The extension of the British Financial Conduct Authority’s Senior Managers and Certification Regime to all solo-regulated firms (i.e. firms that only it regulates) comes into force at the end of the year on 9 December. This is the next big regulatory challenge for financial firms in the UK, so now is the time to start developing a clear implementation plan.

The following notes were provided by ACA Compliance Europe, through the firm's recent webinar on the subject. Martin Lovick, the senior compliance consultant, led the conversation, aided by consultant Josie Cooper and compliance analyst Dimitrios Sachinidis.

Among the scattered items of information that the consultants discussed were the fact that the SM&CR will not affect Approved Persons of Appointed Representatives of firms. Josie Cooper said: "An approved person for AR will continue to be regulated under the current regime, although the Financial Conduct Authority is thinking of changing this."

Many people who listened to the webinar came from international firms, often from the London offices of US investment managers. There is no territorial restriction on the Senior Managers’ Regime, therefore it should apply to anyone who performs a senior management job in the UK, whether he is actually based in the UK or overseas. The certification regime is different because it is limited to individuals who are either based in the UK or are dealing with British clients. It is only a material risk taker who is subject to the Certification Regime wherever he is located. One caller asked what was going to happen to firms with branches outside the UK; the consultants replied that the SMR is expected to apply to branches in the European Economic Area even in the case of a 'no-deal Brexit.'

Looking at the SMR in a little more detail, the commentators said that it was destined to replace the current Approved Persons Regime, singling out 'senior managers' for the most onerous regulation becase they had the greatest potential to cause harm at their firms or have a deleterious effect on the integrity of markets. In response to one question, the consultants said that it was going to be permissible for one person to perform more than one function, although for some reason they used the phrase "to hold a function." They added: "The 12-week rule in the case of absence will continue to apply."

NEDs

The webinar looked at the future position of non-executive directors, otherwise known as CF2s. (CF = controlled function, the term used today.) The CF2 description will not 'map across' to a senior management function (SMF) under the new regime. In other words, CF2s do not have an automatic transition to the new regime; in fact, such people are to be subject to neither the Senior Managers Regime or the Cerficiation Regime, unless they are chairing the governing bodies of their firms, in which case they become SMF9s. It is also worth noting that the CF28 (significant management) and CF9 (EEA investment business oversight) functions are going to fall away.

'Grandfathering'

People who today perform 'significant influence functions' will not have to re-apply for the equivalent SMF and no extra checks (of such things as criminal records and 'regulatory references') need be done.

• The CF1 director will become the SMF3 executive director.
• The CF2 non-executive director will become the SMF9 chair (executive or non-executive).
• The CF3 chief executive will become that SMF1 chief executive.
• The CF4 partner will become the SMF27 partner.
• The CF10 compliance oversight job will be translated into the SMF16 compliance oversight job.
• The CF11 MLRO (money-laundering reporting officer) will become the SMF17 MLRO.

The first four of these jobs on the list are known as 'governing functions;' the last two are 'required functions.'

Prescribed responsibilities

These are duties that the firm in question has to assign to an individual senior manager. There are a total of six possible prescribed responsibilities for so-called 'core firms' (and 13 for so-called 'enhanced firms'), of which 4 are to be applicable in every case. The four are:

• performance by the firm of its obligations under the SMR, including implementation and oversight;
• performance by the firm of its obligations under the Certification Regime;
• performance by the firm of its obligations in respect of notifications and training of the Conduct Rules; and
• responsibility for the firm's policies and procedures for countering the risk that the firm might be used to further financial crime.

The two additional prescribed responsibilities would only apply if relevant. These are:

• responsibility for the firm's compliance with CASS (CASS firms only); and
• responsibility for an authorised fund manager's (AFM's) value for money, assessments, independent director representation and acting in investors' best interests (AMFs only).

Here the consultants said that each firm is expected to choose the most senior person with responsibility for each of the listed activities. However, FCA guidelines say that the firm should avoid awarding too many prescribed responsibilities to one individual. In cases where there really is only one person who is the most senior person in charge of several activities, a firm might therefore deny him control of them all with a clear conscience. Josie Cooper said: "allocation will depend on a firm's size and structure." Martin Lovick added: "I'm guessing that a sign of relief is going up from many compliance officers."

In a job-share, or in an area of a firm shared by two senior managers, it is possible for people to share a prescribed responsibility. The proviso here is that it has to be a rare occurrence.

The duty of responsibility

Every senior manager is to have a duty of responsibility. The FCA might take action if a senior manager has failed to take reasonable steps to prevent something that the regulator calls 'a breach' (presumably a breach of its rules) from occurring. The FCA has published its idea of 'reasonable steps' in its rulebook in the form of a non-exhaustive list of criteria.

Statements of responsibility will have to be drafted for people being 'grandfathered in.' Mercifully, the grandfathers and grandmothers will not have to send their statements in to the FCA; their firms will merely have to keep them on file for any regulatory inspections that might take place in the future.

If the firm in question breaches one of its regulatory obligations, the relevant senior manager could be held responsible for allowing it to do so, or for not shutting the problem down in time. According to the FCA's rulebook, he must take 'reasonable steps' to prevent a breach from occurring and the FCA has provided a non-exhaustive list of such steps.

The burden of proving that someone-or-other has flouted his duty lies with the FCA, not with the senior manager or his firm. The FCA has, however, said that it would be a good idea for senior managers to keep records of the 'relevant steps' (not to be confused with reasonable steps) that they take when making decisions. The consultants agreed with the wisdom of doing this, urging every manager to keep a record of "what, why and when."

The certification regime

This part of the new regime applies to employees who are not senior managers, but who nonetheless have the potential to cause significant harm to their firms, to the firms' customers or to the integrity of markets. FCA approval is not required for people who perform 'certification functions,' but each firm must check information about them to be sure that they are 'fit and proper' to do their jobs and then issue them with certificates. A trader at a bank, for instance, will no longer have to be approved by the FCA, just by his firm. Although the regime is new, the requirement for 'fitness and propriety' is as old as the Financial Services and Markets Act 2000 itself.

Each firm must issue each new employee with a certificate when he joins and renew it - if he continues to be 'fit and proper' - every year. Firms have 12 months after the 'commencement date' of 10 December to carry out their 'fit and proper' assessments and hand out the certificates.

A number of certification functions (i.e. jobs that might cause significant harm) apply to core (not 'enhanced' or 'limited scope') firms. These include:

• significant management functions;
• proprietary traders;
• a client dealing function;
• anyone supervising a certified function;
• material risk takers (including risks relating to prudential matters, operational matters, conduct and reputation); and
• algorithmic trading (people who approve deployment or amendment of algorithms or who monitor their compliance).

[Editor's note: The FCA describes 'enhanced firms' as significant investment (IFPRU) firms; CASS Large firms; firms with assets under management of £50 billion or more; firms with total intermediary regulated business revenue of £35 million or more per annum; firms with annual regulated revenue generated by consumer credit lending of £100 million or more per annum; and mortgage lenders that are not banks with 10,000 or more regulated mortgages outstanding. 'Limited scope' firms are "limited permission consumer credit firms"; sole traders; authorised professional firms whose only regulated activities are in non-mainstream regulated activities; oil market participants; service companies; energy market participants; subsidiaries of local authorities or registered social landlords; insurance intermediaries whose principal business is not insurance intermediation and who only have permission to carry on insurance mediation activity in relation to non-investment insurance contracts; and internally managed alternative investment funds, all of which are to be subjected to a sort of "SM&CR-lite" regime. Core firms consist of all other firms.]

There are to be no significant changes to the 'fit and proper' assessments that the FCA does today. The elements of honesty, integrity and reputation are to remain in the new regime. Like those requirements, which emanate from the IOSCO (International Organisation of Securities Commissions) guide, the need for competence and capability will also stay. Financial soundness will continue as another important factor.

Criminal checks will be required for senior managers and non-executive directors, but not for certified persons. Regulatory references, however, will still be required. Firms will have to subject their staff to the 'fit and proper' test every year.

Other observations from the webinar will be made available shortly, covering 'conduct' rules for senior managers (and all staff, where different) and breach reporting.