The FCA has today, 04 July 2018, published its “near final” rules on extending the Senior Managers and Certification Regime (SMCR) to all dual-regulated firms, including insurers and FCA solo-regulated firms. In addition, the PRA has updated its policy statement on the extension of SMCR to insurers.
The rules have been published in conjunction with:
- an FCA Guide for solo-regulated firms on the regime
- FCA Final Guidance on the duty of responsibility, and
- an FCA Consultation on the proposal to introduce a new public register for checking the details of key individuals working in financial services.
You can find links to the documents at the end of this article.
A brief summary of the key PRA and FCA points for insurers is set out below. We will be holding a conference call to discuss key takeaways and will circulate an invitation shortly.
The FCA and PRA Statements - key takeaways for insurers
- Senior managers listed by FCA - the SMFs listed are to be as consulted upon. The FCA attempts to clarify the overlap rule (applicable to FCA governing functions only), introduced to lessen the administrative burden with one application but notes that where an FCA required function overlaps with a PRA function, two applications will still be required.
- A proposal to introduce an FCA SMF for Head of HR has not been accepted. The FCA has suggested that firms consider if the role is an SMF18 (Overall responsibility). Note that the PRA has indicated in PS15/18 that it still regards the HR and IT functions to be subject to the SMCR, notwithstanding that they are not directly involved with regulated activities in most cases - clearly some feedback suggested that only those conducting regulated activities should be regulated.
- The FCA has clarified the overlap with Solvency II confirming that each of the Chief Risk Officer, the head of Internal Audit, the Chief Actuary and Compliance Officer are Key Function Holders, and that the first three posts will be PRA Senior Management Functions. There is however still some doubt over the status of the Legal Function and more consultation papers are proposed with an acknowledgement that firms may be unable to determine if the Legal Functionholder needs approval.
- The introduction of a Conduct Risk Oversight Officer for Lloyd’s has not been changed, but the FCA acknowledges the need for greater clarity over its scope and responsibility - the FCA states that their aim is for a Senior Manager in Lloyd’s who is clearly accountable for monitoring and overseeing Managing Agent’s compliance with Lloyd’s conduct of business standards, seeing no duplication with the roles of the SMFs for those Managing Agents.
- Further information is provided as to how the FCA proposes that SMF18 (Overall responsibility) will apply – clearly respondents had found its application confusing and the FCA has provided guidance both in PS18/15 and in the Guide to the SMCR for insurers.
- Broadening the Compliance Oversight function reflects the wider remit of the role - not just limited to COBS COLL and CASS sourcebooks. The requirements of Solvency II mean that there needs to be a Key Function Holder in Solvency II firms, it is anticipated that firms will simply map across their CF10 to SMF16. It is not appropriate for the Board to undertake the Compliance Oversight role not least because it needs to ensure that the firm has robust arrangements for oversight of control functions, of which compliance is one. Job sharing or temporary arrangements may mean that more than one SMF16 is appointed, but it is not usually a shared role.
- Responsibilities - Prescribed Responsibilities are not being changed - there is not going to be a PR for Culture. A joint list of PRs is contained at Annex 4. Insurers have a different list of PRs from FCA solo-regulated firms as they face different risks. Despite feedback, the regulators maintain that they need to approach the division and sharing of PRs differently. No further guidance is to be given on Statement of Responsibilities and what they should contain - the FCA is however proposing to develop best practice examples. Helpfully the FCA does indicate that SoRs have improved life for both firms and regulators, from the banking experience. Finally, there is to be no change to the proposals surrounding Responsibilities Maps but clarification as to their preparation, contents and updating is provided. Meanwhile, the PRA has expanded SS35/15 to set out fuller expectations on SoRs and Management Responsibilities Maps.
- Handover arrangements - most firms already have some form of handover procedure to manage an orderly transition, but some questions were raised about how the firms should go about demonstrating the reasonable steps they have taken to give new Senior Managers the information and materials that they need to do their job effectively, even (and one might say especially) if the previous Senior Manager has to leave suddenly. The FCA refers to the obligations under COCON and Senior Management Conduct Rule 1 to ensure that the business of the firm for which that manager is responsible is controlled effectively. Note also that the FCA has retained the rule status for Handover arrangements and not made this guidance and the PRA has added a new rule.
- There are no changes proposed to the measures consulted upon for small NDFs and small run-off firms.
- Certification regime - no changes to the proposals consulted upon - however, clarification is provided and a change to the definition of “specified Significant Harm Function” which now becomes an “FCA Certification Function”. Despite functions such as “algorithmic trading” being unlikely to apply to insurers, they are retained in the list at SYSC27. The FCA states helpfully that “The Certification Regime does not reduce personal accountability,. Ultimate responsibility and accountability sit with the Senior Manager responsible for each area of the firm’s business, but we expect all individuals caught by the SMCR to take responsibility for their conduct and actions. The PRA has reduced the certification requirements for small NDFs - only members of the governing body will be included in the Certification Regime.
- A Senior Manager who performs a Certification Function which is not related to their Senior Management Function will also need to be certified. Note that the FCA doesn’t think that there will be many such cases in insurers.
- The Client Dealing Function is wider than the current CF30 and covers any individuals advising or dealing for clients. It does not include advising on or arranging non-investment insurance products.
- Territorial application remains the same and a recognition that “dealing with” includes having contact with clients - extending beyond the use of dealing in conjunction with investments.
- Fit and proper requirements - no further guidance is supplied, although some of the responses are acknowledged. The FCA sees the most important considerations relevant to fitness and propriety to be: a. honesty, integrity and reputation; b. competence and capability; and c. financial soundness.
- Criminal records checks - no change to the FCA proposals despite feedback pointing out the PRA’s lighter touch requirements. The FCA remained unimpressed by arguments that the proposals contravened GDPR and the IDD, in the latter case stating the broader category of staff subject to the criminal records checks under IDD was driven by the IDD.
- Regulatory references - again no change to the proposals consulted upon - but note that firms need to update new employers where new information comes to light and a certificate as to fitness and propriety cannot be issued until the references have been received.
- Conduct Rules - respondents asked for greater clarification, including whether or not to apply the Conduct Rules to all staff - the FCA see this as ultimately a decision for the firm, but have set out a list of ancillary staff in COCON 1.1.2R(6) to whom the Conduct Rules do not apply. The FCA points out that firms may have a single standard for all employees but the FCA rules only apply to those individuals within their scope. The reporting of breaches of Conduct Rules is subject to a different set of rules for the PRA - both regulators have defended their position, but it remains a dual notification issue and different timings applied.
- No changes proposed to the FCA’s approach to UK branches of foreign firms and ISPVs.
- The Transitional Arrangements propose that by no later than one week prior to 10 December 2018, the Solvency II firms and large NDFs should have submitted their Form Ks (including SoRs) for converting approved persons to SMFs. Firms should identify all their certified staff and ensure they meet the Conduct Rules when the regime starts on 10 December 2018, with 12 months to complete assessments and get certification paperwork in place. The PRA match this requirement.
- The interesting proposal by the PRA to enable individuals approved for an S(I)MF within insurance firms to be treated equivalently to those approved for an SMF within banking firms is proceeding as respondents supported this proposal.
FCA Final Guidance on the duty of responsibility
- The proposed extension of the SMCR to insurers and FCA solo-regulated firms includes the statutory duty of responsibility in respect of senior managers under FSMA as already in place for dual-regulated firms. That statutory duty is the same for those solo-regulated to be brought within scope of the regime in December 2019.
- The FCA proposed in CP17/42 in December 2017 to apply its existing guidance on the duty of responsibility and reasonable steps for dual-regulated firms (found in DEPP 6.2.9_A and the following section of the FCA Handbook) to all other firms with only definitional amendments since it did not consider that any further changes to that guidance were required for solo-regulated firms.
- The FCA has now confirmed in PS18/16 published on 4 July 2018, following consultation, that no changes besides definitional amendments are required. In response to a limited number of concerns raised in feedback, PS 18/16 does briefly address what steps are ‘reasonable’ for the purposes of DoR but firms should look to the existing DEPP guidance when considering the duty of responsibility and reasonable steps on the part of their senior managers.
- The FCA considers that these are sufficiently flexibly drafted to be applicable to firms of all sizes and not a disproportionate burden given that all that is required of the firm is that it takes reasonable steps to avoid misconduct.
- Failure to comply may result in FCA action. The burden of proof lies with the FCA, so it is for the FCA to prove that the Senior Manager did not take reasonable steps.
Extension to FCA solo-regulated firms
Our commentary on the FCA rules and guidance on extending the Senior Managers and Certification Regime (SMCR) to all FCA solo-regulated firms, also published today, can be found here.
FCA Consultation on the proposal to introduce a new public register for checking the details of key individuals working in financial services
The FCA is separately consulting on a proposal to introduce a new public register for checking the details of key individuals working in financial services. Our detailed note on the consultation and next steps can be found here.
The FCA and PRA published multiple documents in relation to the extension of SMCR. Please find links to those document below.
1. PS18/14 - Extending the Senior Managers & Certification Regime to FCA firms - Feedback to CP17/25 and CP17/40, and near-final rules
2. PS18/15 - Extending the Senior Managers & Certification Regime to insurers - Feedback to CP17/26 and CP17/41 and near-final rules
3. PS18/16 - Final Guidance: the Duty of Responsibility for insurers and FCA solo-regulated firms
4. CP18/19 - Introducing the Directory
5. SMCR - Guide for FCA solo-regulated firms
1. PS 15/18 - Strengthening individual accountability in insurance: Extension of the SM&CR to insurers”
We will be publishing further commentary in due course. We have also developed a toolkit to help firms progress implementation of SMCR in a cost effective way. Please click here to find out more
This document (and any information accessed through links in this document) is provided for information purposes only and does not constitute legal advice. Professional legal advice should be obtained before taking or refraining from any action as a result of the contents of this document.