Insurers should prepare for impact of new accountability rules now, experts warn

Out-Law Analysis | 26 Oct 2017 | 3:40 pm | 5 min. read

ANALYSIS: Consultations on the extension of the Senior Managers and Certification Regime (SM&CR) to the entire insurance sector close on 3 November. Firms should start thinking about and preparing for the changes now, so that they are not under undue pressure when the new requirements come into force.

Insurance intermediaries, managing agents (MGAs) and brokers that are not currently subject to the Senior Insurance Managers Regime (SIMR) can expect the biggest changes when the SM&CR is extended to cover all regulated financial firms next year. However, even those firms already subject to the SIMR will still have to grapple with new and important features of the regime that are going to affect them for the first time, particularly the new certification regime for employees that are not senior managers and the new 'duty of responsibility' for senior managers.

The extension of the SM&CR will affect all insurers and reinsurers regulated by the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA), ranging from very small firms outside the scope of the Solvency II Directive to some of the largest global firms. It will not apply to firms that are not authorised under the Financial Services and Markets Act (FSMA).

The introduction of the new rules will not affect approved persons at appointed representatives of firms. The FCA intends to confirm its approach to the SM&CR for appointed representatives in a follow-up consultation paper. For now, it has said that principal firms, including the senior managers of principal firms, remain fully responsible for ensuring that their appointed representatives and networks comply with its rules.

The purpose of the new regime is to make it easier for the regulators to hold individuals accountable. Whilst the terminology in the new conduct rules does not differ significantly from current regulatory language, the biggest change is the accountability of each and every individual subject to the regime.

The FCA has spoken about its desire to put more heads on spikes for some time now, and rolling out the new regime to insurers and all other regulated financial firms is a significant step towards the FCA achieving this objective. Firms should be aware that FCA enforcement action will inevitably increase under the new regime.

The SM&CR consists of three main elements.

Certification regime

Under the certification regime, firms will self-identify and certify individuals that are not covered by the Senior Managers Regime once a year for their fitness, skill and propriety. This is the biggest change for insurers, and will affect any roles at insurance firms which significantly impact customers and which are not considered ancillary. While the application of the certification regime to underwriting, claims and complaints roles is self-explanatory, HR, IT and audit functions will be captured too.

As well as these new certification roles, most employees will also become subject to the conduct rules (see below) - not just senior management.

The ABI, in its response to the FCA consultation (8-page / 410KB PDF), sought clarification on what the certificates should include as part of the certification regime. It stated that it would also welcome clarity on "whether individuals in scope of certification under the PRA and FCA regimes will need two certificates or whether a single certificate could be issued on behalf of both regulatory regimes".

Senior manager responsibilities

The biggest change here, and a new obligation for all senior managers at insurers, is the 'duty of responsibility'. This means that if something goes wrong in an area of responsibility for that senior manager, the regulators will be interested in "whether they took steps that could reasonably be expected of a person in their position to stop this from happening (or continuing)".

The regulators are likely to formally consult on enforcing the duty of responsibility as part of another technical consultation paper later this year.

Enforceable conduct rules

New conduct rules will apply to all financial services staff at regulated firms. These rules largely reflect existing rules for approved persons. The simple set of rules requires individuals to act with integrity; act with due care, skill and diligence; be open and cooperative with regulators; pay due regard to customer interests and treat them fairly; and observe proper standards of market conduct. Breaches of the conduct rules by both senior managers and by certified employees will have to be notified to the regulators, and there will be a risk of direct regulatory action and fines.

The conduct rules form the baseline of specific requirements to all regulated firms, called the 'core regime'. The FCA proposes some extra requirements for the largest and most complex firms under an 'enhanced regime', which will apply to fewer than 1% of regulated firms. These extra requirements include responsibilities maps, handover procedures and the need to make sure that there is a senior manager responsible for every area of the firm ('overall responsibility').

The regulators also plan on consulting separately about how firms will transition to the new regime, and any necessary changes to its forms and other parts of the handbook, in a technical consultation paper. The FCA has said that the same principles of simplicity and proportionality will apply when it considers how to transition firms to the new regime - for example, minimising the need for firms and individuals to apply for new approval as a senior manager if they are already an approved person.

In its response to the FCA's consultation, the ABI emphasised the need for coordination between the regulators when aligning their respective rules for the regime. It also emphasised the need for certainty on the implementation date so that firms have sufficient time to prepare.

What should firms do now?

Firms should now be beginning their detailed planning in order to be ready when the regime comes into force, anticipated for next year. Among the questions firms should be asking themselves are:

  • who are those people within the business that will fall within the senior manager category?
  • which employees, with roles that have potential for 'significant harm' to customers, will fall within the certification regime?

Firms should begin training and educating their employees now about the regime and the conduct rules that will apply to them when it comes into force, and the implications of a breach of those rules. Firms will need to provide training to a potentially wide demographic in order to ensure that employees covered by the conduct rules understand what they are and, importantly, how they apply to their own role. It may also be necessary to make changes to employment documentation including contracts, incentive schemes and HR policies.

It is likely that certain disciplinary and performance situations will become more contentious under the new regime. Employees will be aware that any findings could have an impact on their annual certification or a regulatory reference, and will therefore be more likely than ever to contest any outcome that may adversely impact on the firm's assessment of fitness and propriety. It will be important for HR to ensure that assessments of fitness and propriety are consistent, and to work even more closely with colleagues in risk and compliance to ensure that there is a clear organisational view as to when disciplinary and/or performance concerns become problematic from a regulatory perspective.

From an HR systems perspective, the requirement to certify staff annually and report on breaches will require many firms to adopt a more structured and robust appraisal process. There will also be a requirement for HR to ensure that the firm's current record-keeping protocols enable the firm to comply with obligations to report breaches and provide regulatory references, potentially years down the line.

Steven Cochrane is a financial services employment law expert at Pinsent Masons, the law firm behind Out-Law.com. Michael Ruck is an expert in financial services enforcement at Pinsent Masons.