As of 9 December 2019, virtually all Financial Conduct Authority (FCA) regulated firms in the UK became subject to the Senior Managers & Certification Regime (SMCR). This brings businesses such as funds and asset managers within the scope of regulation initially developed for banks and credit institutions in the wake of the financial crisis - with the specific aim of developing a culture of greater individual accountability.
The upshot is a significant overhaul of the existing Approved Persons regime. Senior Managers - individuals performing one of the FCA's designated "senior management functions" (SMFs) - will now have designated responsibilities for which they are individually responsible and accountable.
Firms have had some time to get to grips with this - Senior Managers will, by now, be signed up to a ‘Statement of Responsibilities', which may have been provided to the FCA. But now that SMCR is in force, how is this senior individual responsibility likely to be policed in practice?
Enforcement risks are potentially severe. Each Senior Manager has a "Duty of Responsibility" (entrenched in law under s66A FSMA), such that if a firm breaches FCA rules, the relevant Senior Manager will be guilty of misconduct and can be individually accountable if they did not take "reasonable steps" to prevent or stop the breach. Accountability may therefore mean being subject to regulatory enforcement - resulting penalties might include public censure, financial penalty, imposing conditions on the individual's ability to work in certain roles within regulated firms, or suspending/removing that individual's approval altogether.
It is clear that Senior Managers can find themselves personally on the hook for the wrongdoing of others within the firm (generally non-Senior Managers, subject to separate conduct rules). This risk is particularly noteworthy in the context of the senior management functions SMF16 (compliance oversight) and SMF17 (MLRO). Here, in the context of AML, market abuse and other financial crime risks - where the FCA will inevitably take a firm approach to enforcement - the question as to whether a SMF16/17 has ensured that systems and controls are sufficiently robust in their structure, and adequate in their ongoing operation and monitoring, in order to amount to "reasonable steps" is potentially a difficult one.
So, how can Senior Managers mitigate these personal risks?
The FCA has provided guidance (DEPP 6.2.9-A-F) on the factors relevant to enforcement decisions in respect of individual Senior Managers, and breach of the Duty of Responsibility. As ever, it is not prescriptive or exhaustive: the FCA will always consider the facts and circumstances of each case. However, the guidance raises a number of points which Senior Managers should have in mind in conducting themselves, managing responsibilities and taking "reasonable steps":
- The Statement of Responsibilities is important. It should not be viewed as compliance ‘paperwork'. The FCA will review it, and if a Senior Manager can demonstrate proper care and attention and ongoing review of the Statement, it may be significant in terms of FCA perception of the Senior Manager's approach to fulfilling agreed responsibilities.
- The FCA will want to understand how a Senior Manager's role worked in practice, and interacted with other SMFs. This will, in practice, invariably be done by reference to emails, meeting minutes, call recordings, organisational charts and other internal documents. Firms and Senior Managers will therefore want to take care in defining and referring to their Duties and Responsibilities internally. Designation and understanding of responsibilities will be critical.
- In reviewing a Senior Manager's role and conduct, the FCA will consider a range of factors, including:
- whether the Senior Manager took reasonable steps to understand and inform themselves about those activities for which they were responsible, including putting in place reporting procedures or seeking adequate explanations of issues in a business area;
- when delegating any of their responsibilities, whether they took reasonable steps to ensure that this was to an appropriately qualified person, whether they oversaw that the delegated responsibility was discharged effectively and whether they took reasonable steps to ensure that reporting lines were clear to staff and operated effectively; and
- whether the Senior Manager took reasonable steps to satisfy themselves that the firm had appropriate policies and procedures for ensuring the competence and suitability of each individual member of staff in their area of responsibility, and assessed and monitored the firm's governance, operational and risk management arrangements for their area of responsibility.
Many ‘new' Senior Managers will have migrated to the SMCR, without any direct interaction with the FCA. And while asset managers will have planned for the coming into force of SMCR for some time, it is now time to embrace the forward-looking risks as the FCA adapts to and enforces under the new regime.
Stephen Elam (partner) and Andrew Flynn (associate) are solicitors at Cooke, Young & Keidan LLP, and specialise in contentious FCA regulatory issues