Site Menu
Menu
Resources
Menu
Contact us
Corterum
Marlborough House
Marlborough Crescent
Newcastle-upon-Tyne
NE1 4EE
The roots of the Senior Managers and Certification Regime (the “SM&CR”) can be traced back to the Parliamentary Commission on Banking Standards (the “PCBS”). The PCBS was appointed by the UK Parliament in June 2012 to conduct an inquiry into professional standards and culture within the UK banking sector. It was a direct response to the LIBOR rate-rigging scandal, which followed the financial crisis and a series of high-profile conduct failures within the UK banking industry. The goal was to understand the lessons that could be learned, particularly with respect to the culture of firms and the behaviour of individuals within those firms.
The PCBS reported its findings in June 2013. It recommended that the FCA replace the existing Approved Persons Regime (the “APR”) with a new accountability regime that was more focused on personal responsibility for the most senior managers within a firm. This new regime was the SM&CR.
The SM&CR came into force on 7 March 2016 for banks, broker-dealers and insurers. It was subsequently extended to cover all FCA-solo regulated firms on 9 December 2019. It aims to encourage a culture of responsibility and engender real behavioural change. As the FCA has pointed out, the “SMCR should not be treated as a discrete compliance project; rather, it is an opportunity to deliver high standards of governance”.
https://www.fca.org.uk/firms/senior-managers-certification-regime/solo-regulated-firms#revisions
The SM&CR applies to all firms authorised under the Financial Services and Markets Act 2000 (“FSMA”). It also applies to branches of non-UK firms which have permission to carry out regulated activities in the UK. In total, the FCA estimates that approximately 47,000 firms are in-scope for the purposes of the SM&CR.
FCA solo-regulated firms are allocated to one of three ‘buckets’:
This allows for an element of proportionality in the way in which the SM&CR is implement. In other words, the exact rules that apply to a firm depend on the category to which it is allocated, with enhanced firms being subject to the largest number of rules and limited scope firms being subject to the fewest rules.
The SM&CR categorisation of a firm can change over time. For example, the natural growth of its business could lead it to be re-classified as an enhanced firm. As such, it is important to monitor firm classification on an ongoing basis.
The FCA anticipates that fewer than 1% of firms will fall into this category, primarily due to their size, complexity or systemic importance.
Enhanced firms are those that meet any of the following criteria:
However, it is worth noting that UK branches of overseas firms will not be subject to the enhanced regime, even if they satisfy the criteria.
It is also possible for the FCA to impose enhanced firm requirements on certain firm which do not technically satisfy the enhanced firm criteria. However, the FCA expects that this will very much the exception to the rule, rather than the rule itself.
The additional requirements that apply to enhanced firms are set out below:
Additional senior management functions exist in relation to enhanced firms. The table below summarises the situation:
| SMF number | SMF role | Banks | Limited scope | Core | Enhanced | EAA branch | Non-EAA branch |
|---|---|---|---|---|---|---|---|
|
1 |
Chief Executive Function |
X |
|
X |
X |
|
|
|
2 |
Chief Finance Officer Function |
X |
|
X |
X |
|
|
|
3 |
Executive Director |
X |
|
X |
X |
|
X |
|
4 |
Chief Risk Officer Function |
X |
|
|
X |
|
|
|
5 |
Head of Internal Audit Function |
X |
|
|
X |
|
|
|
6 |
Head of Key Business Area |
X |
|
|
Insurers Only |
|
|
|
7 |
Group Entity Senior Manager |
X |
|
|
X |
|
|
|
8 |
Credit Union Senior Manager |
X |
|
|
|
|
|
|
9 |
Chair of the Governing Body Function |
X |
|
X |
X |
|
|
|
10 |
Chair of the risk committee function |
X |
|
|
X |
|
|
|
11 |
Chair of the audit committee function |
X |
|
|
X |
|
|
|
12 |
Chair of the remuneration committee function |
X |
|
|
X |
|
|
|
13 |
Chair of the nominations committee |
X |
|
|
X |
|
|
|
14 |
Senior independant director function |
X |
|
|
X |
|
|
|
15 |
Chair of the with-profits committee function |
|
|
|
|
|
|
|
16 |
Compliance Oversight |
X |
X |
X |
X |
|
X |
|
17 |
Money Laundering Reporting Officer (MLRO) |
X |
X |
X |
X |
X |
X |
|
18 |
Other overall responsibilites |
X |
|
|
|
|
|
|
19 |
Head of Third Country Branch function |
|
|
|
|
|
X |
|
20 |
Head of Actuarial |
|
|
Insurers only |
Insurers only |
|
|
|
21 |
EAA Branch Senior Manager |
|
|
|
|
X |
|
|
22 |
Other Local Responsibilty |
|
|
|
|
|
X |
|
23b |
Conduct risk oversight (Lloyd's) |
|
|
|
|
|
|
|
24 |
Chief Operations function |
|
|
|
X |
|
|
|
27 |
Partner |
|
|
X |
X |
|
|
|
29 |
Limited Scope Function |
|
X |
|
|
|
|
Additional “Prescribed Responsibilities” exist for enhanced firms, as summarised on the table below:
| PR Ref | PR Description | Limited Scope | Core | Enhanced | Authorised fund manager | EAA Branch | Non-EAA Branch | Common allocation | Notes |
|---|---|---|---|---|---|---|---|---|---|
|
(a) |
Performance by the firm of its obligations under the Senior Managers regime, including implementation and oversight. |
|
X |
X |
|
|
X |
SMF 1 |
Not SMF 18 |
|
(b) |
Performance by the firm of its obligations under the Certification Ragime. |
|
X |
X |
|
|
X |
SMF 16 |
Not SMF 18 |
|
(b1) |
Performance by the firm of its obligations in respect of notifications and training of the Conduct Rules. |
|
X |
X |
|
|
X |
SMF 16 |
Not SMF 18 |
|
(c) |
Compliance with the rules relating to the firm's Responsibilities Map |
|
|
X |
|
|
|
SMF1, SMF9 |
|
|
(d) |
Responsibility for the firm's policies and procedures for countering the risk that the firm might be used to further financial crime. |
|
X |
X |
|
|
X |
SMF16, SMF17 |
Not SMF18 |
|
(f) |
Policies and procedures for induction, training and development of the governing body. |
|
|
|
|
|
|
|
|
|
(g) |
Policies and procedures for induction, training and development of the SMF managers and key function holders. |
|
|
|
|
|
|
|
|
|
(j) |
Safeguarding and overseeing the independence and performance of the internal audit function (in accordance with SYSC 6.2) |
|
|
X |
|
|
|
SMF10, SMF11 |
Non-exec senior manager preferred |
|
(j2) |
Providing an effective non-conflicted internal audit and overseeing the performance of the internal audit function if the firm outsources its internal audit to an external 3rd party. |
|
|
X |
|
|
|
|
|
|
(j3) |
If the firm outsources its internal audit function, taking reasonable steps to make sure that every person involved in the performance of the service is independent from the persons who perform external audit, including:
|
|
|
X |
|
|
|
SMF2, SMF3 |
|
|
(k) |
Safeguarding and overseeing the independence and performance of the compliance function (in accordance with SYSC 6.1) |
|
|
X |
|
|
|
SMF9, SMF10 |
Non-exec senior manager preferred |
|
(l) |
Safeguarding and overseeing the independence and performance of the risk function (in accordance with SYSC 7.1.21R & SYSC 7.1.22R). |
|
|
X |
|
|
|
SMF9, SMF10 |
Non-exec senior manager preferred |
|
(m) |
Development and implementation of the remuneration policies and practices (where applicable under SYSC 19D). |
|
|
|
|
|
|
|
|
|
(n) |
Whistleblowers' champion (where applicable) |
|
|
|
|
|
|
|
|
|
(s) |
Managing the firm's internal stress tests and ensuring the accuracy and timeliness of information provided to the FCA for stress testing. |
|
|
X |
|
|
|
SMF4 |
|
|
(t) |
Developing and maintaining the firm's business model. |
|
|
X |
|
|
|
SMF1, SMF3, SMF9 |
|
|
(z) |
Responsibility for the firm's compliance with CASS (if applicable). |
X |
X |
X |
|
|
X |
|
|
|
(aa) |
Responsibility for management of the firm's risk management processes in the UK. |
|
|
|
|
|
X |
|
|
|
(ee) |
Responsibility for the escalation of correspondence from the PRA, FCA and other regulators in respect of the firm to the governing body and/or the management body of the firm or, where appropriate, of the parent undertaking or holding company of the firm's group. |
|
|
|
|
|
X |
|
|
|
(ff) |
Responsibility for the firm's compliance with the UK regulatory system applicable to the firm. |
|
|
|
|
|
X |
|
|
|
(za) |
[Authorised Fund Managers only] Responsibility for an AFM's value for money assessments, independent director representation and acting in investors' best interests. This PR only applies to AFMs. For more details, see CP17/18, MS15/2.3 - Assessment Management Market Study: Final Report and PS18/8. |
X |
X |
X |
X |
|
X |
SMF9 |
|
More information on Prescribed Responsibilities is available here
Enhanced firms must ensure that a Senior Manager has ‘overall responsibility’ for every activity, business area and management function of the firm. This is to make sure that there is a clear allocation of responsibilities for the entire firm. To this end, each enhanced firm will need to identify all of its activities, business areas and management functions and then identify the most senior individual with overall responsibility for that activity, area or function. If that person is not already a Senior Manager, he or she will have to be approved as an SMF 19 (Other overall responsibility). In order to assist, the FCA provides a non-exhaustive list of business activities and functions of an SMCR firm in SYSC 25, Annex 1.
The individual with overall responsibility does not need to have day-to-day management control of the particular function. However, that person does need to have sufficient authority over the function as he/she will have primary responsibility for briefing the board about the particular area for which ‘overall responsibility’ has been allocated.
‘Overall responsibilities’ cannot be divided. However, where appropriate, they can be shared.
As identified in SYSC 25, a management responsibilities map (an “MRM”) is a single document which sets out the firm’s management and governance arrangements. They are a ‘living document’ which must be kept up-to-date. However, the FCA does not need to be notified of any changes.
Put simply, MRMs enable the FCA to identify, at a glance, the relevant individual they should speak to about a particular issue. MRMs should also identify:
There is no FCA-approved template for a Management Responsibilities Map, but an example can be found here.
In practice, MRMs are a useful tool for the firm as they enable it to identify gaps (if any) that exist between the Statements of Responsibilities of individual Senior Managers.
Enhanced firms are required to have handover procedures in place. They are also required to implement a policy detailing how they comply with the FCA’s requirements regarding handovers.
Whilst, strictly speaking, handover procedures are only required for enhanced firms, it is generally regarded as a good practice for all firms to implement handover procedures.
Once a firm satisfies the enhanced criteria, the rules relating to enhanced firms will automatically apply to it after a one-year transitional period.
In addition to automatic categorisation as an enhanced firm, firms can also choose to ‘opt-up’ to enhanced status if they wish. Why might a firm wish to do this? Well, it would allow the group of which the firm may be a member to apply a single standard across to all affiliated entities.
required for enhanced firms, it is generally regarded as a good practice for all firms to implement handover procedures.
If a firm ceases to satisfy the enhanced firm criteria then the enhanced regime will continue to apply to that firm for another year. This is so as to provide continuity to the firm and to prevent firms from structuring their business in a way that effectively side-steps the rules relating to enhanced firms.
The FCA anticipates that most firms will fall into this category.
The FCA anticipates that a relatively small number of firms (for example consumer credit firms or sole traders) will be limited scope firms.
As far as it applies to individuals, the SM&CR consists of three parts:
The Senior Managers Regime applies to all individuals who perform a “Senior Management Function” (“SMF”).
The definition of “Senior Management Function” is found in Section 59ZA of FSMA. It states that:
“A function is a “senior management function”, in relation to the carrying on of a regulated activity by an authorised person, if (a) the function will require the person performing it to be responsible for managing one or more aspects of the authorised person’s affairs, so far as relating to the activity, and (b) those aspects involve, or might involve, a risk of serious consequences for the authorised person, or for business or other interests in the UK”.
At a high level, the Senior Managers Regime is designed to enable the FCA to easily identify those individuals who are truly responsible for running a business, with a view to holding them accountable for their actions.
All Senior Managers must be approved by the FCA before they commence their role. In practice, this leaves firms with two basic options when recruiting Senior Managers:
A Statement of Responsibilities must be submitted with the approval application. Certain information relating to all Senior Managers will appear on the FCA Register. Once approved, a senior manager must be certified annually as being fit and proper to perform his/her role. Any disciplinary action against a Senior Manager must be notified to the FCA within 7 days.
As laid out in SUP 10C,
Senior Management Functions must be allocated to the most senior individual within the firm who has responsibility for a particular issue. That individual should have an appropriate level of competence and experience to actually discharge his or her duties. However, it is important to note that if a firm does not currently have an individual performing a role that would be an SMF, it is not necessary to create that role just so that the SMF can be allocated.
In most cases, Senior Management Functions should not be shared or divided.
Senior Management Functions are split into:
The Senior Management Functions that exist for each SM&CR firm type are summarised in more detail below:
| SMF number | SMF role | Banks | Limited scope | Core | Enhanced | EAA branch | Non-EAA branch |
|---|---|---|---|---|---|---|---|
|
1 |
Chief Executive Function |
X |
|
X |
X |
|
|
|
2 |
Chief Finance Officer Function |
X |
|
X |
X |
|
|
|
3 |
Executive Director |
X |
|
X |
X |
|
X |
|
4 |
Chief Risk Officer Function |
X |
|
|
X |
|
|
|
5 |
Head of Internal Audit Function |
X |
|
|
X |
|
|
|
6 |
Head of Key Business Area |
X |
|
|
Insurers Only |
|
|
|
7 |
Group Entity Senior Manager |
X |
|
|
X |
|
|
|
8 |
Credit Union Senior Manager |
X |
|
|
|
|
|
|
9 |
Chair of the Governing Body Function |
X |
|
X |
X |
|
|
|
10 |
Chair of the risk committee function |
X |
|
|
X |
|
|
|
11 |
Chair of the audit committee function |
X |
|
|
X |
|
|
|
12 |
Chair of the remuneration committee function |
X |
|
|
X |
|
|
|
13 |
Chair of the nominations committee |
X |
|
|
X |
|
|
|
14 |
Senior independant director function |
X |
|
|
X |
|
|
|
15 |
Chair of the with-profits committee function |
|
|
|
|
|
|
|
16 |
Compliance Oversight |
X |
X |
X |
X |
|
X |
|
17 |
Money Laundering Reporting Officer (MLRO) |
X |
X |
X |
X |
X |
X |
|
18 |
Other overall responsibilites |
X |
|
|
|
|
|
|
19 |
Head of Third Country Branch function |
|
|
|
|
|
X |
|
20 |
Head of Actuarial |
|
|
Insurers only |
Insurers only |
|
|
|
21 |
EAA Branch Senior Manager |
|
|
|
|
X |
|
|
22 |
Other Local Responsibilty |
|
|
|
|
|
X |
|
23b |
Conduct risk oversight (Lloyd's) |
|
|
|
|
|
|
|
24 |
Chief Operations function |
|
|
|
X |
|
|
|
27 |
Partner |
|
|
X |
X |
|
|
|
29 |
Limited Scope Function |
|
X |
|
|
|
|
In particular, the Senior Management Functions that are required for various Limited Scope firms is summarised in this table:
| Limited Scope Firm | SMF16 (Compliance oversight) | SMF17 (MLRO) | SMF29 (Limited scope function) |
|---|---|---|---|
|
Limited permission consumer credit firms that currently have a CF8 (apportionment and oversight function) under the approved persons regime |
No |
No |
Yes |
|
Sole traders with no employees |
Yes |
No |
No |
|
Authorised professional firms whose only regulated activities are non-mainstream regulated activities |
Yes |
Yes |
Yes |
|
Oil market participants, service companies, energy market participants, subsidiaries of local authorities or registered social landlords. |
Yes |
Yes |
Yes |
|
Insurance intermediaries whose principal business is not insurance intermediation and who only have permission to carry on insurance distribution activity in relation to non-investment insurance contracts. |
No |
No |
Yes |
NEDs of a firm subject to the SM&CR will not normally need to be Senior Managers or require FCA approval (unless they are also the Chair (SMF9) of the firm).
However, NEDs have to be assessed as fit and proper to perform their role and will remain subject to the Conduct Rules.
The Head of Legal does not need to approved as a Senior Manager (although that individual may still require approval as a Senior Manager if he/she also has responsibility for a different area of the business e.g. Compliance).
Pursuant to section 66A of FSMA, every Senior Manager is subject to the ‘duty of responsibility’. Under the ‘duty of responsibility’, Senior Managers can be liable if it can be proved that they failed to take “reasonable steps” to ensure that a breach does not occur in relation to the area of the business for which they are responsible. The burden of proving that this was the case lies with the FCA.
In deciding whether to take enforcement action against a Senior Manager for breach of the ‘duty of responsibility’, the FCA will look at all of the circumstances of the matter, including the seriousness of the breach and the seniority and responsibilities of the senior manager in question. The Senior Manager’s Statement of Responsibilities will also be a relevant factor taken into account by the FCA.
“Prescribed Responsibilities” are specific responsibilities that must be allocated to at least one senior manager. They apply to enhanced firms and core firms, but not to limited scope firms or EEA branches. Unsurprisingly, more Prescribed Responsibilities exist for enhanced firms than is the case for core firms.
The purpose of Prescribed Responsibilities is to make sure that there is an identified individual who has responsibility for implementation of all aspects of the SM&CR as well as certain other risks, such as financial crime and client money.
Prescribed Responsibilities should be allocated to the Senior Manager who is the most senior person responsible for the particular issue. Generally, Prescribed Responsibilities cannot be allocated to someone performing the role of SMF 18 (Other overall responsibility). The only exception to this is the Prescribed Responsibility relating to CASS compliance.
All Prescribed Responsibilities applicable to the firm must be allocated across the set of Senior Managers. In practice, they may be allocated to a smaller sub-set of the Senior Managers. However, it is not advisable simply to allocate all Prescribed Responsibilities to the Head of Compliance as this may undermine the role of the Compliance Department as a “second line of defence”.
Note that, in all cases and as a minimum, a Senior Manager will have to be allocated the following Prescribed Responsibilities:
Reallocating a Prescribed Responsibility from one Senior Manager to another will not trigger a need to seek FCA approval of the change (or reapproval of the individual). However, it will require amendment to the relevant Senior Managers’ Statements of Responsibilities.
Normally, a Prescribed Responsibility should only be held by a single individual. There are a limited number of circumstances where a Prescribed Responsibility can be divided or shared (for example, as part of the handover of a role), but this is rather frowned upon by the FCA. As such, justification for dividing or sharing a Prescribed Responsibilitity will have to be provided. Where a Prescribed Responsibility is shared or divided, both Senior Managers will be jointly liable.
A full list of Prescribed Responsibilities is provided here:
| PR Ref | PR Description | Limited Scope | Core | Enhanced | Authorised fund manager | EAA Branch | Non-EAA Branch | Common allocation | Notes |
|---|---|---|---|---|---|---|---|---|---|
|
(a) |
Performance by the firm of its obligations under the Senior Managers regime, including implementation and oversight. |
|
X |
X |
|
|
X |
SMF 1 |
Not SMF 18 |
|
(b) |
Performance by the firm of its obligations under the Certification Ragime. |
|
X |
X |
|
|
X |
SMF 16 |
Not SMF 18 |
|
(b1) |
Performance by the firm of its obligations in respect of notifications and training of the Conduct Rules. |
|
X |
X |
|
|
X |
SMF 16 |
Not SMF 18 |
|
(c) |
Compliance with the rules relating to the firm's Responsibilities Map |
|
|
X |
|
|
|
SMF1, SMF9 |
|
|
(d) |
Responsibility for the firm's policies and procedures for countering the risk that the firm might be used to further financial crime. |
|
X |
X |
|
|
X |
SMF16, SMF17 |
Not SMF18 |
|
(f) |
Policies and procedures for induction, training and development of the governing body. |
|
|
|
|
|
|
|
|
|
(g) |
Policies and procedures for induction, training and development of the SMF managers and key function holders. |
|
|
|
|
|
|
|
|
|
(j) |
Safeguarding and overseeing the independence and performance of the internal audit function (in accordance with SYSC 6.2) |
|
|
X |
|
|
|
SMF10, SMF11 |
Non-exec senior manager preferred |
|
(j2) |
Providing an effective non-conflicted internal audit and overseeing the performance of the internal audit function if the firm outsources its internal audit to an external 3rd party. |
|
|
X |
|
|
|
|
|
|
(j3) |
If the firm outsources its internal audit function, taking reasonable steps to make sure that every person involved in the performance of the service is independent from the persons who perform external audit, including:
|
|
|
X |
|
|
|
SMF2, SMF3 |
|
|
(k) |
Safeguarding and overseeing the independence and performance of the compliance function (in accordance with SYSC 6.1) |
|
|
X |
|
|
|
SMF9, SMF10 |
Non-exec senior manager preferred |
|
(l) |
Safeguarding and overseeing the independence and performance of the risk function (in accordance with SYSC 7.1.21R & SYSC 7.1.22R). |
|
|
X |
|
|
|
SMF9, SMF10 |
Non-exec senior manager preferred |
|
(m) |
Development and implementation of the remuneration policies and practices (where applicable under SYSC 19D). |
|
|
|
|
|
|
|
|
|
(n) |
Whistleblowers' champion (where applicable) |
|
|
|
|
|
|
|
|
|
(s) |
Managing the firm's internal stress tests and ensuring the accuracy and timeliness of information provided to the FCA for stress testing. |
|
|
X |
|
|
|
SMF4 |
|
|
(t) |
Developing and maintaining the firm's business model. |
|
|
X |
|
|
|
SMF1, SMF3, SMF9 |
|
|
(z) |
Responsibility for the firm's compliance with CASS (if applicable). |
X |
X |
X |
|
|
X |
|
|
|
(aa) |
Responsibility for management of the firm's risk management processes in the UK. |
|
|
|
|
|
X |
|
|
|
(ee) |
Responsibility for the escalation of correspondence from the PRA, FCA and other regulators in respect of the firm to the governing body and/or the management body of the firm or, where appropriate, of the parent undertaking or holding company of the firm's group. |
|
|
|
|
|
X |
|
|
|
(ff) |
Responsibility for the firm's compliance with the UK regulatory system applicable to the firm. |
|
|
|
|
|
X |
|
|
|
(za) |
[Authorised Fund Managers only] Responsibility for an AFM's value for money assessments, independent director representation and acting in investors' best interests. This PR only applies to AFMs. For more details, see CP17/18, MS15/2.3 - Assessment Management Market Study: Final Report and PS18/8. |
X |
X |
X |
X |
|
X |
SMF9 |
|
Enhanced firms must ensure that a Senior Manager has ‘overall responsibility’ for every activity, business area and management function of the firm. This is to make sure that there is a clear allocation of responsibilities for the entire firm.
The individual with overall responsibility does not need to have day-to-day management control of the particular function. However, that person does need to have sufficient authority over the function as he/she will have primary responsibility for briefing the board about the particular area for which ‘overall responsibility’ has been allocated.
‘Overall responsibilities’ cannot be divided. However, where appropriate, they can be shared.
As set out in SUP10C.11, all Senior Managers must have a “Statement of Responsibilities” (“SoR”). The Statement of Responsibilities should be a single document, which sets out clearly the role and responsibilities of the individual and the areas for which he/she is accountable.
Statements of Responsibilities should be clear and easy to understand. They should describe a Senior Manager’s responsibilities and accountabilities but should avoid going into unnecessary detail. They should be self-contained documents and should not refer to, or incorporate by reference, other documents.
Statements of Responsibilities must be produced on a per-entity basis. As such, Senior Managers who work for multiple entities will have more than one Statement of Responsibilities. However, a Senior Manager who has been assigned multiple Senior Management Functions within a single entity need have only one Statement of Responsibilities.
A Statement of Responsibilities must be submitted to the FCA when applying for approval for a new Senior Manager and also when there is a material change to the responsibilities of an existing senior manager (for example, where the Senior Manager in question has been allocated an additional Prescribed Responsibility, or a Prescribed Responsibility has been taken away from the Senior Manager). The Senior Manager is responsible for keep his/her own Statement of Responsibilities up-to-date.
The FCA has produced a template Statement of Responsibilities which firms can use.
As discussed in DEPP 6.2.9e, senior managers can delegate responsibilities to other members of staff. However, they will retain responsibility for that which is delegated. In delegating any responsibility, a senior manager should ensure that:
The Certification Regime applies to individuals who perform a “certification function”. Specifically, the Certification Regime pulls in-scope individuals who, whilst not sufficiently senior to qualify as a Senior Manager, occupy a role which means that they could have a significant impact on the firm, its customers or markets more generally. [1]
Under FSMA, a “certification function” is referred to as a “significant harm function”. Section 63E(5) of FSMA 2000 states that:
“A function is a “significant-harm function”, in relation to the carrying on of a regulated activity by an authorised person, if (a) the function will require the person performing it to be involved in one or more aspects of the authorised person’s affairs, so far as relating to the activity, and (b) those aspects involve, or might involve, a risk of significant harm to the authorised person or any of its customers”.
[1] SYSC 27.1.2G
The Certification Regime only applies to “employees”. [1] ‘Personal service’ and the ‘right to supervise’ are the key indicators of “employee” status for the purposes of the SM&CR. More specifically, an “employee” is any natural or legal “person” [2] who “(a) personally provides, or is under an obligation personally to provide, services to ‘A’ under an arrangement made between ‘A’ and the person providing the services or another person; and (b) is subject to (or to the right of) supervision, direction or control by ‘A’ as to the manner in which those services are provided.”[3] This definition of “employee” under Section 63E(9) of FSMA is wide enough to include contractors and secondees[4]. However, it does NOT include non-executive directors (NEDs). NEDs are not subject to the Certification Regime.[5]
[1] SYSC 27.4.1G(1)
[2] A definition which includes e.g. companies and partnerships
[3] Section 63E(9) of FSMA, SYSC 27.4.1G(2)
[4] SYSC 27.2.8G
[5] SYSC 27.6.3R
Notwithstanding the definition above, it is important to note that not all “employees” are subject to the Certification Regime. Rather, the Certification Regime only applies to:
Individual sole traders are NOT “employees” and so are NOT subject to the Certification Regime. However, members of a sole trader’s staff can be “employees” and so can be subject to the Certification Regime.[1]
In some cases, a person who works for an Appointed Representative of a firm may fall within the definition of an “employee”. However, more often than not, Appointed Representatives will fail to meet the ‘service’ and ‘supervision’ conditions which must be satisfied for the Certification Regime to apply.[2] In addition, in order to be subject to the Certification Regime, Certification Functions must be performed pursuant to arrangements between the “employee” and the “firm” and NOT pursuant to arrangements between an “employee” and a “contractor to a firm” (which then contracts with the firm itself).[3]
[1] SYSC 27.6.9G
[2] SYSC 27.4.2G
[3] SYSC 27.4.2G(2)
If an individual is based outside of the UK and spends no more than 30 days each year performing an activity that would otherwise be an in-scope Certification Function, then he/she will not be regarded as performing a Certification Function (and so won’t be subject to the Certification Regime).[1] However, this exemption is only available to the extent that the individual is “appropriately” supervised by a Senior Manager or a Certification Employee who has been assessed as fit and proper in relation to the activity being performed by the individual.[2]
However, it is important to note that the “30-day” rule does NOT apply if the activity being performed by the non-UK individual:
[1] SYSC 27.5.3R(1)
[2] SYSC 27.5.3R(2)
[3] SYSC 27.5.3R(3)(a)
[4] SYSC 27.5.3R(3)(b)
[5] SYSC 27.5.3R(4)
The Certification Regime does not apply to:
In addition, the Certification Regime requirements do not apply to any firm that is an internally managed alternative investment fund (“AIF”) which is a body corporate but is not a collective investment scheme.[1]
[1] SYSC 27.6.10R
Certification Regime staff must be ‘fit and proper’ to perform their role.
In a change from the Approved Persons Regime, the FCA will no longer approve individuals who are subject to the Certification Regime. Instead, this responsibility will now fall on firms themselves. Specifically, firms will be responsible for certifying, at least annually, that all staff falling under the Certification Regime are fit and proper to perform their role. If an individual performs more than one certification function, that person will need to be certified as fit and proper for each function performed.
On assessing an individual as being fit and proper to perform his/her role, the firm should issue a certificate to that individual. Without such a certificate, a firm should not allow an employee to perform a Certification Function[1].
[1] SYSC 27.1.3G
The Certification functions are detailed below:
To qualify as an FCA “Certification Function”, the function(s) performed by an individual must be connected to the performance of a regulated activity.[1] In addition, whilst it is possible to be both a Senior Manager and be subject to the Certification Regime (e.g. a director performing a role that requires a qualification), Senior Management Functions are NOT Certification Functions per se.[2] As such, the performance of a Senior Management Function is NOT subject to the requirements of the Certification Regime. In a similar vein, performance of the “Overall responsibility” function by a Senior Manager is NOT regarded as a “Certification Function”[3] and neither is the performance of a Senior Manager Function as emergency cover under the “12-week” rule.[4]
[1] SYSC 27.3.4G(2)
[2] SYSC 27.7.1
[3] SYSC 27.6.6R(1) and SYSC 26.3
[4] SYSC 27.6.6R(2) and SYSC 26.4.6R
The CASS oversight function for different types of SM&CR firm is detailed below. However, note that ‘CASS oversight’ will NOT be a Certification Function if it is performed by a Senior Manager.
The function of acting in the capacity of a person who is allocated responsibility for CASS operational oversight.[3]
[1] See CASS 1A.3.1AR
[2] CASS 13.2.3R
[3] CASS 1A.3.1R
[4] CASS 13.2.3R
Identifying members of staff who are performing the “Significant management” Certification Function requires firms to exercise a degree of judgement as the function applies to anyone with “significant responsibility for a significant business unit”.[1]
An example of an individual who may be performing the “significant management” Certification Function is the Chief Risk Officer in relation to an SM&CR ‘core’ firm. The Chief Risk Officer Senior Management Function does not apply to core firms. As such, that person would be regarded as performing the “significant management” Certification Function,[2] rather than a Senior Management Function. However, this would only be the case if there was no other relevant Senior Management function being performed within the firm. As such, if an individual was performing his/her role as Chief Risk Officer as part of their job as an Executive Director (a Senior Management Function which DOES apply to core firms) then the individual would be considered to be performing the Executive Director Senior Management function rather than the “significant management” Certification Function.[3]
[1] SYSC 27.8.4R
[2] SYSC 27.8.7AG
[3] SYSC 27.8.7AG
A “business unit” is not limited to one that carries on commercial activities with customers and third parties or one that earns revenue. A “business unit” can be an internal support department that has no contact with people outside the firm. It may include, for example, human resources, the legal department, operations or information technology.[1]
[1] SYSC 27.8.7G
“Significance” of a business unit is determined by reference to:
[1] SYSC 27.8.9G
The FCA provides an illustrative, non-exhaustive list of “significant business units”. This includes being the head of (or being a member of a committee that makes decision in relation to) any of the following:
[1] SYSC 27.8.5G
The functions detailed in the table below are all considered to be Certification Functions due to their qualification requirements, even if the time period with which the person must have obtained the qualification has not yet expired (e.g. they are in training) or the person is exempt from the qualification requirement[1]:
[1] SYSC 27.8.10R and see TP APP 1.1.1R
| Activity | Product or Sector |
|---|---|
Designated investment business carried on for a retail client |
|
|
Advising or giving personal recommendations (as relevant) |
|
|
Giving personal recommendations on securities which are not stakeholder pension schemes, personal pension schemes or broker funds |
|
|
Giving personal recommendations on derivatives |
|
|
Giving personal recommendations on retail investment products which are not broker funds |
|
|
Giving personal recommendations on Friendly Society tax-exempt policies (other than Holloway sickness policies where the Holloway policy special application conditions are met) |
|
|
Giving personal recommendations on long-term care insurance contracts |
|
|
Giving personal recommendations on investments in the course of corporate finance business |
|
|
Giving personal recommendations on investments in the course of corporate finance business |
|
|
Advising on syndicate participation at Lloyd's |
|
|
Advising on P2P agreements |
|
|
Undertaking the activity in column 2 |
Broker fund adviser |
|
Pension transfer specialist |
|
|
Giving personal recommendations and dealing |
Giving personal recommendations on and dealing in securities which are not stakeholder pension schemes, personal pension schemes or broker funds |
|
Giving personal recommendations on and dealing in derivatives |
|
|
Managing |
Investments |
|
Overseeing on a day-to-day basis |
Operating a collective investment scheme or undertaking the activities of a trustee or depositary of a collective investment scheme |
|
Safeguarding and administering investments or holding client money |
|
|
Administrative functions in relation to managing investments |
|
|
Administrative functions in relation to effecting or carrying out contracts of insurance which are life policies |
|
|
Administrative functions in relation to the operation of stakeholder pension schemes |
|
|
Mortgage Activity and reversion activity carried on for a customer |
|
|
Advising; arranging (bringing about) an execution-only sale, excluding variations to an existing home finance transaction except where the effect is to change all or part of the home finance transaction from one interest rate to another. |
Regulated mortgage contracts for a non-business purpose |
|
Equity release transactions |
|
|
Designing scripted questions for execution-only sales |
Regulated mortgage contracts for a non-business purpose |
|
Equity release transactions |
|
|
Overseeing execution-only sales on a day-to-day basis |
Equity release transactions |
The FCA provides a full list of the functions it considers constitutes performing the function of a “material risk taker” in SYSC 27.8.14R[1]. However, broadly, a “material risk taker” is someone who falls within the definition of “Remuneration Code Staff” (in other words, an employee whose professional activities have a material impact on the firm’s risk profile).[2]
[1] SYSC 27.8.14R
[2] SYSC 27.8.15R
This function is wider than the CF30 function under the Approved Persons regime and applies to any person who deals with clients, whether retail clients, professional clients or eligible counterparties. More specifically, a person (“P”) performs the “client-dealing” Certification Function for a firm if:
in a manner substantially connected with the carrying on of regulated activities by the firm.
The essence of the “client-dealing” Certification Function is that it applies to any person who “deals with” a client of the firm in the UK. The FCA interprets this phrase to include “having contact with clients”.[1] That extends to dealing with any person in relation to a ‘client-dealing activity’. In other words, that person need NOT be a client of the firm.[2] Nonetheless, those ‘client-dealing activities’ must still relate to a regulated activity carried on by the firm if they are to be considered as Certification Functions.[3]
Nonetheless, someone performing a purely administrative role will not be performing a Certification Function, even if they have customer contact.[4] Roles which are “simple or largely automated” are also not considered to be “Certification Functions”.[5]
[1] SYSC 27.3.2G
[2] SYSC 27.8.21G
[3] SYSC 27.8.22G
[4] SYSC 27.8.22BG
[5] SYSC 27.8.22BG(3)
| Activity | Comments |
|---|---|
|
(1) The following activities:
(a) advising on investments other than a non-investment insurance contract; or
(b) performing other functions related to this, such as dealing and arranging.
|
(a) does not include advising on investments in the course of carrying on the activity of giving basic advice on a stakeholder product. |
|
(2) The following activities:
(a) giving advice in connection with corporate finance business; or
(b) performing other functions related to this.
|
|
|
(3) If the firm does any of the following activities:
(a) dealing, as principal or as agent; or
(b) arranging (bringing about) deals in investments;
taking part in those activities is included.*
|
(a) and (b) do not include dealing or arranging (bringing about) deals in investments in a non-investment insurance contract.
This activity also includes a person in connection with whom the activities in the first column of this row are carried out; and the property of any such person.
|
|
(4) If the firm is acting in the capacity of an investment manager the following are included:
(a) taking part in that activity; and
(b) carrying on functions connected to this.*
|
|
|
(5) Acting as a ‘bidder’s representative’ in relation to bidding in emissions auctions. |
Acting as a ‘bidder’s representative’ has the meaning in sub-paragraph 3 of article 6(3) of the auction regulation. |
Each of the following is a Certification Function under the ‘algorithmic trading’ heading[1]:
Sometimes an approval or a decision involves sign-off from different stakeholders regarding different aspects of the decision or approval. If this is the case, the FCA will regard all as having given the approval or decision and so all will be deemed to be performing a Certification Function.[2]
Conversely, if an approval or decision involves sign-off by a number of people of different levels of seniority about the same aspects of the decision then the FCA will consider that only the most senior decision-taker gives the approval or decision (and so will be performing a Certification Function). However, in these circumstances, where the firm’s procedures do not require the more senior person to carry out a detailed review of the approvals or decisions of a more junior person, both the junior and the senior person will be regarded by the FCA as having given the approval or decision (and so both will be considered to be performing a Certification Function).[3]
[1] SYSC 27.8.23R
[2] SYSC 27.8.28G
[3] SYSC 27.8.29G
A UK SM&CR firm must ensure that, at all times, one or more of its Senior Managers has “overall responsibility” for each of the activities, business areas and management functions of the firm.[1] However, notwithstanding this requirement, a firm may allocate local or overall responsibility for the legal function to someone who is not a Senior Manager.[2] Whilst not subject to the Senior Managers Regime, the FCA will consider that individual to be subject to the Certification Regime on account of the fact that he/she is performing the “significant management” or the “material risk taker” Certification Function (or both).[3]
[1] SYSC 26.3.1R
[2] SYSC 26.4.9R
[3] SYSC 27.9.1G
It is possible for the role of a particular individual to encompass more than one Certification Function. For example, a person might be both a “material risk taker” and perform a role which requires a qualification. If this is the case, any requirements which are relevant to either Certification Function will apply. As such, in the example given, the firm could not rely on the ‘emergency 4-week’ exemption from ‘fit and proper’ testing as this is not available in relation to functions requiring qualifications.[1]
[1] SYSC 27.7.4
If a firm appoints an individual to provide cover for a certification employee and that appointment lasts for less than 4 weeks, then the individual providing the cover will not be regarded as performing a Certification Function. As such, the Certification Regime will not apply to the person providing emergency cover.[1]
However, there is one exception to this rule. If the replacement is performing a function which requires a qualification (in other words, Certification Function (4)) then the individual will be regarded as performing a Certification Function and so will be subject to the Certification Regime.[2] Where there is an unforeseen absence of an employee performing a function for which there is a qualification requirement then the firm should take reasonable care to ensure that no employee of the firm performs the function without a valid ‘fit and proper’ (“F&P”) certification. This certification should be issued before the person starts to perform the function requiring qualifications.[3]
[1] SYSC 27.5.1R
[2] SYSC 27.5.1R
[3] SYSC 27.5.2G
Firms must establish, implement and maintain policies and procedures that are adequate for the purposes of comply with the SM&CR regulatory references requirements.[1]
Regulatory references are a key input into the fit and proper assessment process. They are relevant for all external recruitment and for some internal promotions.
At a high level, these requirements oblige firms to take “reasonable steps” to obtain regulatory references covering the previous six years of employment with respect to all Senior Managers, all certification staff[2], and non-executive directors who are not senior managers (“Non-approved NEDs”).[3] The requirements also apply to Appointed Representatives of the firm, as well as to the firm itself.[4] The FCA believes that it is the responsibility of each individual firm to determine what “reasonable steps” means in this context.[5]
Regulatory reference information is to be shared using a standard template, which is found in SYSC 22, Annex 1.
Firms which are subject to the SM&CR must try to obtain a reference from a previous employer even if the previous employer was not an FCA regulated firm.[6]
[1] SYSC 22.8.1R
[2] SYSC 22.2.1R(1)(b)
[3] SYSC 22.2.1R
[4] SYSC 22.8.3R
[5] PS16/22 “Strengthening accountability in banking and insurance: regulatory reference final rules”, page 9
[6] SYSC 22.7.4G
Normally, regulatory references should be obtained before an application for the approval of a Senior Manager is submitted to the FCA.[1] However, the FCA understands that this might not be possible in all circumstances. As such, it is permissible to obtain regulatory references no later than one month before the end of the “application period”.[2] Broadly, the “application period” is the period of three months (commencing from the time at which the FCA receives a completed application) which the FCA has to process an application for approval for an individual to act as a Senior Manager.[3] It is worth noting that an application will not be approved unless and until regulatory references have been obtained.
[1] PS16/22 “Strengthening accountability in banking and insurance: regulatory reference final rules”, page 9
[2] PS16/22 “Strengthening accountability in banking and insurance: regulatory reference final rules”, page 10
[3] SUP10C.10.26 and Section 61 of FSMA
With respect to the issuing of an ‘fit and proper’ certificate to Certification Staff, firms should obtain a reference before the certificate is issued or renewed.[1] However, the FCA recognises that, where a firm needs to fill a vacancy for a certification function which could not have been reasonably foresee, it may not be possible for the firm to obtain regulatory references prior to issuing a ‘fit and proper’ certificate. In such cases, the reference should be taken up as soon as reasonably practicable and, if the reference raises concerns about the individual, revisit the decision to issue the individual with a ‘fit and proper’ certificate.[2]
It is unlikely that annual fit and proper testing will, of itself, trigger a requirement to seek a new or updated reference.[1]
[1] SYSC 22.7.6G(3)
[1] SYSC 22.2.3R
[2] SYSC 22.7.10G
It is reasonable and permissible for a firm to delay getting a reference where asking for the reference would create a serious risk of:
It is also possible to delay obtaining a regulatory reference for a Senior Manager where this would trigger a mandatory disclosure (e.g. to a stock market) that the appointment was being made.[2]
[1] SYSC 22.7.11G(2)
[2] SYSC 22.2.3R
The requirement to obtain a regulatory reference also applies where an individual changes jobs, for example, after a promotion. However, in these circumstances, the requirement is that the firm consider whether it is necessary to obtain (or refresh) a regulatory reference. It is not the case that the firm MUST ALWAYS obtain (or refresh) a regulatory reference on a role change.[1]
[1] SYSC 22.7.7G
It is not necessary to obtain regulatory references in relation to intra-group staff transfers provided that “there are adequate arrangements in place” under which the firm that would otherwise have to request the reference has access to the same regulatory reference information sources as the firm that would otherwise be obliged to provide the reference.[1] In other words, where a group operates centralised records, it is not necessary to obtain regulatory references.[2]
[1] SYSC 22.8A.1R
[2] SYSC 22.8A.2G
Firms in receipt of a regulatory reference request must disclose any information relating to the individuals’ fitness and propriety going back six years[1] (calculated from the date on which a course of conduct has come to an end)[2]. However, any information relating to “serious misconduct” must be disclosed without time limit. [3]
In term of disclosing breaches of the Conduct Rules, firms should only disclose Conduct Rules breaches to the extent that actual disciplinary action (i.e. formal written warning, suspension/dismissal, or reduction/recovery of remuneration) was taken by the firm against the individual.[4] The reference should provide a factual description of the breach (including date(s) of when it occurred and the basis for the disciplinary action) and its outcome.[5]
The FCA would not normally expect criminal convictions to be disclosed in a regulatory reference.[6]
[1] SYSC 22.2.2(2) and (3)
[2] SYSC 22.5.9G
[3] SYSC 22.2.2R(3)(c)
[4] FSMA 2000, s 64C, PS16/22 “Strengthening accountability in banking and insurance: regulatory reference final rules”, page 11
[5] PS16/22 “Strengthening accountability in banking and insurance: regulatory reference final rules”, page 11
[6] PS16/22 “Strengthening accountability in banking and insurance: regulatory reference final rules”, page 18
The removal of the six-year time limit in relation to cases of “serious misconduct” does not mean that time is an irrelevant consideration in these circumstances. The longer ago a matter occurred, the less likely it is to be “serious”. [1] They key question for firms to ask is how important the information is for the requesting firm’s assessment of the employee’s fitness for the particular function that they are going to perform. [2]
The FCA provides a list of factors to take into account in determining whether misconduct is “serious”. This includes whether:
[1] SYSC 22.5.10G(2)
[2] SYSC 22.5.10G(3)
[3] SYSC 22.5.11G
Firms must exercise due skill and care in preparing a reference[1] and should provide as complete a picture as possible.[2]
Nonetheless, firms need to balance the duty owed to the ‘new employer’ against the duty owed to the individual. To this end, regulatory references should be “true, accurate, fair and based on documented fact”.[3]
[1] SYSC 22.5.4G
[2] SYSC 22.5.3G
[3] SYSC 22.5.4G
In order to comply with the obligation to be fair to employees, firms should investigate and verify allegations before including them in a regulatory reference.[1] However, note that verification can happen at a time BEFORE the reference is prepared (e.g. at the time of a disciplinary hearing).[2]
Firms are not required to disclose information that has not been properly verified.[3] For example, a firm is not necessarily required to include in a regulatory reference the fact that an ex-employee left while disciplinary proceedings were pending or had started. Including such information is likely to imply that there is cause for concern about the ex-employee but the firm may not have established that the ex-employee was actually responsible for misconduct.
[1] PS16/22 “Strengthening accountability in banking and insurance: regulatory reference final rules”, page 19
[2] SYSC 22.5.5G(3)
[3] SYSC 22.5.1R
“Fairness” also requires that firms should offer employees the opportunity to comment on information contained in a reference (but not the reference itself or an updated reference[1]). It is important to note that the employee’s views are not required to be included in the reference itself. Rather, the firm need only take those views into account as far as appropriate when deciding whether something should be disclosed and how the disclosure is drafted.[2] Nonetheless, if it is a choice between leaving information out of a reference, or asking an employee to comment, the employee should be asked to comment.[3]
It is expressly recognised that, of course, the employee may choose not to comment.[4]
[1] SYSC 22.5.5G and SYSC 22.6.5G
[2] SYSC 22.2.5G
[3] SYSC 22.2.5G
[4] SYSC 22.2.5G
Criminal records checks do not have to be carried out on all staff[1]. However, they should be conducted when appointing a Senior Manager[2], and in relation to certain other directors[3].
Either way, regulatory references do not need to include information relating to criminal records.[4]
[1] SYSC 22.5.19
[2] SUP 10C.10.16R
[3] SYSC 23.4
[4] SYSC 22.5.19G
Firm should also take into account the following factors when asking for and responding to a regulatory reference[1]:
[1] SYSC 22.2.2(5)
[2] See SUP 10A Annex 4 and SUP 10C Annex 3
[3] SYSC 22, Annex 2
The FCA provides a template which all firms should use when providing a regulatory reference.[1] This can be found in Annex 1 of SYSC 22 and details a baseline minimum of information which must be provided by firms. Minor formatting changes to the FCA template are permissible, but all relevant information must be included.[2]
Firms are also free to provide more information if they wish (this is called “Additional Materials”).[3] They may also add qualifying information if they want to (for example, information about mitigating circumstances).[4]
At a minimum, the FCA Regulatory Reference template requires the following information to be disclosed[5]:
[1] SYSC 22.4.1G
[2] SYSC 22.4.2R
[3] SYSC 22.4.6R
[4] PS16/22 “Strengthening accountability in banking and insurance: regulatory reference final rules”, page 11
[5] SYSC 22.2.2(4)
If a firm, which is subject to the SM&CR, provides a regulatory reference but subsequently becomes aware of matters or circumstances which would (a) have required it to give a different reference, (b) concluded that the individual who was the subject of the reference was not fit and proper, or (c) would have resulted in it taking disciplinary action against the individual (had the individual still been employed with the firm), it must make reasonable enquiries as to the identity of the individual’s current employer and give details of the differences as soon as reasonably possible.[1] It’s worth noting that the obligation is only to make reasonable efforts to update the current employer.[2]
Individuals should have the opportunity to comment on any update to any regulatory reference.[3]
Firms are obliged to confirm whether they employ an individual if asked by a previous employer of that person seeking to update a regulatory reference.[4]
[1] SYSC 22.2.4R
[2] PS16/22 “Strengthening accountability in banking and insurance: regulatory reference final rules”, page 13
[3] SYSC 22.6.5G
[4] SYSC 22.2.7R
Firms must ensure that they do not enter into any arrangements which could limit their ability to disclose information in relation to regulatory references (i.e. non-disclosure agreements)[1]. Furthermore, the obligation to make disclosure under a regulatory reference applies even if the firm has entered into any kind of non-disclosure agreement with the individual.[2]
[1] SYSC 22.5.13R
[2] SYSC 22.5.16G
The FCA Directory is a new public register maintained by the FCA. Broadly, it is designed to make information on individuals who perform certification functions both public and accessible. It is different from the existing Financial Services Register (which will continue, but will only contain details relating to Senior Managers).[1]
The reporting requirements relating to the FCA Directory can be found in SUP 16.26, under which all SM&CR firms must submit to the FCA (and keep up-to-date) certain information relating to their “Directory Persons” for publication in the FCA Directory.
[1] PS19/7, page 3
“Directory Persons” are defined as being:
[1] PS19/7, page 4
Information relating to a “Directory Person” which is made public on the FCA Directory includes:
[1] PS19/7, page 5
Under the Conduct Rules, Directory Persons are responsible for providing accurate information to their employer. However, it is the responsibility of firms to verify the Directory information provided to them and to keep the information which they must submit to the FCA Directory up-to-date.[1] The Senior Manager who hold the Prescribed Responsibility for the firm’s performance of its obligations under the employee certification regime will be ultimately accountable for the information provided on Directory Persons.[2]
Any changes in the data required for FCA Directory entries (in terms of new joiners, leavers and changes) must be updated within 7 business days of the change.[3] Reporting can be made individually via the FCA’s Connect system. Alternatively, the FCA will provide a multiple entry facility (in the form of an Excel spread sheet which must be saved and submitted in .csv format).[4] In most cases, information submitted to the FCA will appear on the FCA Directory no later than the next business day.[5]
Firms which have not made any changes to their data in the preceding 12 months will be required to confirm that their FCA Directory data remains up-to-date.[6] The FCA will do this by sending automated reminder emails to a firm’s dedicated “FCA Connect” user ahead of the notification due date.[7]
[1] PS19/7, page 6
[2] PS19/7, page 19
[3] PS19/7, pages 7 and 16
[4] PS19/7, page 36
[5] PS19/7, page 36
[6] PS19/7, page 18
[7] PS19/7, page 25
FCA reporting provisions apply to the FCA Directory. As such, an administrative fee of £250 will be charged to cover the costs of work undertaken by FCA staff to remediate data which is either submitted late or is inaccurate.[1] However, for more serious cases (such as repeated breaches) the FCA reserves the right to take whatever action it considers appropriate (which may include use of disciplinary powers, imposition of penalties, public censure and the removal of permissions).[2]
[1] PS19/7, page 18
[2] PS19/7, page 19
The “Conduct Rules” are a set of high-level standards which apply DIRECTLY to almost all members of staff within the financial services industry (the main exception being “ancillary staff” – a group discussed in more detail below). They are designed to drive cultural change within all firms which are subject to the SM&CR. There is an entire section of the FCA Handbook dedicated to the Conduct Rules which provides a lot of useful information on the topic. This is called the “Code of Conduct (COCON)”. The legislative requirements relating to the Conduct Rules are set out in section 64A and 64B of FSMA 2000.
The Conduct Rules apply to the regulated and unregulated financial services activity of a firm[1]. However, more specifically, for FCA solo-regulated firms, the Conduct Rules apply to:
[1] COCON 1.1.6R to 1.1.7R
[2] COCON 1.1.7AR
As far as individuals are concerned, the Conduct Rules apply to[1]:
[1] See COCON 1.1.2R
The FCA has provided an EXHAUSTIVE list of the job roles that would qualify as “ancillary staff” (and so would NOT be subject to the Conduct Rules)[1]. These are:
[1] See COCON 1.1.2R
The Conduct Rules applies to Senior Managers, non-approved NEDs and Certification Employees who are “material risk takers” irrespective of where they perform activities.[1] However, beyond that, the Conduct Rules only apply to conduct:
The phrase “dealing with” is interpreted quite widely by the FCA and includes ‘having contact with customers’. In other words, it is NOT restricted to dealings with clients of the firm.
[1] COCON 1.1.9R
[2] COCON 1.1.10R
There are two sets of Conduct Rules. The first set applies to ALL staff (including Senior Managers). The second set only applies to Senior Managers.
[1] COCON 1.1.4R
[2] COCON 1.1.4R
[3] COCON 1.1.4R
Firms must notify the FCA of any breach of the Conduct Rules which leads to disciplinary action being taken against the individual[1]. This remains the case even if the individual has appealed, or plans to appeal, against the disciplinary action (although in these circumstances, the firm should note the existence of the appeal and update the FCA on the outcome of the appeal)[2]. The FCA regards “disciplinary action” as being:
Breaches of the Conduct Rules by Senior Managers must be notified to the FCA within 7 days.[4] Breaches of the Conduct Rules by certification staff or conduct rules staff must be notified to the FCA annually in October using Form H (also known as “REP008 – Notification of Disciplinary Action”). However, if the breach is “serious”, it must be reported immediately[5]. If a firm has no notifications to be made to the FCA, it should lodge a ‘nil return’.[6]
[1] FSMA 2000 S64C, SUP 15.3.11R and SUP 15.11.6R
[2] SUP 15.11.9G
[3] SUP 15.11.5G
[4] SUP 10C, Annex 2G
[5] SUP 15.11.13R to SUP 15.11.15R
[6] SUP 15.11.13R(5)
Of course, firms are also subject to more general notification requirements. Principle 11 requires a firm to deal with its regulators in an open and cooperative way and to disclose to the FCA appropriately anything relating to the firm of which the FCA would reasonably expect notice. Principle 11 applies to unregulated activities as well as regulated activities and takes into account the activities of other members of a group.
In addition, firms are required to notify the FCA of anything that has occurred, or may occur in the foreseeable future that could:
[1] SUP 15.2.1R
Firms are also under a general obligation to notify the FCA of “significant” breaches of the Conduct Rules under SUP 15.3.11R[1] “immediately it becomes aware or has information which reasonably suggests” that a breach has (or may have) occurred.[2]
What is ‘significant’ will depend on:
The notification obligations under SUP 15.3 also cover other circumstances which could overlap Conduct Rule breaches, such as employee fraud.[3]
[1] SUP 15.3.11R(1)(a)
[2] SUP 15.2.11R(2)
[3] SUP 15.3.17
An individual will only be in breach of the Conduct Rules where they are personally culpable. In other words, the conduct of that individual must:
In addition, in considering whether a Senior Manager has breached the Senior Manager Conduct Rules, the FCA will take into account:
the nature, scale and complexity of the business (the larger and more complex the business, the greater the expectations of the FCA in assessing whether the Senior Manager’s conduct was “reasonable” (and vice versa)).[3]
[1] COCON
[2] COCON 3.1.5G
[3] COCON 3.1.6G
Firms must inform staff that they are subject to the Conduct Rules and take “all reasonable steps” to ensure that staff understand how the Conduct Rules apply to them.[1] The firm should provide “suitable training” in order to ensure that staff understand how the Conduct Rules apply to them[2] generally, but also the way in which specific Conduct Rules are relevant to the work individual members of staff perform.[3] In other words, Conduct Rules training must be tailored to an individual’s role.
For example, individuals who trade in markets should receive training on the specific application of Conduct Rule 5 (“You must observe proper standards of market conduct”). Similarly, individuals who deal with clients should understand how Conduct Rule 4 (“You must pay due regard to the interests of customers and treat them fairly”) applies to their role.[4]
[1] FSMA 2000, section 64B and COCON 2.3.1G
[2] COCON 2.3.2G(1)
[3] COCON 2.3.2G(2)
[4] COCON 3.2.2G(3)
| Form | Scenario |
|---|---|
|
Long Form A |
Application to perform a controlled function including SMFs |
|
Short Form A |
Application to perform a controlled function including SMFs |
|
Form C |
Notice of ceasing to perform controlled functions including SMFs – this form is used to cancel the approval for an individual. |
|
Form D |
Changes to personal information/application details and conduct breaches/disciplinary action related to conduct. This form is used to notify the FCA of breaches of the conduct rules BY SENIOR MANAGERS, disciplinary action against senior managers and changes to personal information. |
|
Form E |
Internal transfer of a person performing a controlled function for solo-regulated firms. This form is relevant for individual changing the approved function being performed. |
|
Form I |
Application for the variation of a conditional approval for the performance of an SMF. |
|
Form J |
Notification of significant changes in responsibilities of a Senior Manager – this form is used if there are significant changes to the Statement of Responsibilities of a Senior Manager. |
|
Form K |
Conversion notification form for FCA solo-regulated firms. This form is used to convert existing approvals under the Approved Persons Regime to new functions under the SM&CR. |
|
Form O |
Notification of change to firm classification under the SM&CR. |
|
REP008 |
Notification of Conduct Rule breaches and disciplinary action. This form should be used to notify the FCA of conduct rule breaches by certification and conduct rules staff, or submit a nil return. |
|
Statement of Responsibilities |
A template for a Senior Manager’s statement of responsibilities. |
There are two versions of Form A – Long Form A and Short Form A. The main difference between the two is that Long Form A must contain detailed information about fitness and proprietary whereas Short Form A does not.
The golden rule is that Long Form A can be used in ALL circumstances. To that extent, always use Long Form A if you do not know which Form A to use.
You may use Short Form A if you, or the candidate you are applying on behalf of:
You must use Long Form A if you, or the candidate you are applying on behalf of, has
You must use Long Form A if you are unable to determine whether Long Form A or Short Form A should be used.
Corterum
Marlborough House
Marlborough Crescent
Newcastle-upon-Tyne
NE1 4EE