review into how firms have implemented the final phase of the Bank Regime, in relation to Conduct Staff.
The Government legislation which mandated the extension of the SMCR (discussed above) stated that it would apply to “all authorised persons”.2 This means that the SMCR applies to all regulated financial services firms authorised under the Financial Services and Markets Act 2000 operating in the UK or into the UK through a branch. Although the consultative rules are unclear, this should exclude firms such as, without limitation
Therefore, out of scope firms will still need to comply with the existing Approved Persons Regime or similar regime under the different authorising legislation, to the extent it applies to them.
Consistent with legal expectations, the FCA’s approach to the SMCR is
Consistent with the Government’s original intentions (discussed above), the FCA is proposing to implement the SMCR in a manner that is proportionate, taking into account the varied nature of the approximately 50,000 firms in the non-bank financial services industry, which range from consumer credit sole traders to the largest of global asset managers and wholesale brokers. The FCA has kept this intention proposing that “the new regime … be proportionate and flexible enough to accommodate the different business models and governance structure of firms”.4
In order to achieve this proportionality, the FCA is proposing to divide firms into three categories. The basic elements of the SMCR will then be applied in a basic way or a more detailed way depending on which category a firm falls into.
The Consultation Paper includes a flowchart on page 14 (which will be replicated in an Annex to SYSC when finalised) for firms to check which category they are in. The categories are as follows
This is proposed to apply to firms who conduct regulated activities as an ancillary activity to their primary business activity and who are not MiFID investment firms. These types of firms should include
In addition, UK branches of EEA firms are excluded from some of the same requirements that limited scope firms are excluded from so as to be essentially treated as a limited scope firm.
There appear to be a number of exclusions proposed from being an Enhanced Firm, including
For firms who satisfy the test to be an Enhanced Firm but who already have a waiver, or presumably who qualify for a waiver, from the FCA (such as, for example, from certain CRR requirements like needing to have a risk committee), the FCA has stated that firms can apply to the FCA for a waiver from being categorised as an Enhanced Firm. The FCA has not finalised the detail on how the waiver regime will apply. In practice, this means that firms that receive a waiver will be a Core Firm. There does not appear to be a guarantee that a waiver will be given in all cases but, where relevant, there is the ability to apply for such a waiver. It is hoped that the parameters in which the FCA will provide a waiver will be confirmed in the final policy statement as it is currently unclear and is, understandably, of utmost importance to firms to know whether they are within scope of the very detailed requirements of the Enhanced Regime or the lighter touch Core Regime. The FCA has not stated from when firms can start applying for waivers.
The FCA has proposed measures for where a Core Firm subsequently satisfies the test to be an Enhanced Firm and vice versa. For example, a non-bank mortgage lender might have fewer than 10,000 regulated mortgages outstanding (so being a Core Firm), but then has over 10,000 regulated mortgages outstanding (so being an Enhanced Firm).
The FCA proposals are currently unclear on how Core Firms are treated when they meet the thresholds to be an Enhanced Firm (and so have the six-month transitional period), but then subsequently do not meet the thresholds to be an Enhanced Firm within that six-month window. The proposed rules state that they remain a Core Firm however this proposal may see firms submitting approval applications for senior managers to then have to withdraw them. It is hoped that the FCA will consider this in its final policy statement as filing and subsequently withdrawing applications for approval can have wider consequences for senior managers seeking other regulatory approvals.
The Consultation Paper does not address how the SMCR applies to a group of companies that have both Core Firms and Enhanced Firms in the group. The proposed rules reiterate that the regime applies on an entity-by-entity basis (as it did in the Bank Regime). However, if the SMCR is applied in this way in a group context there will be a number of challenging consequences for firms. For example, there may be some senior managers within the group carrying out functions for both the Core Firm and the Enhanced Firm, yet their responsibilities will be more limited in scope for Core Firms and wider in scope for Enhanced Firms; they will have different Statements of Responsibilities; and the duty of responsibility/reasonable steps will apply to some parts of their role for one firm but not the other. It is hoped that this will be clarified in the final policy statement.
As expected, the key elements of the Bank Regime relating to senior managers, certification staff and conduct staff have been retained. These can be broken down into the following categories, each of which is commented on in further detail later in this Bulletin.
The extent to which the various elements apply to a firm depends on whether they are a Limited Scope, Core or Enhanced Firm. In addition, the requirements of the elements that do apply vary depending on a firm’s category. The table below summarises which elements are applicable at all to the various categories of firms
|Senior manager function||✔||Excluding not-for-profit debt advisory bodies, certain incoming EEA firms and internally managed AITFs||✔||✔|
|Fitness and propriety||✔||As above but not for non-executive directors (if applicable)||✔||✔|
|Criminal record checks||✔||As above and also excluding sole traders without employees and in relation to non-executive directors||✔||✔|
|Statements of responsibilities||✔||As above||✔||✔|
|Duty of responsibility||✔||✔||✔|
|Senior manger conduct rules||✔||As above||✔||✔|
|Management responsibilities map||✘||✘||✔|
|Regulatory references||✔||As above||✔||✔|
|Significant harm functions||✔||But unlikely||✔||✔|
|Annual certification||✔||If certified staff||✔||✔|
|Fitness and propriety||✔||If certified staff||✔||✔|
|Regulatory references||✔||If certified staff||✔||✔|
|Criminal record checks||✔||If certified staff||✔||✔|
|Conduct rules||✔||If certified staff||✔||✔|
|Notification of breaches||✔||✔||✔|
|Criminal record checks||✘||✘||✘|
These functions replace the current controlled functions under the Approved Persons Regime. Firms within the scope of the SMCR must ensure any senior manager carrying out one or more function is approved by the FCA before carrying out that function.
The functions only need to be allocated to the extent a firm has a senior manager carrying out that function or to the extent that the trigger for that function (e.g. compliance with a particular FCA requirement) is met. The FCA has decided to approach the labelling of the required functions by using the same SMF categorisation as was given to these functions in the Bank Regime. This will allow senior managers who could potentially move between banks and non-banking firms to have familiarity with the senior manager functions.
For Limited Scope Firms, the required functions differ depending on: (i) the nature of the firm and its FCA licences (e.g. limited permission consumer credit firm); (ii) whether it is a UK firm or an EEA firm; and (iii) the activities it carries out. The various functions that need to be allocated (where applicable) can be found in proposed SYSC 7.1R–7.5 G, however the various functions require clarification as there appear to be some inconsistencies.
Most firms (but not all) will need to have approved any senior managers carrying out
No Senior Manager Functions need to be allocated to: not-for-profit debt advisory bodies, incoming EEA firms in certain circumstances and internally managed AIFs.
For Core firms, the required functions differ depending on whether the firm is a UK firm, EEA firm, non-EEA firm or a MiFID exempt firm whose only permission is bidding in emissions auctions. It is currently proposed that the following are the required functions (see Table in SUP10C Annex 1 5.2R)
Other non-UK Firm
Emission auction bidder
|SMF 3||Executive Director||✔||✘||✔||✔|
|SMF 16||Compliance Oversight||✔||✘||✔||✘|
|SMF 19||Head of third country branch||✘||✘||✔||✘|
|SMF 21||EEA branch senior manager||✘||✔||✘||✘|
For Enhanced Firms, the required functions are all of those set out above for Core Firms (excluding SMF 19 and SMF 21), as well as
Each of the functions above comes with a responsibility which is inherent to that function. For example, the inherent responsibility of the CEO (SMF1) is having responsibility for the conduct of the whole of the business (or relevant activities) of the firm. These inherent responsibilities are set out in the FCA’s Handbook next to where the function is described or in the Glossary. Each senior manager must understand his/her inherent responsibility and its importance as it cannot be excluded or amended. The duty of responsibility (discussed below) applies to these inherent responsibilities.
Save in respect of SMF 21 (EEA branch senior manager), SMF 7 (Group Entity Senior Manager) and SMF 18 (Other overall responsibility), mapping an existing senior manager approved to carry out a controlled function into their senior manager function should be a relatively simple exercise for most firms. The FCA has even stated that it intends to approach transitioning firms into the new regime by “auto-converting” some existing Approved Persons within in-scope firms into their respective Senior Manager functions. The FCA has said that the detail of this auto-conversion will be included in the technical paper which is due out after November 3, 2017.
In relation to SMF 21, SMF 7 and SMF 18 (described above), or indeed allocating any function to a new senior manager, the FCA has reiterated that the test for who carries out that function is who is ultimately accountable to the board for that area. The FCA draws a distinction between the responsibilities of senior managers (which can be a wide set of responsibilities) and what he/she is accountable for, and it is the latter that should be the focus for applying the test.
There are a number of lessons learnt from the Bank Regime, including those set out below.
Other than in relation to SMF 3, SMF 7, SMF 18, SMF 27 and SMF 29, the FCA would prefer that one manager carries out a senior manager function. The only situations where the FCA accepted that more than one manager can carry out the same senior manager function in the Bank Regime is where a function is subject to a formal job sharing arrangement or where there were co-heads of a function (e.g. Co-CEOs).
A senior manager can hold more than one function (and this is expected in Limited Scope firms as is currently the case under the Approved Persons Regime). The FCA does, however, require that a single senior manager does not have too many functions such that a conflict is created or the individual does not have sufficient time to dedicate to all of them (which goes to reasonable steps). This is a judgment matter depending on the situation within a firm and should be assessed on the facts.
Reporting lines need to be clearly explained and documented. For example, where a senior manager (A) reports into another identified senior manager (B), yet senior manager A reports into senior manager B on a particular area (X) but not on another area (Y), and on area Y senior manager A reports directly into the board, the detail around this reporting line will need to be clearly explained to the FCA. The FCA’s presumption is that if senior manager A reports into senior manager B, then senior manager B is the only senior manager. However, this is not always the case in practice.
Some non-executive directors within firms will not be chair of one of the identified board committees but they will still be a non-executive director (e.g. a board member). This means that they will not hold a senior manager function. In the Bank Regime, the PRA referred to these non-executive directors as “notified NEDs” or “non-SMF NEDs”. The PRA required that firms notify these notified NEDs/non-SMF NEDs to the PRA notwithstanding that they did not need to be approved by the PRA. In the Consultation Paper, there is no discussion about whether the FCA will require these non-SMF NEDS within Core or Enhanced Firms to be notified to the FCA as in the Bank Regime. Regardless of this uncertainty, non-SMF non-executive directors in Core Firms and Enhanced Firms will still need to comply with a firm’s fit and proper requirements, criminal record checks and conduct rules, and be subject to regulatory reference requirements.
Prescribed responsibilities are a set of regulatory responsibilities within a firm that the FCA requires firms to allocate amongst one or more senior managers (where applicable). These will be new to those senior managers currently approved as approved persons. All prescribed responsibilities must be allocated amongst the approved senior managers where they apply to a firm. However, those senior managers holding SMF 18 cannot hold any prescribed responsibilities save for item number 5 of the Core Firms below.
Unlike in the Bank Regime, the FCA does not appear to be proposing restrictions on which type of senior manager can be allocated certain prescribed responsibilities. In the Bank Regime, some prescribed responsibilities could only be allocated to a non-executive senior manager.
Limited Scope Firms have no prescribed responsibilities that must be allocated.
It is proposed that Core Firms must allocate the following prescribed responsibilities
It is proposed that Enhanced Firms must allocate all of the prescribed responsibilities described above for Core Firms (excluding prescribed responsibility 6), as well as:
Once the final policy statement is issued, the precise wording of the prescribed responsibility as listed above cannot be changed by a senior manager or a firm. A senior manager cannot, for example, make amendments to the wording of the prescribed responsibility as listed in the Statement of Responsibilities. Therefore, if firms have concerns about how a prescribed responsibility is worded, they are encouraged to respond to the consultation.
The FCA’s preference is for a prescribed responsibility to be allocated to one senior manager. However, while this is the FCA’s preference, there will be some prescribed responsibilities that naturally fit within the responsibility of more than one senior manager (as was the case with the Bank Regime). In this situation, a firm should use the free text space in the Statement of Responsibilities to clearly describe what part of the prescribed responsibility the first senior manager is accountable for and what part of the prescribed responsibility the second senior manager is accountable for and so on.
There are a number of lessons learnt from the Bank Regime, including in relation to how prescribed responsibilities can be shared/split. Firms are structured differently and so some allocations of the prescribed responsibilities might be to senior managers where the FCA may consider it unusual. Where an allocation of a prescribed responsibility is likely to be viewed by the FCA as being unusual, it should be explained clearly to the FCA why it is appropriate to the firm.
For Enhanced Firms only, the FCA has an additional requirement, namely that Enhanced Firms must also allocate “overall responsibility” for every business unit, activity or area of the firm to one or more senior managers bearing in mind the “no gaps” principle. What this means in practice is that a firm needs to map out all the different business units, activities and areas of the firm, including both front office and back office functions and those provided from branches. A firm then needs to work through the various tests in SYSC, to determine which senior manager(s) has overall accountability for that unit/activity/area to the board. Where the accountable senior manager is not already proposed to hold a senior manager function, he/she will need to be an approved senior manager holding SMF 18 (for senior managers within a firm) or SMF 7 (for senior managers within the wider group) for that “overall responsibility”.
The “no gaps” principle means that every business unit, activity, area of a firm is allocated to one or more senior managers such that there are no areas in the firm that are not allocated to a senior manager. If an issue were to occur in a particular area of a firm, the FCA should be able to determine from the Statements of Responsibilities which senior manager(s) they wish to discuss the issue with.
There are a number of lessons learnt from the Bank Regime, including those set out below.
The FCA provided a list in the Bank Regime in SYSC 1 Annex 1 of the various areas of a regulated bank that the FCA would expect it to have what it needs to allocate. However, this list is guidance only so while Enhanced Firms can use it as a starting point, it is by no means an exhaustive list and firms should add to this list all the other various departments/units/ activities/areas that exist within the firm.
An Enhanced Firm does not need to assign overall responsibility for a unit/activity/area that is already covered by a senior manager function and its inherent responsibility. For example, SMF 2 is the senior manager that carries out the finance function. There is no need to also allocate overall responsibility for the Finance function to the senior manager already approved as SMF 2.
Although a firm might look to its reporting lines in order to determine overall responsibility, care needs to be taken. Reporting lines within a firm are often an HR tool and are linked to an individual’s reporting for performance management/appraisal purposes. Firms typically have either “dotted” or “hard” reporting lines—hard being for performance management purposes (i.e. a line manager, someone to whom a direct report is provided) with dotted being a second line manager or equivalent. Determining overall responsibility is not necessarily aligned with a person’s reporting lines—dotted or hard. Within the SMCR, firms should think about reporting in terms of functional business reporting lines and awareness reporting lines.
An element of description needs to be included to describe the nature of the overall responsibility over the business area/activity/unit/department. In the Bank Regime the FCA did not consider that simply stating “Head of X Department” (i.e. a manager’s job title) was sufficient to convey the level of detail that the FCA needed to understand what was involved in that responsibility. This is particularly the case as firms structure themselves in different ways and so a particular department may not have a uniform scope across firms. This is also important as a senior manager should describe what is excluded from that responsibility and identify within which other senior manager’s remit responsibility for that excluded item falls.
As noted above, for Enhanced Firms there can be no gaps in the responsibilities allocated across the senior management population. This exercise can be challenging due to: (i) “horse-trading” amongst senior managers to delineate the boundaries between responsibilities; and (ii) the fact that Statements of Responsibilities are dynamic, so a change to one Statement of Responsibilities may necessitate a change to others. In the Bank Regime, firms necessarily tasked one individual/department to ensure that there were no gaps across the Statements of Responsibilities and then to ensure that any changes made to the Statements of Responsibilities were reflected in the Management Responsibilities Map (discussed below—note this only applies to Enhanced Firms).
Statements of Responsibilities are a regulatory form which the FCA requires a firm to ensure their senior managers carrying out senior manager functions complete and file when seeking to be approved. In addition, the FCA also requires a firm to ensure that these Statements of Responsibilities are kept up to date (discussed below).
The FCA has yet to consult on the form that will be mandated but it is expected to be identical to that in the Bank Regime (save for the change to functions and prescribed responsibilities that there are in the SMCR and the different requirements that apply to Limited Scope Firms, Core Firms and Enhanced Firms). Therefore, on this assumption, in the form a senior manager will be required to
For Core Firms and Enhanced Firms, in respect of prescribed responsibilities, there is the ability to include additional text to explain where there is more than one senior manager responsible for a prescribed responsibility.
For Enhanced Firms and in relation to overall responsibilities, additional wording should be included to describe the extent/scope of the overall responsibility and, importantly, what is excluded from the responsibility (see the discussion under Overall responsibility above).
In the Bank Regime, the FCA introduced a word limit for this additional text of a maximum of 300 words and it is expected that the FCA will introduce something similar (if not exactly the same) for firms in-scope of the SMCR. If this is introduced, note that in the Bank Regime, the word limit applies per responsibility; it is not an overall word limit for the entire Statement of Responsibilities.
Similar to the Bank Regime, the FCA is proposing that firms ensure that senior managers keep their Statements of Responsibilities up to date. This will necessitate firms needing to refile the Statement of Responsibilities with the FCA where there is a material change to the details included in the Statement of Responsibilities. Therefore, firms will need to consider what resource they need to ensure that senior managers are supported in complying with this requirement.
There are a number of lessons learnt from the Bank Regime. The Statements of Responsibilities need to be clearly drafted, sufficiently detailed, focused and consistent with the Management Responsibilities Map (for Enhanced Firms). From an employment law perspective, they also must be consistent with a senior manager’s job description. Any sharing of responsibilities, especially where it may be viewed as unusual by the FCA, needs to be clearly explained. Finally, the senior manager population needs to be educated on the purpose of the Statement of Responsibilities namely that they are a regulatory form reflecting accountability to the board, and do not need to replicate a senior manager’s full job description.
As discussed above, the duty of responsibility is a statutory duty and applies to all firms as follows
The duty of responsibility requires senior managers (those approved to perform a senior manager function) to take reasonable steps in discharging that responsibility. This is the same duty that currently applies to those individuals within a financial services firm who are approved persons. However, the Bank Regime caused senior managers to refocus their minds on this existing duty.
“Reasonable steps” is an objective test, namely: what steps is it reasonable to expect a senior manager in that role and with those areas of responsibility to have taken in order to prevent an issue/breach from occurring or continuing?
The FCA has provided a body of guidance and commentary on their expectations of what amounts to reasonable steps, which is found in DEPP. In addition, there have been some cases from the Upper Tribunal at the FCA (the appellate body from the FCA’s primary enforcement tribunal) which have also reinforced the standards (see Pottage v FSA  Lloyd’s Rep FC 16 (2012)).
In practice, it can be diagrammatically shown as follows
Are these reasonable and can the senior manager evidence that he/she took them/decided not to take them?
Importantly, taking reasonable steps does not mean taking every step feasible or possible. It is those steps that it is reasonable to expect a senior manager, in that position, with his/her allocated responsibilities, to take.
Nor does it mean that a senior manager must personally carry out their responsibilities themselves— senior managers can of course delegate their responsibilities but taking reasonable steps in relation to delegation arrangements would require the delegation to be appropriate, to a sufficiently appropriate person with the senior manager receiving management information of a sufficient quality and with sufficient frequency to be aware of what is occurring in relation to that area, that escalation processes are in place and appropriate oversight is retained, and so on.
The reasonable steps that are expected of non-executive directors carrying out senior manager functions are different to those expected of executive senior managers. The FCA reiterated as part of the Bank Regime that non-executive directors are not expected to act like executive directors. Their primary role is to effect challenge within board meetings and to chair identified committees competently and effectively. The FCA has set out a set of reasonable steps for non-executive directors when they chair a committee.
From the Bank Regime, it is clear that there is an increased focus on the need for senior managers to demonstrate compliance with the regime. The FCA’s mantra has been for some time now that “if you cannot evidence it, you did not do it” and firms need to support their senior managers in ensuring that there is a greater focus on evidencing reasonable steps. In practice the nature of this support will in part depend on the senior manager, his/her areas of accountability and how he/she prefers to work. There is no one-size-fits-all approach to reasonable steps—some senior managers organise themselves with documentation and processes, others may prefer to work from tablets. In the Bank Regime different forms of support were offered to senior manager populations including new software (which it was reported was not always used effectively or consistently) through to newly created departments, additional human resource and supporting processes such as an internal system of upwards attestations. All of these have their pros and cons.
There is no mandated way for a senior manager to ensure he/she is documenting reasonable steps, but there are some important points to bear in mind
With the increased focus on reasonable steps, a number of trends were seen in banks after implementation of the Bank Regime. These included
In addition to the individual Conduct rules (discussed below), it is proposed that senior managers in Limited Scope, Core and Enhanced Firms are required to comply with four additional conduct rules that apply to senior managers only. These are the same rules that currently apply to individuals approved in the existing Approved Persons Regime. They are
Senior managers must be trained on how these conduct rules apply to them, their functions and their responsibilities.
Management responsibilities map For Enhanced Firms only, there is an additional requirement to put in place and maintain a Management Responsibilities Map. The map must be a standalone document which is intended to allow someone unfamiliar with the firm to obtain a complete understanding of what the firm does, how it arranges itself, what governance oversight and systems and controls it has in place to manage its risks and run its business, who the senior managers and certification staff are and how responsibilities have been divided across the senior management population.
The form of this map is not prescribed. However, it must comply with certain requirements set out in SYSC. In summary, the requirements include
The Management Responsibilities Map needs to be kept up to date and refiled with the FCA together with every filed Statement of Responsibilities (remembering that Statements of Responsibilities are filed together with an application to approve a senior manager and whenever a senior manager’s responsibilities have materially changed). There is no additional requirement to attest that the Management Responsibilities Map is up to date annually, as was initially proposed in the Bank Regime but not proceeded with.
There are a number of lessons learnt from the Bank Regime. There can be no cross-referring to other documents that are located outside of the map. What this means in practice is that the map can reference the identity of a policy document in order to comprehensively explain the controls in place. However, a firm cannot refer to a policy document for information that needs to be included in the map, or refer to a part of a policy document for more information.
If policies are to be appended to the map (which it is acceptable to do), they need to be kept up to date so references to “Approved Persons” would need to be changed (unless a group of companies still has group entities subject to the Approved Persons Regime).
The terms of reference of any committees will need to be included and these should be up to date. The map needs to be easily understandable and easy to navigate. The map needs to be sufficiently detailed, especially regarding the governance arrangements and reporting lines.
Although the day-to-day updating of the map will likely be delegated to the compliance function and signed off by the board and owned by the CEO, the FCA is the audience. So it is prudent to consider the tone and content of the map and align the tone with the FCA’s wider expectations, including treating customers fairly, conduct risk, culture (particularly a culture of challenge in this context) and their focus on management information.
Enhanced Firms are required to ensure that there are handover arrangements in place for the senior management population. These are not prescribed and there is no mandated “handover certificate” as was originally mooted for the Bank Regime. It is an expected part of a senior manager’s reasonable steps that an outgoing senior manager ensures that the role/ function and responsibilities are handed over to an incoming senior manager in a diligent, fulsome manner.
There are a number of lessons learnt from the Bank Regime. One of the key risks that needs to be considered is how a firm ensures sufficient handover can occur in unexpected situations/ emergencies (e.g. if a senior manager is unexpectedly taken ill with a long-term illness or dies). In the Bank Regime, banks approached this aspect in different ways. The most common approach was for firms to require their senior managers to maintain a “living will”; in essence a document that is revisited frequently to note how issues that were ongoing at the time of the previous update had been resolved or managed and where key documents could be found and what new issues were ongoing and how they were being addressed.
Limited Scope, Core and Enhanced Firms will need to identify their staff who can cause significant harm to the firm, the market or customers. The FCA has stated in the Consultation Paper that they do not expect Limited Scope Firms will have any certified staff.
Certified staff will include
The territorial scope of this element of the regime is not solely UK focused. Staff in overseas branches and subsidiaries of a firm can come within scope. The FCA has introduced a territorial limitation, see “territorial limitation” below. Identifying staff who can cause significant harm is an ongoing obligation and must be constantly assessed as staff change, move between roles or take on additional roles and where the line managers of certified staff change. In addition, the FCA is proposing that firms should certify senior managers for aspects of their role that are outside their senior management function but which are a significant harm function.
As part of its Second Thematic Review, the FCA queried banks’ arrangements for contingent labour (e.g. contractors, consultants, etc).
Once the certified staff population is identified, it is recommended that an early communication campaign is given to this population. There will be some key changes affecting their roles and they should be informed of these as early as is sensibly possible. In particular, in the Bank Regime this population was keenly focused on certain key areas of change, including
For Certified Staff, Core and Enhanced Firms must issue a certificate to each certified member of staff. There is no prescribed form for the certificate, but there is prescribed wording that must go into the “certificate” which is set out in FSMA. A Certified Staff member must hold a valid certificate which relates to the role for which he/she needs to be certified at all times while carrying out the role that warrants his/her needing to be certified. The certificate can only last for a maximum of one year and so firms must, at a minimum, reissue the certificate annually. As the certificate requires firms to state that the staff member is fit and proper to carry out that role, this necessitates that the firm reassess that staff member’s fitness and propriety.
There are permitted grace periods within which staff can temporarily carry out a certified staff role without being certified where certain conditions are met which are similar to the current Approved Persons Regime. In addition, there are arrangements for staff temporarily visiting the UK.
In the Second Thematic Review, the FCA focused on, amongst other items
Firms will need to plan for situations when they need to issue a conditional certificate and what that may address. Conditional certificates are permitted for items that are not as material to fitness and propriety such as completing a required training course.
Firms will also need to ensure that, in drafting the certificates, that they think about what rights they may need to revoke the certificate should the employee no longer be fit and proper during the period covered by the certificate. This was not addressed by FSMA nor covered in the FCA’s rules for the Bank Regime and was an element that firms found difficult.
Firms are required to ensure that their senior managers are fit and proper before submitting an application for approval for that senior manager to carry out a senior manager function and to keep their fitness and propriety under constant review. The standard for assessing a senior manager’s fitness and propriety remains that set out in the FIT chapter in the FCA’s Handbook. Firms must also ensure that their certification staff are fit and proper before starting to carry out the significant harm role and to reassess their fitness and propriety at least annually. In reality, certification staff will need to be reassessed each time they move within roles, take on an additional role, etc. as well as being assessed annually.
The fit and proper standard that applies to firms when conducting this assessment is set out in the FIT chapter of the FCA Handbook. However in the Bank Regime, firms added to the requirements for what being “fit and proper” to work at that firm meant to that firm. The additional elements typically included items that related to the firm’s ethos, culture and business standards.
Broadly, a best practice F&P assessment follows this process although there may be additional levels of oversight built into the process depending on the firm.
There are a number of employment law related challenges with the above that are worth bearing in mind. In particular
In the Second Thematic Review, the FCA focused keenly on the F&P assessment process seeking confirmation from firms on a wide variety of issues including
This element of the SMCR should be started as early as possible. It is important for firms to know if they will be able to certify their identified certification population. Further, it helps to familiarise a firm’s line managers and senior managers with the new process and helps to ensure that any deficiencies have been addressed prior to implementation. In addition, firms will need to ensure that performance appraisals are being conducted to a consistent standard across the firm. This can be challenging, given the different personalities, working styles, backgrounds of those managers typically conducting performance appraisals.
Regulatory references remain one of the most controversial parts of the SMCR. Firms with in-scope staff are required to provide a regulatory reference (which is a prescribed regulatory form) which confirms to the employee’s next employer (and next employer for the next six years and possibly longer in certain circumstances) whether there were any breaches of the conduct rules or fit and proper requirements that resulted in disciplinary action being taken by the firm. Firms are prohibited from entering into compromise/settlement agreements that cut across this requirement.
The regulators received significant negative feedback from the industry on this aspect of the regime (mostly in relation to the difficulties with making this requirement work with employment law requirements). As such, the regulators delayed implementing this element of the regime for almost a year as part of the Bank Regime. In the end, the requirement was introduced without clarity provided on how the regime fits with employment law requirements. This aspect comes with numerous challenges including in relation to data protection laws and employment laws. The FCA has said that it is considering how the SMCR works with the upcoming GDPR and is liaising with the ICO on this aspect.
The SMCR requires new evidential requirements to be satisfied when assessing candidates for SMF positions and Certification roles. Both firms and any candidates have to declare any criminal record, including any spent conviction the employer should legally be aware of and firms are required to carry out criminal records checks as part of each application.
Firms will either need to be registered with the Disclosure and Barring Service (DBS), or the equivalent bodies in Scotland and Northern Ireland, or pay to use an umbrella organisation as an intermediary to run these checks.
Firms will need to identify those employees within the firm/branch/group that will be conduct staff (i.e. all senior managers, all certified staff, all non-executive directors and all other employees of the firm (including in branches), excluding those employees whose role is not specific to the financial services industry (e.g. cleaners, security guards)).
Once identified, firms need to ensure those staff are trained on the high-level rules that are the conduct rules and refresh the training annually.
An early communication campaign is beneficial to this population as even those who work in a regulated workplace can be anxious about what it means for them in practice. There was a level of anxiety amongst this population in the Bank Regime that they were suddenly subject to direct oversight by the FCA and possibly regulatory action. In addition, combining the communication with additional information about the whistleblowing procedures was found to be beneficial in order to avoid non-specific whistleblowing claims being made due to a Conduct Staff not wishing to report any Conduct rule issues in accordance with the internal breach reporting procedure. Whistleblowing claims that are vague, unclear and unspecific incur significant resource and cost to a firm to investigate them.
Firms also need to think about the culture within their firms. One possible unintended consequence of the regime is the risk of hidden wrongdoing by Conduct Staff.
There are two sets of rules: there are five rules which apply for all Conduct Staff (discussed below) and the additional four Conduct rules which just apply to senior managers (although one of those four will also apply to non-executive directors who are not also senior managers) (discussed above).
They are as follows:
The rules apply when conduct staff carry out regulated and unregulated activities of a firm and activities which are ancillary to a firm’s regulated activities. This is narrower than the Bank Regime where the conduct rules applied to everything conduct staff did in relation to their job at the bank. It is not yet clear how this restriction will work in practice. It is expected that the FCA intended to draw the line more definitively and it is hoped that this will be clarified in the Policy Statement.
A firm must also notify the FCA when taking formal disciplinary action resulting from a breach of a conduct rule. The timing of the notification is the same as currently applies to banks, namely annually for all staff (excluding senior managers) and within seven days for senior managers albeit subject to the overriding obligation under Principle 11 for notifications in respect of all staff where the materiality threshold is met.
Firms are required to have internal breach reporting arrangements for staff to report breaches of the conduct rules.
The FCA has not yet decided how it might apply the SMCR to those firms who are appointed representatives. The FCA is proposing to consult on what, if any, requirements it may introduce for appointed representatives and has not given a timetable for this consultation. Therefore, currently the Approved Persons regime will continue to apply for this population.
Currently, the FCA is proposing to treat UK branches of EEA firms in a similar way to Limited Scope Firms, whereas UK branches of non-EEA firms have a wider set of senior manager functions and prescribed responsibilities so will be Core or Enhanced Firms. In addition, with UK branches, the territorial limitations discussed above are further enhanced such that staff are only certified staff or conduct staff if they are based in the UK branch.
It is intended that responsibility for outsourced functions is allocated among senior managers in Enhanced Firms, notwithstanding that the firm as a whole must still comply with SYSC 8. It is currently unclear how the FCA is proposing that firms (other than Enhanced Firms) deal with outsourced services as there is no requirement for Core Firms to allocate overall responsibility amongst their Senior Managers.
Staff in branches (whether local or overseas) or regulated or unregulated subsidiaries can be in-scope of the SMCR. For senior managers, there is no territorial limitation. For certification staff, the territorial limitation operates such that the relevant staff member must be based in the UK or “deal with” UK clients, and there are some exclusions. For conduct staff, the territorial limitation operates such that the relevant staff must be based in the UK.
In Enhanced Firms, the Head of Legal/General Counsel does not need to be approved as a senior manager but this is subject to further discussion by the FCA (DP16/4). There is a new prescribed responsibility of ensuring the governing body is informed of its legal and regulatory obligations but the FCA has stated that it does not expect this to be allocated to the Head of Legal.
The current proposals would see all partners within a partnership needing to seek approval for the senior manager function. However, partners play different roles in a partnership. The FCA has stated that it is open to receiving feedback from the market on whether this is appropriate or whether the FCA should only require the senior manager function to apply to those partners who make the decisions (e.g. managing partners).
In addition, the FCA has not yet considered how it will treat corporate partners in a partnership where the intention is clearly not to capture them.
The FCA is proposing to consult in its Technical Consultation on how it proposes conversion from the Approved Persons Regime to the SMCR will occur. “Conversion” is the name the FCA proposes to use to replace “grandfathering” used in the Bank Regime. In the Bank Regime, existing approved persons were “grandfathered” into the new regime by firms completing a regulatory filing. The FCA has stated that it is proposing to “auto-convert” some Approved Person approvals for firms, thereby reducing the administrative burden on firms.
The FCA has stated that it is not intending to publish its final rules until the “summer of 2018” meaning that firms can expect an implementation deadline during late 2018 or into 2019. The implementation timeline will be announced by the Government. The FCA has recently stated to a sector of the market that firms can expect implementation in 2018.
There is also, as yet, no visibility on whether the FCA/Government will adopt a phased implementation approach as it did for the Bank Regime where the requirements were implemented over a two-year period.
As stated earlier in this Bulletin, the FCA has not yet addressed certain items which are to be covered in a Technical Consultation Paper due out as soon as the consultation period for the current Consultation Paper ends (November 3, 2017), these are
In addition, the FCA has not considered how the SMCR ties into the requirements for in-scope investment firms under MiFID II in relation to senior managers.
The risks that firms face will differ depending on their categorisation, but in broad terms, the risks and practical challenges can be grouped as follows
The SMCR represents a significant change to firms’ culture and conduct. Therefore, what a firm can start now depends on how comfortable a firm is with their existing governance and oversight arrangements, systems and controls in place within their organisation and accompanying culture and conduct of accountability, challenge and evidencing decisions.
Firms that are not comfortable that their culture and conduct meets FCA expectations could benefit from starting their projects early looking at their governance and oversight arrangements. Changes in culture take a long time to embed and so starting early means that firms might be in a better position by the time the SMCR needs to be implemented.
For firms that are relatively comfortable with their culture and conduct and existing governance arrangements, there are a number of items that firms can start to prepare:
Firms are also encouraged to respond to the FCA’s Consultation Paper. The FCA has stated that it is not sure if it has got the regime right for all sectors of the financial services industry and so is open to understanding the challenges that firms will face with the SMCR as currently proposed.
This Bulletin does not address all of the myriad employment law-related risks or issues that exist with the SMCR, and the separate workstreams in relation to HR that need to be considered.
See https://www.fca.org.uk/news/news-stories/senior-managers-and-certification-regime-one-year [Accessed September 20, 2017].
Bank of England and Financial Services Act 2016 s.21.
Consultation Paper, para.1.11.
Consultation Paper, para.1.10.
OFAC published a final rule that modifies the Cuban Assets Control Regulations to revoke the so-called "U-turn" authorization.
On 5 September 2019, Professor John McMillan AO’s Final Report (Report) on the operation of the Narcotic Drugs Act 1967 (ND Act) was tabled in Parliament. Section 26A of the ND Act required the Minster to cause a review of the operation of the ND Act to be undertaken.