Insurance firms now have a period of a few weeks until 10 December 2018 deadline to comply with the new Senior Manager & Certified Persons Regime (SM&CR) which currently applies to banks and larger investment firms. The extension of the SM&CR to insurers, replacing the Senior Insurance Managers Regime (SIMR), reflects the view of the UK's financial services regulators that the SM&CR has improved culture and compliance by clarifying individuals' responsibilities and enabling them to be held to account to a greater extent than previously. The SIMR, which itself only dates from March 2016, could be described as representing a "half-way house" between the Approved Persons Regimes established in 2001 and the SM&CR.
In this light, HM Treasury has chosen to apply the SM&CR to most financial services firms and to insurers, bringing to an end the separate SIMR. It will apply to all insurers and re-insurers, although additional requirements will apply to Solvency II and large non-directive firms (i.e., those with assets over GBP 25 million). Other financial services firms such as asset managers must wait another year until December 2019.
We consider below some of the key take-aways from the SM&CR and set out the transitional arrangements which firms should be aware of in the lead up to implementation.
1. Senior Management Function Holders (SMFs)
Board members and other individuals who hold key roles or have overall responsibility for specific business areas, functions or activities will require pre-approval by the PRA or FCA (depending on the function being performed). The SM&CR will apply to any person who performs a senior management function (SMF) role whether in the UK or abroad. In contrast to the SIMR, a "duty of responsibility" will apply to SMFs. This means that they will be held accountable if they fail to take responsible steps (including training staff or exercising proper oversight) to prevent or stop regulatory breaches in their areas of responsibility (see below for more detail).
2. Certification Regime for Significant Harm Function Holders
Certified persons generally comprise the next management rung down from senior managers, plus certain technical and customer-facing functions - the exact population differs between the PRA and FCA. This is another significant change from the old regime. Such individuals do not require prior regulatory approval, but do need to be certified by their firm which must assess their fitness and propriety (see below). Under transitional arrangements, insurers will not need to certify such employees until 10 December 2019, one year after the commencement date. Nor will regulatory references be required for new staff until this time.
3. Firms will need to certify staff and assess F&P
Under the certification regime firms will have to certify that individuals who carry out specified certification functions are fit and proper, and periodically assess their continuing fitness. This represents a shift away from the previous position where the FCA/PRA made these assessments upon receiving an application for approval of an individual as an Approved Person or SMF. The assessment of fitness and propriety by firms raises a number of issues including what is the best process to follow, its consistency with employment law, and how it should interact with disciplinary action. An important immediate issue is to determine which employees are in-scope and to train them on their regulatory obligations. Both PRA and FCA standards need to be considered.
The FCA has identified eight certification functions which will apply to all firms, including insurers (although the FCA recognises that some may not be relevant to insurers). The PRA has separately identified three certification functions which it will apply to insurance firms. The FCA and PRA functions sit alongside one another and firms will need to consider the overlap between the two regimes when identifying staff falling within the Certification Regime.
Individuals who perform both FCA and PRA certification functions will need to be assessed by the firm against both regimes but only one certificate, covering an individual's FCA and PRA functions, needs to be issued.
4. Prescribed Responsibilities and Management Responsibility Maps
An important part of enhancing individual responsibility is to define with better precision a senior manager's responsibilities. Reflecting the "half way house" status of the SIMR, the PRA has renamed the current "scope of responsibility records" and "governance maps" as Statements of Responsibility (SoRs) and Management Responsibilities maps (MRMs) respectively, bringing the terminology into line with the SM&CR. MRMs should also include a record of any responsibilities reserved to the board. Firms will only have to update regulators when there are significant changes to the SoRs and the MRM. The PRA provides guidance in its Supervisory Statement (SS35/15) on what it considers to be a significant change. A SoR is not conclusive of a senior manager's lines of responsibility, this is a question of fact, but it represents a starting point should the firm breach regulatory requirements and the roles of individuals come under scrutiny.
Firms should be aware that the PRA and FCA take different approaches to the splitting of SMFs between one or more individuals. While both allow sharing (subject to explaining how the arrangement is to work in practice), the FCA allows firms to divide prescribed responsibilities (PRs) in the most appropriate way for their own business model. In contrast, the PRA consider that clarity of roles and responsibilities is fundamental to the SM&CR as a whole, and does not allow PRs and SMFs to be split between more than one senior manager. Having said that, the PRA does allow the splitting up of the Chief Operations function (SMF24) and the Group Entity Senior Manager function (SMF7). Where two or more individuals share an SMF (e.g., a job-share) both are individually accountable for all the SMF responsibilities. Nonetheless, where a firm contravenes a relevant requirement, the PRA explains that it would still look at whether each individual had taken reasonable steps in fulfilling their shared responsibilities.
Solvency II insurers and large NDFs will have to provide all new senior managers with a "handover statement" on taking up their roles. This requirement manifests itself in firms taking all reasonable steps to provide in advance all the information and materials an incoming senior manager would reasonably expect to perform their responsibilities effectively.
5. Conduct Rules will apply to all employees (other than ancillary staff)
These rules are high level requirements that replace the Statements of Principle and Code of Practice for Approved Persons. In contrast with the Code - which the FCA has extended (in part) to almost all (except ancillary) staff - the Statements of Principle only applied to those functions requiring preapproval from regulators. The PRA limits their application to SMFs, certified persons and nonexecutive directors (NEDs). Insurers should notify the relevant regulator(s) when disciplinary action is taken against a person for a Conduct Rules breach.
Senior manager and certified function staff must comply with the Conduct Rules from 10 December 2018. Insurers have 12 months from the start of the regime (i.e., 10 December 2019) to apply the Conduct Rules to their other Conduct Rule Staff (i.e., all employees except ancillary staff, for example, secretarial support).
6. Senior Managers and certain NEDs will be subject to criminal record checks
Insurers will be required to undertake a criminal records check as part of each senior manager approval application. This requirement will also apply to NEDs who are not senior managers but who fall under the fitness and propriety regime. The FCA will require a criminal record check for every application for a SMF, even where an individual already performs a role in the firm or the group. This differs from the approach by the PRA.
Criminal record checks are not mandated for certified function staff, but firms should consider whether they wish to conduct these checks (where legally permitted to do so). Firms which are not yet registered with relevant criminal records check organisations should consider doing so in advance of 10 December 2018.
7. Regulatory References will be extended to all Certified Roles and all insurers
Part and parcel of the SM&CR are regulatory references. Their purpose is to prevent so called "bad apples" moving from one firm to another. This requirement already applied to Solvency II firms and large non-directive firms for Approved Persons and standard NEDs. Under the SM&CR, regulatory references will be extended to all Certified Function Staff. Where a request is received from another regulated firm an insurer must disclose all information of which it is aware and reasonably considers to be relevant to the other firm's assessment of whether the individual is fit and proper. Any disciplinary action that relates to circumstances amounting to a Conduct Rule breach or a lack of fitness & propriety must be disclosed including a consequential reduction in remuneration. The new requirements will require insurers to turn their minds to a greater extent than previously as to whether misconduct amounts to a Conduct Rule breach or a lack of fitness and propriety, even in the absence of a specific finding from a disciplinary hearing. Accordingly processes may need to change.
In terms of transitional measures, firms will not have to obtain regulatory references for existing employees who perform the same role when the new regime starts, but will need to be prepared to meet these requirements for any changes in certified function staff after 10 December 2018.
Overall Responsibility SMF & Head of legal
Whether a firm's head of legal must be approved as a SMF is still an open question. The FCA published a discussion paper in September 2016 on whether a head of legal should be designated as an SMF. This has been a topic of much controversy given concerns over how well privileged legal advice sits with the duty to co-operate with regulators. In its Policy Statement on extending SM&CR to insurers, the FCA say they intend to consult further before publishing definitive rules and guidance. In the circumstances, the FCA recognise that firms may not be able to make a decision, with full certainty on whether the head of legal should be approved as an SMF 18 "Other Overall Responsibility" function. On this basis, firms who have made a good faith decision do not need to take any action for the present.
The FCA has set out detailed guidance on the transitional arrangements for current Approved Persons who will become SMFs under the new regime. The PRA has also set out timelines and relevant measures for implementation.
Broadly speaking, existing FCA Approved Persons can convert to equivalent SMFs without requiring firms to apply for pre-approval. The FCA is to allow function mapping of existing controlled functions against corresponding SMFs. As a result, firms will need to consider (i) which individuals will be carrying on an SMF and (ii) whether those individuals are already approved to carry on the equivalent controlled function.
Where an individual's approval can be converted firms will need to submit the following amongst other documents by 3 December 2018 via the FCA administered Connect system:
- a Form K, detailing all of the Approved Persons to be converted to SMFs at commencement;
- SoRs for all of the SMFs; and
- the firm's Management Responsibilities Map.
Firms need not carry out additional checks on these individuals, but must ensure that they are fit and proper for their roles under the new SMF position.
Individuals who cannot be converted, either because they are not currently approved or their approval does not map to an appropriate SMF, must submit a new Form E or Form A. The regulators will endeavour to assess these applications prior to commencement of the new regime. Please note that forms cannot be submitted for the new SMF 6 and SMF 24 before the start date of the extended regime.
Firms should be aware that a failure to submit a conversion notification form by 3 December 2018 will mean contravening regulatory requirements and no longer having appropriate SMR approvals. In this situation, firms would need to re-apply for approval of individuals using the full SM&CR process, including mandatory criminal record checks and regulatory references.
- Review management structure / reporting lines; identify any shared PR or function and consider
whether appropriate; review & agree SoRs with relevant managers; draw up a Management
Responsibilities Map showing allocation of PRs; develop procedures around senior manager handovers.
- In advance of 3 December 2018 assess which Approved Persons can be converted to SMFs and, consequently, prepare and submit the relevant documentation.
- By 10 December 2018, identify certification function staff and inform those staff of their obligations under the Conduct Rules.
- Review & amend contracts of employment to reflect certification and Conduct Rules; review & consider impact of SMR on HR policies and disciplinary procedures, as well as, regulatory references.
- Communicate regulatory requirements to SMFs, Certified Persons and other staff .
- Put in place procedures to re-assess fitness and propriety on an annual basis.
- Design and deliver training as relevant to specific categories of staff/contractors.
- By 10 December 2019 complete the initial certification process for certification function staff and train other staff on Conduct Rules.