A new broom: making sense of the Senior Managers and Certification Regime
22 Sep 2017

It is rare for a Treasury policy paper to describe a regulatory system as bluntly as “discredited”. The unloved Approved Persons Regime (APR) for the financial services sector was deemed fitting of such harsh language after its singular failure to halt the forex scandal; over a decade of rigging and collusion with potential systemic costs running into the billions were, in the end, ignominiously revealed by Bloomberg News in 2013. The APR was denounced by the Parliamentary Commission on Banking Standards (PCBS) as “a complex and confused mess”, operating as an initial hurdle into the industry rather than a structure for long-term enforcement.

The excoriating PCBS report concluded that what was necessary was “first, to encourage greater clarity of responsibilities and improved corporate governance within banks; second, to establish beyond doubt individual responsibility in order to provide a sound basis for the regulators to impose remedial requirements or take enforcement action where serious problems occur.” As such, the replacement individual accountability system, the Senior Managers and Certification Regime (SM&CR), came into force for banks in March 2016. The FCA is currently consulting on extending the SM&CR to all financial services firms, including insurers and those firms regulated solely by the FCA, as well as making some minor changes to the system with the benefit of a year’s experience. It is therefore a good time to ask how the SM&CR operates, what’s coming up, and whether it has worked so far.

In essence, the SM&CR rests on three legs. The first is the Senior Managers Regime, which allows the FCA to define certain functions as senior management functions. Similarly to the APR, persons who hold a senior management function must be approved by the FCA before they start, and annually assessed as fit and proper by their firms. The regulatory innovation is that a senior manager may also be held personally accountable by the FCA should (a) their firm contravene regulatory requirements within that senior manager’s responsibility, and (b) that senior manager did not take the steps it was reasonable to take in that position. Until March 2016, this was subject to a reverse burden of proof (ie in the event of a breach, the senior manager had to prove he or she had acted reasonably), but that was deemed to be disproportionate. The FCA also prescribes some responsibilities that larger firms must give to a senior manager.

As part of the extension process, the FCA has defined different tiers of firms, some of which are of “limited scope” and need only apply certain senior management functions. Meanwhile, all firms other than those ‘limited scope’ firms must give new prescribed responsibilities to a senior manager, most of which relate to the firm’s implementation and compliance with the SM&CR. A striking new prescribed responsibility is that a senior manager must be responsible for “the firm’s policies and procedures for countering the risk that the firm might be used to further financial crime”. Much like the Modern Slavery Act, certain aspects of the Criminal Finances Act and the (to date rather limited) Impress media regulation body, the last decade’s characteristic approach seems to be forcing firms to be more proactive in self-regulation. Whether this will work remains to be seen, but it lends a great deal more clarity to management responsibility and provides an easy route for regulators to take action. In common parlance, it might be said to light a fire under more lax firms, forcing them and their managers to sit up and take notice.

The second leg is the Certification Regime. This applies to those persons who are not senior managers, but “whose jobs mean they can have a big impact on customers, the firm and/or market integrity”; these people are defined as performing “certification functions”. These people must also be certified as fit and proper to do their job by their firms at least annually. The extension proposals would expand these functions to cover such things as algorithmic trading, material risk-taking and what the FCA rather legalistically defines as “significant responsibility for a significant business unit” (but below the threshold of being a senior manager). Many definitions here, such as the word ‘significant’, are left to the discretion of firms, subject to certain FCA guidelines. This leaves the door open for firms to take a more relaxed approach than might be appropriate in the long run, though the FCA may take a fairly tough line in enforcement proceedings as the regulations settle in over the coming years.

The third and final leg is the power granted to the FCA to write and apply Conduct Rules, which can apply to all employees in a firm (and, since March 2016, even non-executive directors). Conduct Rules are intended to “set basic standards of good personal conduct”, emphasising integrity, diligence and (sternly) co-operation with regulators. Meanwhile, however, the same tranche of reforms in March removed the obligation for banks to report every known or suspected breach of rules of conduct on cost grounds. The extension proposals seek to amend the position perhaps to account for this possible vulnerability. All firms, it proposes, are to be subject to two tiers of Conduct Rules in their financial services activites: a tier for all individuals working in a more than “ancillary” role (the ‘core regime’), and a higher tier for senior managers. Meanwhile, training in and compliance with these Conduct Rules are to be made a new prescribed responsibility, including for the banking firms already subject to the SM&CR.

At the same time, the FCA proposes further senior management functions, prescribed responsibilities and Conduct Rules for some firms only it regulates, namely around 350 of what it calls “enhanced firms”. These are firms that are “larger in size or have more complex structures where weaknesses in accountability or governance could cause greater harm to consumers, or impact upon market integrity”, as identified by a set of objective, technical criteria. These enhanced firms will additionally be subject to an ‘overall responsibility requirement’, that “every activity, business area and management function has a Senior Manager with overall responsibility for it.” This is intended to prevent the unclear allocation of responsibilities criticised by the PCBS, particularly in firms which are ‘too big to fail’ and caused such catastrophic damage in the 2008 crash. The FCA cheerfully notes that “some [banking] firms found the Overall Responsibility requirement difficult to understand and implement”, and gives helpful suggestions on possible steps to identify these responsibilities. It also proposes requiring these enhanced firms to produce a Responsibilities Map, a single document produced by a firm setting out its management and governance arrangements.

Upon its introduction in the banking sector in 2016, the SM&CR met with considerable praise from the architects of the PCBS, including its former chairman Andrew Tyrie. In a sense, the extension completes the picture and buries the APR for good. Like the APR, though, the flaws of the system may only become apparent in hindsight, and the baleful history of financial regulation would seem to indicate that some inappropriate dealing will, eventually, get through – especially if the areas of autonomy granted to firms are exploited. The question is how large and damaging this behaviour can be, and the SM&CR is clearly aimed at minimising the harm that can be caused by enhancing individuals’ accountability and more clearly defining the responsibilities of firms with systemic importance to the market. In particular, the (perhaps belated) inclusion of algorithmic trading as a subject of particular concern shows an encouraging readiness for unforeseen future developments in the light-speed transactions that characterise the modern market. Wherever the next high-profile scandal pops up, the regulators will be better armed and better informed – but anyone expecting a magic bullet will be disappointed.





Richard Nicholl (@rtrnicholl) is a Master’s student at the University of St Andrews, specialising in legal history. He also works as a freelance journalist and legal researcher.

Count this content towards your CPD minutes, by signing up to our CPD Wallet