SMR Senior Managers: are you fully protected?

The Senior Managers Regime comes into force on 7 March 2016. Our briefing examines the changes introduced by the new regime and highlights the issues Senior Managers should consider, including the tricky issue of indemnification and the application of SMR to in-house legal. This bulletin is relevant for Senior Managers working at banks, building societies and large investment firms.

2 February 2016

By 8 February 2016, all relevant firms (including foreign banks with UK branches) must notify the PRA and FCA of the approved persons who are to be Senior Managers under SMR, and of the firm’s responsibilities map and statement of responsibilities. The new regime will take effect on 7 March 2016.

As Senior Managers can now be individually accountable for their areas of responsibility, and in extreme cases could be criminally liable, many Risk and Compliance teams are reviewing the adequacy of their D&O cover to fully protect their senior people. Firms may be advised to offer (and Senior Managers advised to ask) for a separate indemnification agreement to be put in place to plug any gaps in the cover.

We set out below what the new regime will mean for those designated as a Senior Manager.  

What are Senior Managers responsible for?
Senior Managers are those individuals who have been delegated responsibility for a Senior Manager Function.  For relevant firms, the Senior Management Functions (SMFs) will replace Significant Influence Functions (SIFs).  

There are a total of thirty individual prescribed responsibilities under the FCA and PRA rules, which must be assigned to the individuals who hold SMFs. This is to ensure that in every firm someone is accountable for the fundamental responsibility inherent in each particular function.

Can responsibility be shared?
The regulators’ view is that responsibilities should generally be performed by, or allocated to, one individual.  However, it is accepted that there will be limited circumstances where sharing or dividing responsibility may be appropriate, provided that the firm can confirm there are no gaps in the allocation of responsibilities as a result.

What does ‘responsibility’ mean?
Overall responsibility means a person who either has ultimate responsibility (under the governing body) for managing or supervising a function; or who reports directly to the firm’s governing body about that matter.  Generally, this will be the most senior employee or officer responsible for managing that area. It does not necessarily mean that the person has day-to-day management control of that function.

Will Senior Managers be individually responsible?
Generally speaking, yes. The original proposals were that the relevant Senior Manager would automatically be deemed guilty of misconduct if a contravention occurred within his or her area of responsibility, with their only defence being that they took reasonable steps to avoid the contravention (this was known as the reverse burden of proof). However, in a welcome change, the provisions on the presumption of responsibility have been revised.

Under SMR, regulators will only be able to take enforcement action if they can show that the individual failed to take the steps that it is reasonable for a person in that position to take to prevent a regulatory breach from occurring.  

In what circumstances can a Senior Manager be disciplined for misconduct? 
Currently, a Senior Manager can be disciplined for misconduct if he or she (i) breaches a statement of principle for approved persons (under the new regime, this will become a code of conduct), or (ii) for knowingly being concerned in the firm’s breach of principle or rule. Under SMR, a Senior Manager can also be disciplined for misconduct if the firm has breached a regulatory requirement in an area where a Senior Manager is responsible and he/she failed to take reasonable steps to prevent that breach. 

Reasonable steps could include:

  • Taking pre-emptive actions to prevent a breach occurring, including any initial reviews of the business on taking up a function.
  • Implementing, policing and reviewing appropriate policies.
  • Awareness of relevant requirements and standards of the regulatory system.
  • Investigations or reviews of the senior manager’s own areas of responsibility.Where a breach is continuing, the response to that breach.
  • Structure and control of day-to-day operations, including ensuring any delegations are managed and reviewed appropriately.
  • Obtaining appropriate internal management information, and critically interrogating and monitoring that information
  • Raising issues, reviewing issues, and following them up with relevant staff, committees and boards.
  • Seeking and obtaining appropriate expert advice or assurance, whether internal or external.
  • Ensuring that the firm and/or relevant area has adequate resources, and that these are appropriately deployed, including for risk and control functions.
  • Awareness of relevant external developments, including key risks.

Could there be any criminal liability?
Potentially. The Banking Reform Act introduces a new criminal offence relating to the decisions taken by senior managers of banks, building societies and PRA-regulated investment firms that cause a financial institution to fail. A criminal offence may be committed if a Senior Manager takes or agrees to a decision by or on behalf of a financial institution as to the way in which the business is to be carried, or fails to take steps that he or she could take to prevent such a decision being taken. At the time of the decision, the Senior Manager must be aware of a risk that the implementation of the decision may cause the failure of the group institution and, in all the circumstances, his or her conduct falls below what could reasonably be expected of a person in that position. 

Will the SMR regime apply to in house lawyers? 
The FCA recognises that there is uncertainty over whether approval is required for the individual in charge of the legal function within a firm. In certain instances, it will be clear approval is required, for example where they have responsibility for another area that is clearly captured by the SMR e.g. compliance. The FCA intends to issue a consultation paper seeking views on the benefits/pitfalls of the SMR capturing individuals with overall responsibility for the legal function. Pending the outcome of this consultation, the FCA indicated that where a firm has made a decision in good faith about whether their head of legal requires approval (taking into account the published rules and communications from the FCA), they are not required to take any further action at present.

What impact will the new whistleblowing rules have?
The FCA issued a policy statement in October 2015, setting out new rules in relation to whistleblowing.   

The rules require relevant firms to appoint a Senior Manager as their whistleblowers’ champion who will be responsible for compliance with the new rules.  This involves putting suitable internal whistleblowing arrangements in place, telling UK-based employees about the FCA and PRA whistleblowing services, and presenting an annual report on whistleblowing to the board.

The FCA hope that the new rules will further encourage a culture in which individuals working in the financial sector can raise concerns and challenge poor practice and behaviour. A rise in whistleblowing disclosures is expected, and whistleblowing champions should review their firm’s policies and protections in advance of 7 March 2016.

What protections can be put in place for Senior Managers?
Senior Managers may already be covered by the firm’s D&O cover due to their existing role with the firm.  However, existing policies should be checked to ensure that cover is adequate and any change in role may need to be notified to the insurer. 

If there are gaps in the existing cover, it may be appropriate to offer individual indemnification to any regulator investigation into an alleged contravention.  

What practical steps should Senior Managers be taking now?

  • Undertake a review of their SMFs, identifying possible risk areas
  • Ensure they are aware of existing regulatory requirements, and key developments
  • Review existing policies and procedures, and delegations
  • Ensure appropriate management information is circulated to them for review
  • Keep records of key risk decisions and ensure relevant board or committee meetings are adequately minuted, recording individual contributions as appropriate