The Senior Managers Regime

PCBS recommended measures to make senior bankers more responsible, as well as encouraging behavioural change through increased individual accountability. Regulators the Prudential Regulatory Authority (PRA) and Financial Conduct Authority (FCA) responded to these recommendations by proposing a new regulatory regime.

It is made up of:

• the Senior Managers Regime: this creates direct accountability to the regulators for individuals taking important decisions about a firm’s affairs. It also ensures that firms allocate the most important senior management functions to individuals in a clearly defined manner;
• the Certification Regime: this requires firms to certify that certain employees are 'fit and proper' to perform their functions, based on their qualifications, training, competence and personal characteristics; and
• the Conduct Rules: this is a code of conduct applying to all non-ancillary staff within firms. Firms are required to report breaches of the Conduct Rules to the appropriate regulator.

The new regime came into force for all FSMA ’relevant authorised persons' on 7 March 2016 and will be extended to all 'authorised persons' in 2018. 'Relevant authorised persons' include banks, building societies, credit unions, PRA-designated investment firms and branches of foreign banks operating in the UK. The UK government has estimated that the proposed extension to 'authorised persons' will apply to 60,000 additional firms, including 17,200 investment firms and 42,000 consumer credit firms.

The Senior Managers Regime

‘Senior managers’ who hold one or more key functions within a firm (‘senior management functions’) must be approved by the appropriate regulator before they can be formally appointed. Senior managers typically include a firm’s board members; executive team members; heads of risk, internal audit and finance; compliance officer; and money laundering reporting officer.

Senior management functions

The regulators have identified 19 senior management functions which include the chief executive function, the executive director function, the chief risk function, the head of internal audit function, the chairman function, the chair of risk committee function, the chair of audit committee function, the chair of nominations committee function and the chair of remuneration committee function.

The use and allocation of senior management functions is dependent on the firm. The chairman of nominations committee function, for example, is only allocated where a firm has a committee that performs this or a similar function.

Identification of senior managers

Firms in most cases should be able to identify their senior managers based on the list of senior management functions. This has, however, been problematic for some firms and the regulator has sought to clarify identification of senior managers in the following circumstances:

• directors of parent and group entities who participate in a firm’s executive decision-making should be classified as holding senior management functions.
• the only non-executive directors requiring approval as senior managers are the chairman, senior independent director, and the chairs of the risk, audit, remuneration and nomination committees;
• foreign banks with branches in the UK are subject to the senior managers Regime, so any overseas individuals holding senior management functions relating to these UK branches will require regulator approval;
• people who hold ‘overall responsibility’ for activities, functions or areas of the firm require regulator approval under SMF 18. Overall responsibility means that the person in question has ultimate responsibility for managing or supervising a function with direct responsibility for reporting to the governing body. The firm, however, does not need to assign overall responsibility additionally to those areas where senior management functions or prescribed responsibilities already exist and have been assigned to senior managers.

Allocate prescribed responsibilities

All major responsibilities for a firm’s affairs (the ‘prescribed responsibilities’) must be allocated to its senior managers. As with senior management functions, not all prescribed responsibilities are relevant to every firm, so the regulators have divided them into groups according to size and circumstances. Some prescribed responsibilities are designed to be assigned to executives, while others are designed to reflect the roles performed by non-executive directors. In general the regulators prefer prescribed responsibilities not to be shared between senior managers in order to avoid a dilution of responsibility.

Vet prospective senior managers

Before a prospective senior manager can apply for regulator approval, the firm must be satisfied that the candidate is ‘fit and proper’ to perform the relevant senior management functions. Firms must run criminal records checks on each prospective senior manager as part of the vetting process.

Prepare 'statements of responsibilities' for each senior manager

Firms must draft a ‘statement of responsibilities’ which sets out the applicant’s senior management functions and prescribed responsibilities. There is a limit of 300 words for each responsibility. Where an application has been granted and there has been a significant change in the senior manager’s responsibilities, the firm must provide the appropriate regulator with an updated statement of responsibilities. This must also be kept consistent with the firm’s responsibilities map. Firms must hold a complete set of current and previous statement of responsibilities relating to all its senior managers.

Prepare a responsibilities map

Firms must produce and maintain a ‘responsibilities map’ which is the sum of the statement of responsibilities. There should be no gaps in the responsibilities map or overlap in senior management function allocations. In the event of an incident, the regulator wants to be able to track who is directly accountable for a given senior management function.

Apply for approval of each senior manager

Applications should be in the format prescribed by the appropriate regulator. In making their determinations each regulator will look at the fit and proper test. Each regulator may grant approval subject to conditions or for a limited time only. If a regulator refuses an application or imposes conditions or time limits, the senior manager or the firm may refer the matter to a tribunal.

Re-assess senior managers

Firms must reassess the suitability of each senior manager at least once a year and report to the appropriate regulator if there is any cause to doubt the individual’s suitability for the role. Senior manager obligations

Senior manager obligations

Duty of Responsibility

Under the previous Approved Persons Regime, approved persons were liable where they had been 'knowingly concerned' in a firm breach, or if they had breached any of the 'statements of principle for approved persons'. The new regime originally placed a ‘presumption of responsibility’ on senior managers in relation to regulatory breaches in their area of responsibility. The presumption of responsibility meant that the senior manager had to show that they had taken reasonable steps to prevent the breach occurring.

BEFSA 2016 replaced the presumption of responsibility with a ‘duty of responsibility’, amending the definition of 'misconduct' applicable to senior managers so that where there has been a regulatory breach in an area for which they are responsible, the burden will now be on the appropriate regulator to prove that a senior manager did not take such steps.

Conduct Rules

Senior managers are subject to the tier 1 rules and the tier 2 rules of the Code of Conduct.

Grandfathering from the Approved Persons Regime

Firms regulated by the Approved Persons Regime were able to 'grandfather' individuals who had held 'significant influence functions' into the new regime as a senior managers. To do this, firms prepared statements of responsibility and submitted them to the appropriate regulators by 8 February 2016.

General counsel as senior managers

Firms have questioned whether the general counsel function is a senior management function and, if it is, how this would affect firms’ legal professional privilege (see Code of Conduct SM4 which applies to all senior managers). The regulators plan to launch a consultation to resolve this issue.

The Certification Regime

Firms need to certify the fitness and propriety of any staff below senior manager level who could pose 'risk of significant harm' to the firm, its reputation or its customers (‘certified persons’).

Identification of certified persons

Certified persons include approved persons from the previous regime plus anyone performing a ‘certification function’ under SYSC, but excludes all senior managers. SYSC sets out the various certification functions:

• those responsible for CASS oversight;
• those responsible for benchmark submission and administration;
• proprietary traders;
• managers of significant business areas; individuals in consumer-facing roles which are subject to qualification requirements (financial advisors, mortgage advisors);
• managers of certified persons; and
• other ‘material risk-takers’.

Senior managers do not need to be certified as part of the certification regime. However as part of the senior manager vetting process, firms must be satisfied that they would still pass the fit and proper test. The regulators have confirmed that a function performed by a non-executive director only in their capacity as a non-executive director is not a certification function under SYSC. This means that some non-executive directors will not be caught under either the Senior Managers Regime or the Certification Regime. The regulators have also confirmed that material risk-takers only mean the members of staff who are subject to the Remuneration Code under SYSC.

The 'fit and proper' test

Firms must certify whether the individual is fit and proper to carry out their functions, assessing whether the person:

• has obtained a relevant qualification;
• has undergone, or is undergoing, training;
• possesses the right level of competence; and
• has the right personal characteristics.

In assessing fitness and propriety, the regulators do not require firms to carry out criminal record checks for certified persons.

Annual certification

Certification must take place annually, and most firms align this with an individual’s annual appraisal process.

Other issues for certified persons

Certified persons are subject to tier 1 of the Conduct Rules.

The Conduct Rules

The Conduct Rules are intended to govern a wider category of staff than the senior managers or certified persons through a firm-administered breach reporting mechanism. Each conduct rule applies to a person’s conduct in relation to activities performed in their capacity as an employee or senior manager of the firm.

Individual conduct rules (‘tier 1 rules’)

Rule 1: You must act with integrity

Rule 2: You must act with due skill, care and diligence

Rule 3: You must be open and co-operative with the FCA, PRA and other regulators

Rule 4: (FCA only): You must pay due regard to customers and treat them fairly

Rule 5: (FCA only): You must observe proper standards of market conduct

Senior manager conduct rules (‘tier 2 rules’)

SM1: You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively

SM2: You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system SM3: You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively;

SM4: You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice.

Who is subject to the Conduct Rules?

Senior managers are subject to the tier 1 rules and tier 2 rules. All employees at firms other than ancillary staff are subject to the tier 1 rules. Ancillary staff are categorised as those who perform a role that is not specific to the financial services business of the firm, such as receptionists, switchboard operators, postroom staff, security guards, catering staff and cleaners. Non-executive directors are subject to the conduct rules even though they are not employees of the firm.

Staff notification and training

Firms have an obligation to notify all relevant persons of the conduct rules that apply to them, and train them on those rules.

Breach reporting

Firms must report breaches of the Conduct Rules in the following timescales:

• actual or suspected breaches by senior managers – within seven business days of becoming aware of the breach
• actual or suspected breaches by certified staff – annually
• significant breaches by senior managers or certified staff – immediately after becoming aware of the breach

Impact of the new regime

Firms have reported less interest in senior roles since the new regime came into force. This may improve with the replacement of the presumption responsibility with the duty of responsibility.

Firms have also reported increased interest from employees around their responsibilities and the ownership of their functions, with many employees escalating concerns defensively. This puts senior managers’ decisions in danger of becoming based on personal interest and liability as opposed to the appropriate risk-based approach. Many senior managers are now even seeking independent legal advice when the firm is faced with an issue, in order to ensure that their individual positions are fully protected.

The UK government has said that the expansion of the new regime to all authorised persons will be 'very challenging' however they are keen to deliver this 'as soon as practicable'. The current expectation is that this will be March 2018.