©FSTP fstp.co.uk
Condensed Summary on Extending the Senior
Managers & Certification Regime to FCA firms
incorporating CP17/25, CP17/40 and PS18/14-
near final rules This paper provides you with a condensed summary of the key factors you will need to consider within your
firm to implement the requirements of the Senior Managers and Certification Regime. The implementation
date has been set for the 9th December 2019.
As with the other Papers on these highly impactful regulatory requirements, we have looked to condense the
content to give you valuable insight into the regulator s proposals for firms other than Banks, Building
societies, Credit Unions, Designated Investment Firms and Insurance Companies.
We have extracted the key information and presented it in a tabularised format for ease of reference. The four
main areas:
• The Senior Managers Regime
• The Certification Regime
• The Conduct Rules
• Fitness and Propriety Requirements
Within those four areas we have disseminated the information further into:
• Firms affected Core Regime, Enhanced Regime or Limited scope
• Individuals affected
• Key implications
The Senior Managers Regime
Firms who will
be affected by
2018
All sole regulated firms i.e. those only regulated by the FCA.
All firms will be affected by the Core Regime requirements apart from those firms who are
identified as Limited Scope (currently Limited Application of the Approved Persons
scheme):
• Limited Permission Consumer Credit Firms
• all sole traders
• authorised professional firms whose only regulated activities are in non-mainstream
regulated activities
• oil market participants
• service companies
• energy market participants
• subsidiaries of local authorities or registered social landlords
• insurance intermediaries whose principal business is not insurance intermediation and
who only have permission to carry on insurance mediation activity in relation to non-
investment insurance contracts
• authorised internally managed Alternative Investment Funds
©FSTP fstp.co.uk
A small number of firms will be impacted by the Enhanced Regime.
The diagram below will help you identify what Regime you fall under.
A large CASS firm is defined as:
Highest total amount of client
projects that it will hold during the current calendar year of more than £1b.
as the case
may be that it projects that it will hold during the current calendar year of more than £100b.
Individuals
affected
Individuals performing a Senior Management Function (SMF) specified by the FCA
whether physically based in the UK or overseas.
The following table on page 3 indicates which roles are proposed specified roles under
each of the Regimes.
Role Core
Regime
Enhanced
Regime
Limited Scope Incoming UK
Branches
EEA Non
EEA
Chief Exec SMF1
Chief Finance
Function
Executive Director
SMF3
Chief Risk Function
SMF4
Head of Internal
Audit SMF5
©FSTP fstp.co.uk
Group entity Senior
Manager SMF 7
Chair Person SMF9
Chair of the Risk
Committee SMF10
Chair of the Audit
Committee SMF11
Chair of Rem Com
SMF 12
Chair of
Nominations
Committee SMF 13
Senior Independent
Director SMF14
Compliance
Oversight SMF16
Applicable to:
• Sole Traders with no
employees
• Authorised professional
firms whose only regulated
activities are non-
mainstream regulated
activities
• Oil market participants,
service companies, energy
market participants,
subsidiaries of local
authorities
• Registered social landlords
MLRO SMF17
Applicable to:
• Authorised professional
firms whose only regulated
activities are non-
mainstream regulated
activities
• Oil market participants,
service companies, energy
market participants,
subsidiaries of local
authorities
• Registered social landlords
Other Overall
Responsibility
SMF18
Head of Third
Country Branch
©FSTP fstp.co.uk
SMF19
EEA Branch Senior
Manager SMF21
Chief Operations
Function SMF24
Partner SMF27
Limited Scope
SMF29
(This is the same as the
Apportionment and
Oversight Function under
the Approved Persons
Limited Permission)
Applicable to: • Consumer Credit firms
that have a CF8 under the
Approved Persons Regime
• Insurance intermediaries
whose principal business is
not insurance
intermediation and who
only have permission to
carry on insurance
mediation activity in
relation to non-investment
insurance contracts
• Authorised professional
firms whose only regulated
activities are non-
mainstream regulated
activities
• Oil market participants,
service companies, energy
market participants,
subsidiaries of local
authorities
• Registered social landlords
Key
implications
Significant Influence Functions will be replaced with Senior Management Functions,
SMFs.
A person performing a Senior Management Function will be responsible for managing
©FSTP fstp.co.uk
one or more of the firms regulated activities and aspects of those activities that could have
a serious risk of consequence to the firm, the authorised person or other interests in the
UK.
An individual can hold more than one SMF but will need to apply for approval for all
functions. The same form can be used for all applications. If an SMF also has Overall
Responsibility for an area within a firm, they do not have to apply for SMF18 but it must
be included in their Statement of Responsibilities.
Overall Responsibility means a Senior Manager will have primary and direct
responsibility for:
• briefing and reporting to the governing body about their area of responsibility
• putting matters for decision about their area of responsibility to the governing body.
The areas pertaining to SMF18 can be found in SYSC25, Annex 1.
The Company Secretary should be approved as a senior manager if they either carry out
another SMF or hold overall responsibility for an activity business area or management
function.
The legal function is still under consideration.
If you do not have anyone performing the job, the Senior Management functions do not
apply.
Under the Core Regime the only NED that will require pre-approval by the FCA will be
the Chair Person.
The chair can be either Executive or Non-Executive. If the executive director is approved
currently as a CF1 they will need to apply separately for the Chair (SMF9).
If a Partner has no involvement in managing the firm and does not meet the FSMA
definition of a Senior Manager they are not required to hold SMF27. Core firms will need
to submit a Form C to cancel that Partners approval. Enhanced Firms need to leave the
individual out of the Submitted form K.
More than one individual can perform a Senior Management Function this
accommodates job sharing arrangements (but the regulator is not keen).
The process for applying for approval for a Senior manager will largely remain the same
but applications for approval for a SMF must be accompanied by a Statement of
Responsibility a list of activities that the person will be responsible for. Any significant
change in responsibilities must be resubmitted to the Regulator.
Every converted Senior Manager at a Core or Limited Scope firm must have a SoR even
though they are not required to be submitted to the FCA at conversion. Firms must be
Prescribed
Responsibilities
Every SMF will have a fundamental responsibility inherent to that function. In addition
to that inherent responsibility there will be a limited set of prescribed responsibilities.
Prescribed responsibilities will not apply to Limited Scope Firms.
©FSTP fstp.co.uk
The table below indicates the Prescribed Responsibilities (PRs) relevant to Core and
Enhanced Regimes and Incoming UK Branches.
All relevant responsibilities below must be allocated to an SMF. Where possible those
responsibilities highlighted in blue should be allocated to a NED or a Partner that does
not have management responsibilities. PRs should not be shared across different lines of
defence.
Prescribed Responsibility Core Enhanced Incoming
UK Branch
EEA Non
EEA
Performance by the firm of its obligations under the
senior management regime, including implementation
and oversight.
Performance by the firm of its obligations under the
Certification Rules (still needs to be allocated even if
there are no Certification functions firms still need
to identify whether there are employees carrying out
Certification functions.
Performance by the firm of its obligations in respect
of notifications and training of the conduct rules.
for countering the risk that the firm might be used to
further financial crime.
ompliance with CASS
(if applicable).
Responsibility for ensuring the governing body is
informed of its legal and regulatory obligations. This
has been removed.
Responsibility for an AFMs value for money
assessments, independent director representation and
.
Responsibilities Map.
Safeguarding and overseeing the independence and
performance of the internal audit function (in
accordance with SYSC 6.2).
Safeguarding and overseeing the independence and
performance of the compliance function (in
accordance with SYSC 6.1).
Safeguarding and overseeing the independence and
performance of the risk function (in accordance with
SYSC 7.1.21R and SYSC 7.1.22R).
If the firm outsources its internal audit function,
taking reasonable steps to ensure that every person
involved in the performance of the service is
independent from the persons who perform.
©FSTP fstp.co.uk
Developing and maintaining the
model.
‑tests and ensuring
the accuracy and timeliness of information provided
to the FCA for the purposes of stress‑testing.
Responsibility for the
management processes in the UK.
regulatory system applicable to the firm.
Responsibility for the escalation of correspondence
from the PRA, FCA and other regulators in respect of
the firm to the governing body and/or the
management body of the firm or, where appropriate,
of the parent undertaking or holding company of the
.
The
Responsibilities
Map
Enhanced
Firms only
The regulators propose to introduce a requirement for enhanced firms to prepare and
maintain a responsibilities map which is a single document that:
•
• sets out how responsibilities have been allocated
It should demonstrate:
• there are no gaps in accountability
• robust governance arrangements are in place
• a clear organisational structure with defined, transparent and consistent lines of
responsibility
The Board will also be required to confirm to the regulator on an annual basis that there
are no gaps in the allocation of responsibilities within the firm.
Handover
arrangements -
Enhanced
firms only
materials/information and risk of regulatory concern in order to perform their
responsibilities effectively. One way this could be done is by way of a handover note. This
will require a handover note prepared by the individual leaving the SMF for the
individual taking up the SMF. There must also be a policy explaining how a firm
complies with this requirement.
Core firms will not need to comply with the handover rules. However SMFs in core and
limited scope firms still have to comply with SM Conduct Rule 1.
Transition
Arrangements
The FCA has proposed to automatically convert most of the approved persons at Core
and Limited Scope firms into the corresponding new Senior Management Functions.
There is an exception where firms have a CF2, Non -Executive Director performing the
role of Chair: They will need to submit a Form K advising the FCA they want to convert
©FSTP fstp.co.uk
an Approved NED to the SMF9 Chair Function. All other NEDs at Core Firms will no
longer be approved.
The regulator has stressed that firms may want to think about whether they have the
appropriate people in the correct approved functions before the conversion to SMCR
takes place.
Firms will need to check the updated financial services Register after the start of the new
regime to ensure they hold the correct approvals after automatic conversion has taken
place.
Enhanced Firms will need to submit a conversion notification, Form K and
accompanying documents: Statements of Responsibilities (SoRs) and Responsibilities
Map.
The Approved Persons Regim
Firms remain fully responsible for their ARs and networks.
The exception is for limited Permission consumer credit firms that also act as ARs for
other businesses i.e. a limited permission credit broker who is also an AR for insurance
business.
Proposed function mapping for Core, Limited Scope firms and Enhanced
Current controlled function Possible corresponding Senior Management
Function(s)
Core & Limited Scope Enhanced
CF1 Director SMF3 Executive Director SMF2 Chief Finance Officer
SMF3 Executive Director
SMF4 Chief Risk Officer
SMF5 Head of Internal Audit
SMF7 Group Entity Senior
Manager
SMF24 – Chief Operations
CF2 Non-Executive Director SMF9 Chair SMF9 – Chair
SMF10 – Chair of the Risk
Committee
SMF11 – Chair of the Audit
Committee
SMF12 – Chair of the
Remuneration Committee
SMF13 – Chair of the
Nomination Committee
SMF14 – Senior Independent
Director
SMF7 – Group Entity Senior
Manager
CF3 Chief Executive SMF1 Chief Executive
SMF19 Head of Third Country Branch SMF1 – Chief Executive
SMF2 – Chief Finance Officer
SMF4 – Chief Risk Officer SMF5 – Head of Internal Audit
CF4 Partner SMF3 Executive Director
SMF27 Partner SMF27 – Partner
SMF2 – Chief Finance Officer
©FSTP fstp.co.uk
SMF4 – Chief Risk Officer
SMF5 – Head of Internal Audit
CF5 Director of Unincorporated
Association
SMF3 Executive Director
SMF3 – Executive Director
SMF2 – Chief Finance Officer
SMF4 – Chief Risk Officer
SMF5 – Head of Internal Audit
CF6 Small Friendly Society Function SMF3 Executive Director
SMF3 – Executive Director
SMF2 – Chief Finance Officer
SMF4 – Chief Risk Officer
SMF5 – Head of Internal Audit
CF8 Apportionment and Oversight
Function
SMF29 Limited Scope
CF10 Compliance Oversight SMF16 Compliance Oversight SMF16 – Compliance Oversight
CF10a - CASS Operational Oversight
Function
SMF18 – Other Overall Responsibility
CF11 Money Laundering Reporting SMF17 Money Laundering Reporting Officer
(MLRO) SMF17 – Money Laundering
Reporting Officer (MLRO)
CF28 Systems and Controls Function SMF2 – Chief Finance Officer
SMF4 – Chief Risk Officer
SMF5 – Head of Internal Audit
CF29 Significant Management
Function
SMF21 EEA Branch Senior Management
Function
SMF18 – Other Overall
Responsibility
SMF24 – Chief Operations
Conversion only applies for the controlled functions and corresponding Senior
Management Functions listed above. For all other controlled functions, regulatory
approval will no longer be required and existing approvals will lapse when the new
Regime begins. These people can become part of the Certification Regime.
Forms will be available on Connect, 3 months before the Regime starts.
Core and limited Scope Firms - When do Forms need to be submitted?
©FSTP fstp.co.uk
Enhanced Firms What you need to submit
The Certification Regime
Firms affected All firms will be affected by the Certification Regime if they have individuals in
©FSTP fstp.co.uk
the roles below.
Individuals affected activities
• Significant Management Function (based on current CF29)
• Proprietary traders (based on Current CF29)
• CASS oversight (based on current CF10a)
• Certain material risk takers people whose actions could have a material
impact on the risk profile of the firm
• Functions subject to qualification requirement e.g. Financial Advisers,
Investment Managers and Mortgage Advisers
• The Client Dealing function
• Individuals who supervise or manage another person who is covered by the
certification regime (not applicable if they are already an SMF)
• Algorithmic trading
The term Significant Harm function has now changed to FCA Certification
Function.
Certification only applies to individuals if they perform their function from an
establishment in the UK or are dealing with a client in the UK. Individuals
should be certified if they work more than 30 days a year in the UK.
Material risk takers under the Remuneration code are an exception Certification
applies even if they are based overseas and do not deal with a UK client.
Key implications Individuals covered by the Certification Regime will not be registered individually
with the FCA.
Firms will certification
function are fit and proper to do so. If the person was performing the role prior
to it becoming a certification function references from previous employers does
not apply.
The Regulators will not approve employees within the scope of the certification
regime but will require a Senior Manager within the firm to assume
responsibility for the internal assessment and certification process.
More than one individual can perform a function in scope of the Certification
Regime at the same firm accommodates job sharing arrangements.
If an employee performs multiple certification functions within their role each
certification function will need to be assessed against the specific fit and proper
standards, but one certificate may be used detailing all functions.
Certification will need to be renewed on an annual basis.
The treasury intends to commence the requirement for firms to certify relevant
employees for the first time 12 months after the commencement of the main
©FSTP fstp.co.uk
SMCR.
CASS A firm can allocate the CASS Prescribed Responsibility to any of the Senior
Managers, but this should be the Senior Manager who is the most senior person
responsible for this area. Once the Prescribed Responsibility has been allocated, it
might be the case that this Senior Manager also performs the CASS Oversight
Function. In this situation, as the person is an SMF there is no need for the firm
to also apply the Certification Regime to them.
Alternatively, as the CASS Oversight Function is often operationally focused, the
person performing it might not be a Senior Manager. In this case, the person with
the CASS Oversight Function will fall under the Certification Regime and will
not need pre approval by the FCA.
The New Conduct Rules
Firms affected All firms will be affected by the Conduct Rules.
Individuals affected All staff will be affected by the Conduct Rules apart from ancillary staff, such as
catering staff, which would be the same role in a non-financial service sector firm.
commencement of the SMCR Regime.
Other employees will have 12 months from the commencement date to be
trained and for the rules to apply.
Key implications The existing statements of Principle and Code of Practice for Approved Persons
will be replaced by a set of Conduct Rules.
Conduct Rules First tier Individual Conduct Rules
Rule 1: You must act with integrity.
Rule 2: You must act with due skill, care and diligence.
Rule 3: You must be open and cooperative with the FCA, the PRA and other
regulators.
Rule 4: You must pay due regard to the interests of customers and treat them
fairly.
Rule 5: You must observe proper standards of market conduct.
Second tier Senior Manager Conduct Rules
SC1: You must take reasonable steps to ensure that the business of the firm for
which you are responsible is controlled effectively.
SC2: You must take reasonable steps to ensure that the business of the firm for
which you are responsible complies with relevant requirements and standards of
the regulatory system.
SC3: You must take reasonable steps to ensure that any delegation of your
responsibilities is to an appropriate person and that you oversee the discharge of
the delegated responsibility effectively.
SC4: You must disclose appropriately any information of which the FCA or PRA
would reasonably expect notice.
©FSTP fstp.co.uk
The regulators expect all staff who are subject to the rules to be trained on the
rules so they are able to understand them. Additional training should be given to
staff on specific examples pertinent to the areas in which they work.
Firms should notify the regulators when an individual has breached the conduct
rules and/or they have taken formal disciplinary action in response to a breach of
the rules.
This needs to be completed within 7 business days of the firm becoming aware if
the person in breach is a SMF.
If the individual concerned is not an SMF then it is reported annually. The
reporting period is 1 September to 31st August and submissions need to be in
within 2 months of the end of the reporting date.
Limited permission Consumer Credit Firms will need to submit their return in
line with their annual reporting cycle.
There will be a late returns fee if the submission of the annual return is late.
Fitness and Propriety
Firms affected All firms will be affected by the Fitness and Propriety requirements.
Individuals Impacted Applicants for SMFs, holders of SMFs and individuals falling within the
Certification regime.
Key implications Assessment of fitness and propriety will need to be conducted on an annual basis.
Firms will need to advise the regulator of SMFs failing the fitness and propriety
assessment.
If an individual covered by the Certification Regime fails the fitness and propriety
assessment their certificate must not be renewed.
The rules in the FCA handbook will remain generally the same as they are
currently for assessing fitness and propriety but there will be amendments to make
the requirements clear for initial assessment and ongoing assessment especially the
evidence firms should collect as part of the process.
Criminal record checks will be required to be carried out by the firm; this will
mean firms will need to sign up to the Disclosure and Barring Service (DBS).
A criminal record check is only mandatory when a candidate is applying for a
SMF
Where candidates have spent a considerable time abroad working or living outside
the UK firms should consider doing an equivalent check with the appropriate
regulatory body if available.
If a firm wants to appoint an individual into a SMF or a Certification function
they will have to undertake references for the last 6 years employment history.
©FSTP fstp.co.uk
If a reference is requested by one relevant firm of another relevant firm they will
need to disclose if relevant:
• The candidate breached a conduct rule
• A description of the basis and outcome of disciplinary action in relation to a
breach.
• Disclose of any other information that is relevant to assessing whether
someone is fit and proper
The above are the near final rules so in all respects are good to go.
following questions helpful as the workload is bigger than you think just ask anyone who was
involved in the implementation in the Banks, Building Societies, Designated Investment Firms,
Credit Unions and Insurance Firms?
• Who are the Senior Management that will be affected?
• Who are the population affected by the Certification Regime?
• How will we assess the people affected by the Certification Regime as competent?
• Have we got the correct systems and controls in place to implement the requirements effectively?
• Do we need to revise or enhance our recruitment and other HR processes?
• Have we got the resource to undertake the implications of a project with this magnitude of change?
• How will we train people on the New Conduct rules especially considering the number of people
affected?
• How does the work we have already done for MiFID II align with the requirements for SMCR?
If you would like to talk further about the implications of the SMCR please contact:
Philippa Grocott,
Business Development Partner at FSTP
07515944636 or email [email protected]
Julia Kirkland,
Senior Partner at FSTP
07743726766 or email [email protected]