We recently touched upon SM&CR, which is due to come into force on 9th December 2019. Below, we go into much more detail, following on from our TALK: SM&CR webinar which is available to watch here.
The aim of the SM&CR is to reduce harm to consumers and strengthen market integrity by creating a system that enables firms and regulators to hold people to account. The SM&CR commenced for banking firms in March 2016, for insurers in December 2018 and will be extended to solo-regulated firms in December 2019
The FCA has set out the Senior Management Functions (SMFs), which will apply to firms. A firm does not need to have a Senior Manager for every SMF that the FCA has created, but if you are already taking the responsibility of a Senior Management Function, then you will need to be classed as a Senior Manager and will require FCA approval.
|SMF9 – Chair (non-executive) / (CF2 Non-executive director function)|
|CF3 – SMF1 – Chief executive|
|CF1 – SMF3 – Executive director|
|CF4 – SMF27 – Partner|
|CF10 – SMF16 – Compliance oversight|
|CF11 – SMF17 – Money laundering reporting officer (MLRO)|
The good news for FCA-authorised firms is that fewer persons may require prior regulatory approval under the SM&CR than under the current Approved Persons regime.
For example, under the Approved Persons regime, all directors (including non-executive directors), must be Approved Persons. In contrast, under the SM&CR, non-executive directors who do not also undertake one of the roles designated as Senior Management Functions do not require approval.
The temptation will be to have as few SMFs as the regulations allow, but this may not always be the best option for the firm or its future relationship with the regulator, let alone for the individuals concerned. There are three potential reasons for this:
The SM&CR does not apply to Appointed Representatives (ARs) (except for certain Limited Permission Consumer Credit firms that also act as ARs for other businesses).
FCA has proposed a three-tiered regime:
The FCA states that, it wants the new regime to be proportionate and flexible enough to accommodate the different business models and governance structures of firms.
The definition of ‘Enhanced firms’ is determined by the criteria relating to size, complexity and the greater impact to consumers.
Enhanced Firms will have:
|12 Prescribed Responsibilities and some additional overall responsibilities.|
Limited Scope firms will have a ‘lite” approach and therefore will be subject to a reduced set of requirements. These are firms with limited permissions who will be consumer credit firms, sole traders and utility companies.
Limited Firms have 3 SMF’s:
|SMF 29 – Limited Scope Function;|
|SMF 16 – Compliance Oversight;|
|SMF 17 – Money Laundering Officer.|
If you are not Enhanced or Limited scope, you will be with the majority of firms within the Core firm’s category. Core Firms have 6 SMF’s to report on which comprise of:
|4 Governing Functions namely||Chief Executive; Executive Director; Partner; Chair|
|2 Required Functions||Compliance Oversight Money Laundering Reporting Officer|
The FCA distinguishing between Core and Enhanced firms will be AUM threshold of £50 billion. The only refinement is the addition of a three year rolling average calculation on both AUM and revenue-based criteria, (£35 million for intermediary regulated revenue).
Firms will be contacted by the FCA before the implementation date, to inform firms of its assessment of their status, (Core, Enhanced or Limited Scope). Firms will need to check the accuracy of the FCA’s assessment and inform the FCA if they disagree. If a firm thinks it may change tiers during the transition to the new regime, it should contact the FCA as soon as possible to discuss this.
You can work out your firm’s type by either using the firms checker tool or by reading the FCA Guide to the SM&CR for solo-regulated firms.
The FCA three tiers of application include the following:
|The following firms fall under the proposed Enhanced Scope Regime:|
|Significant investment (IFPRU) firms|
|Firms that are CASS Large firms|
|Firms with assets under management of £50billion or more|
|Firms with total intermediary regulated business revenue of £35 million or more per annum|
|Firms with annual regulated revenue generated by consumer credit lending of £100 million or more per annum|
|Mortgage lenders that are not banks with 10,000 or more regulated mortgages outstanding|
|The following firms fall under the proposed Limited Scope Regime:|
|Limited permission consumer credit firms;|
|Authorised professional firms whose only regulated activities in are non-mainstream regulated activities|
|Oil market participants|
|Subsidiaries of local authorities or registered social landlords|
|Authorised internally managed AIF’s (Alternative Investment Funds)|
|The following firms fall under the proposed Core Scope Regime:|
|All other FCA solo regulated firms not caught as an Enhanced firm or limited scope firm.|
So, this is the framework of the SM&CR changes, the real question is – what do I need to do?
This may be a ‘Hot Potato’ to pass around the office but this should be taken on by someone who has the authority to own these changes going forward. Most importantly, it is important to plan out any possible implications / challenges and work out who owns what, going forward.
Build a clear summary of the firm, their responsibilities and how these come together into reporting relationships.
You may end up holding more than one SMF, due to the structure of the firm. If you are a small firm then you will have multiple hats to wear, you will most likely be the Executive Director, and you may also find yourself being the Money Laundering Reporting Officer. Should this happen, the person will need to apply for approval from FCA for each function, although this can be on the same form as long as this clearly describe all of their responsibilities.
Firms will need to inform all staff who will be covered by the conduct rules. They must be trained on how the new rules will apply to their roles.
The SoR should clearly set out a Senior Manager’s role and what they are responsible for and will need to be kept up to date. The FCA standard template should be completed and submitted for all new approvals and following any significant change. It should be clear and easy for regulators, the Senior Manager and others in the firm to understand it. Each version of the SoR must be retained for a period of ten years from the date on which it was superseded by a more up-to-date record. A Statement of Responsibility needs to be submitted for Core, Enhanced and Limited Scope firms.
Here’s a link to the FCA handbook.
This is an essential for Enhanced firms, but firms will also be obliged to monitor compliance and report breaches of conduct to the FCA for Senior Managers within seven days of a breach and other staff at least annually.
Consider what approved functions will grandfather into equivalent Senior Manager roles and what new applications for approval will be needed. Depending on the category of firm your business falls into, you will need to check whether the approved person population will convert automatically into the equivalent Senior Management functions or whether you will need to file a conversion form (Form K) and supporting documents.
So, the second part of this blog is all around the Certification Regime and things you need to be considering regarding it.
The aim of the Certification Regime is to make firms carry out fit and proper assessments on their members of staff on a regular basis. The regulator has not expressed any way in which firms should be carrying this out, and it could be because each firm does it slightly different. So, you need to decide which is the best way for you and your staff. What might work for you might not work for another firm and that’s fine, as long as you can demonstrate and evidence that you have assessed these members of staff.
The most recent update from the regulator said low-risk individuals would be caught in the scope because they are taking part in “managing” or “arranging”. The latest consultation has stated that they feel the activities undertaken by these individuals are unlikely to harm consumer or other users of financial services and also the administrative burden of requiring firms to certify such individuals would be disproportionate to the risks posed.
It therefore proposed to amend the rules to exclude an individual who has “no scope to choose, decide or reach a judgement” in a given situation and whose tasks do not require “significant skill”.
The FCA said this amendment will allow firms to exercise judgment on whether a role requires certification.
The FCA have said that fit and proper assessments apply to Senior Managers, Non-Executive Directors and individuals under the Certification Regime. The new rules are:
The fitness and propriety requirements apply to all firms. As mentioned earlier, there are certain members of staff that need to be certified as fit and proper to carry out their job. When creating the assessment or indeed building upon the one you already have, there are three important considerations that are the ones you must cover. These are:
In order to show this, the firm needs to evidence their reasoning behind their decision of the individual being fit and proper. The extra evidence includes:
The firm will need to declare if the candidate has a criminal record. This however is only for Senior Manager Functions when the application is being made. Once the application has been made, there is no need to run a criminal record check again. This record then needs to be kept for 6 years after the application was made.
If the individual holds a Certified Function, this rule is not mandatory for them. As a firm you, can choose to conduct these checks for these members of staff but only where you are legally allowed to do so.
For Senior Managers and Certification Function applicants, the firm will need to request references from the applicant’s previous employers. The aim of this is to help employers attract the right type of candidate’s and for them to hire the most suitable individual for the role.
In terms of the reference, the firm will need to:
There are also training and notification requirements:
In terms of notification, if there is a breach of the conduct rules by a Senior Manager, the Senior Manager needs to notify the FCA within 7 business days of the firm conducting disciplinary action. In this case, disciplinary action refers to:
For other members of staff who have breached the rules, the firm needs to make a report each year through GABRIEL using the REP008 form.
Last but not least, there are some training requirements. Each firm is required to train the relevant members of staff on how the Conduct Rules apply to their role. Both Senior Managers and Certification Staff need to have received training on and comply with the Conduct Rules from the start of the new regime.
You have a year from the 9th of December 2019 to make sure your staff are all trained on the Conduct Rules.
Going forward, there are a few things that you need to be considering:
We appreciate there is a lot of information here to take in, but there are important pieces of information for you to know and understand. Take some time out to be familiar with the requirements under both the Senior Managers Regime and the Certification Regime and map out what your next moves are to help you become compliant.
For more detail on SM&CR, you can attend our MASTER: SM&CR & IDD workshop in London – click here for tickets.