Introduction
On 30 July 2014 the FCA and PRA published a joint consultation paper on ‘Strengthening accountability in banking: a new regulatory framework for individuals’ (FCA CP14/13 or PRA CP14/14). It was accompanied by another joint consultation on ‘Strengthening the alignment of risk and reward: new remuneration rules’.
The former consultation paper is intended to implement the recommendations of the Parliamentary Commission on Banking Standards for a Senior Persons Regime (the SMR), a Licensing Regime (the CR) and new banking conduct rules.
These proposed changes will only affect individuals working for UK banks, building societies, credit unions and PRA-designated investment firms, although there has, apparently, already been some informal consideration of extending the SMR to non-banks, and ultimately abolishing APER entirely.
Senior Managers’ Regime (SMR)
Overview
The SMR applies to a narrower range of individuals than APER, which it replaces.
The scope of the SMR is slightly complicated, as the FCA and PRA have taken different approaches to how important functions and responsibilities are allocated to regulated individuals.
In brief, there are three main types of responsibility:
- Senior Management Functions (SMFs), which effectively replace the old Significant Influence Functions, e.g. acting as a Chairman or Chief Financial Officer; a person carrying out such a function must be approved by the regulators and subject to the SMR (as was the case with APER);
- Prescribed Responsibilities (PRs), which are important functions other than SMFs, each of which must be allocated to one of the existing SMFs “with which the responsibility is most closely associated” (but not the Significant Responsibility SMF – see below); and
- Key Functions, which are important functions other than SMFs and PRs, each of which – if applicable – must be allocated to a Significant Responsibility SMF.
The regulators have provided exhaustive lists of SMFs, PRs, and Key Functions (see below).
Behind this, the regulators’ intention is that all members of the Board, the second layer of governance (whether structured as an Executive Committee or not) and anyone else carrying out an important function should be made subject to regulation. The Significant Responsibility SMF, in particular, has been designed to bring non-Board members in charge of particular areas into the SMR.
Senior Management Functions
As noted above, SMFs replace the old APER Significant Influence Functions.
SMFs are functions that “require the person performing it to be responsible for managing one or more aspects of the relevant firm’s affairs” which “involve, or might involve, a risk of serious consequences for the authorised person, or for business or other interests in the UK”. This may include non-executive directors or directors in other group entities that participate in taking decisions for the firm.
The regulators have designated the following functions as SMFs. (The SMF for small credit unions is not shown in the table below.)
The only apparent difference between PRA SMFs and FCA SMFs is the question of which regulator is responsible for approving an individual for that SMF. Both regulators will be able to engage with and take enforcement action against a any Senior Manager, regardless of which SMF(s) they are approved for.
PRA SMFs | FCA SMFs |
Executive | Non-executive | Executive | Non-executive |
Chief Executive function* | Chairman* | Executive Director ‡ | Non-Executive Director ‡ |
Chief Finance function* | Chair of the Risk Committee | Significant Responsibility Senior Manager*** | Chair of the Nominations Committee |
Chief Risk function | Chair of the Audit Committee | Money Laundering Reporting | |
Head of Internal Audit | Chair of the Remuneration Committee | Compliance Oversight | |
Head of key business area† | Senior Independent Director | | |
Group Entity Senior Manager** | | | |
Notes *Every firm (other than a small credit union) will need at least one or more persons performing a Chief Executive, Chief Finance, and Chairman SMF. †This SMF applies to individuals managing a business area or division which is so (relatively) large that it could jeopardise the firm’s safety and soundness, and which is so substantial (in absolute terms: managing gross total assets of £10bn or more, and accounting for 20% of the firm or group’s gross revenue) that it warrants an SMF. Where a firm chooses to have a committee or control function, even where this is not required by law, the chairman or head of that committee or function must have the relevant SMF approval. ** This SMF applies to an individual not directly employed by the firm, but who is deemed to exercise ‘significant influence’ over its affairs; this will be assessed by the PRA on a case-by-case basis. (An individual outside the firm may perform some of the other SMFs, e.g. Chairman of the Remuneration Committee.) ‡ These SMFs will, together, cover all board members not covered by one of the other SMFs. *** A ‘miscellaneous’ SMF responsible for one or more Key Functions (see below for details). |
More than one person may be approved for the same SMF, e.g. in case of a job-share. In this case, each individual will be responsible for all the responsibilities conferred by that SMF.
Prescribed Responsibilities
Each of the SMFs described above is narrowly defined in the rules by reference to its core responsibility.
As there are also other important responsibilites at a firm beyond those that fall under the SMFs above, the regulators have drawn up a list of these ‘Prescribed Responsibilities’ (PRs) and require that each PR is assigned to one of the existing SMFs.
There are restrictions on the allocation of PRs to SMFs:
- it is expected that “firms will allocate most [PRs] to the SMF with which the responsibility is most closely associated”;
- some PRs can only be allocated to non-executive SMFs; and
- PRs cannot be allocated to the Significant Responsibility SMF (presumably as this person will be in practice a relatively junior member of the firm, usually below Board level).
The PRA may also require firms to allocate other responsibilities to a specific Senior Manager.
The complete list of PRs is as follows:
1. performance by the firm of its obligations under the senior management regime, including implementation and oversight | 11. embedding the firm’s culture and standards in relation to the carrying on of its business and the behaviours of its staff in the day-to-day management of the firm 12. the development and maintenance of the firm’s business model |
2. performance by the firm of its obligations under the Certification Rules | 12. the development and maintenance of the firm’s business model |
3. compliance with the rules relating to the firm’s management responsibilities map | 13. management of the allocation and maintenance of capital, funding and liquidity |
4. the induction, training and professional development of all persons performing senior management functions on behalf of the firm and all members of the firm’s management body | 14. the firm’s treasury management functions |
5. ensuring and overseeing the integrity and independence of the internal audit function in accordance with SYSC 6.2 (Internal audit) | 15. the production and integrity of the firm’s financial information and its regulatory reporting in respect of its regulated activities |
6. ensuring and overseeing the integrity and independence of the compliance function in accordance with SYSC 6.1 (Compliance) | 16. the firm’s recovery plan and resolution pack and overseeing the internal processes regarding their governance |
7. ensuring and overseeing the integrity and independence of the risk function in accordance with SYSC 7.1.22 R (Risk control) | 17. if the firm carries out proprietary trading, the firm’s proprietary trading activities |
8. ensuring and overseeing the integrity, independence and effectiveness of the firm’s policies and procedures on whistleblowing and for ensuring staff who raise concerns are protected from detrimental treatment | 18. if the firm does not have an individual performing the Chief Risk function, overseeing and demonstrating that the risk management policies and procedures which the firm has adopted in accordance with SYSC 7.1.2 R to SYSC 7.1.5 R satisfy the requirements of those rules and are consistently effective in accordance with SYSC 4.1.1R |
9. allocation of all prescribed responsibilities | 19. if the firm outsources its internal audit function, taking reasonable steps to ensure that every person involved in the performance of the service is independent from the persons who perform external audit, including (a) supervision and management of the work of outsourced internal auditors and (b) management of potential conflicts of interest between the provision of external audit and internal audit services |
10. leading the development of the firm’s culture and standards in relation to the carrying on of its business and the behaviours of its staff | 20. if the firm does not have a person who performs the Senior Independent Director function, (a) carrying out oversight of the person who performs the Chairman function; and (b) oversight of the adequacy and quality of the resources available to the office of that person to enable the role to be fulfilled within the firm. |
Key Functions and the Significant Responsibility SMF
As noted above, in order to bring non-Board members who are in charge of particular areas of the firm under the SMR, the regulators have created the ‘Significant Responsibility SMF’.
Presumably because this SMF will be relatively junior, they may not be assigned any PRs. Instead, the Significant Responsibility SMF will be responsible for carrying out one or more Key Functions (see below) where these are applicable.
To be precise, this SMF will apply to individuals to whom the Board has delegated overall responsibility for a Key Function or identified risk, which does not fall under the definition of another SMF, where they are primarily responsible for reporting to the Board about that function or risk.
Just as PRs have to be allocated between the different SMFs (other than the Significant Responsibility SMF), so Key Functions must be likewise allocated between the Significant Responsibility SMFs.
The complete list of Key Functions is as follows:
1. Establishing and operating systems and controls in relation to financial crime | 10. Retail sales | 19. Production and distribution of marketing materials and communications |
2. Safekeeping and administration of assets of clients | 11. First line quality assurance of sales | 20. Customer service |
3. Payment services | 12. Trading for clients | 21. Customer complaints handling |
4. Settlement | 13. Investment research | 22. Collection and recovering amounts owed to a firm by its customers/Dealing with customers in arrears |
5. Investment management | 14. Origination/syndication and underwriting | 23. Middle office |
6. Financial or investment advice | 15. Retail lending decisions | 24. The firm’s information technology |
7. Mortgage advice | 16. Wholesale lending decisions | 25. Business continuity |
8. Corporate investments | 17. Design and manufacturing of products intended for wholesale customers | 26. Human resources |
9. Wholesale sales | 18. Design and manufacture of products intended for retail customers | 27. Incentive schemes for the firm’s staff |
Approvals
Senior Managers are subject to approval by the regulators before they may begin carrying out a SMF. The process of applying for approval of a Senior Manager “will remain similar to the current process for applying for approval as a SIF under [APER]”. Individuals may perform more than one SMF, but will require separate approvals for each; they can combine these in a single application, however.
As above, whether an SMF is an FCA or PRA SMF determines to which regulator the application should be made. Existing arrangements to minimise the need for making applications to both the FCA and PRA will be continued.
When applying for an individual to be approved for an SMF, or whenever there is a significant change in a Senior Manager’s responsibilities, a firm will need to submit:
- a Statement of Responsibility, which is “a statement setting out the aspects of the affairs of the authorised person concerned which it is intended that the person will be responsible for managing in performing the function”,
- a Responsibilities Map, which sets out how the various responsibilities have been allocated (and to make sure there are no gaps in accountability); and
- other information such as CVs, job descriptions, organisational charts and development plans.
Firms will also be obliged to take reasonable steps to ensure newly-appointed Senior Managers are made aware of all information and risks of regulatory concern.
The approval of an individual Senior Manager may now be made subject to conditions or time limits.
Enforcement
Each regulator will be able to take individual enforcement action against any Senior Manager, if warranted.
As noted in the Executive Summary, there is a new ‘presumption of responsibility’, whereby, if a firm breachs a regulatory requirement, the Senior Manager responsible for the area of the breach can be held individually accountable unless they are able to satisfy the regulators that they had taken ‘reasonable steps’ to stop, prevent, or remedy the breach.
In addition, Senior Managers are subject to a greater number of the new conduct rules than other employees (see below). Enforcement action, therefore, may now come from three different directions: an individual breach of the conduct rules; being “knowingly concerned” in a contravention by the firm; or else a contravention of the rules by the area of the firm for which that Senior Manager is responsible.
Senior Managers will also be liable to prosecution for the new criminal offence of taking (or failing to prevent) a decision causing a financial institution to fail, where one is aware of the risks and one’s conduct fell “far below what could reasonably be expected” (s.36 Financial Services (Banking Reform) Act 2013).
Certification Regime (CR)
Overview
The Certification Regime (CR) is essentially the level of regulation below the SMR. (The SMR and CR do not overlap: an individual covered by the SMR will not be covered by the CR for work at the same firm.)
It applies to a wider range of individuals than APER did, and covers a number of ‘significant harm functions’ where a person is “involved in aspects of a firm’s affairs (so far as relating to the regulated activity carried on by the firm) that might involve a risk of significant harm to the firm or any of its customers”.
Individuals caught by the CR will not be subject to regulatory approval (as SMFs are); instead, the firm itself will have to certify that they are fit and proper to perform that role, and renew this on an annual basis.
Scope
The regulators have separate Certification Regimes, and have specified that these will apply to:
PRA CR | FCA CR |
functions that might involve a risk to the safety and soundness of the firm (which approximately coincides with the class of ‘material risk takers’ in the CRR remuneration rules) | functions that were previously Significant Influence Functions under APER, but do not fall under the new SMR |
customer-facing roles subject to qualification reqirements (e.g. retail investment advisors) |
anyone (who is not an SMF) who supervises or manages a Certified Person |
The only apparent difference between the FCA CR and PRA CR is that the PRA CR will cover some individuals at UK firms who are themselves based overseas; while the FCA CR will only apply to inviduals either performing their function from an establishment in the UK, or else dealing with a client based in the UK.
Consequences
Firms will be able to put in place a single process for certifying employees under either FCA or PRA CR.
Where an employee performs multiple CR functions, they must be assessed as fit and proper for each function, although all the different functions may be covered by a single certificate.
If a person moves from one CR role to another CR role, that person must be certified as fit and proper for the new role immediately; the firm cannot wait until the annual renewal of the certificate.
In exceptional circumstances, a person may perform a CR function for up to two weeks without certification where they are providing cover for a certified person whose absence was reasonable unforeseen. (This does not apply, however, to CR functions that have a qualification requirement – see above.)
Fitness and propriety
Neither regulator is proposing to make fundamental changes to the standard of fitness and propriety, although the PRA is consulting on a new supervisory statement with guidance on its general expectations of fitness and propriety. This is not intended to be a significant, substantial change, however.
Both regulators are intending to introduce new requirements about the evidence firms need to collect:
- firms must run a criminal records check on SMF candidates; and
- firms must request a reference from the previous employer of an SMF or CR candidate, covering their previous five years’ employment history.
Conduct rules
Overview
The FCA and PRA have proposed new conduct rules for banks, building societies, and PRA-authorised investment firms. These will go into a new section of the Handbook: ‘C-CON’.
The new conduct rules are clearly based on the previous rules for individuals in APER (and also, to a lesser extent, the Principles for Businesses (PRIN) aimed at firms).
The main difference between the new rules and APER is the greatly increased scope of the former (see below).
Obligations for firms
As well as Firms are obliged to
- make individuals aware if they are subject to the new conduct rules, and provide suitable training;
- notify the regulators when they are aware – or suspect – that a person has breached the rules; and
- notify the regulators (within seven business days for Senior Managers, or quarterly for everyone else) when they have taken formal disciplinary action following breach of the conduct rules.
Only the FCA needs to be notified, and it will pass on information to the PRA as required.
Scope
The PRA conduct rules (rules 1-3 and SM1-4) will apply to:
- all Senior Managers, whether approved for a PRA or FCA SMF; and
- anyone falling within the PRA CR (i.e. who carries out a ‘significant harm function’ involving a risk to safety and soundness) (rules 1-3 only);
and these will be enforced by the PRA against individuals in these categories.
The FCA, on the other hand, will apply and enforce all conduct rules (rules 1-5 and SM1-4) against all Senior Managers.
In addition, the FCA will apply all the first tier conduct rules (rules 1-5) to all other staff at banks, building societies, credit unions and PRA-authorised investment firms. The only staff excluded from this will be specified ancillary support staff, e.g. receptionists and security guards. (The FCA has provided an exhaustive list all those so exempt.)
The new rules and the old
The new rules will “provide a framework against which regulators will make judgements about an individual’s actions as part of their general supervision of firms”:
FCA | PRA | New rules | Corresponding rule from APER or PRIN |
‘First tier’: conduct rules applicable to all staff |
X | X | 1. You must act with integrity | APER Statement of Principle 1: An approved person must act with integrity in carrying out his accountable functions. |
X | X | 2. You must act with due skill, care and diligence | APER Statement of Principle 2: An approved person must act with due skill, care and diligence in carrying out his accountable functions. |
X | X | 3. You must be open and cooperative with the FCA, PRA, and other regulators | APER Statement of Principle 4. An approved person must deal with the FCA, the PRA and other regulators in an open and cooperative way and must disclose appropriately any information of which the FCA or the PRA would reasonably expect notice. |
X | | 4. You must pay due regard to the interests of customers and treat them fairly. | PRIN 6. A firm must pay due regard to the interests of its customers and treat them fairly. |
X | | 5. You must observe proper standards of market conduct. | APER Statement of Principle 3. An approved person must observe proper standards of market conduct in carrying out his accountable functions. |
‘Second tier’: conduct rules which apply only to Senior Managers |
X | X | SM1. You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively. | APER Statement of Principle 5. An approved person performing an accountable significant-influence function must take reasonable steps to ensure that the business of the firm for which he is responsible in his accountable function is organised so that it can be controlled effectively. |
X | X | SM2. You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with relevant requirements and standards of the regulatory system. | APER Statement of Principle 7. An approved person performing an accountable significant-influence function must take reasonable steps to ensure that the business of the firm for which he is responsible in his accountable function complies with the relevant requirements and standards of the regulatory system. |
X | X | SM3. You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively. | |
X | X | SM4: You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice. | PRIN 11. A firm must deal with its regulators in an open and cooperative way, and must disclose to the appropriate regulator appropriately anything relating to the firm of which that regulator would reasonably expect notice. |
The rules are admittedly “written at a high level of generality. This is intentional because they will cover a very large group of people doing a wide range of different jobs”.
Both regulators are consulting on further guidance on relevant standards. In the FCA’s case, this guidance is much more detailed and developed than the guidance provided under APER.
Geographical scope of the new regime
Like much of the new regime, the applicability of the above to non-UK firms or staff is not at all straightforward.
There is also a large degree of uncertainty arising from the Chancellor’s declared intention to extend the regime to cover all branches of foreign banks operating in the UK, which is expected to be the subject of a future HM Treasury consultation paper. The FCA is apparently considering how the regimes might be extended as far as possible to UK branches of EEA firms – subject to single market regulations – but appears loath to consider the matter in any detail until after the Treasury consultation.
The situation as it can be ascertained at present, therefore, is as follows:
| Senior Managers’ Regime | Certification Regime | Conduct rules |
Included | Individuals at UK firms “whether physically based in the UK or overseas” (PRA) at least one individual at a UK branch of a non-EEA firm as Overseas Branch Senior Executive Manager SMF | Individuals at UK firms, including (PRA-only) individuals based overseas (PRA CR) Individuals at UK branches of non-EEA firms | Individuals at UK firms “based in the UK or who deal with customers in the UK” |
Excluded | (PRA) Individuals at UK branches of EEA firms | (PRA CR) Individuals UK branches of EEA firms (FCA CR) Individuals at UK firms who are not either performing their function from an establishment in the UK, or dealing with a client based in the UK. | |
Social Media cookies collect information about you sharing information from our website via social media tools, or analytics to understand your browsing between social media tools or our Social Media campaigns and our own websites. We do this to optimise the mix of channels to provide you with our content. Details concerning the tools in use are in our privacy policy.