Replacing APER: the new Senior Management Regime and Certification Regime for banks

Transcription

1 Replacing APER: the new Senior Management Regime and Certification Regime for banks Executive Summary The FCA and PRA have begun consultation on: a new Senior Managers Regime (SMR) to replace the old Approved Persons Regime (APER), but covering a narrower range of individuals than APER; a new Certification Regime (CR), whereby firms would have to self-certify certain employees as fit and proper, and would apply to a wider range of individuals than APER; and new banking conduct rules for individuals, based on the rules in APER, but applying to almost all a firm s employees; all of which will apply only to banks, building societies and PRA-authorised investment firms. (See below for limits on geographical scope.) APER will be abolished in this sector, but will continue to be in place elsewhere (for the time being, at least: see also below). The proposed regime change is extremely complicated: the result, perhaps, of combining two different systems (for PRA and FCA) into a scheme of late Byzantine intricacy. We have summarised each aspect of the consultation paper below a high-level overview rather than an exhaustive analyis but the highlights of the proposals are: the new, statutory 'Presumption of Responsibility' or reversed burden of proof where, if a firm has breached a regulatory requirement, the Senior Manager responsible for the area of the breach will have to satisfy the regulators that he took "reasonable steps" to prevent, stop, or remedy that breach with the possibility of facing individual sanctions if he cannot do so; (this does not entail strict liability: what constitutes "reasonable steps" will be determined on a case-by-case basis;) as noted above, a greatly increased scope for the new conduct rules, which are based on (and replace) the APER rules; unlike APER, however, the new rules will apply to almost all employees of a bank, building society or PRA investment firm; Senior Managers will now be liable to enforcement action from three separate directions: o o o for individual breach of the conduct rules (FSMA Condition A ); by being knowingly concerned in a breach of rules by the firm (FSMA Condition B ); or through breaches occuring in the areas for which they are responsible (FSMA Condition C ) Senior Managers are also liable to prosecution for the new criminal offence relating to a decision causing a financial institution to fail (s.36 Financial Services (Banking Reform) Act 2013). Responses to the consultation are required by Friday 31 October Introduction On 30 July 2014 the FCA and PRA published a joint consultation paper on Strengthening accountability in banking: a new regulatory framework for individuals (FCA CP14/13 or PRA CP14/14). It was accompanied by another joint consultation on Strengthening the alignment of risk and reward: new remuneration rules. The former consultation paper is intended to implement the recommendations of the Parliamentary Commission on Banking Standards for a Senior Persons Regime (the SMR), a Licensing Regime (the CR) and new banking conduct rules. These proposed changes will only affect individuals working for UK banks, building societies, credit unions and PRA-designated investment firms, although there has, apparently, already been some informal consideration of extending the SMR to non-banks, and ultimately abolishing APER entirely.

2 Senior Managers Regime (SMR) Overview The SMR applies to a narrower range of individuals than APER, which it replaces. The scope of the SMR is slightly complicated, as the FCA and PRA have taken different approaches to how important functions and responsibilities are allocated to regulated individuals. In brief, there are three main types of responsibility: 1. Senior Management Functions (SMFs), which effectively replace the old Significant Influence Functions, e.g. acting as a Chairman or Chief Financial Officer; a person carrying out such a function must be approved by the regulators and subject to the SMR (as was the case with APER); 2. Prescribed Responsibilities (PRs), which are important functions other than SMFs, each of which must be allocated to one of the existing SMFs with which the responsibility is most closely associated (but not the Significant Responsibility SMF see below); and 3. Key Functions, which are important functions other than SMFs and PRs, each of which if applicable must be allocated to a Significant Responsibility SMF. The regulators have provided exhaustive lists of SMFs, PRs, and Key Functions (see below). Behind this, the regulators intention is that all members of the Board, the second layer of governance (whether structured as an Executive Committee or not) and anyone else carrying out an important function should be made subject to regulation. The Significant Responsibility SMF, in particular, has been designed to bring non-board members in charge of particular areas into the SMR. Senior Management Functions As noted above, SMFs replace the old APER Significant Influence Functions. SMFs are functions that require the person performing it to be responsible for managing one or more aspects of the relevant firm s affairs which involve, or might involve, a risk of serious consequences for the authorised person, or for business or other interests in the UK. This may include non-executive directors or directors in other group entities that participate in taking decisions for the firm. The regulators have designated the following functions as SMFs. (The SMF for small credit unions is not shown in the table below.) The only apparent difference between PRA SMFs and FCA SMFs is the question of which regulator is responsible for approving an individual for that SMF. Both regulators will be able to engage with and take enforcement action against a any Senior Manager, regardless of which SMF(s) they are approved for. 2

3 PRA SMFs FCA SMFs Executive Non-executive Executive Non-executive Chief Executive function* Chairman* Executive Director Non-Executive Director Chief Finance function* Chair of the Risk Committee Significant Responsibility Senior Manager*** Chair of the Nominations Committee Chief Risk function Chair of the Audit Committee Money Laundering Reporting Head of Internal Audit Chair of the Remuneration Committee Compliance Oversight Head of key business area Senior Independent Director Group Entity Senior Manager** Notes *Every firm (other than a small credit union) will need at least one or more persons performing a Chief Executive, Chief Finance, and Chairman SMF. This SMF applies to individuals managing a business area or division which is so (relatively) large that it could jeopardise the firm s safety and soundness, and which is so substantial (in absolute terms: managing gross total assets of 10bn or more, and accounting for 20% of the firm or group s gross revenue) that it warrants an SMF. Where a firm chooses to have a committee or control function, even where this is not required by law, the chairman or head of that committee or function must have the relevant SMF approval. ** This SMF applies to an individual not directly employed by the firm, but who is deemed to exercise significant influence over its affairs; this will be assessed by the PRA on a case-by-case basis. (An individual outside the firm may perform some of the other SMFs, e.g. Chairman of the Remuneration Committee.) These SMFs will, together, cover all board members not covered by one of the other SMFs. *** A miscellaneous SMF responsible for one or more Key Functions (see below for details). More than one person may be approved for the same SMF, e.g. in case of a job-share. In this case, each individual will be responsible for all the responsibilities conferred by that SMF. Prescribed Responsibilities Each of the SMFs described above is narrowly defined in the rules by reference to its core responsibility. As there are also other important responsibilites at a firm beyond those that fall under the SMFs above, the regulators have drawn up a list of these Prescribed Responsibilities (PRs) and require that each PR is assigned to one of the existing SMFs. There are restrictions on the allocation of PRs to SMFs: it is expected that firms will allocate most [PRs] to the SMF with which the responsibility is most closely associated ; some PRs can only be allocated to non-executive SMFs; and PRs cannot be allocated to the Significant Responsibility SMF (presumably as this person will be in practice a relatively junior member of the firm, usually below Board level). The PRA may also require firms to allocate other responsibilities to a specific Senior Manager. 3

4 The complete list of PRs is as follows: 1. performance by the firm of its obligations under the senior management regime, including implementation and oversight 2. performance by the firm of its obligations under the Certification Rules 3. compliance with the rules relating to the firm s management responsibilities map 4. the induction, training and professional development of all persons performing senior management functions on behalf of the firm and all members of the firm s management body 5. ensuring and overseeing the integrity and independence of the internal audit function in accordance with SYSC 6.2 (Internal audit) 6. ensuring and overseeing the integrity and independence of the compliance function in accordance with SYSC 6.1 (Compliance) 7. ensuring and overseeing the integrity and independence of the risk function in accordance with SYSC R (Risk control) 8. ensuring and overseeing the integrity, independence and effectiveness of the firm s policies and procedures on whistleblowing and for ensuring staff who raise concerns are protected from detrimental treatment 9. allocation of all prescribed responsibilities 10. leading the development of the firm s culture and standards in relation to the carrying on of its business and the behaviours of its staff 11. embedding the firm s culture and standards in relation to the carrying on of its business and the behaviours of its staff in the day-to-day management of the firm 12. the development and maintenance of the firm s business model 12. the development and maintenance of the firm s business model 13. management of the allocation and maintenance of capital, funding and liquidity 14. the firm s treasury management functions 15. the production and integrity of the firm s financial information and its regulatory reporting in respect of its regulated activities 16. the firm s recovery plan and resolution pack and overseeing the internal processes regarding their governance 17. if the firm carries out proprietary trading, the firm s proprietary trading activities 18. if the firm does not have an individual performing the Chief Risk function, overseeing and demonstrating that the risk management policies and procedures which the firm has adopted in accordance with SYSC R to SYSC R satisfy the requirements of those rules and are consistently effective in accordance with SYSC 4.1.1R 19. if the firm outsources its internal audit function, taking reasonable steps to ensure that every person involved in the performance of the service is independent from the persons who perform external audit, including (a) supervision and management of the work of outsourced internal auditors and (b) management of potential conflicts of interest between the provision of external audit and internal audit services 20. if the firm does not have a person who performs the Senior Independent Director function, (a) carrying out oversight of the person who performs the Chairman function; and (b) oversight of the adequacy and quality of the resources available to the office of that person to enable the role to be fulfilled within the firm. Key Functions and the Significant Responsibility SMF As noted above, in order to bring non-board members who are in charge of particular areas of the firm under the SMR, the regulators have created the Significant Responsibility SMF. Presumably because this SMF will be relatively junior, they may not be assigned any PRs. Instead, the Significant Responsibility SMF will be responsible for carrying out one or more Key Functions (see below) where these are applicable. To be precise, this SMF will apply to individuals to whom the Board has delegated overall responsibility for a Key Function or identified risk, which does not fall under the definition of another SMF, where they are primarily responsible for reporting to the Board about that function or risk. Just as PRs have to be allocated between the different SMFs (other than the Significant Responsibility SMF), so Key Functions must be likewise allocated between the Significant Responsibility SMFs. 4

5 The complete list of Key Functions is as follows: 1. Establishing and operating systems and controls in relation to financial crime 2. Safekeeping and administration of assets of clients 10. Retail sales 19. Production and distribution of marketing materials and communications 11. First line quality assurance of sales 20. Customer service 3. Payment services 12. Trading for clients 21. Customer complaints handling 4. Settlement 13. Investment research 5. Investment management 14. Origination/syndication and underwriting 22. Collection and recovering amounts owed to a firm by its customers/dealing with customers in arrears 23. Middle office 6. Financial or investment advice 15. Retail lending decisions 24. The firm s information technology 7. Mortgage advice 16. Wholesale lending decisions 25. Business continuity 8. Corporate investments 9. Wholesale sales 17. Design and manufacturing of products intended for wholesale customers 18. Design and manufacture of products intended for retail customers 26. Human resources 27. Incentive schemes for the firm s staff Approvals Senior Managers are subject to approval by the regulators before they may begin carrying out a SMF. The process of applying for approval of a Senior Manager will remain similar to the current process for applying for approval as a SIF under [APER]. Individuals may perform more than one SMF, but will require separate approvals for each; they can combine these in a single application, however. As above, whether an SMF is an FCA or PRA SMF determines to which regulator the application should be made. Existing arrangements to minimise the need for making applications to both the FCA and PRA will be continued. When applying for an individual to be approved for an SMF, or whenever there is a significant change in a Senior Manager s responsibilities, a firm will need to submit: a Statement of Responsibility, which is a statement setting out the aspects of the affairs of the authorised person concerned which it is intended that the person will be responsible for managing in performing the function, a Responsibilities Map, which sets out how the various responsibilities have been allocated (and to make sure there are no gaps in accountability); and other information such as CVs, job descriptions, organisational charts and development plans. Firms will also be obliged to take reasonable steps to ensure newly-appointed Senior Managers are made aware of all information and risks of regulatory concern. The approval of an individual Senior Manager may now be made subject to conditions or time limits. Enforcement Each regulator will be able to take individual enforcement action against any Senior Manager, if warranted. As noted in the Executive Summary, there is a new presumption of responsibility, whereby, if a firm breachs a regulatory requirement, the Senior Manager responsible for the area of the breach can be held individually accountable unless they are able to satisfy the regulators that they had taken reasonable steps to stop, prevent, or remedy the breach. In addition, Senior Managers are subject to a greater number of the new conduct rules than other employees (see below). Enforcement action, therefore, may now come from three different directions: an individual breach of the conduct rules; being knowingly concerned in a contravention by the firm; or else a contravention of the rules by the area of the firm for which that Senior Manager is responsible. Senior Managers will also be liable to prosecution for the new criminal offence of taking (or failing to prevent) a decision causing a financial institution to fail, where one is aware of the risks and one s conduct fell far below what could reasonably be expected (s.36 Financial Services (Banking Reform) Act 2013). 5

6 Certification Regime (CR) Overview The Certification Regime (CR) is essentially the level of regulation below the SMR. (The SMR and CR do not overlap: an individual covered by the SMR will not be covered by the CR for work at the same firm.) It applies to a wider range of individuals than APER did, and covers a number of significant harm functions where a person is involved in aspects of a firm s affairs (so far as relating to the regulated activity carried on by the firm) that might involve a risk of significant harm to the firm or any of its customers. Individuals caught by the CR will not be subject to regulatory approval (as SMFs are); instead, the firm itself will have to certify that they are fit and proper to perform that role, and renew this on an annual basis. Scope The regulators have separate Certification Regimes, and have specified that these will apply to: PRA CR functions that might involve a risk to the safety and soundness of the firm (which approximately coincides with the class of material risk takers in the CRR remuneration rules) FCA CR functions that were previously Significant Influence Functions under APER, but do not fall under the new SMR customer-facing roles subject to qualification reqirements (e.g. retail investment advisors) anyone (who is not an SMF) who supervises or manages a Certified Person The only apparent difference between the FCA CR and PRA CR is that the PRA CR will cover some individuals at UK firms who are themselves based overseas; while the FCA CR will only apply to inviduals either performing their function from an establishment in the UK, or else dealing with a client based in the UK. Consequences Firms will be able to put in place a single process for certifying employees under either FCA or PRA CR. Where an employee performs multiple CR functions, they must be assessed as fit and proper for each function, although all the different functions may be covered by a single certificate. If a person moves from one CR role to another CR role, that person must be certified as fit and proper for the new role immediately; the firm cannot wait until the annual renewal of the certificate. In exceptional circumstances, a person may perform a CR function for up to two weeks without certification where they are providing cover for a certified person whose absence was reasonable unforeseen. (This does not apply, however, to CR functions that have a qualification requirement see above.) Fitness and propriety Neither regulator is proposing to make fundamental changes to the standard of fitness and propriety, although the PRA is consulting on a new supervisory statement with guidance on its general expectations of fitness and propriety. This is not intended to be a significant, substantial change, however. Both regulators are intending to introduce new requirements about the evidence firms need to collect: firms must run a criminal records check on SMF candidates; and firms must request a reference from the previous employer of an SMF or CR candidate, covering their previous five years employment history. 6

7 Conduct rules Overview The FCA and PRA have proposed new conduct rules for banks, building societies, and PRA-authorised investment firms. These will go into a new section of the Handbook: C-CON. The new conduct rules are clearly based on the previous rules for individuals in APER (and also, to a lesser extent, the Principles for Businesses (PRIN) aimed at firms). The main difference between the new rules and APER is the greatly increased scope of the former (see below). Obligations for firms As well as Firms are obliged to make individuals aware if they are subject to the new conduct rules, and provide suitable training; notify the regulators when they are aware or suspect that a person has breached the rules; and notify the regulators (within seven business days for Senior Managers, or quarterly for everyone else) when they have taken formal disciplinary action following breach of the conduct rules. Only the FCA needs to be notified, and it will pass on information to the PRA as required. Scope The PRA conduct rules (rules 1-3 and SM1-4) will apply to: all Senior Managers, whether approved for a PRA or FCA SMF; and anyone falling within the PRA CR (i.e. who carries out a significant harm function involving a risk to safety and soundness) (rules 1-3 only); and these will be enforced by the PRA against individuals in these categories. The FCA, on the other hand, will apply and enforce all conduct rules (rules 1-5 and SM1-4) against all Senior Managers. In addition, the FCA will apply all the first tier conduct rules (rules 1-5) to all other staff at banks, building societies, credit unions and PRA-authorised investment firms. The only staff excluded from this will be specified ancillary support staff, e.g. receptionists and security guards. (The FCA has provided an exhaustive list all those so exempt.) The new rules and the old The new rules will provide a framework against which regulators will make judgements about an individual s actions as part of their general supervision of firms : FCA PRA New rules Corresponding rule from APER or PRIN First tier : conduct rules applicable to all staff 1. You must act with integrity 2. You must act with due skill, care and diligence APER Statement of Principle 1: An approved person must act with integrity in carrying out his accountable functions. APER Statement of Principle 2: An approved person must act with due skill, care and diligence in carrying out his accountable functions. 3. You must be open and cooperative with the FCA, PRA, and other regulators APER Statement of Principle 4. An approved person must deal with the FCA, the PRA and other regulators in an open and cooperative way and must disclose appropriately any information of which the FCA or the PRA would reasonably expect notice. 4. You must pay due regard to the interests of customers and treat them fairly. PRIN 6. A firm must pay due regard to the interests of its customers and treat them fairly. 5. You must observe proper standards of market conduct. APER Statement of Principle 3. An approved person must observe proper standards of market conduct in carrying out his accountable functions. 7

8 Second tier : conduct rules which apply only to Senior Managers SM1. You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively. APER Statement of Principle 5. An approved person performing an accountable significant-influence function must take reasonable steps to ensure that the business of the firm for which he is responsible in his accountable function is organised so that it can be controlled effectively. SM2. You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with relevant requirements and standards of the regulatory system. APER Statement of Principle 7. An approved person performing an accountable significant-influence function must take reasonable steps to ensure that the business of the firm for which he is responsible in his accountable function complies with the relevant requirements and standards of the regulatory system. SM3. You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively. SM4: You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice. PRIN 11. A firm must deal with its regulators in an open and cooperative way, and must disclose to the appropriate regulator appropriately anything relating to the firm of which that regulator would reasonably expect notice. The rules are admittedly written at a high level of generality. This is intentional because they will cover a very large group of people doing a wide range of different jobs. Both regulators are consulting on further guidance on relevant standards. In the FCA s case, this guidance is much more detailed and developed than the guidance provided under APER. Geographical scope of the new regime Like much of the new regime, the applicability of the above to non-uk firms or staff is not at all straightforward. There is also a large degree of uncertainty arising from the Chancellor s declared intention to extend the regime to cover all branches of foreign banks operating in the UK, which is expected to be the subject of a future HM Treasury consultation paper. The FCA is apparently considering how the regimes might be extended as far as possible to UK branches of EEA firms subject to single market regulations but appears loath to consider the matter in any detail until after the Treasury consultation. The situation as it can be ascertained at present, therefore, is as follows: Senior Managers Regime Certification Regime Conduct rules Included Individuals at UK firms whether physically based in the UK or overseas (PRA) at least one individual at a UK branch of a non-eea firm as Overseas Branch Senior Executive Manager SMF Individuals at UK firms, including (PRA-only) individuals based overseas (PRA CR) Individuals at UK branches of non-eea firms Individuals at UK firms based in the UK or who deal with customers in the UK Excluded (PRA) Individuals at UK branches of EEA firms (PRA CR) Individuals UK branches of EEA firms (FCA CR) Individuals at UK firms who are not either performing their function from an establishment in the UK, or dealing with a client based in the UK. 8

9 Contacts Paul Edmondson T: +44 (0) E: Simon Morris T: +44 (0) E: Ash Saluja T: +44 (0) E: Alison McHaffie T: +44 (0) E: Maxine Cupitt T: +44 (0) E: Bill McCaffrey T: +44 (0) E: 1 September This report is for general purposes and guidance only and does not constitute legal or professional advice and should not be relied on or treated as a substitute for specific advice relevant to particular circumstances. For legal advice, please contact your main contact partner at the relevant CMS member firm. If you are not a client of a CMS member firm, or if you have general queries about Law-Now or RegZone, please send an to: law-now.support@cmslegal.com so that your enquiry can be passed on to the right person(s). All Law-Now and RegZone information relates to circumstances prevailing at the date of its original publication and may not have been updated to reflect subsequent developments. CMS Legal Services EEIG (CMS EEIG), has its head office at: Barckhausstraße 12-16, Frankfurt, Germany. The contact address for CMS EEIG is info@cmslegal.com, its Ust-ID is: DE and it is registered on Handelsregister A in Frankfurt am Main with the registration number: HRA CMS Legal Services EEIG (CMS EEIG) is a European Economic Interest Grouping that coordinates an organisation of independent law firms. CMS EEIG provides no client services. Such services are solely provided by CMS EEIG s member firms in their respective jurisdictions. CMS EEIG and each of its member firms are separate and legally distinct entities, and no such entity has any authority to bind any other. CMS EEIG and each member firm are liable only for their own acts or omissions and not those of each other. The brand name CMS and the term firm are used to refer to some or all of the member firms or their offices. CMS EEIG member firms are: CMS Adonnino Ascoli & Cavasola Scamoni, Associazione Professionale (Italy); CMS Albiñana & Suárez de Lezo S. L. P. (Spain); CMS Bureau Francis Lefebvre S. E. L. A. F. A. (France); CMS Cameron McKenna LLP (UK); CMS China (China); CMS DeBacker SCRL / CVBA (Belgium); CMS Derks Star Busmann N. V. (The Netherlands); CMS von Erlach Poncet Ltd (Switzerland); CMS Hasche Sigle, Partnerschaft von Rechtsanwälten und Steuerberatern mbb (Germany); CMS Reich-Rohrwig Hainz Rechtsanwälte GmbH (Austria); CMS Russia and CMS Rui Pena, Arnaut & Associados RL (Portugal). For more information about CMS including details of all of the locations in which CMS operates please visit: CMS Legal All rights reserved. 9