Introduction
The Senior Managers Regime is designed to enable the FCA to easily identify those individuals who are truly responsible for running a business, with a view to holding them accountable for their actions.
At a high level, Senior Managers are individuals who perform “senior management functions” (“SMFs”) under the Senior Managers and Certification Regime (the “SM&CR”). More specifically, Senior Managers are individuals who are responsible for managing the authorised activities of a firm which involve (or might involve) a risk of serious consequences to the firm or for other interests in the UK.[1]
If you are a Senior Manager who is new to the world of the Senior Managers Regime, there are 5 things you should know.
- You must be (and remain) fit and proper for the role.
- Responsibilities for certain aspects of the business will be allocated to you.
- You must prepare (and maintain) a Statement of Responsibilities.
- You are subject to the “Duty of Responsibility”.
- You must comply with ALL of the Conduct Rules.
Let’s look at each in a little more detail.
You must be (and remain) fit and proper for the role
All Senior Managers must be approved by the FCA as being fit and proper before they commence their role. The FCA may require you to participate in an interview as part of this process. You will have to submit a Statement of Responsibilities (“SoR”) with your application – more on that later.
Normally, the FCA will also require your employer to have obtained references from your previous employers (going back 6 years) before your application is submitted[2] although it understands that this might not be possible in all circumstances. If not, it is possible to submit references in the 3-month period the FCA has in which to process your application[3], but note that your application will not be approved unless and until satisfactory regulatory references have been obtained.
You should also expect your employer to ask for a criminal records check as part of its initial due diligence into your fitness and propriety[4].
Once approved, you must be certified ANNUALLY by your employer as being fit and proper to continue in your role, so expect to have to assist in this process on a periodic basis.
Your fitness and propriety will be assessed by reference to three broad ‘pillars’:
- Honesty, integrity and reputation;
- Competence and capability; and
- Financial soundness.
The assessment will require your employer to perform a degree of due diligence. You will be expected to assist in this process. You may have to:
- Assist in obtaining regulatory references from previous employers (even if your past employer was not an FCA regulated firm); [5]
- Provide evidence regarding academic and professional qualifications; and
- Obtain credit reference agency and criminal records checks.
Responsibilities for certain aspects of the business will be allocated to you
As a Senior Manager you will be allocated one or both of the following: Senior Management Functions, and Prescribed Responsibilities.
In general, these functions will be allocated only to you and should not be shared or divided – although there are some limited exceptions (e.g. as part of a job share or pursuant to a handover from one Senior Manager to another).
Broadly, you can delegate these responsibilities to other members of staff, but you will retain responsibility for that which is delegated. If you choose to do this, you should ensure that:
- the delegation itself is reasonable;
- the individual(s) to which you delegate responsibilities is/are appropriate; and
- you retain an appropriate level of oversight.
Senior Management Functions
If you are the most senior individual within the firm with responsibility for a particular issue, you should expect to be allocated the Senior Management Function for that issue.
In practice, firms should assume that every member of the board will be a Senior Manager. In larger and more complex firms, it may also be the case that executive committee members (i.e. those one ‘rung’ below the board in terms of seniority) may also qualify as Senior Managers.
The FCA and PRA have provided a list of Senior Management Functions:
| SMF number | SMF role | Banks | Limited scope | Core | Enhanced | EAA branch | Non-EAA branch |
|---|---|---|---|---|---|---|---|
|
1 |
Chief Executive Function |
X |
|
X |
X |
|
|
|
2 |
Chief Finance Officer Function |
X |
|
X |
X |
|
|
|
3 |
Executive Director |
X |
|
X |
X |
|
X |
|
4 |
Chief Risk Officer Function |
X |
|
|
X |
|
|
|
5 |
Head of Internal Audit Function |
X |
|
|
X |
|
|
|
6 |
Head of Key Business Area |
X |
|
|
Insurers Only |
|
|
|
7 |
Group Entity Senior Manager |
X |
|
|
X |
|
|
|
8 |
Credit Union Senior Manager |
X |
|
|
|
|
|
|
9 |
Chair of the Governing Body Function |
X |
|
X |
X |
|
|
|
10 |
Chair of the risk committee function |
X |
|
|
X |
|
|
|
11 |
Chair of the audit committee function |
X |
|
|
X |
|
|
|
12 |
Chair of the remuneration committee function |
X |
|
|
X |
|
|
|
13 |
Chair of the nominations committee |
X |
|
|
X |
|
|
|
14 |
Senior independant director function |
X |
|
|
X |
|
|
|
15 |
Chair of the with-profits committee function |
|
|
|
|
|
|
|
16 |
Compliance Oversight |
X |
X |
X |
X |
|
X |
|
17 |
Money Laundering Reporting Officer (MLRO) |
X |
X |
X |
X |
X |
X |
|
18 |
Other overall responsibilites |
X |
|
|
|
|
|
|
19 |
Head of Third Country Branch function |
|
|
|
|
|
X |
|
20 |
Head of Actuarial |
|
|
Insurers only |
Insurers only |
|
|
|
21 |
EAA Branch Senior Manager |
|
|
|
|
X |
|
|
22 |
Other Local Responsibilty |
|
|
|
|
|
X |
|
23b |
Conduct risk oversight (Lloyd's) |
|
|
|
|
|
|
|
24 |
Chief Operations function |
|
|
|
X |
|
|
|
27 |
Partner |
|
|
X |
X |
|
|
|
29 |
Limited Scope Function |
|
X |
|
|
|
|
Prescribed Responsibilities
“Prescribed Responsibilities” are specific responsibilities that must be allocated to at least one Senior Manager. The purpose of Prescribed Responsibilities is to make sure that there is an identified individual who has responsibility for implementation of all aspects of the SM&CR as well as certain other risks, such as financial crime and client money.
If you are the Senior Manager who holds the Senior Management Function most closely related to the Prescribed Responsibility in question, you can expect to be allocated that particular Prescribed Responsibility.
Prescribed Responsibilities apply to Enhanced Firms and Core Firms, but not to Limited Scope Firms or EEA branches. Unsurprisingly, more Prescribed Responsibilities exist for Enhanced Firms than for Core Firms.
All of the Prescribed Responsibilities applicable to a firm must be allocated across the set of Senior Managers. Therefore, it is possible that you could be allocated more than one Prescribed Responsibility. If you are allocated more than one Prescribed Responsibility, take care to ensure that you are not allocated so many Prescribed Responsibilities that you are unable to discharge your responsibilities effectively.
Note that, in all cases and as a minimum, the following Prescribed Responsibilities will have to be allocated:
- performance by the firm of its obligations under the Senior Managers Regime, including implementation and oversight;
- performance by the firm of its obligations under the Certification Regime;
- performance by the firm of its obligations in respect of notifications and training under the Conduct Rules; and
- responsibility for the firm’s policies and procedures for countering the risk that the firm might be used to further financial crime.
A full list of Prescribed Responsibilities is provided here[6]:
| PR Ref | PR Description | Limited Scope | Core | Enhanced | Authorised fund manager | EAA Branch | Non-EAA Branch | Common allocation | Notes |
|---|---|---|---|---|---|---|---|---|---|
|
(a) |
Performance by the firm of its obligations under the Senior Managers regime, including implementation and oversight. |
|
X |
X |
|
|
X |
SMF 1 |
Not SMF 18 |
|
(b) |
Performance by the firm of its obligations under the Certification Ragime. |
|
X |
X |
|
|
X |
SMF 16 |
Not SMF 18 |
|
(b1) |
Performance by the firm of its obligations in respect of notifications and training of the Conduct Rules. |
|
X |
X |
|
|
X |
SMF 16 |
Not SMF 18 |
|
(c) |
Compliance with the rules relating to the firm's Responsibilities Map |
|
|
X |
|
|
|
SMF1, SMF9 |
|
|
(d) |
Responsibility for the firm's policies and procedures for countering the risk that the firm might be used to further financial crime. |
|
X |
X |
|
|
X |
SMF16, SMF17 |
Not SMF18 |
|
(f) |
Policies and procedures for induction, training and development of the governing body. |
|
|
|
|
|
|
|
|
|
(g) |
Policies and procedures for induction, training and development of the SMF managers and key function holders. |
|
|
|
|
|
|
|
|
|
(j) |
Safeguarding and overseeing the independence and performance of the internal audit function (in accordance with SYSC 6.2) |
|
|
X |
|
|
|
SMF10, SMF11 |
Non-exec senior manager preferred |
|
(j2) |
Providing an effective non-conflicted internal audit and overseeing the performance of the internal audit function if the firm outsources its internal audit to an external 3rd party. |
|
|
X |
|
|
|
|
|
|
(j3) |
If the firm outsources its internal audit function, taking reasonable steps to make sure that every person involved in the performance of the service is independent from the persons who perform external audit, including:
|
|
|
X |
|
|
|
SMF2, SMF3 |
|
|
(k) |
Safeguarding and overseeing the independence and performance of the compliance function (in accordance with SYSC 6.1) |
|
|
X |
|
|
|
SMF9, SMF10 |
Non-exec senior manager preferred |
|
(l) |
Safeguarding and overseeing the independence and performance of the risk function (in accordance with SYSC 7.1.21R & SYSC 7.1.22R). |
|
|
X |
|
|
|
SMF9, SMF10 |
Non-exec senior manager preferred |
|
(m) |
Development and implementation of the remuneration policies and practices (where applicable under SYSC 19D). |
|
|
|
|
|
|
|
|
|
(n) |
Whistleblowers' champion (where applicable) |
|
|
|
|
|
|
|
|
|
(s) |
Managing the firm's internal stress tests and ensuring the accuracy and timeliness of information provided to the FCA for stress testing. |
|
|
X |
|
|
|
SMF4 |
|
|
(t) |
Developing and maintaining the firm's business model. |
|
|
X |
|
|
|
SMF1, SMF3, SMF9 |
|
|
(z) |
Responsibility for the firm's compliance with CASS (if applicable). |
X |
X |
X |
|
|
X |
|
|
|
(aa) |
Responsibility for management of the firm's risk management processes in the UK. |
|
|
|
|
|
X |
|
|
|
(ee) |
Responsibility for the escalation of correspondence from the PRA, FCA and other regulators in respect of the firm to the governing body and/or the management body of the firm or, where appropriate, of the parent undertaking or holding company of the firm's group. |
|
|
|
|
|
X |
|
|
|
(ff) |
Responsibility for the firm's compliance with the UK regulatory system applicable to the firm. |
|
|
|
|
|
X |
|
|
|
(za) |
[Authorised Fund Managers only] Responsibility for an AFM's value for money assessments, independent director representation and acting in investors' best interests. This PR only applies to AFMs. For more details, see CP17/18, MS15/2.3 - Assessment Management Market Study: Final Report and PS18/8. |
X |
X |
X |
X |
|
X |
SMF9 |
|
You must prepare (and maintain) a Statement of Responsibilities
All Senior Managers must have a “Statement of Responsibilities” (“SoR”). The Statement of Responsibilities is a single document, which sets out clearly your role and responsibilities and the areas for which you are accountable.
Your Statement of Responsibilities should be clear and easy to understand. It should describe your responsibilities and accountabilities but should avoid going into unnecessary detail. It should be a self-contained document and should not refer to, or incorporate by reference, other documents.
If you work for multiple entities, you must have a Statement of Responsibilities for each entity. However, if you have been assigned multiple Senior Management Functions within a single entity you need only have one Statement of Responsibilities.
Your Statement of Responsibilities must be submitted to the FCA when applying for approval for you to act as a Senior Manager and also when there is a material change to your responsibilities (for example, where you have been allocated an additional Prescribed Responsibility, or a Prescribed Responsibility has been taken away from you).
If you are wondering what a Statement of Responsibilities looks like, the FCA has a template form (although you might find the version contained in this guidance a little easier on the eye).
REMEMBER – IT IS YOUR RESPONSIBILITY TO KEEP YOUR STATEMENT OF RESPONSIBILITIES UP-TO-DATE.
You are subject to the “Duty of Responsibility”
As a Senior Manager, you are subject to the ‘duty of responsibility’[7]. Put simply, this means that you can be PERSONALLY liable if it can be proved that you failed to take “reasonable steps” to ensure that a breach did not occur in relation to the area of the business for which you are responsible. The burden of proving that this was the case lies with the FCA.
In deciding whether to take enforcement action against you for breach of the ‘duty of responsibility’, the FCA will look at all of the circumstances of the matter, including the seriousness of the breach, your seniority and your responsibilities. Your Statement of Responsibilities will also be a relevant factor taken into account by the FCA – after all, it is specifically designed to explain exactly what you are, and are not, responsible for.
In order to discharge the “duty of responsibility” you need to keep records – records of the major decisions you take, the delegations of responsibilities you make, and the controls that you have implemented. If any functions within your business area have been outsourced, additional record-keeping requirements will apply. Best practice also dictates that you should keep handover notes. Whilst, strictly speaking, these are only necessary for Senior Managers within Enhanced Firms, they are generally regarded as good practice and specifically referenced within the Conduct Rules.
All of this means that you need some kind of systematic approach to record keeping and data capture – it’s the only way to properly subsume SM&CR compliance into ‘business as usual’ processes. Spreadsheets simply aren’t up to the job if you are a firm of any size – Excel is a great calculator, but it isn’t a database. Spreadsheets take time to create, populate and maintain. They suffer from the well-known problems associated with multiple-user access and ‘fat finger’ syndrome which can result in the inadvertent and permanent deletion of key data. It’s very difficult to keep a proper record of data as it evolves over time if it is captured in a spreadsheet. Neither are they a free option. They take time to create and maintain – and time is money. So, if you are a Senior Manager in a firm of any size, you should really consider SM&CR software. By doing it ‘right first time’, SM&CR software will save you time and money in the long-run. It really doesn’t have to cost you the earth and there is too much at stake for you personally to take the risk.
You must comply with ALL of the Conduct Rules
As a Senior Manager, you are subject to the ‘duty of responsibility’[7]. Put simply, this means that you can be PERSONALLY liable if it can be proved that you failed to take “reasonable steps” to ensure that a breach did not occur in relation to the area of the business for which you are responsible. The burden of proving that this was the case lies with the FCA.
As a Senior Manager, you are subject to the “Conduct Rules”. The Conduct Rules are a set of high-level standards which apply DIRECTLY to almost everyone working within the financial services industry. They are designed to drive cultural change within firms which are subject to the SM&CR. There is an entire section of the FCA Handbook dedicated to the Conduct Rules called the “Code of Conduct” (COCON). This provides a lot of useful information on the topic and it’s worth investing the time to read it.
At a high level, there are two sets of Conduct Rules. The first set applies to ALL staff (including Senior Managers). The second set only applies to Senior Managers.
Conduct Rules applicable to ALL staff[8]
- You must act with integrity.
- You must act with due skill, care and diligence.
- You must be open and co-operative with the FCA, the PRA and other regulators.
- You must pay due regard to the interests of customers and treat them fairly.
- You must observe proper standards of market conduct.
Conduct Rules applicable only to Senior Managers[9]
- SC1: you must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively (does not apply to non-approved NEDs)[10];
- SC2: you must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system (does not apply to non-approved NEDs)[11];
- SC3: you must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively (does not apply to non-approved NEDs)[12];
- SC4: you must disclose appropriately any information of which the FCA or PRA would reasonably expect notice (this rule also applies to non-approved NEDs in limited scope firms).
Breach of the Conduct Rules
Requirement to notify the FCA
Firms must notify the FCA of any breach of the Conduct Rules which leads to disciplinary action being taken against an individual[13]. This remains the case even if the individual has appealed, or plans to appeal, against the disciplinary action (although in these circumstances, the firm should note the existence of the appeal and update the FCA after it has been concluded)[14]. The FCA regards “disciplinary action” as being:
- the issuing of a formal written warning;
- the suspension or dismissal of the individual; or
- the reduction or recovery of any of the individual’s remuneration.[15]
Breaches of the Conduct Rules by Senior Managers must be notified to the FCA within 7 days.[16] Breaches of the Conduct Rules by non-Senior Managers must be notified to the FCA annually in October using Form H (also known as “REP008 – Notification of Disciplinary Action”). However, if the breach is “serious”, it must be reported immediately[17]. If a firm has no notifications to be made to the FCA, it should lodge a ‘nil return’.[18]
What constitutes a “breach” of the Conduct Rules?
You will only be in breach of the Conduct Rules where you are personally culpable. Put simply, your conduct must:
- have been deliberate; or
- have fallen below the standard which would be reasonable in all of the circumstances.[19]
In addition, in considering whether you may have breached the Senior Manager Conduct Rules, the FCA will take into account:
- whether you exercised reasonable care when considering the information available to you;
- whether you reached a reasonable conclusion upon which to act;
- your role and responsibility (by reference to your Statement of Responsibilities);
- the knowledge that you had, or should have had, of regulatory concerns (if any) related to your role and responsibilities;[20] and
- the nature, scale and complexity of the business (the larger and more complex the business, the greater the expectations of the FCA in assessing whether your conduct was “reasonable” (and vice versa)).[21]
[1] Section 59ZA of FSMA 2000
[2] PS16/22 “Strengthening accountability in banking and insurance: regulatory reference final rules”, page 9
[3] SUP10C.10.26 and Section 61 of FSMA
[4] SUP 10C.10.16R
[5] SYSC 22.7.4G
[6] SYSC 24.2.6R
[7] Section 66A of FSMA
[8] COCON 1.1.3R
[9] COCON 1.1.4R
[10] COCON 1.1.4R
[11] COCON 1.1.4R
[12] COCON 1.1.4R
[13] FSMA 2000 S64C, SUP 15.3.11R and SUP 15.11.6R
[14] SUP 15.11.9G
[15] SUP 15.11.5G
[16] SUP 10C, Annex 2G
[17] SUP 15.11.13R to SUP 15.11.15R
[18] SUP 15.11.13R(5)
[19] COCON
[20] COCON 3.1.5G
[21] COCON 3.1.6G
