Senior managers and certification regime

FCA regulation and the GC: A regulatory specialist summarises Senior Managers Responsibility regime: the requirements the Financial Conduct Authority has set out for the individual departments in a regulated financial services organisation - including the legal department.

If you’re an in-house lawyer in an FCA regulated organisation, you or your boss is likely to have personal regulatory accountabilities to the Prudential Regulation Authority (PRA) under the new Senior Managers Responsibility (SMR) regime.

You’ll need to understand how SMR affects your team, the internal departments you work with and your relationships with the financial services organisations you deal with.

In-house lawyers and the financial services sector

In the UK, the Financial Conduct Authority (FCA) is rolling out a new set of rules called the Senior Managers Responsibilty and Certification Regime (SMR). These rules are intended to ensure that every function in a regulated business is clearly owned by an identified manager who is personally responsible to the regulator.

SMR will apply to all regulated financial services entities by the end of 2018 and its scope will include in-house legal departments.

If you’re already planning for SMR, the information we’ve provided below will help remind you how the FCA and PRA responsibilities break down. If not, use this article in conjunction with these 70 questions to work towards the level of compliance you’ll need between now and the end of 2018.

If your organisation is not in the financial services sector but buys from it or sells to it, understanding the constraints it’s under could help you understand the negotiation positions many institutions adopt. This in turn will help you spot if a financial services provider is overstating its regulatory duties or restrictions as part of an effort to make an imposition on you.

This table sets out the general requirements of managers in financial services providers who are personally subjected to the Senior Managers Responsibility (SMR) regime. Beneath it, we’ve added some comments relating to the subset of SMR that applies specifically to insurance, the Senior Insurance Managers Responsibility regime (SIMR). 

Description of prescribed senior management responsibility
FCA-prescribed? PRA-prescribed?
Applies to all firms

Responsibility for the firm's performance of its obligations under the SMR.

The responsibility includes compliance:

  • With conditions and time limits on approval.
  • With requirements about the statements of responsibilities (but not the allocation of responsibilities recorded in them).
  • By the firm with its obligations under section 60A of FSMA (Vetting of candidates by relevant authorised persons).
SYSC 4.7.7R(1)
4.1(1)
Responsibility for the firm's performance of its obligations under the employee certification regime.
SYSC 4.7.7R(2)
4.1(2)
Responsibility for compliance with the requirements of the regulatory system about the management responsibilities map. This responsibility does not include allocating responsibilities recorded in it.
SYSC 4.7.7R(3)
4.1(3)

Overall responsibility for the firm's policies and procedures for countering the risk that the firm might be used to further financial crime.

The firm may allocate this responsibility to the money laundering reporting officer (MLRO) but does not have to. If the firm does not allocate it to the MLRO, this prescribed senior management responsibility includes responsibility for supervision of the MLRO.

SYSC 4.7.7R(4)
-

Acting as the firm's whistleblowers' champion.

The whistleblowers' champion's allocated responsibilities are set out in SYSC 18.4.4R .

SYSC 4.7.7R(4A)
-
Responsibility for the allocation of all prescribed responsibilities in accordance with Allocation of Responsibilities 3.1.
- 4.1 (20)
Applies to all firms except for small CRR firms and credit unions

Responsibility for: (a) leading the development of and (b) monitoring the effective implementation of policies and procedures for the induction, training and professional development of all members of the firm’s governing body.

(To be held by approved NEDs rather than executives.)

SYSC 4.7.7R(5)
4.1(13)
Responsibility for monitoring the effective implementation of policies and procedures for the induction, training and professional development of all persons performing designated SMFs on behalf of the firm other than members of the governing body.
SYSC 4.7.7R(6)
4.1 (5)
Responsibility for overseeing the adoption of the firm's culture in the day-to-day management of the firm.
- 4.1 (6)
Responsibility for leading the development of the firm's culture by the governing body as a whole.
- 4.1 (14)

Responsibility for (a) safeguarding the independence of and (b) oversight of the performance of; the internal audit function, in accordance with SYSC 6.2 (Internal Audit).

(To be held by approved NEDs rather than executives.)

SYSC 4.7.7R(7)
4.1(15)

Responsibility for (a) safeguarding the independence of and (b) oversight of the performance of the compliance function in accordance with SYSC 6.1 (Compliance).

(To be held by approved NEDs rather than executives.)

SYSC 4.7.7R(8)
4.1(16)

Responsibility for (a) safeguarding the independence of and (b) oversight of the performance of the risk function, in accordance with SYSC 7.1.21R and SYSC 7.1.22R (Risk control).

(To be held by approved NEDs rather than executives.)

SYSC 4.7.7R(9)
4.1(17)

Responsibility for overseeing the development of, and implementation of, the firm's remuneration policies and practices in accordance with SYSC 19D (Remuneration Code) / SYSC 19A (Remuneration Code).

(To be held by approved NEDs rather than executives.)

SYSC 4.7.7R(10)
4.1 (18)
Responsibility for the independence, autonomy and effectiveness of the firm's policies and procedures on whistleblowing, including the procedures for protection of staff who raise concerns from detrimental treatment.
- 4.1 (19)
Responsibility for managing the allocation and maintenance of the firm's capital, funding and liquidity.
- 4.1 (7)
Responsibility for the firm's treasury management functions.
- 4.1(8)
Responsibility for the production and integrity of the firm's financial information and its regulatory reporting under the regulatory system.
- 4.1(9)
Responsibility for developing and maintaining the firm's recovery plan and resolution pack and for overseeing the internal processes regarding their governance.
- 4.1(10)
Responsibility for managing the firm's internal stress tests and ensuring the accuracy and timeliness of information provided to the PRA and other regulatory bodies for the purposes of stress-testing.
- 4.1(11)
Responsibility for the development and maintenance of the firm's business model by the governing body. - 4.1(12)
Responsibility for the firm's performance of its obligations under the Fitness and Propriety Part of the PRA Rulebook in respect of its notified NEDs.
4.1(4)
Applies in specified circumstances
If the firm carries out proprietary trading, responsibility for the firm's proprietary trading activities.
- 4.2(1)
If the firm does not have an individual performing the chief risk function, responsibility for the compliance of the firm’s risk management systems, policies and procedures with the requirements of Risk Control 2.1 to 2.4 .
- 4.2(2)
If the firm outsources its internal audit function, responsibility for taking reasonable steps to ensure that every person involved in the performance of the service is independent from the persons who perform external audit, including (a) supervision and management of the work of outsourced internal auditors and (b) management of potential conflicts of interest between the provision of external audit and internal audit services.
- 4.2(3)
If the firm is a ring-fenced body (RFB), responsibility for ensuring that those aspects of the firm's affairs for which a person is responsible for managing are in compliance with the ring-fencing requirements.
- 4.2(4)
Overall responsibility for the firm's compliance with the Client Assets sourcebook (CASS).
SYSC 4.7.7R(11)
-
Applies to small firms only (firms that have assets of £250 million or less)
Responsibility for implementing and management of the firm's risk management policies and procedures.
- 5.2(3)
Responsibility for managing the systems and controls of the firm.
- 5.2(4)
Responsibility for managing the firm's financial resources.
- 5.2(5)
Responsibility for ensuring the governing body is informed of its legal and regulatory obligations.
- 5.2(6)

Under the SIMR, the prescribed responsibilities are to:

  • Ensure the organisation has complied with its obligations in Insurance - Fitness and Propriety 2.1 to ensure that all persons performing a key function are fit and proper;*
  • Lead the development of the organisation’s culture and standards;
  • Oversee the adoption of the organisation’s culture and standards on a day-to-day basis;
  • Manage the production and integrity of the organisation’s financial information and regulatory reporting.*
  • Manage the allocation and maintenance of the organisation’s capital and liquidity;*
  • Develop and maintain the organisation’s business model;*
  • Perform the organisation’s own risk and solvency assessments (ORSA);*
  • Lead the development, implementation and monitoring of policies and procedures for the induction, training and professional development of all members of the organisation's governing body;
  • Monitor policies and procedures for the induction, training and professional development of all the organisation’s key function holders except the governing body (see above);

(* - Third country Solvency II branches must allocate the SIMR prescribed responsibilities marked with an asterisk above to persons approved to perform a Senior Insurance Management Function (SIMF) by the PRA or a relevant senior management function by the FCA.)

Organisations will also need to allocate these prescribed responsibilities to one or more non-executive directors who perform an oversight PRA SIMF or an FCA governing function at the firm:

  • Oversight of the independence, autonomy and effectiveness of the organisation’s policies and procedures on whistleblowing, including the procedures for the protection of staff who raise concerns from detrimental treatment; and
  • Oversight of the development and implementation of the organisation’s remuneration policies and practices.

The PRA has made it clear that SIMR prescribed responsibilities are additional to the responsibilities that are inherent in the definition of each PRA SIMF. They’re also additional to the key attributes of certain functions prescribed by the PRA rules to be ascribed to actuarial, risk management, internal audit and compliance functions. 

Conclusion

If you work in a financial services organisation, it’s vital to understand how SMR and SIMR affect your department and your working relationships with other departments. If you don’t work in the financial services sector, it’s almost certain that you’ll have arrangements with financial services providers, either as a customer or a supplier. Understanding their regulatory framework will help secure the best possible contractual arrangements with them.

PLEASE NOTE THAT THIS ARTICLE IS FOR GENERAL GUIDANCE ONLY AND SHOULD NOT BE RELIED UPON AS ADVICE. IT WAS WRITTEN IN SEPTEMBER 2017 AND IS NOT MAINTAINED. SO PLEASE DO CHECK THE FCA WEBSITE ON THE CURRENT POSITION AND TAKE PROFESSIONAL ADVICE AROUND YOUR SPECIFIC CIRCUMSTANCES.