A new accountability regime for individuals in financial services – how firms could be regulated in 2018

Out-Law Analysis | 04 Jan 2016 | 9:00 am | 5 min. read

FOCUS: The UK government  and regulators are determined to see a behavioural revolution across the financial services sector, following the announcement of their intention to extend the main features of the senior managers' and certification regimes (SM&CR) to the wider firm population by 2018.

The government's announcement in October followed the June 2015 recommendations of the Fair and Effective Markets Review (FEMR) set up by George Osborne to assess how trust in the wholesale financial markets could be restored after a slew of scandals and market abuse cases. In line with the 2013 recommendations of the Parliamentary Commission on Banking Standards (PCBS), FEMR concluded that individual integrity and responsibility were pivotal to embed trust at deeper levels within organisational cultures.

We can expect to see initial proposals for the wider 2018 regime in the first round of consultations in early 2016.  With just three months before the new individual accountability regimes take effect for systemically important firms regulated by the Prudential Regulation Authority (PRA), we have some idea of what the key concepts of the new regime will be.

A proportionate application

The government has said that it proposes to extend the SM&CR to "all [Financial Services and Markets Act (FSMA)] authorised persons": those firms that are solely regulated by the Financial Conduct Authority (FCA). Elsewhere it mentions "all financial services firms", which would draw in firms such as payment and e-money institutions largely regulated by way of Treasury regulations rather than by FSMA. Clarity will no doubt emerge when the proposals on scope are published.

The government has promised a proportionate approach to the new regime in order to reflect "the diverse business models operating in the UK market". For regulatory lawyers and compliance officers, this is the familiar test of nature, size and complexity of a firm's business model. So the good news is that just as the new criminal offence of reckless decision-making and failure to take "reasonable steps" for bankers and building societies will not apply to credit unions or insurers, it is likely that the more stringent aspects of SM&CR will not apply to non-systemic firms.

While a proportionate approach is to be welcomed, it will add yet more complexity with the creation of sub-regimes where stricter rules are disapplied. And just as the PRA has had to craft the senior manager regimes for banking and insurance firms within the parameters of the EU regulatory capital (CRD IV) and Solvency II rules; in crafting the wider regime, the FCA must work with EU rules which stipulate mandatory requirements for boards and the assessment of 'fit and proper' criteria. The recast Markets in Financial Instruments Directive (MiFID II) will, for example, require individuals on the boards of investment firms to be of a certain calibre. It also requires that regulators are given the power to remove individuals from the boards of investment firms and market operators.

Senior manager functions and 'prescribed responsibilities'

By 2018, we can expect a set of new FCA senior manager functions (SMFs) aimed at enhancing personal responsibility for senior individuals in FCA-authorised firms. This may follow the SM&CR by creating a narrower set of FCA-approved persons for 'controlled functions' than those currently requiring approval under the Approved Persons Regime (APER).

The FCA may require specified 'prescribed responsibilities' to be allocated to one or more SMF individuals. These prescribed responsibilities would cover matters such as responsibility for the firm's performance of its regulatory obligations, and responsibility for the culture of the firm. 'Statements of responsibility' for each SMF and 'management responsibility maps' are likely to be applied more widely to improve firm governance.

In-house employee certification

In contrast to the SMF functions, 'certification' under the SM&CR will require firms to assess more rigorously any employee capable of causing it or its customers 'significant harm'. The certification regime in SM&CR currently encompasses nine FCA-specified significant harm functions. These include the 'CASS oversight function'; material risk-taking, to whom remuneration rules already apply; significant management roles, such as a head of business unit; and those dealing with clients - akin to the current CF30 'customer function' controlled function.

'Significant harm' will be specified as it is now under SM&CR. Firms will need to certify staff caught by the significant harm rules annually. So individuals who, because of past misconduct in a 'controlled function' at one firm, have sidestepped SM&CR before 7 March 2016  by being employed elsewhere in a non-controlled function role will be caught by the annual certification requirements from March.

New bespoke conduct rules

New conduct standards for employees in banking and insurance will take effect as part of  SM&CR in March. These consist of a dedicated of conduct rules for senior managers, and another for employees whose duties are connected with a firm's regulated activities. The new conduct rules are seen as a critical part of strengthening integrity standards and encouraging the right governance and culture in firms. We can therefore expect these to migrate to the post-2018 regime for non-systemic firms in some form.

A new 'statutory duty of responsibility'

A welcome change to what was a final SM&CR rule is the reversal of the 'reverse burden of proof', which would have required bankers to show that they had not acted recklessly or failed to take 'reasonable steps' in their area of responsibility. Andrew Bailey was concerned that the rule would give rise to legal challenges on human rights grounds and undermine the entire regime, and it was overturned by the House of Lords by the narrowest of margins: 200 to 198 votes. That vote shows the seriousness of the political intent to eradicate bad banker behaviours. The rule will now be superseded by a statutory duty of responsibility on senior managers to prevent regulatory breaches in their 'prescribed responsibilities'.

This new duty may well be applied to senior individuals in all firms by 2018.

Non-executive directors

Non-executive directors (NEDs) have been given significantly more importance and authority in both the banking and insurance accountability regimes. The functions of chairman, and chairmen of the risk committee, audit committee and remuneration committee, are specifically reserved for NEDs.

Once these regimes are in force from 7 March 2016, there will be a fundamental shift in what the regulators will expect of NEDs. With more focus on judgement and less on technical knowledge, NEDs will be expected to challenge the firm's board in all aspects of the firm's strategy, the sustainability of the business model and the uses to which the firm's risk appetite is put. We can also expect that the FCA will see NEDs as a pivotal party of fostering a culture of more effective challenge within firms.

'Regulatory references'

The PRA and FCA's most recent consultation paper proposed rules for mandatory references to "prevent banks and insurers recycling individuals with poor conduct records".

The obligation on firms to provide a reference for individuals applying for a 'controlled function' already exists under APER. The proposed rules, also based on the FEMR recommendations, will apply to a wider set of people: SMFs, certification staff, PRA senior insurance manager functions and FCA insurance controlled functions, and NEDs.

These requirements are likely to emerge as part of the 2018 regime, casting a wider net over staff in regulated firms because accountability and integrity are non-negotiable.

UK competition considerations

Some SM&CR requirements will apply to incoming EEA and non-EEA branches of banks from 7 March, in order to maintain level playing fields for UK banks.

Given the FCA's competition objective, we can also expect the wider regime for UK firms to apply to incoming EEA firms and non-EEA financial services firms from 2018, insofar as any EU sector-specific directives or regulations do not prohibit this.

Elizabeth Todd is a financial regulation expert at Pinsent Masons, the law firm behind Out-Law.com.