Executive Summary

The UK regulatory Senior Managers and Certification Regime (SM&CR) came into force in March 2016 to replace the UK Financial Conduct Authority (FCA) Approved Persons Regime (APR) for firms that are subject to dual regulation by the UK Prudential Regulatory Authority (PRA) and the FCA (e.g, banks, building societies and UK designated investment firms) ("dual-regulated firms").

Beginning on 9 December 2019, the SM&CR will replace the APR for all FCA "solo-regulated" firms. The SM&CR aims to promote a culture of effective governance by encouraging the relevant authorised firm's staff to take personal responsibility for their actions, improving conduct at all levels, and ensuring firms and staff clearly understand and can show who is allocated what role.

To a "solo-regulated" firm operating in the UK, e.g., an asset manager, a solo-regulated financial services firm or an insurance intermediary preparing for the SM&CR to become applicable from 9 December 2019, this client alert will be helpful in summarising the UK financial regulatory context within which the SM&CR will apply as well as certain additional obligations the firm will face when hiring individuals subject to the SM&CR and various recommended changes to the firm's internal HR policies.

MoFo would be very happy to help your firm comply with the SM&CR. Please do not hesitate to contact Yulia Makarova to discuss financial service regulatory queries or Annabel Gillham for the employment and data privacy queries.

SM&CR TIMELINE

The following is the SM&CR timeline:

SM&CR: REGULATORY ANGLE

  1. Who does SM&CR apply to?

1.1 The SM&CR currently applies to dual-regulated banking sector firms and insurers.

1.2 From 9 December 2019, the SM&CR will apply to FCA solo-regulated firms which are broken down into three categories: core firms, limited scope firms and enhanced firms.

2. What are the key SM&CR regimes?

2.1 Senior Managers Regime (SMR): covers a senior manager that is carrying out a senior management function (SMF) under s.59ZA of FSMA. The SMR aims to ensure that there is an individual senior manager accountable for the relevant aspects of regulated activity within the firm. Anyone who performs an SMF must be approved by the relevant regulator before he or she can start his or her role. SMR details that:

(a) prescribed responsibilities are assigned to individuals with SMFs;

(b) all applications for approval as a senior manager must contain, or be accompanied by, a statement of responsibilities; and

(c) there must be a duty of responsibilities where the FCA can take action against a senior manager if he or she is responsible for the management of any activities in his or her firm, in relation to which the firm contravenes a regulatory requirement.

2.2 The SMR also details obligations for solo-regulated firms in the form of:

(a) Certification regime — A firm must take reasonable care to ensure that no employee performs any certification functions without having been certified as fit and proper to do so, both at the point of recruitment and on an annual basis.

(b) Conduct rules — The FCA's conduct rules reflect the core standards expected of staff who work in the solo-regulated firms within the scope of the SM&CR regime.

(c) Criminal record checks — Firms need to declare if a candidate for SMFs has a criminal record and undertake a criminal records check as part of each senior manager application for approval.

(d) Regulatory references — Firms seeking to appoint someone to either a senior management or certification function must request a regulatory reference from all previous employers.

(e) Financial services directory — The FCA is introducing a new directory of financial services workers. It will operate alongside the Financial Services Register and will make information public on additional individuals carrying out a wider range of roles, including those whom the FCA does not need to approve.

2.3 Extra requirements are applicable to enhanced firms in the form of handover procedures and a management responsibilities map.

3. How will SM&CR apply to you as a solo-regulated firm?

The SM&CR introduces three types of firms, namely: core firms, limited scope firms and enhanced firms. Each type of firm will have different obligations under the SM&CR:

(a) Core firms — Baseline SM&CR requirements will apply to these firms. New obligations under the SM&CR include the allocation of prescribed responsibilities to senior managers and the submission of a statement of responsibilities to the FCA when applying for a senior manager to be approved.

(b) Limited scope firms — These firms will have fewer requirements than core firms. Limited scope firms SMFs mirror how the APR currently applies to these firms. This details that all candidates must be fit and proper to carry out SMFs, but no prescribed responsibilities are applicable to limited scope firms. In addition, these firms must submit a statement of responsibilities to the FCA when applying for a senior manager to be approved.

(c) Enhanced firms — These firms will include a small proportion of solo-regulated firms that will have to apply extra rules. In addition to the SMFs above that are applicable to core firms, there are an additional 17 SMFs and seven prescribed responsibilities applicable to senior managers for enhanced firms. Further, the FCA will apply additional obligations in the form of an "overall responsibility" requirement to all enhanced firms and a responsibilities map.

(d) EEA and third-country branches — For EEA branches, there are no prescribed responsibilities; however, for third-country branches, there are eight specific responsibilities that must be given to senior managers and an additional responsibility for authorised fund managers (AFMs).

4. How will the certification regime apply to you as a solo-regulated firm?

The FCA will not approve individuals within the certification regime, but firms have a responsibility to certify that they are fit and proper to perform their role at least once a year. Firms should take into account whether the individual has obtained a qualification, undergone or is undergoing training and possesses a level of competence.

5. How will the conduct rules apply to you as a solo-regulated firm?

The conduct rules apply to a firm's regulated and unregulated financial services activities (including any activities carried on in connection with a regulated activity). These conduct rules apply to all senior managers, all certified functions, all non-executive directors who are not senior managers and all other employees who perform a role specific to financial services. Firms must notify the FCA when they have taken formal disciplinary action against a person for breaching conduct rules.

SM&CR: EMPLOYMENT ANGLE

1. What issues may arise during the recruitment stage?

If an organisation is planning to hire someone who would be subject to SM&CR, then the organisation should pay attention to the issues below:

(a) Hiring decisions should be subject to conditions precedent — The organisation can make offers of employment conditional to its assessment of the candidate's fitness and propriety.

(b) Clear demarcation of responsibilities in hiring decisions is neccessary — There should be an individual within the organisation who carries the responsibility of reviewing background checks and references for candidates applying for SM&CR roles.

(c) Additional obligations must be fulfilled relating to references — If an external candidate is applying for a senior management position, a certification position or a non-approved non-executive director position, then the organisation must check references for the candidate's last six years of employment.

(d) Data privacy concerns for background checks and criminal record checks must be addressed — The FCA's policy statement does not require organisations to carry out criminal record checks for any candidate falling in the certification function. Furthermore, as there is no regulatory obligation to process criminal records data, organisations must identify a lawful basis before doing so, as required by the General Data Protection Regulation and Data Protection Act 2018.

2. What is a whistleblowers' champion?

A whistleblowers' champion (WSC) is a director or a senior manager within an organisation with the responsibility of 'ensuring and overseeing the integrity, independence and effectiveness of the organisation's policies and procedures on whistleblowing'. Furthermore, the WSC is responsible for ensuring that internal policies are sufficient to protect whistleblowers from potential victimisation. An organisation in the insurance business must appoint a director or a senior manager as its WSC, while for non-insurers, the FCA expects the organisation to appoint a non-executive director as its WSC.

3. Should there be changes in my organisation's internal rules and procedures?

An organisation should consider amending its policies and procedures relating to the following issues to comply with the SM&CR regime:

(a) Right to suspend — A senior manager who underperforms may pose a risk to the organisation by not fulfilling SM&CR requirements. Therefore, the organisation should have the ability to suspend underperforming staff members subject to the SM&CR.

(b) The requirement to notify regulators — Under the SM&CR, if an organisation finds an individual subject to the SM&CR of misconduct or to have breached conduct rules, then it must notify the appropriate regulators. Therefore, it would be prudent for the organisation to outline, in its disciplinary policy, the types of behaviours and sanctions which trigger notifying regulators.

(c) Resignation during the disciplinary process — The organisation should make employees subject to the SM&CR aware that resigning during the disciplinary process does not automatically terminate potential liabilities under the SM&CR.

(d) Record retention — Organisations subject to the SM&CR must keep records relating to a former employee's conduct, fitness & propriety for six years following the termination of employment. Therefore, the organisation should ensure that its record retention policies are sufficient for this purpose and are in compliance with the relevant data protection legislations.

4. Should there be changes in the employment contracts of individuals subject to the SM&CR?

To comply with the regime, an organisation should consider adding the following clauses to the employment contract of an individual subject to the SM&CR:

(a) Warranty (conduct) - The candidate should warrant that, in the past, he or she has not been investigated or disciplined for conduct which could be a breach of conduct roles or which could impact his or her fitness and propriety.

(b) Standard of fitness and propriety - The contract should set an obligation requiring the senior manager to meet and maintain a standard of fitness and propriety throughout her employment.

(c) Temporary reallocation of duties - The contract should contain a right for the organisation to allocate the senior manager's duties to someone else during any temporary leaves of absence.

(d) Clear titles and duties - For senior managers, the contract should refer to their obligations outlined in the 'statement of responsibilities'.

(e) Express termination rights - The contract should contain express termination rights if the individual fails to satisfy any of the rules or requirements connected to his or her role.

Impact of Brexit

In the event of a no-deal Brexit, there will be a temporary permissions regime for certain EEA firms that currently operate in the U.K. For such firms, the FCA intends to maintain the current requirements that apply to EEA branches under the SM&CR throughout their time in the temporary permissions regime.

If there is an agreed implementation period post-exit day, as passporting rights are likely to continue, it is envisaged that the current SM&CR requirements will remain in effect for that period.

The scope of employment matters for EEA firms as a result of Brexit will depend on the situation described above and such, the matters described in this alert for employment will largely remain unchanged.

Conclusion

The extension of the SM&CR to the FCA solo-regulated firms will place greater scrutiny on people working within financial services. This will result in firms providing greater clarity on the roles and responsibilities of senior managers and a sharper focus on outlining a firm's compliance with conduct and risk issues. A number of employment-related matters will also need to be taken into account.

Struan Clark and Tom Macintosh Zheng, Trainee Solicitors in the London Office, contributed to the drafting of this client alert.

Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Morrison & Foerster LLP. All rights reserved