On 7 March 2016, a new and enhanced regime for senior management responsibility will fully come into force in the United Kingdom. This regime is intended to impact upon many senior individuals working in financial services firms including some individuals who may not ordinarily be located in the UK. The new rules for the regulation of senior individuals in the banking and insurance sectors are designed to improve standards in all affected firms and deliver cultural change across the sector. In addition, and notwithstanding the suggestion that the new regimes are not about "heads on sticks"i, the new approach should make it easier for the regulators to hold senior individuals to account for regulatory failures.
The new Senior Managers Regime (the "SMR") is concerned with the most senior individuals in banking, whilst a ‘Certification Regime’ is planned for less senior individuals (together, the “SM&CR”). The SM&CR along with new Conduct Rules and other legislative changes is designed to deliver a significant advance from the level of individual accountability that exists under the current ‘Approved Persons’ regime. The regulators, the Prudential Regulation Authority (“PRA”) and Financial Conduct Authority (“FCA”) have also created a parallel regime for the insurance sector, which in some ways mirrors the SMR, but also implements certain requirements within the Solvency II Directive (2009/138/EC) (“Solvency II”). Unlike the SMR, the ‘Senior Insurance Managers Regime’ (“SIMR”) has only partially replaced the previous Approved Persons regime.
Scope of the SMR and SIMR
The SM&CRs apply to ‘relevant authorised persons’ (“RAPs”) as defined by section 71A of the Financial Services and Markets Act 2000. In short, RAPs are deposit-takers – i.e. banks, building societies and credit unionsii – or PRA-regulated investment firmsiii. Certain third-country branches that are operating in the UK will be caught within the scope of the regime.
The SIMR applies to insurance and re-insurance firms, including third-country branch undertakings, within the scope of Solvency II, as well as to the Society of Lloyd’s and Managing Agents (collectively referred to as “insurers”). The regulators are also currently consulting on extending a ‘streamlined’ version of the SIMR to insurers who are too small to be subject to Solvency IIiv.
The SMR and SIMR apply to executive directors, and certain non-executive directors ("NEDs"). For larger institutions, the level of management below the board will also be covered by the SMR and SIMR: the key test is whether an individual has overall responsibility for a ‘key function’ and reports to the board in respect of that functionv. Examples of key functions include responsibility for wholesale sales; for customer service; and for business continuity. The regulators propose that only NEDs with specific responsibilities will come within the regime: the chairman, senior NED, and the chairs of the risk, remuneration, audit and nomination committees of the board. So-called ‘standard’ NEDs will not be SMs.
The allocation of responsibilities
The allocation of responsibilities is fundamental to the SMR, because of the impact of the ‘presumption of responsibility’. Although the SIMR does not have a presumption of responsibility, a clearer allocation of responsibilities is still central to the effectiveness of this new regime because it should make it easier for the regulators to hold senior individuals in insurers accountable for failures in parts of the firm which fall within their allocated responsibilities. The responsibilities allocated to senior managers must be reflected in two types of document: individual statements of responsibilities, and a firm-wide ‘map’ (entitled ‘responsibilities maps’ for RAPs, and ‘governance maps’ for insurers).
The allocation of responsibilities operates at two levels in the SMR and SIMR. First, certain required roles in firms have inherent or allocated responsibilities. The head of internal audit is an example of a role that is described as having an inherent responsibility whilst an example of a role which is allocated responsibility is that of the chairman who, the PRA states, should play a leading role in relation to PRA prescribed responsibility 14 (“responsibility for leading the development of the firm’s culture by the governing body as a whole”)vi. At the second level the allocation of responsibilities involves a series of ‘prescribed responsibilities’ that firms must allocate to a single senior manager. The PRA has specified 19 prescribed responsibilities whilst the FCA has 12 prescribed responsibilities (most of which overlap with the PRA’s), and 27 ‘key functions’ that, if they exist in a particular firm, should also be allocated amongst senior managers.
Following consultation, the regulators now propose to permit prescribed responsibilities to be shared, but with the proviso that all senior managers allocated that prescribed responsibility will be “in principle… deemed wholly responsible” for all aspects of the prescribed responsibilityvii.
The presumption of responsibility
The presumption of responsibility is one of the most significant changes brought about by the introduction of the SMR, (there is no equivalent presumption in the SIMR). Previously, it was for the regulators to show that an individual had breached one of the Statements of Principle for Approved Persons ("APER"), or was ‘knowingly concerned’ in a firm’s breach of a regulatory requirement: section 66 FSMA. By contrast, under the SMR, an individual is guilty of misconduct without more if the regulators are able to show that there was a failure by an RAP in an area for which that individual senior manager was responsible.
This presumption of responsibility is, however, subject to a ‘reasonable steps defence’, whereby a senior manager in the circumstances described above will not be guilty of misconduct if the individual:
"satisfies the [FCA/PRA] that [the senior manager] had taken such steps as a person in [the senior manager’s] position could reasonably be expected to take to avoid the contravention occurring or continuing."viii
This test – whether the individual took reasonable steps – is essentially the same as that which applies now. The regulators suggest that most of the steps to be taken by senior managers "appear common sense… Behave with integrity, delegate appropriately; make sure you understand your business area; and comply with common law, existing rules and legal obligations"ix . Nonetheless it is very significant that the onus will be upon the individual to prove that this defence applies rather than the evidential burden being upon the regulator, as is the position at present.
The regulators have explained that they will take into account a variety of factors when deciding if the presumption should apply, such as: the size, complexity and scale of the firm; the senior manager’s due diligence upon taking up the role; the nature of the senior manager’s delegation to subordinates; whether expert advice was sought appropriately by the senior manager; and whether the senior manager ensured that specific areas of the business were adequately resourced. However in many ways the more vexed issue is what evidence will the regulators rely upon to demonstrate that there has been a failure in an individual's area of responsibility. As a consequence of the problem that firms often settle enforcement cases against them because it is commercially expedient to do so, the regulators have now clarified that they will not rely on previously settled cases against firms as a basis for applying the presumption of responsibility against senior managers of such firmsx. Consequently an individual may contest that issue even if the firm has previously accepted that the contravention took place by means of a settlement agreement.
The criminal offence
Section 36 of the Financial Services (Banking Reform) Act 2013 creates a criminal offence relating to a decision that causes a 'financial institution' to fail. The offence applies only to senior managers in banks, and sanctions include imprisonment (with a maximum term of seven years imprisonment), an unlimited fine, or both. The elements of the offence include:
• the individual takes a decision that causes a bank to become insolvent;
• the individual is aware at the time of the decision that there was a risk that the implementation of the decision might cause the bank to fail; and,
• the individual’s conduct “falls far below what could reasonably be expected of a person” in the individual’s position.
The criminal offence is unlikely to be utilised, even in circumstances where an RAP fails, because the elements of the offence will be very difficult to establish. Nonetheless the threat of possible criminal investigations and the associated cost and distress, remains a real concern.
Handovers between senior managers
For RAPs (but not insurers), the FCA will introduce requirements relating to handovers. Banks will have an obligation to ensure that in-coming senior managers have all the information and material that they could reasonably expect to have to perform those responsibilities effectively. Banks will also be required to have a policy on, and keep adequate records relating to, handovers.
The certification regime requires that certain employees at RAPs who could cause significant harm to the firm or any of its customers must be certified by the RAP as fit and proper persons to carry on the function in question. There is no equivalent certification regime for insurers. The PRA has specified that its certification regime will apply to ‘material risk takers’ which means that certain individuals not based within the UK could be caught by the new regime. Whilst the FCA’s regime is somewhat wider than the PRA's regime it is also only applicable to those operating within the UK.
The certification by the RAP must be made before a candidate begins employment, and annually thereafter. Unsurprisingly senior managers will have a prescribed responsibility to ensure the integrity of the certification process. In addition there are also new requirements for banks to undertake criminal records checks, and take up ‘regulatory references’ in respect of the last five years of a candidate’s employment.
The conduct rules
To complement the SM&CR and the SIMR new ‘Conduct Rules’ will also be introduced which will mostly replace APER. For RAPs, but not insurers, there are also new stringent reporting requirements in circumstances in which a firm suspects an individual has breached a Conduct Rule. The new Conduct Rules under the SMR and SIMR will apply to:
• All senior managers in both RAPs and insurers;
• Approved persons within insurers;
• Certified persons in RAPs; and,
• Most other employees in RAPs.
Currently, APER applies to only about 10% of those employed in banks. Under the SMR, the new Conduct Rules apply to all employees of RAPs save for a short list of 'excepted employees' who fulfil non-banking, auxiliary functions. For the most part, the Conduct Rules are in substance identical to those under APER, with the following important exceptions.
• there is a new rule providing that: “you must pay due regard to the interests of customers and treat them fairly” (Conduct Rule 4).
• Senior Managers will be required to only delegate to ‘an appropriate person’, and the senior manager must ‘oversee the discharge of the delegated responsibility effectively’.
• In the SIMR, there is an additional PRA conduct rule relating to paying “due regard to the interests of current and potential future policyholders…"
• The regulators have placed a clearer duty on senior managers to “disclose appropriately any information of which the FCA or PRA would reasonably expect notice” (SM4). This amounts, to placing a duty on SMs to whistleblow to the regulators.
In addition to the positive requirement placed on senior managers to whistleblow, the regulators have also consulted on wide ranging requirements for banks and insurers relating to whistleblowing. One of the key proposals is that any person will be entitled to blow the whistle to banks and insurers in relation to almost any matterxi, and they will be entitled to the same protections as those afforded to whistleblowers under the Public Interest Disclosure Act 1998.
The changes that will come into force next March will create a stringent regulatory regime for individuals working in the banking and insurance sectors that will substantially increase the personal risks for any of those within the regime and which will necessitate significant re-organisations at the top of firms, particularly those who currently have individuals who might be caught by the regime who operate outside of the UK. Consequently institutions should now start, if they have not already done so, preparing for the implementation of this regime.
Additionally firms who are currently slated to fall outside of the SMR and SIMR should be aware that it is entirely conceivable that the FCA and PRA will be pressed in due course to extend the regimes to more of the financial services sector. Furthermore if these changes prove to be successful then other regulators may follow the PRA and FCA in implementing similar proposals.
i As per Martin Wheatley in a speech given on 28 May 2015: https://www.fca.org.uk/news/debating-trust-and-confidence-in-banking-
ii There are special rules under the SMR for credit unions.
iii The nine PRA-regulated investment firms include the largest US investment banks operating in London.
iv PRA CP12/15 and FCA CP15/15.
v Paragraphs 1.18 and 2.45 of FCA CP14/13 – PRA CP14/14.
vi Paragraph 2.28 of PRA-PS3/15.
vii See PRA PS3/15 at paragraph 2.22.
viii Sections 66A(6) and 66B(6) of FSMA, in respect of FCA and PRA enforcement powers respectively.
ix As per Martin Wheatley in his speech given on 28 May 2015 (see footnote 1)
x The PRA says so explicitly (PRA PS3/15 at 3.14 of annex 2) whilst the FCA says that a senior manager must be a party to proceedings in which the firm’s contravention is established (chapter 5 of FCA-CP15/9).
xi The proposed rules require only that the disclosure relates to a ‘reportable concern’; that is, either it (a) would be a protected disclosure, (b) relates to a breach of the firm’s policies, or (c) relates to behaviour likely to harm reputation or finances of firm.