Replacing APER: the new Senior Management Regime and Certification Regime for banks

01.09.2014

Introduction

On 30 July 2014 the FCA and PRA published a joint consultation paper on ‘Strengthening accountability in banking: a new regulatory framework for inpiduals’ (FCA CP14/13 or PRA CP14/14). It was accompanied by another joint consultation on ‘Strengthening the alignment of risk and reward: new remuneration rules’.

The former consultation paper is intended to implement the recommendations of the Parliamentary Commission on Banking Standards for a Senior Persons Regime (the SMR), a Licensing Regime (the CR) and new banking conduct rules.

These proposed changes will only affect inpiduals working for UK banks, building societies, credit unions and PRA-designated investment firms, although there has, apparently, already been some informal consideration of extending the SMR to non-banks, and ultimately abolishing APER entirely.

Senior Managers’ Regime (SMR)

Overview

The SMR applies to a narrower range of inpiduals than APER, which it replaces.

The scope of the SMR is slightly complicated, as the FCA and PRA have taken different approaches to how important functions and responsibilities are allocated to regulated inpiduals.

In brief, there are three main types of responsibility:

  1. Senior Management Functions (SMFs), which effectively replace the old Significant Influence Functions, e.g. acting as a Chairman or Chief Financial Officer; a person carrying out such a function must be approved by the regulators and subject to the SMR (as was the case with APER);
  2. Prescribed Responsibilities (PRs), which are important functions other than SMFs, each of which must be allocated to one of the existing SMFs “with which the responsibility is most closely associated” (but not the Significant Responsibility SMF – see below); and
  3. Key Functions, which are important functions other than SMFs and PRs, each of which – if applicable – must be allocated to a Significant Responsibility SMF.

The regulators have provided exhaustive lists of SMFs, PRs, and Key Functions (see below).

Behind this, the regulators’ intention is that all members of the Board, the second layer of governance (whether structured as an Executive Committee or not) and anyone else carrying out an important function should be made subject to regulation. The Significant Responsibility SMF, in particular, has been designed to bring non-Board members in charge of particular areas into the SMR.

Senior Management Functions

As noted above, SMFs replace the old APER Significant Influence Functions.

SMFs are functions that “require the person performing it to be responsible for managing one or more aspects of the relevant firm’s affairs” which “involve, or might involve, a risk of serious consequences for the authorised person, or for business or other interests in the UK”. This may include non-executive directors or directors in other group entities that participate in taking decisions for the firm.

The regulators have designated the following functions as SMFs. (The SMF for small credit unions is not shown in the table below.)

The only apparent difference between PRA SMFs and FCA SMFs is the question of which regulator is responsible for approving an inpidual for that SMF. Both regulators will be able to engage with and take enforcement action against a any Senior Manager, regardless of which SMF(s) they are approved for.

PRA SMFs

FCA SMFs

Executive

Non-executive

Executive

Non-executive

Chief Executive function*

Chairman*

Executive Director ‡

Non-Executive Director ‡

Chief Finance function*

Chair of the Risk Committee

Significant Responsibility Senior Manager***

Chair of the Nominations Committee

Chief Risk function

Chair of the Audit Committee

Money Laundering Reporting

Head of Internal Audit

Chair of the Remuneration Committee

Compliance Oversight

Head of key business area†

Senior Independent Director

Group Entity Senior Manager**

Notes

*Every firm (other than a small credit union) will need at least one or more persons performing a Chief Executive, Chief Finance, and Chairman SMF.

†This SMF applies to inpiduals managing a business area or pision which is so (relatively) large that it could jeopardise the firm’s safety and soundness, and which is so substantial (in absolute terms: managing gross total assets of £10bn or more, and accounting for 20% of the firm or group’s gross revenue) that it warrants an SMF. Where a firm chooses to have a committee or control function, even where this is not required by law, the chairman or head of that committee or function must have the relevant SMF approval.

** This SMF applies to an inpidual not directly employed by the firm, but who is deemed to exercise ‘significant influence’ over its affairs; this will be assessed by the PRA on a case-by-case basis. (An inpidual outside the firm may perform some of the other SMFs, e.g. Chairman of the Remuneration Committee.)

‡ These SMFs will, together, cover all board members not covered by one of the other SMFs.

*** A ‘miscellaneous’ SMF responsible for one or more Key Functions (see below for details).

More than one person may be approved for the same SMF, e.g. in case of a job-share. In this case, each inpidual will be responsible for all the responsibilities conferred by that SMF.

Prescribed Responsibilities

Each of the SMFs described above is narrowly defined in the rules by reference to its core responsibility.

As there are also other important responsibilites at a firm beyond those that fall under the SMFs above, the regulators have drawn up a list of these ‘Prescribed Responsibilities’ (PRs) and require that each PR is assigned to one of the existing SMFs.

There are restrictions on the allocation of PRs to SMFs:

  • it is expected that “firms will allocate most [PRs] to the SMF with which the responsibility is most closely associated”;
  • some PRs can only be allocated to non-executive SMFs; and
  • PRs cannot be allocated to the Significant Responsibility SMF (presumably as this person will be in practice a relatively junior member of the firm, usually below Board level).

The PRA may also require firms to allocate other responsibilities to a specific Senior Manager.

The complete list of PRs is as follows:

1. performance by the firm of its obligations under the senior management regime, including implementation and oversight

11. embedding the firm’s culture and standards in relation to the carrying on of its business and the behaviours of its staff in the day-to-day management of the firm 12. the development and maintenance of the firm’s business model

2. performance by the firm of its obligations under the Certification Rules

12. the development and maintenance of the firm’s business model

3. compliance with the rules relating to the firm’s management responsibilities map

13. management of the allocation and maintenance of capital, funding and liquidity

4. the induction, training and professional development of all persons performing senior management functions on behalf of the firm and all members of the firm’s management body

14. the firm’s treasury management functions

5. ensuring and overseeing the integrity and independence of the internal audit function in accordance with SYSC 6.2 (Internal audit)

15. the production and integrity of the firm’s financial information and its regulatory reporting in respect of its regulated activities

6. ensuring and overseeing the integrity and independence of the compliance function in accordance with SYSC 6.1 (Compliance)

16. the firm’s recovery plan and resolution pack and overseeing the internal processes regarding their governance

7. ensuring and overseeing the integrity and independence of the risk function in accordance with SYSC 7.1.22 R (Risk control)

17. if the firm carries out proprietary trading, the firm’s proprietary trading activities

8. ensuring and overseeing the integrity, independence and effectiveness of the firm’s policies and procedures on whistleblowing and for ensuring staff who raise concerns are protected from detrimental treatment

18. if the firm does not have an inpidual performing the Chief Risk function, overseeing and demonstrating that the risk management policies and procedures which the firm has adopted in accordance with SYSC 7.1.2 R to SYSC 7.1.5 R satisfy the requirements of those rules and are consistently effective in accordance with SYSC 4.1.1R

9. allocation of all prescribed responsibilities

19. if the firm outsources its internal audit function, taking reasonable steps to ensure that every person involved in the performance of the service is independent from the persons who perform external audit, including (a) supervision and management of the work of outsourced internal auditors and (b) management of potential conflicts of interest between the provision of external audit and internal audit services

10. leading the development of the firm’s culture and standards in relation to the carrying on of its business and the behaviours of its staff

20. if the firm does not have a person who performs the Senior Independent Director function, (a) carrying out oversight of the person who performs the Chairman function; and (b) oversight of the adequacy and quality of the resources available to the office of that person to enable the role to be fulfilled within the firm.

Key Functions and the Significant Responsibility SMF

As noted above, in order to bring non-Board members who are in charge of particular areas of the firm under the SMR, the regulators have created the ‘Significant Responsibility SMF’.

Presumably because this SMF will be relatively junior, they may not be assigned any PRs. Instead, the Significant Responsibility SMF will be responsible for carrying out one or more Key Functions (see below) where these are applicable.

To be precise, this SMF will apply to inpiduals to whom the Board has delegated overall responsibility for a Key Function or identified risk, which does not fall under the definition of another SMF, where they are primarily responsible for reporting to the Board about that function or risk.

Just as PRs have to be allocated between the different SMFs (other than the Significant Responsibility SMF), so Key Functions must be likewise allocated between the Significant Responsibility SMFs.

The complete list of Key Functions is as follows:

1. Establishing and operating systems and controls in relation to financial crime

10. Retail sales

19. Production and distribution of marketing materials and communications

2. Safekeeping and administration of assets of clients

11. First line quality assurance of sales

20. Customer service

3. Payment services

12. Trading for clients

21. Customer complaints handling

4. Settlement

13. Investment research

22. Collection and recovering amounts owed to a firm by its customers/Dealing with customers in arrears

5. Investment management

14. Origination/syndication and underwriting

23. Middle office

6. Financial or investment advice

15. Retail lending decisions

24. The firm’s information technology

7. Mortgage advice

16. Wholesale lending decisions

25. Business continuity

8. Corporate investments

17. Design and manufacturing of products intended for wholesale customers

26. Human resources

9. Wholesale sales

18. Design and manufacture of products intended for retail customers

27. Incentive schemes for the firm’s staff

Approvals

Senior Managers are subject to approval by the regulators before they may begin carrying out a SMF. The process of applying for approval of a Senior Manager “will remain similar to the current process for applying for approval as a SIF under [APER]”. Inpiduals may perform more than one SMF, but will require separate approvals for each; they can combine these in a single application, however.

As above, whether an SMF is an FCA or PRA SMF determines to which regulator the application should be made. Existing arrangements to minimise the need for making applications to both the FCA and PRA will be continued.

When applying for an inpidual to be approved for an SMF, or whenever there is a significant change in a Senior Manager’s responsibilities, a firm will need to submit:

  • a Statement of Responsibility, which is “a statement setting out the aspects of the affairs of the authorised person concerned which it is intended that the person will be responsible for managing in performing the function”,
  • a Responsibilities Map, which sets out how the various responsibilities have been allocated (and to make sure there are no gaps in accountability); and
  • other information such as CVs, job descriptions, organisational charts and development plans.

Firms will also be obliged to take reasonable steps to ensure newly-appointed Senior Managers are made aware of all information and risks of regulatory concern.

The approval of an inpidual Senior Manager may now be made subject to conditions or time limits.

Enforcement

Each regulator will be able to take inpidual enforcement action against any Senior Manager, if warranted.

As noted in the Executive Summary, there is a new ‘presumption of responsibility’, whereby, if a firm breachs a regulatory requirement, the Senior Manager responsible for the area of the breach can be held inpidually accountable unless they are able to satisfy the regulators that they had taken ‘reasonable steps’ to stop, prevent, or remedy the breach.

In addition, Senior Managers are subject to a greater number of the new conduct rules than other employees (see below). Enforcement action, therefore, may now come from three different directions: an inpidual breach of the conduct rules; being “knowingly concerned” in a contravention by the firm; or else a contravention of the rules by the area of the firm for which that Senior Manager is responsible.

Senior Managers will also be liable to prosecution for the new criminal offence of taking (or failing to prevent) a decision causing a financial institution to fail, where one is aware of the risks and one’s conduct fell “far below what could reasonably be expected” (s.36 Financial Services (Banking Reform) Act 2013).

Certification Regime (CR)

Overview

The Certification Regime (CR) is essentially the level of regulation below the SMR. (The SMR and CR do not overlap: an inpidual covered by the SMR will not be covered by the CR for work at the same firm.)

It applies to a wider range of inpiduals than APER did, and covers a number of ‘significant harm functions’ where a person is “involved in aspects of a firm’s affairs (so far as relating to the regulated activity carried on by the firm) that might involve a risk of significant harm to the firm or any of its customers”.

Inpiduals caught by the CR will not be subject to regulatory approval (as SMFs are); instead, the firm itself will have to certify that they are fit and proper to perform that role, and renew this on an annual basis.

Scope

The regulators have separate Certification Regimes, and have specified that these will apply to:

PRA CR

FCA CR

functions that might involve a risk to the safety and soundness of the firm (which approximately coincides with the class of ‘material risk takers’ in the CRR remuneration rules)

functions that were previously Significant Influence Functions under APER, but do not fall under the new SMR

customer-facing roles subject to qualification reqirements (e.g. retail investment advisors)

anyone (who is not an SMF) who supervises or manages a Certified Person

The only apparent difference between the FCA CR and PRA CR is that the PRA CR will cover some inpiduals at UK firms who are themselves based overseas; while the FCA CR will only apply to inviduals either performing their function from an establishment in the UK, or else dealing with a client based in the UK.

Consequences

Firms will be able to put in place a single process for certifying employees under either FCA or PRA CR.

Where an employee performs multiple CR functions, they must be assessed as fit and proper for each function, although all the different functions may be covered by a single certificate.

If a person moves from one CR role to another CR role, that person must be certified as fit and proper for the new role immediately; the firm cannot wait until the annual renewal of the certificate.

In exceptional circumstances, a person may perform a CR function for up to two weeks without certification where they are providing cover for a certified person whose absence was reasonable unforeseen. (This does not apply, however, to CR functions that have a qualification requirement – see above.)

Fitness and propriety

Neither regulator is proposing to make fundamental changes to the standard of fitness and propriety, although the PRA is consulting on a new supervisory statement with guidance on its general expectations of fitness and propriety. This is not intended to be a significant, substantial change, however.

Both regulators are intending to introduce new requirements about the evidence firms need to collect:

  • firms must run a criminal records check on SMF candidates; and
  • firms must request a reference from the previous employer of an SMF or CR candidate, covering their previous five years’ employment history.

Conduct rules

Overview

The FCA and PRA have proposed new conduct rules for banks, building societies, and PRA-authorised investment firms. These will go into a new section of the Handbook: ‘C-CON’.

The new conduct rules are clearly based on the previous rules for inpiduals in APER (and also, to a lesser extent, the Principles for Businesses (PRIN) aimed at firms).

The main difference between the new rules and APER is the greatly increased scope of the former (see below).

Obligations for firms

As well as Firms are obliged to

  • make inpiduals aware if they are subject to the new conduct rules, and provide suitable training;
  • notify the regulators when they are aware – or suspect – that a person has breached the rules; and
  • notify the regulators (within seven business days for Senior Managers, or quarterly for everyone else) when they have taken formal disciplinary action following breach of the conduct rules.

Only the FCA needs to be notified, and it will pass on information to the PRA as required.

Scope

The PRA conduct rules (rules 1-3 and SM1-4) will apply to:

  • all Senior Managers, whether approved for a PRA or FCA SMF; and
  • anyone falling within the PRA CR (i.e. who carries out a ‘significant harm function’ involving a risk to safety and soundness) (rules 1-3 only);

and these will be enforced by the PRA against inpiduals in these categories.

The FCA, on the other hand, will apply and enforce all conduct rules (rules 1-5 and SM1-4) against all Senior Managers.

In addition, the FCA will apply all the first tier conduct rules (rules 1-5) to all other staff at banks, building societies, credit unions and PRA-authorised investment firms. The only staff excluded from this will be specified ancillary support staff, e.g. receptionists and security guards. (The FCA has provided an exhaustive list all those so exempt.)

The new rules and the old

The new rules will “provide a framework against which regulators will make judgements about an inpidual’s actions as part of their general supervision of firms”:

FCA

PRA

New rules

Corresponding rule from APER or PRIN

‘First tier’: conduct rules applicable to all staff

X

X

1. You must act with integrity

APER Statement of Principle 1: An approved person must act with integrity in carrying out his accountable functions.

X

X

2. You must act with due skill, care and diligence

APER Statement of Principle 2: An approved person must act with due skill, care and diligence in carrying out his accountable functions.

X

X

3. You must be open and cooperative with the FCA, PRA, and other regulators

APER Statement of Principle 4. An approved person must deal with the FCA, the PRA and other regulators in an open and cooperative way and must disclose appropriately any information of which the FCA or the PRA would reasonably expect notice.

X

4. You must pay due regard to the interests of customers and treat them fairly.

PRIN 6. A firm must pay due regard to the interests of its customers and treat them fairly.

X

5. You must observe proper standards of market conduct.

APER Statement of Principle 3. An approved person must observe proper standards of market conduct in carrying out his accountable functions.

‘Second tier’: conduct rules which apply only to Senior Managers

X

X

SM1. You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively.

APER Statement of Principle 5. An approved person performing an accountable significant-influence function must take reasonable steps to ensure that the business of the firm for which he is responsible in his accountable function is organised so that it can be controlled effectively.

X

X

SM2. You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with relevant requirements and standards of the regulatory system.

APER Statement of Principle 7. An approved person performing an accountable significant-influence function must take reasonable steps to ensure that the business of the firm for which he is responsible in his accountable function complies with the relevant requirements and standards of the regulatory system.

X

X

SM3. You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively.

X

X

SM4: You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice.

PRIN 11. A firm must deal with its regulators in an open and cooperative way, and must disclose to the appropriate regulator appropriately anything relating to the firm of which that regulator would reasonably expect notice.

The rules are admittedly “written at a high level of generality. This is intentional because they will cover a very large group of people doing a wide range of different jobs”.

Both regulators are consulting on further guidance on relevant standards. In the FCA’s case, this guidance is much more detailed and developed than the guidance provided under APER.

Geographical scope of the new regime

Like much of the new regime, the applicability of the above to non-UK firms or staff is not at all straightforward.

There is also a large degree of uncertainty arising from the Chancellor’s declared intention to extend the regime to cover all branches of foreign banks operating in the UK, which is expected to be the subject of a future HM Treasury consultation paper. The FCA is apparently considering how the regimes might be extended as far as possible to UK branches of EEA firms – subject to single market regulations – but appears loath to consider the matter in any detail until after the Treasury consultation.

The situation as it can be ascertained at present, therefore, is as follows:

Senior Managers’ Regime

Certification Regime

Conduct rules

Included

Inpiduals at UK firms “whether physically based in the UK or overseas”

(PRA) at least one inpidual at a UK branch of a non-EEA firm as Overseas Branch Senior Executive Manager SMF

Inpiduals at UK firms, including (PRA-only) inpiduals based overseas

(PRA CR) Inpiduals at UK branches of non-EEA firms

Inpiduals at UK firms “based in the UK or who deal with customers in the UK”

Excluded

(PRA) Inpiduals at UK branches of EEA firms

(PRA CR) Inpiduals UK branches of EEA firms

(FCA CR) Inpiduals at UK firms who are not either performing their function from an establishment in the UK, or dealing with a client based in the UK.