SM&CR in more detail

We recently touched upon SM&CR, which is due to come into force on 9th December 2019. Below, we go into much more detail, following on from our TALK: SM&CR webinar which is available to watch here.

What is SM&CR?

The aim of the SM&CR is to reduce harm to consumers and strengthen market integrity by creating a system that enables firms and regulators to hold people to account. The SM&CR commenced for banking firms in March 2016, for insurers in December 2018 and will be extended to solo-regulated firms in December 2019

Senior Managers Regime

  • If you are a Senior Manager, you will need to fill out a statement of responsibilities, explaining what they are responsible for and be accountable for all the authorised persons who have the ability to ‘cause significant harm’ to the firm or its customers and carry out a regulated activity.
  • A Senior Manager must also be responsible for each of the firm’s business functions and activities. These responsibilities are called ‘overall responsibilities’.
  • At least once a year firms need to certify that senior managers are suitable to do their jobs.

The FCA has set out the Senior Management Functions (SMFs), which will apply to firms. A firm does not need to have a Senior Manager for every SMF that the FCA has created, but if you are already taking the responsibility of a Senior Management Function, then you will need to be classed as a Senior Manager and will require FCA approval.

Governing functions
SMF9 – Chair (non-executive)  / (CF2 Non-executive director function)
CF3 –   SMF1 – Chief executive
CF1 –   SMF3 – Executive director
CF4 –   SMF27 – Partner
Required functions
CF10 –  SMF16 – Compliance oversight
CF11 –  SMF17 – Money laundering reporting officer (MLRO)

The good news for FCA-authorised firms is that fewer persons may require prior regulatory approval under the SM&CR than under the current Approved Persons regime.

For example, under the Approved Persons regime, all directors (including non-executive directors), must be Approved Persons. In contrast, under the SM&CR, non-executive directors who do not also undertake one of the roles designated as Senior Management Functions do not require approval.

Fewer is not always better

The temptation will be to have as few SMFs as the regulations allow, but this may not always be the best option for the firm or its future relationship with the regulator, let alone for the individuals concerned. There are three potential reasons for this:

  • It is not the best fit with your current values and culture (see below).
  • It downplays the role senior individuals not including as SMFs have in ensuring regulatory compliance.
  • It places a disproportionate burden on a small number of individuals.

Appointed Representatives

The SM&CR does not apply to Appointed Representatives (ARs) (except for certain Limited Permission Consumer Credit firms that also act as ARs for other businesses).

Three-tiered regime

FCA has proposed a three-tiered regime:

  • Core firms will be subject to a standard set of SM&CR requirements.
  • Enhanced firms whose size, complexity and potential impact warrant the application of extra requirements.
  • Limited scope firms which will be subject to a reduced set of requirements.

The FCA states that, it wants the new regime to be proportionate and flexible enough to accommodate the different business models and governance structures of firms.

Enhanced firms

The definition of ‘Enhanced firms’ is determined by the criteria relating to size, complexity and the greater impact to consumers.

Enhanced Firms will have:

17 SMF’s
12 Prescribed Responsibilities and some additional overall responsibilities.

Limited Scope firms

Limited Scope firms will have a ‘lite” approach and therefore will be subject to a reduced set of requirements. These are firms with limited permissions who will be consumer credit firms, sole traders and utility companies.

Limited Firms have 3 SMF’s:

SMF 29 – Limited Scope Function;
SMF 16 – Compliance Oversight;
SMF 17 – Money Laundering Officer.

Core firms

If you are not Enhanced or Limited scope, you will be with the majority of firms within the Core firm’s category. Core Firms have 6 SMF’s to report on which comprise of:

4 Governing Functions namely Chief Executive; Executive Director; Partner; Chair 
2 Required Functions Compliance Oversight Money Laundering Reporting Officer

Is my firm “Core” or “Enhanced”?

The FCA distinguishing between Core and Enhanced firms will be AUM threshold of £50 billion. The only refinement is the addition of a three year rolling average calculation on both AUM and revenue-based criteria, (£35 million for intermediary regulated revenue).

Firms will be contacted by the FCA before the implementation date, to inform firms of its assessment of their status, (Core, Enhanced or Limited Scope). Firms will need to check the accuracy of the FCA’s assessment and inform the FCA if they disagree. If a firm thinks it may change tiers during the transition to the new regime, it should contact the FCA as soon as possible to discuss this.

You can work out your firm’s type by either using the firms checker tool or by reading the FCA Guide to the SM&CR for solo-regulated firms.

The FCA three tiers of application include the following:

Enhanced Firms

The following firms fall under the proposed Enhanced Scope Regime:
Significant investment (IFPRU) firms
Firms that are CASS Large firms
Firms with assets under management of £50billion or more
Firms with total intermediary regulated business revenue of £35 million or more per annum
Firms with annual regulated revenue generated by consumer credit lending of £100 million or more per annum
Mortgage lenders that are not banks with 10,000 or more regulated mortgages outstanding  

Limited Scope Firms

The following firms fall under the proposed Limited Scope Regime:
Limited permission consumer credit firms;
Sole traders;
Authorised professional firms whose only regulated activities in are non-mainstream regulated activities
Oil market participants
Service companies
Subsidiaries of local authorities or registered social landlords
Authorised internally managed AIF’s (Alternative Investment Funds)

Core Firms

The following firms fall under the proposed Core Scope Regime:
All other FCA solo regulated firms not caught as an Enhanced firm or limited scope firm.

Preparation for SM&CR

So, this is the framework of the SM&CR changes, the real question is – what do I need to do?

Who is planning and running your preparations?

This may be a ‘Hot Potato’ to pass around the office but this should be taken on by someone who has the authority to own these changes going forward.  Most importantly, it is important to plan out any possible implications / challenges and work out who owns what, going forward.

Determine who will be Senior Managers and Certified Staff

Build a clear summary of the firm, their responsibilities and how these come together into reporting relationships.

Holding more than one SMF

You may end up holding more than one SMF, due to the structure of the firm. If you are a small firm then you will have multiple hats to wear, you will most likely be the Executive Director, and you may also find yourself being the Money Laundering Reporting Officer. Should this happen, the person will need to apply for approval from FCA for each function, although this can be on the same form as long as this clearly describe all of their responsibilities.

Establish what training will be required

Firms will need to inform all staff who will be covered by the conduct rules. They must be trained on how the new rules will apply to their roles.

Senior Managers Statement of Responsibilities

The SoR should clearly set out a Senior Manager’s role and what they are responsible for and will need to be kept up to date. The FCA standard template should be completed and submitted for all new approvals and following any significant change. It should be clear and easy for regulators, the Senior Manager and others in the firm to understand it. Each version of the SoR must be retained for a period of ten years from the date on which it was superseded by a more up-to-date record.  A Statement of Responsibility needs to be submitted for Core, Enhanced and Limited Scope firms.

Here’s a link to the FCA handbook.

Consider mapping the management responsibilities

This is an essential for Enhanced firms, but firms will also be obliged to monitor compliance and report breaches of conduct to the FCA for Senior Managers within seven days of a breach and other staff at least annually.

Conversion of existing approved persons

Consider what approved functions will grandfather into equivalent Senior Manager roles and what new applications for approval will be needed. Depending on the category of firm your business falls into, you will need to check whether the approved person population will convert automatically into the equivalent Senior Management functions or whether you will need to file a conversion form (Form K) and supporting documents.

Key considerations for all firms

  • Which tier does your firm fall into: limited scope, core or enhanced?
  • What Senior Management Functions will apply to your firm?
  • Does your firm have individuals who will perform relevant Senior Management Functions?
  • Does your firm need to change any existing approvals, or add new ones before the SM&CR begins?
  • Do you know which of your current approved persons will no longer be approved (i.e. which approvals will lapse under the SMCR)?
  • Does each of the senior managers within your firm have a Statement of Responsibility?
  • Do you know which Prescribed Responsibilities (if any) will apply to your firm and how these will be allocated to the senior managers within your firm?

Certification Regime

So, the second part of this blog is all around the Certification Regime and things you need to be considering regarding it.

The aim of the Certification Regime is to make firms carry out fit and proper assessments on their members of staff on a regular basis. The regulator has not expressed any way in which firms should be carrying this out, and it could be because each firm does it slightly different. So, you need to decide which is the best way for you and your staff. What might work for you might not work for another firm and that’s fine, as long as you can demonstrate and evidence that you have assessed these members of staff.

The most recent update from the regulator said low-risk individuals would be caught in the scope because they are taking part in “managing” or “arranging”. The latest consultation has stated that they feel the activities undertaken by these individuals are unlikely to harm consumer or other users of financial services and also the administrative burden of requiring firms to certify such individuals would be disproportionate to the risks posed.

It therefore proposed to amend the rules to exclude an individual who has “no scope to choose, decide or reach a judgement” in a given situation and whose tasks do not require “significant skill”.

The FCA said this amendment will allow firms to exercise judgment on whether a role requires certification.

Requirements

The FCA have said that fit and proper assessments apply to Senior Managers, Non-Executive Directors and individuals under the Certification Regime. The new rules are:

  • The requirement to assess, at least annually, whether an individual in certain roles are fit and proper for their role – however this rule does not apply to non-executive directors.
  • Carry out criminal record checks as part of the application for approval for Senior Managers; and
  • Obtain regulatory references for Senior Managers, certification staff and non-approved non-executive directors before appointing them.

Fitness and Propriety

The fitness and propriety requirements apply to all firms. As mentioned earlier, there are certain members of staff that need to be certified as fit and proper to carry out their job. When creating the assessment or indeed building upon the one you already have, there are three important considerations that are the ones you must cover. These are:

  • Honestly, integrity and reputation;
  • Competence and capability; and
  • Financial soundness.

In order to show this, the firm needs to evidence their reasoning behind their decision of the individual being fit and proper. The extra evidence includes:

Criminal record checks

The firm will need to declare if the candidate has a criminal record. This however is only for Senior Manager Functions when the application is being made. Once the application has been made, there is no need to run a criminal record check again. This record then needs to be kept for 6 years after the application was made.

If the individual holds a Certified Function, this rule is not mandatory for them. As a firm you, can choose to conduct these checks for these members of staff but only where you are legally allowed to do so.

Regulatory references

For Senior Managers and Certification Function applicants, the firm will need to request references from the applicant’s previous employers. The aim of this is to help employers attract the right type of candidate’s and for them to hire the most suitable individual for the role.

In terms of the reference, the firm will need to:

  • Create a standardised template to ensure that all of the information collected is the same for each applicant. 
  • Use the template to request a reference from all of the candidates previous employers over the past 6 years.
  • Disclose information in the application regarding any disciplinary action taken due to a breach of the Conduct Rules and if there were any findings that the individual was not fit and proper for their role.
  • Disclose any other information that may be relevant to assessing whether the candidate is fit and proper when applying for the role.
  • Retain a copy of any disciplinary and fit and proper records going back 6 years.
  • Update the references where new information comes to light.

Notification Requirements

There are also training and notification requirements:

In terms of notification, if there is a breach of the conduct rules by a Senior Manager, the Senior Manager needs to notify the FCA within 7 business days of the firm conducting disciplinary action. In this case, disciplinary action refers to:

  • Formal written warnings.
  • Suspending or dismissing the individual.
  • Reducing or recovering any of the person’s remuneration.

For other members of staff who have breached the rules, the firm needs to make a report each year through GABRIEL using the REP008 form.

Training Requirements

Last but not least, there are some training requirements. Each firm is required to train the relevant members of staff on how the Conduct Rules apply to their role. Both Senior Managers and Certification Staff need to have received training on and comply with the Conduct Rules from the start of the new regime.

You have a year from the 9th of December 2019 to make sure your staff are all trained on the Conduct Rules.

Going forward

Going forward, there are a few things that you need to be considering:

  • How will you fit all of this into your existing HR processes?
  • When are you going to do the fitness and propriety assessments?
  • How are you going to carry them out?
  • What will your process look like?
  • Who will be responsible for carrying them out?
  • What is the process and who will carry out the criminal record checks?
  • How is this going to work alongside your current recruitment process?
  • When are you going to plan all of this?

And that’s a wrap!

We appreciate there is a lot of information here to take in, but there are important pieces of information for you to know and understand. Take some time out to be familiar with the requirements under both the Senior Managers Regime and the Certification Regime and map out what your next moves are to help you become compliant.

We’re hosting two upcoming workshops on SM&CR – tickets are available here.

SM&CR in more detail