Senior Managers Regime, Certification Regime and Conduct Rules
11 January 2022
The Senior Managers Regime, Certification Regime and Conduct Rules (SMCR) was introduced in response to the global economic crisis to strengthen accountability and encourage good governance. The regime requires clear allocation of responsibilities to senior managers and, crucially, makes it much easier for them to be held personally liable for governance failures. It also aims to improve awareness of conduct issues across firms and, together with increased individual accountability, deter misconduct.
SMCR is split into three regimes, according to firm type:
- Deposit takers and Prudential Regulation Authority (PRA) - designated investment firms
- Insurance firms
- FCA solo-regulated firms
The above three regimes came into force between March 2016 and December 2019. The deadline for implementation for FCA solo-regulated firms was extended to 31 March 2021 due to the COVID-19 pandemic.
The Senior Managers Regime also came into force for benchmark administrators on 7 December 2020 (the certification regime is not being applied to benchmark administrators due to their being subject to similar requirements under the Benchmarks Regulation). Benchmark administrators had until 7 December 2021 to train conduct rules staff who are not senior managers.
Given the many different types of firms captured under SMCR for FCA solo-regulated firms, the FCA introduced a tiered approach. These SMCR firms are split into three categories: limited scope firms, core firms, and enhanced firms. The scope of SMCR requirements to be complied with varies accordingly.
The Senior Managers Regime
The Senior Managers Regime (SMR) requires firms to identify senior individuals responsible for performing various senior management functions (SMFs). The required SMFs vary according to the type of SMCR firm concerned. Individuals performing SMF roles are subject to regulatory pre-approval, which may include being interviewed by the regulator(s). Such individuals will need to satisfy fitness and propriety requirements, and have a satisfactory criminal record check and regulatory references. They will also need to have suitable experience to perform the role.
An SMCR firm will be required to allocate a series of prescribed responsibilities across its SMFs. Some of the prescribed responsibilities are role-specific and must be performed by certain SMFs, for others there is more flexibility in allocation. Each senior manager must have a statement of responsibility setting out their prescribed responsibilities, and will have individual accountability to the regulator for their area of responsibility.
Most SMCR firms (other than FCA solo-regulated limited scope or core SMCR firms) must also have a responsibilities map showing how the various prescribed responsibilities are allocated across its SMFs, and that there is an individual senior manager that is responsible for each key business unit. This must be kept up to date. Such firms must also make sure that individuals who are new to SMF roles, or individuals performing an SMF whose role or responsibilities have changed, have all the handover material they could reasonably expect to perform their role, including unresolved or possible breaches of any regulatory requirements and unresolved concerns expressed by any regulatory body. Predecessors are expected to draft handover notes.
Presumption of responsibility and the reasonable steps defence
The SMR introduced a presumption of responsibility for breach of regulatory requirements. Senior managers will be held liable for any contravention of a regulatory requirement in an area for which they have responsibility - even if they personally had nothing to do with the breach - unless they can prove that they took such steps as a person in their position could reasonably be expected to take to avoid the breach.
The steps needed will vary from case to case, but guidance suggests the regulator will look at factors such as the size, nature and complexity of the firm, the senior manager’s due diligence on taking up the role, the resourcing of specific business areas, the senior manager’s delegation to subordinates, and whether the senior manager appropriately sought expert advice at any time.
Criminal offence for Bank SMFs
It is a criminal offence for a senior manager to assent to a decision that causes a bank to become insolvent while being aware that the decision might cause the bank to fail, if their conduct falls “far below what could reasonably be expected of a person” in that position. Sanctions include unlimited fines and imprisonment of up to seven years.
This is expected to have limited impact, as the failure of financial institutions is rare, and will seldom be demonstrably “caused” by a single decision
The Certification Regime
The Certification Regime replaced the previous FCA “approved persons” regime for affected firms.
Under the previous regime, the FCA was responsible for pre-approving staff who undertook “controlled functions” (senior decision-makers, control staff and staff who liaised directly with clients and customers). The Certification Regime introduced two key changes:
- It scrapped the concept of “controlled functions”. Instead, all staff who are not senior managers under the SMR, but who occupy “significant harm functions”, meaning they pose a risk of significant harm to the firm or any of its customers, must be certified.
- It shifted the burden of certification on to firms themselves. The FCA will not approve staff carrying out “significant harm functions”. Instead, firms must perform their own internal vetting – both on recruitment and annually thereafter - to certify relevant staff as fit and proper.
This vetting includes:
- Conducting criminal record checks (discretionary in relation to persons performing certification functions – but mandatory in relation to SMFs and non-executive directors).
- Seeking regulatory references for the previous six years of a candidate’s employment history.
- Considering a candidate’s relevant performance.
- Issuing a certificate stating that the firm is satisfied that the individual is a fit and proper person to perform the Certification Function, and setting out the aspects of the firm’s business in which the individual will be involved.
Although certified persons are not approved by the FCA, firms are required to submit details of their certified persons to the FCA for inclusion in the Directory.
The Conduct Rules
The Conduct Rules replaced and extended the application of the Statements of Principle for Approved Persons (known as APER) for affected firms.
The Conduct Rules are wider than APER and set out a basic standard for behaviour for everyone in SMCR firms (with the exception of those performing ancillary administrative functions, such as switchboard operators, security guards and cleaners). They apply to both regulated and unregulated activities.
There are two tiers of Conduct Rules - those applicable to everyone, and those applicable solely to senior managers. The Rules impose greater responsibility on both individuals and firms:
- All staff are subject to a (FCA-only) duty to “pay due regard to the interests of customers and treat them fairly”. The Conduct Rules confer individual responsibility for customer management - including product selling and wealth management.
- Senior managers are subject to requirements to:
- “disclose appropriately any information of which the FCA or the PRA would reasonably expect notice”, which some have described as a duty to blow the whistle; and
- delegate only to “appropriate persons” and to “effectively oversee” the discharge of the delegated responsibility. This prevents senior managers from escaping personal liability by delegating to others.
- Firms are required to report to the FCA disciplinary action (formal written warning, suspension, dismissal, reduction/recovery of remuneration) taken against individuals for breach of the conduct rules. For FCA conduct rules staff other than SMFs the notification should be made annually. For SMFs the notification must be made within 7 days.
- Firms are also required to train all staff on the application of the Conduct Rules, with certain staff required to undertake further training in specialist areas.
Is the SMCR regime working?
In December 2020 the PRA published an evaluation of the SMCR. The overall finding was that the introduction of the SMCR has helped ensure that senior individuals in PRA-regulated firms take greater responsibility for their actions, and has made it easier for both firms and the PRA to hold individuals to account. Risks that were identified included potential under-reporting of conduct rules breaches, and in some cases potentially unnecessarily punitive use of regulatory references.
On 16 December 2021, the PRA published an inventory of senior manager responsibilities under the SMCR. The inventory follows feedback on the PRA’s evaluation of the SMCR that it would be useful to have an inventory of references to senior manager responsibilities made in PRA publications that are not directly related to individual accountability.
Will SMCR be expanded to cover additional types of firm?
The HM Treasury (HMT) consultation on extending SMCR to Financial Market Infrastructures closed on 22 October 2021, and the response is awaited. The FCA, in its 2020/2021 annual perimeter report indicated that it would work with HMT to extend SMCR to the payments and e-money sector, recognised investment exchanges and credit ratings agencies.
In December 2021, HMT published a Call for Evidence on the Appointed Representatives Regime in which it is considering, amongst other proposals, extending the SMCR regime to appointed representatives. The deadline for responding is 3 March 2022.
There is presently no set timescale for the proposed extensions to SMCR.