On 7th March 2016 the new regulatory Senior Managers Regime came into force for the UK banking and insurance sectors.
This Blog is a guide to the banking regime (SMR). Many of the same rules are also included in the insurance version of the regime (SIMR) but we concern ourselves here mainly with the SMR.
The SMR replaces the old ‘Approved Persons Regime’ and is the tool now used by the UK regulators – the Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA) – to assess and approve whether people in key management positions in UK financial firms are ‘Fit and Proper’.
And it reaches far and wide, especially when it starts getting applied to other financial firms (as well as banks and insurance companies) in 2018.
But what does it all really mean and how will it help?
What is it all about?
The SMR has been in the planning and implementation stage for three years. It came out of a 2013 report by the UK Parliamentary Commission for Banking Standards, whose recommendations were made law in the Banking Reform Act 2013. Then a series of consultation papers, policy statements and supervisory statements issued by the regulators in 2014-15 in effect implemented the relevant sections of the new law.
Finally it all went live for banks in March 2016. Next March (2017) the new rules relating to conduct will be extended to all bank staff, even those who do not fall in the Senior Managers Regime. Then there are plans to extend the SMR regime in 2018, to cover investment companies, asset managers and consumer credit firms.
The new regime replaces the old ‘Approved Persons Regime’ or APR, which was previously the mechanism used by financial regulators in the UK to approve key managers and other staff in the firms they regulate. The APR included, among other things, a test for being ‘Fit and Proper’, applied to senior managers in ‘Significant Influence Functions’. This meant company directors, and people responsible for overseeing systems and controls, or for areas like Risk and Compliance. The APR also applied to other so-called ‘Controlled Functions’ including sales personnel and other customer-facing roles. Approved Persons not only had to pass the ‘Fit and Proper’ test but also had to comply with the FCA’s Statements of Principle and Code of Practice.
On the face of it the new SMR is simply a technical regulatory change. A new and different set of hoops to go through to demonstrate regulatory compliance, and help firms keep their regulatory licence. But in reality it goes a lot further. Firms will need not only to organise themselves in a different way and tick some more – or different – regulatory boxes but actually to change their way of thinking and operating, more fundamentally. If firms treat it as a box-ticking exercise they will be caught out. Box-ticking isn’t the intention. The intention is to bring about more fundamental change in behaviour.
The new rules hold individuals at all levels to new standards of conduct, and try to ensure that senior managers are held to account for any misconduct that falls within their area of responsibility. That is the key objective: to increase individual accountability, personal responsibility and transparency about who is responsible for what. As one senior UK Regulator put it, “You can delegate tasks but you can’t delegate responsibility”. Senior managers at banks and insurers are now required to know exactly what they are responsible for and can be held accountable for any failings in their area.
It sounds obvious enough. But in complex financial organisations with global, regional and legal entity matrix management, a siloed culture and cut-throat internal competition, it isn’t always clear who is responsible for what and why. Too often before, during and after the financial crisis, the senior managers responsible for overseeing teams who broke the rules were able to get off the hook because their accountability wasn’t clear. Clarity creates accountability: that is the regulators’ thinking.
What are the main features of the new regime?
SMR and Certification
In effect there are two levels of ‘approval’ in the new regime: the Senior Managers Regime and the Certification Regime. SMR focuses on people who have key roles and responsibilities in regulated firms, for example the Board of Directors (including Non Executive Directors who hold direct responsibilities), and the other senior individuals who hold significant responsibilities within the firm. Individuals falling under this regime will need pre-approval by the regulators.
The Certification Regime covers staff who do not fall within the SMR, but who can still create risk for a firm or its customers. This includes all the people who were previously Approved Persons under the old regime. The big change is that firms are now required themselves (annually) to assess whether people are Fit and Proper, rather than the regulators doing that assessment. This may beg difficult questions for a firm if it finds evidence of misconduct while performing this job. How to judge whether something is serious enough to need action under the rules? It isn’t yet clear whether firms will over-react in this situation and be too defensive, or go the other way and be too lenient, but eventually it should find a level. In the end consistency is what matters; certainly within a firm. It will be up to the regulators to apply sensible guidance to ensure consistency across firms.
The two populations together (SMR and Certification staff) constitute the list of Responsible Approved Persons or ‘RAPs’.
New conduct rules
The conduct rules applied to all RAPs (both SMR and Certified persons) from March 2016. From 7th March 2017 however they will be extended to all staff, not just those falling within the SMR and the Certification Regime, apart from some people in ancillary functions. In other words even junior employees will be subject to regulatory proceedings if the regulators decide, on investigation, that those employees’ actions did not meet the standards required in the new rules.
Firms have to prepare Responsibilities Maps which detail the requirements of each role, and individual Statements of Responsibility for all individuals carrying out Senior Management Functions. Aside from needing pre-approval for SMR functions, firms will also need to have systems in place to themselves assess and document the ‘Fit and Properness’ of individuals, both at the time of application and annually after that. And certain provisions of the new conduct rules also apply to these Senior Management Functions.
The regulators want these ‘responsibility’ documents to be closely aligned to business objectives and strategic execution. In other words there will need to be a link between SMR documented responsibilities and more traditional documents like job descriptions, personal objectives and committee terms of reference. In this way SMR is expected to fit seamlessly in the firm’s wider operating model, not just create a new piece of paper to satisfy the regulators. And the regulators won’t expect to find differences between what people say they do and what they actually do.
Of course assigning responsibility is only part of the job. It’s also important that decisions are made at the right level and that if issues arise, steps are taken to assess their seriousness and take appropriate action. So effective governance is a big part of it. Firms’ operating models and committee structures need to support the execution of responsibilities across the three lines of defence, ideally on a sound basis of organisation-wide understanding, management information and trust.
It’s acknowledged that firms can’t provide a 100% guarantee against failures. The regulators recognise this by requiring Responsible Approved Persons to take ‘reasonable steps’. What that means in practice is that they’ll have to think through and justify the rationale for their judgements, including who is assigned to a defined role, how they carry out their responsibilities and how they direct and oversee the people who can influence the key outcomes.
Getting the right level of evidence in the right areas could be quite hard to do, though. Showing how they came to a decision, when and where it was discussed, and what the rationale for their judgement was, are not typical processes in the daily routine of most Senior Managers or other front-line staff. This may require more note taking and recording of decisions, which might seem needlessly onerous to them. But this should become clearer over time, including how much the regulators are likely to be ‘proportional’ in their attitude to this evidencing. And it already appears that SMR individuals are slowly becoming more comfortable in their choices of how to evidence their key decisions and judgements.
The enforcement penalties are severe: criminal charges can be brought in some cases (for causing a bank to fail) and disciplinary penalties can range from fines, suspensions, restrictions, limitations or other conditions (including bonus clawbacks) at the behest of the regulators: with or without public censure as deemed fit.
Initially when the new rules were published there were concerns that the new rules would impose a presumption of responsibility, in effect reversing the burden of proof compared to current procedures (where the burden to prove a case lies with the regulator). Under this presumption of responsibility, if the FCA had wanted to prove that a Senior Manager had committed misconduct, they would simply have had to demonstrate (i) that there had been a contravention by the firm and (ii) that the Senior Manager in question was responsible for that part of the business where the contravention had occurred. In the final legislation however this presumption of responsibility was replaced by a statutory duty on Senior Managers to take reasonable steps to prevent regulatory breaches in their areas of responsibility. This is known as ‘duty of responsibility’. Under this requirement the burden of proving misconduct remains on the regulators, even though there is now an expectation on Senior Managers that they have taken appropriate steps in advance to prevent it.
In short the SMR expects Managers to take action, to challenge, and to escalate concerns. PWC cite an interesting example: if a head of Internal Audit thinks she needs more people to oversee an emerging risk or compliance demand, but the CFO says no, and then something goes wrong, the Internal Auditor needs to be able to demonstrate that she escalated her concerns to the Audit Committee as part of a thorough risk-based internal audit plan. In turn, the Audit Committee will need to – collectively – show that it reviewed the firm’s priorities and came up with a clear rationale as to why one area was given precedence over another.
The impact on firms is likely to be very significant. Not only will firms need to make new investments in their controls and processes (and documentation) to ensure they meet their new responsibilities, they will also need to change their behaviour and be much more responsive and flexible in reaction to changes in roles and responsibilities. These happen all the time in large financial firms. Now, whenever they do, the relevant Responsibilities Maps will need to be updated to make sure that all key responsibilities are fully covered. So there are cost implications. As well as behavioural implications for many tens of thousand financial professionals as individuals – even junior employees who previously were beyond the reach of the rules.
What does it mean for firms and individuals in practice?
At Prism-Clarity we try to keep things simple; so have tried to summarise what these complex new requirements mean in a few simple words: Identify, Document, Maintain, Live and breathe.
Identify the senior management and “certification” staff responsible for the entire range of business activities in the firm that require coverage; and identify the different responsibilities for those activities among those people.
Document the above in the clearest and most sustainable way you can; and document in policy and procedures both the substance of the conduct rules and the process for managing the regime.
Maintain your records of both people and responsibilities as those change and reflect these in both regulatory approvals and your internal processes and reporting.
Live and breathe both the rules and the processes surrounding the regime, so they become second nature – or to resort to jargon for a minute “become embedded in the firm’s culture” inherently – not seen and treated as an external regulatory box-to-tick.
This last thing is hard to achieve but in practice, for a large complicated firm, is the only way the regime will be either effective or manageable. The Board of Directors is responsible for leading the development of the firm’s culture and standards in relation to the carrying on of its business and the behaviours of its staff; and for embedding the firm’s culture and standards in relation to the carrying on of its business and the behaviours of its staff in the day-to-day management of the firm. I have seen this described by professionals in the industry as trying to catch a moonbeam or pin blancmange to the wall. Sure, it is hard, but I prefer to use language that is a bit more concrete and achievable: hence “live and breathe”. Find ways, that work for your firm, to ensure the staff live and breathe the principles the regulators are trying to inculcate.
This will take time. The important thing is to avoid being bureaucratic or legalistic about it, not focused on processes and box-ticking but on actual successful outcomes: the priorities you have identified, getting people fully aware of their responsibilities, feeling empowered, and knowing they should and do always “do the right thing”. One Chief Executive I know is not at all worried from his own personal perspective because he knows he is always trying to do the right thing and run a sound ship, and if everyone right down the organisation feels the same way it is not a worry for them that they have ‘nowhere to hide’ because they have no need to hide in the first place. Adopting this philosophy will create a more informed and empowered organisation, which will result in better business as well as satisfying regulators. More transparent, less fearful, more able to focus on collaboration, on customers, and on doing business with confidence.
Paradoxically you could think of the regime as being actually quite a personal thing, which each Senior Manager or Certified Person has to think about on quite a personal level. One commentator describes this as being “confident with your personal narrative” and notes that in the end it comes down to four very fundamental and personal questions which managers and executives need to ask themselves: What are my responsibilities? How do I discharge them? How can I be confident in my own judgments? How do I trust people to do the things that are done in my name and my area of responsibility?
In short the onus is on individuals – as individuals – to demonstrate that they’re taking reasonable steps to do the right thing. And that applies right up to the top level.
Accountability in practice
The new rules put a lot of emphasis on accountability, and there is a growing consensus that increasing accountability has direct bottom line benefit to the business as well as satisfying regulators. One of the foremost US experts and motivational speakers on accountability is the former NBA player Walter Bond who stated the case very clearly in a blog published on bizjournals.com in December 2013.
Bond uses his experiences with winning and losing NBA teams and translates those to corporate life. People on winning teams always want to improve even when they have won, are selfless and modest with regard to their own achievements and routinely praise the contributions of team-mates rather than their own contributions; while people in losing teams are prone to self-aggrandisement and a failure to take responsibility for problems. Bond observes that winning corporate organisations have a culture of accountability, just like winning NBA teams. Organisations that struggle to survive, or underperform, seem to have similar characteristics to those found in losing NBA locker rooms. Accountability is the key to this. Bond says he often hears organisations making strategic plans – for example to grow sales and increase revenue – while paying no attention to their culture. The real boost to results comes from improving culture, naturally improving employee engagement, naturally leading to performance improvement.
Walter Bond’s 10 benefits of establishing a culture of accountability:
1. Attracts and retains high performers.
2. Rids you of poor performers. They will leave on their own
3. Defines how you make commitments to one another on projects that require team effort.
4. Greatly increases job satisfaction and corporate alignment.
5. Employees are more likely to take on responsibilities that match their strengths.
6. Improves how employees interact when things go right or when things go wrong.
7. Employees take more ownership in their jobs.
8. Employees are more highly engaged, ultimately resulting in increased productivity.
9. Goals are more easily reached and maintained.
10. Less time and energy is wasted on covering tracks or destructive behavior.
In this way, by emphasising accountability, the SMR goes well beyond a technical regulatory rule change: it can, should and will create benefits to firms’ effectiveness and profitability, as well as their social utility.
How do the regulators do it?
An intriguing element of the SMR is that the regulators, both the PRA and the FCA, have acknowledged publicly that they themselves will apply the same standards and processes to their own internal senior management teams; and have published the details of how. This gives an unusual opportunity to assess how the regulators really think one of their own rules should be implemented; since they are showing us how they themselves implement it.
The PRA’s internal implementation document: March 2016 starts with a short description of governance arrangements, how the PRA fits in the Bank of England Committee structure and executive management lines. It then sets out how the PRA defines Senior Management Functions (SMF) and goes about allocating responsibilities. Finally it shows the actual Responsibility Statements for the key Senior Management individuals and which SMF map to which individuals.
Overall it’s a clear, brave and helpful illustration, not too detailed, quite visual and graphic, but with all the critical information you would need. The Statements of Responsibility – true to the demands in the SMR that they are real and true – look very like Key Responsibilities that a bank would have written for its own HR purposes anyway. It’s just that they now have much more bite, as part of this very formal and structured accountability regime. But fair play to the Bank and PRA for exposing their own process. [Of course we hope and expect that this document has already been – or is in the process this week of being – updated and reissued; since we are right on the verge of big changes in the PRA personnel listed here (with Andrew Bailey, PRA CEO, moving to head up the FCA on Friday 1st July and being replaced at the PRA by Sam Woods).]
A similar document exists for the FCA: FCA’s internal implementation document: March 2016 (modified 1st April 2016).
Where can I get further information?
This section provides links to detailed further information on the SMR and Certification regimes:
Parliamentary Commission for Banking Standards:
PCBS Report – June 2013
Joint PRA/FCA Consultation Papers: PRA CP14/14, PRA CP28/14 and PRA CP7/15:
CP14/14 – July 2014
CP26/14 – November 2014
CP28/14 – December 2014
CP7/15 – February 2015
[Note: Three of these four CPs (except CP26/14) were also issued by the FCA under different reference numbers. CP26/14 is the equivalent of CP14/14 for the Senior Insurance Managers Regime, not covered explicitly in this blog.]
Other PRA & FCA publications:
PRA Policy Statement PS16/15 – July 2015
FCA Policy Statement PS15/29 – December 2015
PRA Supervisory Statement SS28/15 – December 2015 (updated January 2016)
PRA Press Release on activation – March 2016
How we can help
There has been a lot written on this topic since 2013 but that reflects its importance. There is a common perception that the financial crisis – and the numerous incidents of bad conduct on the part of banks that have come to light before during and since it – could have been avoided with better regulation. And if one piece of better regulation is going to change things fundamentally, by actually addressing the root cause of banks’ performance, conduct and culture, it is this one. It may not be sufficient on its own but it is necessary. Thus it fully justifies the coverage and analysis it has received, and continues to receive.
More narrowly, it stands to reason that good documentation is at the heart of the enhanced internal – and to a degree external – processes that all firms now need, in order to make the new regime work for them.
We can advise you on your existing documentation, either substance, processes, or setting up something new to help address the needs of the new regime. Either way we would be pleased to help.