By Angela Haynes & David Sims

|

Published 08 June 2023

Overview

This article first appeared in the June 2023 issue of PLC Magazine.

 

Background to the SMCR

The original purpose of the senior managers and certification regime (SMCR) was to improve individual accountability for decision making in relevant firms, focusing particularly on senior management but also promoting the good conduct of all staff. The Treasury, the Financial Conduct Authority and the Prudential Regulation Authority developed the SMCR to implement recommendations made by the Parliamentary Commission on Banking Standards (PCBS). The PCBS found that poor behaviour and culture within banks played a major role in the 2008 financial crisis and subsequent conduct scandals. There was also a failure of regulation, with a seeming inability of regulators to take effective enforcement action against senior individuals. According to the PCBS, some senior bankers avoided accountability for failings on their watch by claiming ignorance or hiding behind collective decision making.

On 30 March 2023, the Treasury, the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) launched reviews of the senior managers and certification regime (SMCR). The government initially announced the reviews in December 2022 as part of the Edinburgh reforms. They are intended to identify ways to improve the SMCR to make it work better for both firms and regulators, while preserving its underlying aims.

As part of the reviews, the FCA and the PRA (together, the regulators) published a joint discussion paper inviting stakeholders’ views on the effectiveness, scope and proportionality of the SMCR (the discussion paper). In parallel, the Treasury published a call for evidence on certain aspects of the regime (the consultation).

The SMCR in brief
The SMCR has three main pillars: the senior manager regime (SMR), the certification regime and the conduct rules (see box “Background to the SMCR”).

SMR. The regulators have designated particular senior roles as senior management functions (SMFs). Before taking up a role as an SMF, individuals must obtain prior approval from the regulators and their firm, confirming that they are fit and proper. The regulators have also specified a list of prescribed responsibilities that must be allocated among the SMFs. Each SMF must have a statement of responsibilities that specifies the responsibilities allocated to that individual.

Certification regime. The regulators have specified as certification functions (CFs) particular functions that can have a material impact on risks to customers and the firm. The firm must determine that an individual is fit and proper before being appointed to a CF role and the firm must continue to assess this on an ongoing basis, with certification occurring at least annually.

Conduct rules. The conduct rules set basic standards of conduct that apply to SMFs, CFs and all other staff, apart from ancillary staff. The FCA has the power to take enforcement action against an individual who breaches a conduct rule. There are additional senior manager conduct rules that apply only to SMFs. These include that the SMF must take reasonable steps to ensure that the business of the firm for which the SMF is responsible is controlled effectively and complies with regulatory requirements. Firms are required to report breaches of the conduct rules to the relevant regulator. 

In addition, prescribed regulatory references are required before appointing SMFs and CFs, and criminal record checks are mandatory for SMFs. SMFs are also subject to a statutory duty of responsibility whereby the regulators can take enforcement action if a senior manager is responsible for the management of activities in relation to which a firm breaches a regulatory requirement and the individual did not take such steps as a person in that position could reasonably be expected to take to avoid the contravention occurring or continuing.

The SMCR first came into force for banks, building societies and PRA-designated investment firms in March 2016, and was then extended to insurers in 2018, solo-regulated firms in 2019 and benchmark administrators in 2020. There are differences in detail in how the SMCR applies to each of these types of firms. The government is also looking to extend the SMCR to certain financial market infrastructure providers.

An important requirement that applies to dual-regulated firms and the largest solo-regulated firms is the management responsibilities map, in which firms must accurately and concisely describe their management and governance arrangements. The regulators have found these maps to be a key supervisory tool.

The consultation
Previous industry and regulator-led reviews of the SMCR have reported positively on its impact on the mindset of senior managers. Therefore, it is unsurprising that the overall message from the Treasury in the consultation is that the SMCR has been a success, although there may be some areas for improvement. Firms have reported that the SMCR has led to greater clarity in their internal management structures and responsibilities, and has improved the quality of management.

The consultation seeks views on whether the SMCR has delivered effectively against its core objectives of making it easier to hold individuals to account and improving governance, culture and behaviour within firms. It asks for respondents’ reflections on their experience of the SMCR, including:

  •  Whether it is a deterrent to firms or individuals locating to the UK.
  • Whether there are opportunities to remove low-risk activities or firms from its scope.
  • How the level of detail, sanctions and time devoted to the SMCR compares with that in other significant financial centres around the world. 

Stakeholders have already raised a number of issues with the government, including:

  • The time taken to authorise new senior managers
  • The breadth of coverage of the certification regime
  • The time and resources that firms need in order to implement the SMCR.
  • The frequency with which certification must be reviewed.
  • Firms’ differing approaches to assessing fitness and propriety and conduct rule breaches.
  • The different levels of scrutiny applied to firms.

 

It was clear during the legislative process for the SMCR that enhancing the regulators’ ability to take enforcement action against senior individuals was a key part of the SMCR proposition. In that context, it is interesting that the consultation now refers to the SMCR as primarily a protective regulatory regime, which is designed to manage appointments, enhance accountability and prevent breaches of conduct. This reflects a change in policy.

Regulatory references

The content of regulatory references is another area where firms take a range of different approaches. There is a prescribed template for the regulatory reference in which firms must disclose any completed disciplinary action for conduct rule breaches and findings that individuals are not fit and proper. The potentially difficult part is the need to include any other information that the firm reasonably considers may be relevant to the new employer’s assessment of whether the individual is fit and proper. For example, if an employee has resigned during a disciplinary process that has not yet resulted in a finding, some firms will disclose that fact and others will not. In addition, firms give varying levels of detail. Given the potential impact on an individual’s career, there is a significant risk of litigation if a firm gets this wrong. Better guidance from the regulators would promote consistency and fairness.

The discussion paper
The discussion paper asks a number of high-level questions about whether the SMCR has made it easier to hold individuals to account. There are also detailed questions on aspects of the regime directed to identifying potential improvements. Delays in obtaining regulator approval of SMFs have brought the adequacy of the 12-week rule into focus. This rule allows for cover to be provided for up to 12 consecutive weeks without prior approval of the individual where the absence of the SMF holder is temporary or reasonably unforeseen. The regulators are already taking action to speed up approvals but are questioning whether there are other changes that could increase efficiency without compromising the robustness of the process.

Views are sought on whether the set of SMFs, prescribed responsibilities and CFs is appropriate and on the design, function and frequency of the submission of the statements of responsibilities and the management responsibilities maps. Comments are also requested on the usefulness of regulatory references and on the efficacy of the conduct rules in promoting good conduct across all levels of a firm (see box “Regulatory references”).

Lack of enforcement
The FCA and the PRA have been criticised for not bringing more enforcement cases against senior managers using the SMR powers. On one view, it is unsurprising that there has been little by way of published enforcement outcomes. It takes so long for cases to work through the enforcement process that enforcement cases are still coming through where the misconduct predates the introduction of the regime. That said, there have been so many bank fines in the intervening period that perhaps more fines against SMF holders could have been expected. In addition, data disclosed by the regulators in response to requests under the Freedom of Information Act 2000 has shown relatively low numbers of investigations being opened into senior managers.

On 13 April 2023, the PRA issued a final notice to Carlos Abarca, the former chief information officer of TSB Bank Plc, fining him over £80,000 for breaching PRA senior manager conduct rule 2. This is the first time that a regulator has fined a former SMF for failing to comply with a senior manager conduct rule. The regulators fined TSB Bank nearly £50 million in December 2022 for operational risk management and governance failings in relation to its 2018 IT migration programme. Mr Abarca’s fine arose from the same incident and was based on his failure to take reasonable steps to ensure that TSB Bank adequately managed and appropriately supervised its relevant outsourcing arrangement.

Senior FCA staff have indicated that, in a number of investigations, the FCA has considered whether senior managers have failed to take reasonable steps in breach of the senior manager conduct rules. In each case, it has found that reasonable steps were taken and so has not proceeded with enforcement action. Therefore, the regulators are likely to maintain that the dearth of published fines is not because of a lack of appropriate enforcement effort but is a sign that the SMR is successful in preventing management failings.

It is unclear from publicly available information whether either regulator has ever seriously considered taking enforcement action against a senior manager for breach of the statutory duty of responsibility. The same enforcement outcomes can be achieved using the senior manager conduct rules so, in practice, the separate statutory duty has not been a useful addition to the regulators’ toolkit. However, early publicity around it may have had some deterrent effect. 

Accountability in action
From the inception of the SMCR, the regulators have had a high level of proactive supervisory engagement with the largest firms in relation to individual accountability and improving broader culture. This has been key to underpinning the SMCR and, in turn, has encouraged the largest firms to be proactive in policing the SMCR, with low tolerance of poor behaviour.

The SMCR has made it easier for firms to hold individuals to account. It has become common for employment disciplinary action involving certification employees and conduct rules staff to cite conduct rule breaches or failures to meet the fit and proper standard. This is particularly the case since the FCA highlighted non-financial misconduct as being a regulatory matter. Performance adjustment of remuneration is also widely used as a sanction. For senior managers, accountability often used to take the form of a voluntary or forced resignation. It has now become more common for firms to insist that conduct issues are investigated rather than allowing the person to resign without an investigation, although market practice is mixed and varies from sector to sector.

An important aspect of the regulators’ engagement has been assessing SMF applicants. Firms have been challenged about prospective applicants and have sometimes withdrawn applications as a result. The evidence is that senior individuals are taking greater responsibility for their actions due to a combination of factors, including clearer articulation of individual responsibility, improved handover arrangements, enhanced compliance and ethics training, and a general change in the prevailing culture. The fear of regulator enforcement action has been a factor in this, even though there has been little actual enforcement activity against senior managers under the new regime.

The picture is much less clear for the large number of firms that do not have dedicated regulator supervisory teams. Industry and regulator reviews have tended to be focused on the largest firms, which will have had the benefit of feedback and challenge from the regulator on their approaches to implementation. There is a something of a data gap for the generality of solo-regulated firms that have been covered by the SMCR for a much shorter period and are supervised on a portfolio basis.

Breaches and failures
An area that many firms still find challenging is the process of determining fairly whether behaviour constitutes a conduct rule breach or a failure to meet the fit and proper standard. This can be a very subjective judgment and there are wide variances between firms in how they deal with particular conduct. For example, where junior and inexperienced staff are concerned, some firms would be unlikely to categorise a single instance of a compliance breach, which did not cause significant harm to the firm or customers, as being a conduct rule breach or a fit and proper failing unless dishonesty was involved. Some firms apply a sliding scale of materiality in deciding whether a failing is a conduct rule breach. Other firms may regard every compliance breach by an individual, regardless of materiality, as a conduct rule breach and take disciplinary action accordingly.

Given that making such a determination can be career limiting, this is an unsatisfactory state of affairs. There has been at least one case of an employment tribunal disagreeing with a firm’s assessment that particular behaviour was a breach of fit and proper standards. There is scope for consistency to be improved through better guidance from the regulators. The regulators have been asked for more guidance in this area over the years but have been reluctant to provide it. They may now be coming around to the idea.

This dilemma increases where the firm is considering non-financial misconduct. In their July 2021 discussion paper on diversity and inclusion in the financial sector, the regulators recognised that firms would benefit from regulatory guidance on non-financial misconduct and when such behaviour, or a failure to take reasonable steps to address this kind of behaviour, could result in a breach of the conduct rules or a fit and proper failing. This has not yet been forthcoming.

Where next?
From the tone and content of the consultation and the discussion paper, it appears that there is unlikely to be a dramatic change of direction in SMCR policy, which some stakeholders were concerned about when the reviews were first announced. However, the Treasury and the regulators have clearly signalled that they are willing to make improvements and their reviews are an opportunity for respondents to influence the reform of this important regime. 

The discussion paper is available here and the consultation is available here.

Authors