Private and other banks in the UK are already ensnared in the SM&CR, the Financial Conduct Authority's replacement for the old Approved Persons Regime, with the rest of the regulated community to follow by 9 December 2019. In this article, the former head of enforcement at the old Financial Services Authority has some words of wisdom to impart on the subject.

All FCA solo-regulated firms (i.e. regulated only by the FCA and not, for instance, by the Prudential Regulatory Authority also) that are authorised under the Financial Services and Markets Act 2000 will, at the end of next year, be subject to the Senior Managers and Certification Regime which aims to make people who work in financial services more accountable to regulators.

Insurers and reinsurers regulated by the FCA and PRA will be subject to the SM&CR earlier, with 10 December this year as the deadline. At the moment they are subject to the PRA's Senior Insurance Managers' Regime and a revised version of the FCA's Approved Persons Regime which the SM&CR will replace. The SM&CR already applies to British banks, building societies, credit unions, branches of foreign banks operating in the UK and the largest investment firms regulated by the PRA and the FCA, i.e. the banking sector. The FCA published its 'near-final' rules on the extension of the SM&CR to all solo-regulated firms in July 2018.

Key changes under the SM&CR

The SM&CR introduces three categories of firm; Limited Scope, Core and Enhanced. The new regime will oblige firms to do various things in accordance with the categories they occupy. Broadly speaking, the SM&CR will subject Limited Scope firms to the fewest requirements - this covers all firms that currently have to obey the APR in a limited way and includes 'limited permission' consumer credit firms, sole traders and authorised professional firms, whose only regulated activities are 'non-mainstream' ones. Most firms are likely to be Core firms, which will have to observe a 'baseline' of SM&CR requirements. A small proportion of solo-regulated firms will be Enhanced firms because of their size and complexity and the effect they have on consumers and financial markets. These firms will be subject to extra rules.

The FCA sanctions the appointment of ('approves') individuals at every firm, allowing them to carry out certain 'controlled functions.' At present, except for the banking sector, these comprise two kinds of approved person: the kind who performs the CF30 or 'customer' function and the kind who performs a 'significant influence function.' The latter is performed by someone who is closely involved in the running of his firm - a director or someone in charge of compliance, for example. Approved persons are subject to the FCA's Statements of Principles and Code of Conduct for Approved Persons (APER) which set out the standards of behaviour that the FCA expects of them. They are also obliged to abide by the rules laid out in the FCA's sourcebook relating to the Fit and Proper test for Approved Persons and specific 'significant harm' functions (FIT). The SM&CR creates two new categories of individual – people who perform Senior Management Functions (SMFs) and people who perform Certified Functions.

Senior management functions

An SMF is a new type of controlled function. The people who perform it (classed as 'senior managers') are generally going to be the most senior people at the firm, the people who are most able to cause harm or affect the integrity of markets. These people will have to be approved by the FCA before starting their jobs. The FCA has prescribed a number of SMFs. The SMFs that each firm needs people to perform will depend on the category it occupies, i.e. whether it is a 'limited scope,' 'core' or 'enhanced' firm.

Every senior manager will have a 'statement of responsibility' which ought to set out, in the clearest of terms, the things for which he responsible and accountable. The firm will have to sent it to the FCA when it asks it to approve that senior manager in accordance with the SM&CR. Senior managers will also have a 'duty of responsibility' under the FSMA. This means that if a firm fails to meet one of the FCA's requirements, the senior manager responsible for the problem could be held accountable if he did not take reasonable steps to prevent or stop his firm from transgressing.
 
'Core' and 'enhanced' firms will also be subject to certain 'prescribed responsibilities' which will supplement the responsibilities that are an inherent and essential part of every senior manager's job. It is the FCA that prescribes these responsibilities, making every senior manager accountable for the way his firm handles the most important prudential and conduct-related risks. The most noteworthy prescribed responsibilities include accountability for the firm's obediance of the Senior Managers' Regime, including implementation and oversight, and also performance by the firm of its obligations under the Certification Regime. Every senior manager will be expected to oversee and implement the SM&CR and may be held accountable if it is not properly implemented at his firm.

Certified functions

Any employee whose job allows him to cause significant harm to the firm or its customers will be said to be performing a certified function. Not all of the various 'certification functions' that the FCA has prescribed will be performed at all firms; only the relevant ones will apply. Unlike the people who perform SMFs, people who perform certified functions will not require the approval of the FCA. This will affect people who perform the current APER CF30/customer function in that they will no longer require approval from the FCA. Instead, at least once a year, each firm will have to check and confirm ('certify') that these people are fit and proper to perform their jobs and issue them with certificates that allow them to perform the 'client dealing function.'

Conduct rules

Under the SM&CR, all of a firm's employees, including non-executive directors and people who perform SMFs and certified functions (but not ancillary staff such as receptionists), will have to comply with the FCA's Code of Conduct for Staff Sourcebook (COCON) which will replace APER. This book contains a new set of standards of behaviour for people in financial services. COCON will apply to the firm's regulated and unregulated financial service activities. It contains basic standards of good personal conduct to which the FCA will be able to hold all employees (but not ancillary staff) to account. COCON is similar to APER in many respects, but different in others. All employees (and not just the most senior ones) will, for example, be obliged to treat customers fairly. The scope of the SM&CR is therefore much broader. Senior managers and people who perform certified functions will also have to continue to abide by the rules contained in FIT regarding fitness and propriety.

Near-final SM&CR requirements

The table below summarises the most important 'near-final' requirements of the SM&CR for each type of firm.

Next steps and dates for your diary

All affected solo-regulated firms will move to the SM&CR ON 9 December 2019. By the time of this so-called commencement date, they ought to have:

• identified the people who perform certified functions, although they will have a period of 12 months after that commencement date to complete the initial certification process; and
• ensured that all senior managers and people who perform certified functions have been identified and trained to observe the conduct-related rules of COCON, although they will have a period of 12 months to train all other staff members for that purpose.

Transitional arrangements - automatic conversion

Individuals at core and limited-scope firms (including branches) will be automatically converted wherever possible, with no action required by firms. Before the commencement date, all firms should consider whether any changes to their current 'approvals' are required. If there has been no substantive change in a currently approved individual's job before and after the commencement date, the firm in question will not have to apply for re-approval. Anyone who is not currently approved, or who requires additional approval for other things, will have to apply for each new SMF. Enhanced firms will have to give the FCA the names of the people they want to assign to the new SMF regime, but they will not have to re-apply for approval if the proposed SMFs can be carried over directly from the APR.

The FCA has specified, for the benefit of all firms, the controlled functions that feature in the APR that the firms can 'map across' (carry over) to the SM&CR. These are going to be different according to whether a firm is a limited-scope, core or enhanced firm.

Practical considerations

There is plenty for firms to do in the run-up to the SM&CR and they ought to start early. The new regime will force many of them to overhaul their internal procedures and create a culture of accountability. Each firm will, among other things, have to do the following.

• Allocate responsibility for the implementation of the SM&CR to a senior manager.
• Set up a working group and draw up a project plan.
• Decide on the category of firm into which it falls and count and identify all senior managers, certified individuals and other staff members who are subject to the COCON conduct rules.
• Review policies and procedures.
• Develop training schemes for everyone in respect of their obligation to obey COCON.
• Review people's job descriptions and consider any employment law that might have a bearing on the situation.

Firms should treat the implementation of the SM&CR seriously. The FCA's Enforcement Annual Performance Report for 2017/189 says that the number of open investigations relating to firms' culture and governance has increased dramatically, which tells us that the FCA believes these areas to be very important. As at 31 March 2018, 61 cases of this kind were open, while there were only 15 open on 1 April 2017. There is a risk that senior managers who have been allocated responsibility for preparing their firms for the SM&CR might also face enforcement action. Let no compliance officer forget that one of the main purposes of the SM&CR is to make it easier for the FCA to take enforcement action against senior managers and other accountable people.
 
* Ian Mason can be reached on +44 (0)20 7759 6685 / ian.mason@gowlingwlg.com; Sushil Kuner can be reached on +44 (0)20 7759 6542 / sushil.kuner@gowlingwlg.com