Out-Law Guide 9 min. read
15 Apr 2016, 12:00 am
Following the fall out from the 2008 financial crisis and subsequent high profile banking conduct scandals including PPI mis-selling and LIBOR manipulation the UK set up the Parliamentary Commission on Banking Standards (PCBS) to conduct an inquiry into professional standards and culture in the UK banking sector and to make recommendations for action.
PCBS recommended measures to make senior bankers more responsible, as well as encouraging behavioural change through increased individual accountability. Regulators the Prudential Regulatory Authority (PRA) and Financial Conduct Authority (FCA) responded to these recommendations by proposing a new regulatory regime.
It is made up of:
The new regime came into force for all FSMA ’relevant authorised persons' on 7 March 2016 and will be extended to all 'authorised persons' in 2018. 'Relevant authorised persons' include banks, building societies, credit unions, PRA-designated investment firms and branches of foreign banks operating in the UK. The UK government has estimated that the proposed extension to 'authorised persons' will apply to 60,000 additional firms, including 17,200 investment firms and 42,000 consumer credit firms.
‘Senior managers’ who hold one or more key functions within a firm (‘senior management functions’) must be approved by the appropriate regulator before they can be formally appointed. Senior managers typically include a firm’s board members; executive team members; heads of risk, internal audit and finance; compliance officer; and money laundering reporting officer.
The regulators have identified 19 senior management functions which include the chief executive function, the executive director function, the chief risk function, the head of internal audit function, the chairman function, the chair of risk committee function, the chair of audit committee function, the chair of nominations committee function and the chair of remuneration committee function.
The use and allocation of senior management functions is dependent on the firm. The chairman of nominations committee function, for example, is only allocated where a firm has a committee that performs this or a similar function.
Firms in most cases should be able to identify their senior managers based on the list of senior management functions. This has, however, been problematic for some firms and the regulator has sought to clarify identification of senior managers in the following circumstances:
All major responsibilities for a firm’s affairs (the ‘prescribed responsibilities’) must be allocated to its senior managers. As with senior management functions, not all prescribed responsibilities are relevant to every firm, so the regulators have divided them into groups according to size and circumstances. Some prescribed responsibilities are designed to be assigned to executives, while others are designed to reflect the roles performed by non-executive directors. In general the regulators prefer prescribed responsibilities not to be shared between senior managers in order to avoid a dilution of responsibility.
Before a prospective senior manager can apply for regulator approval, the firm must be satisfied that the candidate is ‘fit and proper’ to perform the relevant senior management functions. Firms must run criminal records checks on each prospective senior manager as part of the vetting process.
Firms must draft a ‘statement of responsibilities’ which sets out the applicant’s senior management functions and prescribed responsibilities. There is a limit of 300 words for each responsibility. Where an application has been granted and there has been a significant change in the senior manager’s responsibilities, the firm must provide the appropriate regulator with an updated statement of responsibilities. This must also be kept consistent with the firm’s responsibilities map. Firms must hold a complete set of current and previous statement of responsibilities relating to all its senior managers.
Firms must produce and maintain a ‘responsibilities map’ which is the sum of the statement of responsibilities. There should be no gaps in the responsibilities map or overlap in senior management function allocations. In the event of an incident, the regulator wants to be able to track who is directly accountable for a given senior management function.
Applications should be in the format prescribed by the appropriate regulator. In making their determinations each regulator will look at the fit and proper test. Each regulator may grant approval subject to conditions or for a limited time only. If a regulator refuses an application or imposes conditions or time limits, the senior manager or the firm may refer the matter to a tribunal.
Firms must reassess the suitability of each senior manager at least once a year and report to the appropriate regulator if there is any cause to doubt the individual’s suitability for the role. Senior manager obligations
Under the previous Approved Persons Regime, approved persons were liable where they had been 'knowingly concerned' in a firm breach, or if they had breached any of the 'statements of principle for approved persons'. The new regime originally placed a ‘presumption of responsibility’ on senior managers in relation to regulatory breaches in their area of responsibility. The presumption of responsibility meant that the senior manager had to show that they had taken reasonable steps to prevent the breach occurring.
BEFSA 2016 replaced the presumption of responsibility with a ‘duty of responsibility’, amending the definition of 'misconduct' applicable to senior managers so that where there has been a regulatory breach in an area for which they are responsible, the burden will now be on the appropriate regulator to prove that a senior manager did not take such steps.
Senior managers are subject to the tier 1 rules and the tier 2 rules of the Code of Conduct.
Firms regulated by the Approved Persons Regime were able to 'grandfather' individuals who had held 'significant influence functions' into the new regime as a senior managers. To do this, firms prepared statements of responsibility and submitted them to the appropriate regulators by 8 February 2016.
Firms have questioned whether the general counsel function is a senior management function and, if it is, how this would affect firms’ legal professional privilege (see Code of Conduct SM4 which applies to all senior managers). The regulators plan to launch a consultation to resolve this issue.
Firms need to certify the fitness and propriety of any staff below senior manager level who could pose 'risk of significant harm' to the firm, its reputation or its customers (‘certified persons’).
Certified persons include approved persons from the previous regime plus anyone performing a ‘certification function’ under SYSC, but excludes all senior managers. SYSC sets out the various certification functions:
Senior managers do not need to be certified as part of the certification regime. However as part of the senior manager vetting process, firms must be satisfied that they would still pass the fit and proper test. The regulators have confirmed that a function performed by a non-executive director only in their capacity as a non-executive director is not a certification function under SYSC. This means that some non-executive directors will not be caught under either the Senior Managers Regime or the Certification Regime. The regulators have also confirmed that material risk-takers only mean the members of staff who are subject to the Remuneration Code under SYSC.
Firms must certify whether the individual is fit and proper to carry out their functions, assessing whether the person:
In assessing fitness and propriety, the regulators do not require firms to carry out criminal record checks for certified persons.
Certification must take place annually, and most firms align this with an individual’s annual appraisal process.
Other issues for certified persons
Certified persons are subject to tier 1 of the Conduct Rules.
The Conduct Rules are intended to govern a wider category of staff than the senior managers or certified persons through a firm-administered breach reporting mechanism. Each conduct rule applies to a person’s conduct in relation to activities performed in their capacity as an employee or senior manager of the firm.
Rule 1: You must act with integrity
Rule 2: You must act with due skill, care and diligence
Rule 3: You must be open and co-operative with the FCA, PRA and other regulators
Rule 4: (FCA only): You must pay due regard to customers and treat them fairly
Rule 5: (FCA only): You must observe proper standards of market conduct
SM1: You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively
SM2: You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system SM3: You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively;
SM4: You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice.
Senior managers are subject to the tier 1 rules and tier 2 rules. All employees at firms other than ancillary staff are subject to the tier 1 rules. Ancillary staff are categorised as those who perform a role that is not specific to the financial services business of the firm, such as receptionists, switchboard operators, postroom staff, security guards, catering staff and cleaners. Non-executive directors are subject to the conduct rules even though they are not employees of the firm.
Firms have an obligation to notify all relevant persons of the conduct rules that apply to them, and train them on those rules.
Firms must report breaches of the Conduct Rules in the following timescales:
Firms have reported less interest in senior roles since the new regime came into force. This may improve with the replacement of the presumption responsibility with the duty of responsibility.
Firms have also reported increased interest from employees around their responsibilities and the ownership of their functions, with many employees escalating concerns defensively. This puts senior managers’ decisions in danger of becoming based on personal interest and liability as opposed to the appropriate risk-based approach. Many senior managers are now even seeking independent legal advice when the firm is faced with an issue, in order to ensure that their individual positions are fully protected.
The UK government has said that the expansion of the new regime to all authorised persons will be 'very challenging' however they are keen to deliver this 'as soon as practicable'. The current expectation is that this will be March 2018.
05 Sep 2016