Individual accountability: Extending the Senior Managers and Certification Regime to insurers

Two consultation papers were published in July 2017 on the extension of the Senior Managers and Certification Regime (SM&CR) to insurance companies. This potentially impacts anyone working in a business unit at an insurer, who may in turn have concerns about their insurance cover.

Key points to note

  • The Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) propose to extend the SM&CR to all regulated firms, including insurers - consultation due to close in November 2017. 
  • This will bring most employees within the ambit of the two regulators’ enforceable conduct rules (conduct rules staff), not just senior management, so that they will be at risk of direct regulatory enforcement/fines.
  • In addition, Senior Managers will be assessed for fitness and propriety and will need to be approved by the PRA/FCA. 
  • The biggest change for insurers will be the Certification Regime; persons undertaking certified functions will need to be certified by the firm on at least an annual basis.

SM&CR: what is the new regime?

SM&CR extended to insurers

All senior managers working in the financial services industry are familiar with increasing levels of regulation designed to promote effective corporate governance and to increase both corporate and individual accountability. Solvency II contains a number of requirements designed to achieve an effective system of governance for all (re)insurers. Since March 2016, insurance firms have been subject to the Senior Insurance Managers regime (SIMR). Both the PRA and the FCA have imposed stringent governance requirements on regulated entities and their senior staff.

It is now proposed that the Senior Managers and Certification Regime, to which banks, building societies and credit unions have been subject since March 2016, be extended to insurers.

In July 2017, two consultation papers were published on the extension of SM&CR to insurers (FCA: CP 17/26 and PRA: CP14/17). The PRA’s consultation CP14/17 proposes the extension of SM&CR to insurers, alongside the FCA consultation CP17/25 which proposes the extension of SM&CR to all authorised firms. The consultations close on 03 November 2017, following which it is expected that policy statements and final rules will be published around summer 2018.

What does this mean?

Although many of the concepts will already be familiar to senior managers, the proposed changes are likely to impact everyone working for an insurer. The new Certification Regime is the biggest change, and will affect anyone working in a business unit at an insurer, including, of course, roles which impact customers such as underwriting, claims and complaints, but also including HR, IT and audit. Anything that is not seen as ancillary to the business will be subject to the conduct rules. If SM&CR is extended as proposed, most employees will be subject to the regulator’s conduct rules, not just senior management, and a new category of Certification staff will be introduced.

What this means in broad terms is that:

  • Senior Managers will be subject to an annual assessment of fitness and propriety. They will need to be approved by the PRA/FCA and will be allocated "prescribed responsibilities". They will have a formal responsibility to take reasonable steps to prevent breaches. The firm will need to ensure that Senior Managers have a Statement of Responsibilities and produce a Management Responsibilities map (replacing the Solvency II governance map).
  • For staff subject to the Certification regime, there will be an increased focus on regulatory references and processes for assessing fitness and propriety for staff on an on-going basis. There will not, however, be any requirement to hold a central register, and no PRA/FCA approval process. Instead firms take responsibility for assessing fitness and propriety and re-confirming this on an annual basis.
  • Most staff working for regulated entities will be covered by enforceable conduct rules, which largely reflect existing rules for approved persons. There will be a positive duty to report on Senior Managers, and firms are required to report breaches of the conduct rules to the FCA. All “conduct rules staff” have a duty to treat customers fairly and are at risk of direct regulatory enforcement/fines.

Impact on D&O and Employer’s Liability Insurance

Senior managers within affected firms may have concerns about the extent to which existing D&O policies will extend to cover additional risks arising from the extension of the SM&CR regime. Issues may include the definition of “wrongful act” (to include breaches of Senior Manager Conduct Rules), the trigger points for defence/investigation costs and obviously the limits/sub-limits of indemnity. Additionally, many additional employees may need to call upon a firm’s Employer's Liability (EL) and/or Directors and Officers (D&O) cover once the regime is extended. Accordingly, firms (and their employees), as well as the insurers of the risks, will need to consider the implications for them and ensure that policy wordings are reviewed carefully. 

Additional D&O (or EL) cover may well be required, to cover the increased scope of the potential liabilities for management and employees in relation to conduct rules.

This document (and any information accessed through links in this document) is provided for information purposes only and does not constitute legal advice. Professional legal advice should be obtained before taking or refraining from any action as a result of the contents of this document.