Shearman & Sterling LLP multinational law firm headquartered in New York City, United States.

Financial Institutions Advisory & Financial Regulatory, Columns

Jul 08, 2019

The UK’s Expanded Senior Managers and Certification Regime: Key Issues and Action Plan for Brokers, Advisers and Asset Managers

Subscribe

Jump to...

 

The expanded Senior Managers and Certification Regime (SM&CR), which comes into force on December 9, 2019, extends the framework regulating individuals charged with running certain financial institutions. The Banking SM&CR, introduced for banking firms in 2016, was implemented by banks and large investment firms, often with the assistance of external consultancy teams, a costly approach that was paper-and process-heavy. That approach is not necessary for asset managers and other firms implementing the expanded SM&CR. A bespoke, legally attuned governance structure can achieve sustainable regulatory compliance, minimizing disruption to operations. With less than a year to go until the extended rules come into force, this note considers the key issues arising from the expanded SM&CR regime and describes a framework for implementation for U.K. and third-country entities and individuals caught by it.

Introduction

Originally prompted by a Parliamentary review of the banking sector following the 2008 financial crisis, a set of rules governing the management structures of financial institutions was first brought into force in the form of amendments to the existing Approved Persons Regime (APR). In March 2016, the SM&CR replaced the APR for the banking sector (which included banks, building societies, credit unions and PRA-designated investment firms). The SM&CR was then extended to include the insurance sector in November 2018. This year, the SM&CR will be further extended to include all Financial Conduct Authority (FCA) solo-regulated firms authorized under the Financial Services and Markets Act 2000 (FSMA), which include asset managers and investment firms carrying out certain activities. The extension of the regime was prompted by a desire to remove opportunities for regulatory arbitrage created by inconsistencies in the regulatory framework, support competition and establish an efficient regulatory system for all types of financial services firms.

The FCA has stressed that the rules under the extended SM&CR are intended to be proportionate for the diverse range of businesses that will be caught. Speaking at a recent FCA webinar, David Blunt, Head of the Conduct Specialists Department at the FCA, explained:

“Our hope has been that by building a regime which is proportionate, we’ve created something which is going to work for firms and also help them run their businesses even better.”

Firms should, accordingly, implement the regime in a way that is appropriate for their particular organization. This note aims to offer some guidance on how that can be done.

It is generally accepted that the Banking SM&CR has had a positive impact on culture and conduct within banks and investment firms in the three years it has been in operation. The initial reluctance of certain individuals to take on more responsibility or liability under the regime has not been a significant issue in practice for responsible staff working in compliant environments. The quality of decision-making and governance structures of these firms have seen changes resulting from the need to demonstrate reasonable steps have been taken to comply with the regime. It remains to be seen whether the structures imposed by the SM&CR are sustainable and effective and whether there is any legal risk created in committing more decisions and more details of individual interventions in meetings to writing. Senior Managers may be held personally liable for failures in the areas for which they are responsible, meaning correct implementation of the regime directly impacts those individuals. FCA solo-regulated firms (and relevant individuals) coming into the framework at the end of the year can benefit from reviewing the experiences of those institutions already within the Banking SM&CR. Guidance on the most appropriate manner of implementation for solo-regulated firms and the issues they should be aware of is set out below.

The Expanded SM&CR

Who Does it Apply to?

As of December 9, 2019, the expanded regime will be applicable to:

  • All U.K. firms authorized under FSMA (which include asset managers, mortgage providers, consumer credit firms and certain investment firms such as stock brokers, securities and futures firms and financial advisers); and
  • In respect of certain provisions only, U.K. branches of both EEA and non-EEA firms (including branches of Alternative Investment Fund Managers (AIFMs), as defined under the Alternative Investment Fund Managers Directive (AIFMD)).

The expanded SM&CR is not relevant to: (i) incoming EEA firms providing only cross-border services under an inward service passport to the U.K. without establishing a branch; (ii) Payment Services firms (since those are not authorized under FSMA); and (iii) appointed representatives (other than Limited Permission Consumer Credit firms that also act as appointed representatives for other firms). Insurers are already governed by the SM&CR rules.[1] U.K. banks, building societies, credit unions and PRA-designated investment firms are already subject to the Banking SM&CR and have been required to comply since March 2016. Banking firms should still take note of the expanded SM&CR, as certain changes under the expanded regime impact SM&CR banking firms (notably the 12-week rule and the prescribed responsibility for overseeing staff training on the Conduct Rules). Firms currently exempt from the APR will not fall within the SM&CR at all.

Which Obligations Apply?

Legal entities subject to the expanded SM&CR will need to comply with different requirements under the regime, depending on the “tier” in which they are categorized. Each firm is responsible for determining which tier it falls into and for notifying the FCA if its tier changes. Organizations that fall within the regime should note that the rules will be applied at the legal entity level. Large group companies may contain entities in different tiers. At the consultation stage for the expanded regime, the FCA confirmed that, given the asset management industry’s role in the U.K. economy and the extent of its responsibility for individuals’ pensions and savings, asset managers may fall within the enhanced tier where they meet its specifications. The FCA has confirmed that organizations may, if they so choose, adhere to the standards of the highest tier applicable to any group entity on a group-wide basis, notwithstanding that their other group entities may in fact fall within lower tiers subject to reduced obligations.

Tiers under the expanded SM&CR

Tiers Under the Expanded SM&CR

The table at Annex 1 (Table of SM&CR Obligations by Firm), which is based on the table produced by the FCA, sets out the different SM&CR obligations applicable to firms in different categories, the most important of which are discussed below.

What are the Obligations?

The SM&CR provides for:

  • specified Senior Management Functions and Prescribed Responsibilities;
  • a certification regime, involving certification of the fitness and propriety of those carrying out certification functions;
  • a set of Conduct Rules applicable to most employees; banking firms subject to the Banking SM&CR have been required to comply with the Conduct Rules since 2016, but they are new for the asset managers and other FCA solo-regulated firms subject to the expanded SM&CR.

Key components of the expanded regime

1. Senior Management Functions

The Senior Management Functions are a series of roles specified by the FCA that may be held by management within an organization. Those carrying out these functions must be approved by the FCA before they can begin their role. The Senior Management Functions are set out across the FCA Handbook and PRA Rulebook. The functions applicable to an organization will vary depending on the firm’s tier. For example, the functions applicable to core tier firms include those of Chief Executive, Executive Director, Partner, Chair, Compliance Oversight and Money Laundering Reporting Officer. Limited Scope firms will have fewer Senior Management Functions, while enhanced firms will have more. In general, firms are only required to nominate Senior Managers as holding a specific function if that role exists within the firm. The rules do however contain “Required Functions,” which are roles the FCA has deemed mandatory for certain core and enhanced tier firms. Where applicable, firms will need to designate a responsible manager for these functions even if they do not currently exist. Those responsible for carrying out the functions will be termed “Senior Managers” and will need to be approved by the FCA in order to carry out their role. Individuals who have already been approved by the FCA under the APR, and whose roles will not change substantively following the implementation of the expanded SM&CR, will have their approvals automatically converted. Newly appointed Senior Managers will need to make an application for FCA approval. One individual may hold more than one Senior Management Function but will require FCA approval for each. In practice, compliance and anti-money laundering roles will, however, need to be kept separate from CEO and business-related roles, so it will not be possible for one person to hold all the positions. Establishing the applicability of the Senior Management Functions to the management structures of certain funds and asset management firms, and determining who is best placed to fill them, may pose challenges for firms.

2. Prescribed Responsibilities

Senior Managers of relevant firms must be given “Prescribed Responsibilities”, which are set out in the FCA Handbook and detailed at Annex 2 (Prescribed Responsibilities Under the SM&CR) of this article. They include, for example, responsibility for the firm’s performance of its obligations under the Senior Managers regime and employee certification regime, the firm’s financial crime risk management procedures and the firm’s training and reporting on conduct. The FCA has included a specific prescribed responsibility for Authorized Fund Managers, which places responsibility upon them for certain duties, including acting in the best interests of investors, ensuring AFM boards include independent directors and assessing and justifying to fund investors the charges which managers take from funds in the context of the service and value provided.

No Prescribed Responsibilities apply to branches of EEA firms, meaning European asset management firms that fall within the regime only in respect of their U.K. branches need not concern themselves with these. Third-country firms with U.K. branches do have Prescribed Responsibilities under the regime, including a prescribed responsibility for Authorized Fund Managers.

The Prescribed Responsibilities must be undertaken by Senior Managers in addition to the non-FCA mandated responsibilities that already form part of Senior Managers’ roles. Firms can decide which Senior Managers carry out each responsibility but should maintain a record of this decision in the Statement of Responsibilities.

3. Overall Responsibilities

Enhanced firms will need to ensure that every activity, business area and management function within the firm has a Senior Manager with ultimate responsibility for that area who reports into the firm’s governing body. The requirement applies to both regulated and unregulated financial services activities undertaken by the firm. For some asset management firms, this may not reflect existing management structures, as discussed further below.

4. Duty of Responsibility

Every Senior Manager will have a Duty of Responsibility, making him/her responsible for ensuring compliance with FCA requirements. If a breach occurs and the FCA can demonstrate the Senior Manager responsible did not take reasonable steps to prevent it occurring, the Senior Manager could be held accountable.

5. Statements of Responsibilities

Each Senior Manager will need to have drawn up a self-contained document known as a Statement of Responsibilities, describing what they are responsible for across all of their Senior Management Functions. Contracts of employment may need amending or supplementing accordingly.

6. Responsibilities Maps

Enhanced firms must compile a document that maps the firm’s management and governance arrangements. The “Responsibilities Map” should give a collective view of the allocation of responsibilities across a firm.

7. Handover Procedures

Enhanced firms must take all reasonable steps to ensure they have adequate handover procedures when bringing in a new Senior Manager and should produce a policy explaining how they have complied with the requirement, as well as recording the steps taken to comply. The “12-week rule” enables an individual to cover for a Senior Manager for a period of less than 12 consecutive weeks without FCA approval, provided the Senior Manager’s absence is temporary or reasonably unforeseen.

8. Certification Regime

Certain functions that are not categorized as Senior Management Functions, but that can still have a significant impact on customers, will be termed “Certification Functions.” These include, for example, significant management functions, proprietary traders and material risk takers. Anyone carrying out one of these functions must be certified annually, involving a check by the firm that the individual is fit and proper to do the job.

9. Fit and Proper

Anyone performing a Senior Management or Certification Function will need to satisfy the “Fit and Proper” requirements set out in the FCA’s Handbook on an ongoing basis. Non-Executive Directors will also need to be assessed for compliance unless they are at a limited scope tier firm. As part of the firm’s assessment, it must collect evidence of the individual’s fitness and propriety for their job, including carrying out criminal records checks (for Senior Managers and Non-Executive Directors) and obtaining references (for Senior Managers, those carrying out Certification Functions and Non-Executive Directors). When giving references, firms must disclose details of disciplinary action taken over the previous six years for breaches of the Conduct Rules or findings that the relevant individual was not fit and proper. Employers must therefore keep records of such actions.

10. Conduct Rules

The SM&CR imposes a two-tiered set of Conduct Rules that set basic standards of good personal conduct for both regulated and unregulated financial services activities within relevant firms. “Tier 1” will apply to all employees (except ancillary staff who do not perform a role specific to financial services) and include principles such as acting with integrity, being open and cooperative with regulators, paying due regard to customers’ interests and observing proper standards of market conduct. “Tier 2” applies to Senior Managers, and includes requirements such as taking reasonable steps to ensure the areas for which the relevant manager is responsible are controlled effectively and that disclosure is made of any information of which the FCA or PRA would reasonably expect notice. This latter obligation also applies to Non-Executive Directors who are not Senior Managers.

Summary

These requirements are detailed and extensive, but firms should bear in mind the FCA’s stated approach of proportionality in imposing the regime on solo-regulated firms. For many firms, it may be possible to convert existing approvals under the APR to satisfy the expanded SM&CR requirements, minimizing the administrative burden of seeking new approvals. Firms should consider the extent to which the expanded regime is applicable to them, and any changes should be made in light of the FCA’s stated intention at the time of the introduction of the SM&CR as a whole. Mark Steward, the Director of Enforcement and Market Oversight at the FCA, noted that:

“the overriding purpose of the regime is to improve genuine accountability in firms by removing ambiguous or bureaucratic structures that have impeded or obfuscated clear lines of responsibility.”

Key Issues

To aid firms in determining the potential challenges for their organization, this section considers key compliance, operational and personnel issues which FCA solo-regulated firms may encounter, in particular from the perspective of asset managers. The differing scale of operations at solo-regulated firms, and the variety of organizational structures, may render the paper- and process-heavy approach adopted by some banks less practical for such firms. A more bespoke legal approach matching the requirements of the regime with the particular nature of the firm may produce a more effective solution to SM&CR compliance.

Implementation

Implementation of the expanded regime is likely to require a number of administrative steps to ensure compliance. Existing job descriptions may not accord with the division of responsibilities set out under the expanded regime, meaning firms may need to clarify responsibilities, potentially imposing additional responsibilities on members of management, with the consequent amendment of employment contracts.

Documenting Compliance and the Burden of Proof for Enforcement

The importance of documentation and creating an audit trail is particularly apparent under the expanded SM&CR, not least because Senior Managers may be held personally responsible if they fail to take reasonable steps to prevent a breach that falls within their area of responsibility. The burden of proof lies with the FCA in bringing a case against a Senior Manager—the regulator must demonstrate that the Senior Manager did not take the steps a person in their position could reasonably be expected to take to avoid the breach occurring. “Reasonableness” will be interpreted objectively, which would involve determining what steps it would be reasonable[2] to expect a Senior Manager in that role and with those areas of responsibility to have taken in order to prevent the breach from occurring. Further, the FCA is entitled to take action against a Senior Manager, the firm as a whole, or both. In this situation, documentary evidence demonstrating how both the firm and the individuals responsible have complied with their obligations may help ensure penalties are not imposed.

The documentary requirements of the SM&CR are extensive and detailed. Firms should aim to strike a balance between ensuring paperwork is in order and preparing only the documents required for their particular organization. Statements of Responsibilities and Responsibilities Maps must be comprehensive and prepared on a bespoke basis. Responsibilities Maps should include details of matters reserved for governing bodies (including the terms of reference of committees) and committees’ reporting lines. Firms will therefore need to consider which types of decisions should be taken by committee or shared between two or more Senior Managers.

The introduction of the certification regime brings with it an ongoing annual requirement to review the training and performance of each individual carrying out a Certification Function and issue certificates where appropriate. The Fit and Proper requirements mean extra evidence must be collected from candidates for Senior Manager positions, Certification Functions and Non-Executive Director roles. Firms should provide training to staff on the Conduct Rules and breaches of conduct will need to be reported to the FCA. Firms should also consider that the new Conduct Rules cover all business of a firm, not only its regulated activities, and will be applicable to U.K. branches of overseas firms. Overall, the expanded regime is likely to mean greater formality for meetings and training and more decisions, policies and procedures being put in writing. Firms will need to plan how they can comply with their new obligations in a way that is sustainable over coming years.

Senior Managers

Directors, partners and staff falling into the regime for the first time will need to be fully appraised of their new obligations. New processes may need to be implemented around, for instance, keeping records of the reasoning behind decisions, establishing appropriate reporting procedures to ensure decisions are made at the correct level and providing adequate handover notes when passing on responsibility for a Senior Management Function. The new regulatory obligations may provide cause for concern amongst managers already shouldering extensive management responsibilities, particularly given that appointment to a Senior Management Function will be conditional upon the FCA’s approval under the expanded regime. Despite this, firms should focus on the specific requirements applicable to their organization and consider existing processes that may be expanded or modified to ensure compliance with the regime.

Scope of Obligations

The broad scope of the Tier 1 conduct requirements (described above) means staff at all levels of an organization will become subject to the SM&CR regime. The new Conduct Rules cover any business of a firm, not only its regulated activities. Ensuring that staff comply with their obligations may require training and ongoing monitoring. Firms will need to ensure that staff at all levels understand the expanded regime and take responsibility for ensuring they act in compliance with their new obligations. Employment contracts may need to be amended to ensure individuals are aware of, and obliged to comply with, the standards of conduct expected. Internal policies may require updating to reflect the Fit and Proper obligations and FCA’s Conduct Rules.

It is also worth noting that, in April this year, the FCA published feedback on a discussion paper in which it considered the introduction of a new, separate “duty of care” for all financial services firms, independent of the obligations under the SM&CR.[3] Discussions on the duty are at an early stage, and there is not yet a consensus on the scope of the duty or whether it should take the form of a statutory obligation, an amendment to the FCA’s Principles for Business or a fiduciary duty to customers. Some respondents to the FCA’s discussion paper argued that the SM&CR establishes an adequate governance regime and any new duty should only be considered once the market has had time to see the impact of the fully implemented SM&CR. The FCA intends to continue with its internal work and discussions with stakeholders, and publish a further paper in autumn 2019 seeking more detailed views on potential changes.

Issues for Non-UK Entities and Individuals

The introduction of the Senior Management Functions has potentially significant implications for non-U.K. firms with U.K. subsidiaries or branches, and the individuals with responsibility for managing them.

Anyone who performs a Senior Manager role for a U.K. entity or branch will be subject to the Senior Manager regime, regardless of where in the world they are based. This means Senior Managers based outside the U.K. may still find themselves subject to the U.K.’s regime. Group reporting lines may need reconsidering. Where U.K. branch managers are given full responsibility for the branch’s operations, including all local implementation of legal entity or group policies, this should be capable of being avoided. Senior Managers will need to be educated on the requirements and face an ongoing obligation to comply with the regime, including keeping up with changes and guidance issued by the FCA in the future. The geographical separation from the day-to-day operations in the U.K. branch may also mean it is more difficult, practically, for these individuals to administer the Senior Management Function and comply with the obligations imposed by the regime.

Nevertheless, firms cannot necessarily rely on the appointment of a London-based individual to fulfil the Senior Manager role. In the case of many overseas firms with U.K. branches, decision-making may be made outside the U.K. (for instance from a U.S. base). The individual nominated as Senior Manager must actually be making all relevant decisions on the local business, meaning if firms wish to employ a U.K. individual to carry out a Senior Management Function, they will need to transfer responsibility or, at least, provide consultation and veto rights for relevant decisions to that U.K. branch manager.

The “Material Risk Taker” function (i.e. Remuneration Code staff) is the only certification function applicable to individuals outside the U.K. This means an individual deemed to be a material risk taker will be subject to the regime even if they are based overseas and do not deal with a U.K. client of the U.K. branch. Once again, this raises the possibility of individuals based overseas being subject to an alien U.K. regime which their office may not be administratively or operationally prepared for. In such cases, all the compliance steps outlined above, including the statements of responsibility, registration etc. will apply, so at least the non-U.K. staff member will become aware of the regime. Firms should seek tax advice whenever a non-U.K. person becomes registered under the SM&CR.

Issues Specific to Partnerships

While nomination of Senior Managers may coincide with existing roles within corporate structures, allocation of responsibility for Senior Management Functions may be less straightforward for some of the partnership structures operated by asset managers. The expanded regime includes the role of Partner within its list of Senior Management Functions, which is broadly defined to mean a partner in a firm, other than a limited partner in a limited partnership. The FCA anticipates most partners will have some involvement in management of the firm but it is up to firms to decide on a partner-by-partner basis whether individuals perform Senior Management Functions. Partnerships are expected to provide a clear delineation of the roles of each partner in their Statements of Responsibilities. The FCA acknowledges that in practice, responsibilities might be shared among several partners. Nevertheless, partnerships will be expected to assign Prescribed Responsibilities to individual Senior Managers and these generally should not be shared between partners. For partners in limited partnerships, firms will need to consider whether individuals carry out any of the roles applicable to their tier of organization and if so, will need to allocate Senior Management Functions appropriately. This formal allocation of roles may contradict the management structures in place and, given the personal responsibility of the individuals appointed to Senior Manager positions, may place the burden of decisions on a partner typically accustomed to operating as part of the broader partnership unit.

Firms may need to examine reporting lines to determine where the ultimate responsibility for a function lies, and may need to impose clear limits on the authority of all those subordinated to Senior Managers. In the partnership context, executive partners may in fact have the final say on decisions. The true extent of a junior partner’s authority will therefore need to be analyzed to determine whether the existing scope of their responsibilities encroaches upon the responsibility of Senior Managers. If so, reporting lines may need to be introduced to ensure responsibility is devolved upwards. The high expectations of the FCA upon compliance personnel to correctly implement the expanded regime, as well as the introduction of the need to certify fitness and propriety and for individuals to understand and comply with the FCA’s expanded conduct regime, means compliance teams could face challenges as they work to ensure firms meet their obligations.

As discussed above, responsibility for functions within partnerships may need to be specified in a way not previously seen within the management structure. This could mean cultural and organizational changes that all partners, not just those nominated as “Senior Managers,” must understand and comply with. The overriding motivation behind the regime is formally to allocate responsibility to those with real decision-making power. If, in the partnership context, that ultimately only lies with founding partners, the documents and organizational changes made to implement the regime should reflect this. Equally, the imposition of overall responsibilities upon Senior Managers of enhanced firms, and the requirement that such Senior Managers report into a governing body, may not correlate clearly with the way in which certain asset management firms are run.

Action Plan

Determining the issues raised by the regime for individual firms is the first challenge for firms newly part of the SM&CR. The below five-point plan of action sets out steps firms can take to comply with the regime in a focused and proportionate manner and help manage some of the issues described above. Appreciating both the dynamics of the firm and the legal requirements of the SM&CR will likely produce a more sustainable approach to compliance.

1. Consider whether existing approvals need to be changed and determine which persons are best placed to take on the Prescribed Responsibilities.

The FCA’s “Guide for FCA-solo regulated firms” provides a useful overview of the extent to which firms may be able to convert existing approvals and where new approvals should be sought. Mapping the approvals under the APR that will be automatically converted to SM&CR approvals may reduce costs and administrative burden for firms. The variety of organizational structures and management roles within the asset management industry may, however, complicate this process for those firms. A thorough understanding of how roles translate, and whether any new approvals are required, tailored to the structure of the particular firm will be key to successful implementation of the regime.

2. Write the Statement of Responsibilities of each Senior Manager, ensuring there are no gaps or duplications in the business structure.

For firms headquartered overseas, this will require decisions to be made around where those responsible for Senior Management Functions are, or should be, located. Firms that elect to transfer responsibility for functions to U.K. persons may consider adopting delegation agreements so that the U.K.-based individuals have adequate authority. Firms that decide to retain responsibility with managers based outside the U.K. should ensure those managers are on-boarded as Senior Managers and are fully versed in the detail of the regime and have access to FCA updates and amendments to ensure compliance on an ongoing basis. Tax advice is also important in such cases.

3. Individual discussions with and among Senior Managers on how their roles fall within the scope of the SM&CR should be held, with clear explanations of the regime and their obligations.

While banks and investment firms subject to the Banking SM&CR saw fit to adopt a process-heavy approach to implementation, firms in the expanded SM&CR may find it more appropriate to implement the regime in a tailored way. In the context of a smaller firm with fewer administrative or compliance staff, discussions among senior executives or partners may be appropriate to clarify responsibilities for certain functions and the extent to which management structures and reporting lines will need to be adapted. It may be helpful for firms to take targeted advice on the most appropriate implementation of the regime to their firm.

4. Consider policies and procedures which may need to be implemented to comply with the documentary requirements of the SM&CR and areas where existing processes may be adapted.

Employee contracts and internal group policies and procedures may need to be reviewed, as will certification and annual appraisal processes, to determine whether the certification regime and relevant conduct requirements are being met. Disciplinary policies should be reviewed to include processes that record and reflect disciplinary decisions so that appropriate regulatory references can be given on demand. Terminations of employment should balance regulator expectations against fair employment processes and duties owed to the employee. Notice periods will need to be long enough to allow handovers. Regulatory references should also be updated in the context of a termination of employment where appropriate.

5. Determine which employees fall within the scope of the Certification Regime and the applicable fit and proper standards and establish systems to train and certify those individuals annually.

There is no need for FCA approval of a firm’s certified individuals, meaning firms are able to make this assessment themselves. Certain certification functions will be of particular relevance to in-scope asset managers. In particular, these firms should consider the expansion of the certified function of “client dealing” from the existing CF30 function under the APR. “Client dealing” now applies to any person dealing with clients, including retail and professional clients and eligible counterparties. It covers people who advise on investments and perform other related functions such as dealing as principal or agent and arranging deals in investments, as well as those acting in the capacity of investment manager. The FCA is considering an amendment to the scope of this function that would exclude individuals who have no discretion to reach a judgement on what should be done in a given situation, potentially exempting junior employees who take direction on investment decisions and advice.

Hedge fund managers and proprietary funds in particular will need to take note of the need to certify anyone carrying out an algorithmic trading function, if this forms part of their business. This includes approving deployment of a trading algorithm (or material part of one) or the amendment or combination of algorithms. For firms that outsource algorithms, accountability will rest with the individual within the firm who has responsibility for the decision to use an algorithm and for how that algorithm behaves on an ongoing basis.

Allocation of certification functions will need to be carried out in a bespoke manner which is tailored to the specific activities of the organization.

Conclusion

The extended SM&CR means firms will need to assess the applicability of the regime to their particular organization. Key issues that firms should look out for have been outlined above, but will vary depending on the structure and management of each entity subject to the regime. The FCA plans to contact firms ahead of the regime’s entry into force to offer their assessment of each firm’s status under the expanded regime. Firms will have the opportunity to offer an alternative view of their status if they disagree with the FCA’s assessment, to ensure they are subject to the correct requirements. The above Action Plan highlights some of the steps firms can take to make a confident assessment of their status and any new obligations they are subject to under the expanded regime. A thorough understanding of the regime that enables firms to implement only changes appropriate to them will be key in successfully and efficiently complying with obligations.

Annex 1
Table of SM&CR Obligations by Firm

 

LIMITED SCOPE FIRMS

CORE FIRMS

ENHANCED FIRMS

EEA BRANCHES

THIRD COUNTRY BRANCHES

Senior Manager Functions
(3)

(6)

(16)

(2)

(4)
Prescribed Responsibilities None apply 5 (+1 for AFMs) apply 12 (+1 for AFMs) apply None apply 8 (+1 for AFMs) apply
Duty of Responsibility Applies to all firms
Statement of Responsibilities Applies to all firms
Responsibilities Maps x x x x
Handover Procedures x x x x
Overall Responsibility x x x x
Certification Regime Applies to all firms
Fit and Proper Applies to all firms
Conduct Rules Applies to all firms


Annex 2
Prescribed Responsibilities Under the SM&CR

The below table sets out the Prescribed Responsibilities discussed on page 4 of this article and explains the extent to which U.K. branches of third-country firms, core tier and enhanced tier firms must allocate them to Senior Managers. No Prescribed Responsibilities apply to Limited Tier firms or U.K. branches of EEA firms that are otherwise subject to the SM&CR.

No.

Prescribed Responsibility

Applicability

Third-country branch

Core Tier

Enhanced Tier

1.

Responsibility for the firm’s performance of its obligations under the Senior Managers regime

2.

Responsibility for the firm’s performance of its obligations under the employee certification regime

3.

Responsibility for the firm’s policies and procedures for countering the risk that the firm might be used to further financial crime

4.

Responsibility for the firm’s obligations for (a) conduct rules training; and (b) conduct rules reporting

5.

Responsibility for: (a) managing the firm’s internal stress tests; and (b) ensuring the accuracy and timeliness of information provided to the FCA and other regulatory bodies for the purposes of stress testing

 

 

6.

Responsibility for: (a) safeguarding the independence of; and (b) oversight of the performance of the internal audit function in accordance with the compliance requirements for SMCR firms

 

 

7.

Responsibility for: (a) safeguarding the independence of; and (b) oversight of the performance of the compliance function in accordance with the compliance requirements for SMCR firms

 

 

8.

Responsibility for: (a) safeguarding the independence of; and (b) oversight of the performance of the risk function, in accordance with the risk control requirements for SMCR firms

 

 

9.

Developing and maintaining the firm’s business model

 

 

10.

Responsibility for the firm’s compliance with CASS

11.

Responsibility for compliance with the requirements of the regulatory system about the management responsibilities map

 

 

12.

If the firm outsources its internal audit function, responsibility for taking reasonable steps to ensure that every person involved in the performance of the service is independent from the persons who perform external audit, including (a) supervision and management of the work of outsourced internal auditors and (b) management of potential conflicts of interest between the provision of external audit and internal audit services

 

 

13.

Responsibility for management of the firm’s risk management processes in the U.K.

 

 

14.

Responsibility for the firm’s compliance with the U.K. regulatory system applicable to the firm

 

 

15.

Responsibility for the escalation of correspondence from the PRA, FCA and other regulators in respect of the firm to each of the governing body or the management body of the firm and, as appropriate, of the firm’s parent undertaking and the ultimate parent undertaking of the firm’s group

 

 

16.

Responsibility for an AFM’s assessments of value, independent director representation and acting in investors’ best interests

Applicable to Authorized Fund Managers

 

Special thanks to Chloe Barrowman, professional support lawyer in the Financial Institutions Advisory and Financial Regulatory Group, for her assistance with this note.

Footnotes

[1] The SM&CR rules were introduced for insurers in November 2018; those rules are beyond the scope of this client note.

[2] In determining “reasonableness,” the FCA may have regard to the principle established in Associated Provincial Picture Houses Ltd v Wednesbury Corporation ((1948) 1KB 223), which establishes that a decision will be reasonable provided that it is not so unreasonable that no reasonable person acting reasonably could have come to it.

[3] Read the FCA's A duty of care and potential alternative approaches: summary of responses and next steps.

Authors and Contributors

Barnabas Reynolds

Partner

Financial Institutions Advisory & Financial Regulatory

+44 20 7655 5528

+44 20 7655 5528

London

Thomas Donegan

Partner

Financial Institutions Advisory & Financial Regulatory

+44 20 7655 5566

+44 20 7655 5566

London

Simon Dodds

Of Counsel

Financial Institutions Advisory & Financial Regulatory

+44 20 7655 5156

+44 20 7655 5156

London

John Adams

Partner

Investment Funds

+44 20 7655 5740

+44 20 7655 5740

London