On 26 July 2017, the PRA and FCA published their long overdue consultation papers on extending the Senior Managers and Certification Regime (“SMCR”) to insurers, reinsurers and managing agents (FCA CP17/26; PRA CP 14/17).
Insurers, reinsurers and managing agents (here collectively referred to as insurers) are coming into scope of the full SMCR regime, having previously been subject to the less stringent Senior Insurance Managers Regime (SIMR).
The SMCR and SIMR regimes are slightly different because they have different legislative bases. The SMCR (introduced for banks with effect from 7 March 2016) implemented recommendations of the Parliamentary Commission on Banking Standards, to impose greater levels of personal accountability following the LIBOR manipulation investigations. In contrast, SIMR was primarily introduced to implement aspects of the Solvency II directive as well as introducing a limited number of governance changes along similar lines to SMCR. The Bank of England and Financial Services Act 2016 introduced amendments to FSMA 2000 which will bring all authorised firms, including insurers, within the scope of SMCR. This extension will come into effect next year.
What will this mean in practice?
The regulators have chosen a tiered approach to implementation of the new regime. As a result, the full SMCR will apply only to Solvency II insurers, and insurers outside the scope of Solvency II but with asset value of at least £25 million (known as “large non-directive firms” or “large NDFs”).
A more “streamlined” SMCR regime will apply to other insurers. There are also some variations in the application of the regime to UK branches of EEA and non-EEA insurers and reinsurers.
We focus here upon the position of UK-incorporated Solvency II insurers and large NDFs.
The key changes for Solvency II insurers and large Non-Directive Firms are:
Introduction of personal regulatory duties for all staff, except for those performing merely administrative duties
This is a very significant change for the staff of insurers, who have never before been accountable directly to the regulators for their personal conduct (unless they have previously been SIMF holders or Approved Persons).
The PRA’s Conduct Rules will apply only to S(I)MF* holders and Certification staff, but the FCA is proposing to apply its Individual Conduct Rules to all staff, save for those carrying out a small number of purely administrative roles (to be specified as out of scope in the FCA’s rules).
(*SIMF functions are to be re-named S(I)MF functions, to reflect that they are both SIMF functions in the PRA Rulebook and SMF functions under FSMA.)
A failure to meet the standards imposed under the Individual Conduct Rules to which they are subject will render an employee liable to enforcement action. In addition, any employee will be liable to disciplinary action by the PRA or FCA if they are found to have been “knowingly concerned” in a breach by the insurer. These changes therefore significantly extend exposure to personal regulatory action beyond the members of senior management who are S(I)MF holders or Approved Persons.
Insurers themselves will be required to provide tailored training to their ‘Conduct Rules’ staff, to help them to understand their personal regulatory duties. This will be a statutory requirement under the new regime, and is also important to help staff understand and manage their personal regulatory risk.
Introduction of a new Certification regime for insurers
This will require insurers to identify, on an annual basis, which of their staff are performing Certification functions, and to assess the fitness and propriety of each individual to perform their roles. This is in addition to the existing requirements under SIMR (which the PRA proposes to retain under the new regime) that firms should require their key function holders and persons performing key functions to observe the PRA’s conduct standards, and consider whether such individuals have performed their functions in accordance with those conduct standards, as part of firms’ ongoing fitness and propriety assessments.
Certification functions will be specified by the PRA and FCA within parameters prescribed by statute (these must be “significant harm functions”, i.e. functions that might involve the risk of significant harm for a firm or to any of its policyholders). The PRA proposes that Certification functions should include:
- all key function holders (i.e. “individuals who are responsible for discharging a ‘key function’”) under SIMR; and,
- for “large firms” (defined as those with annual premium income (gross of reinsurance) of more than £1 billion in each of the last three financial years), all material risk takers (MRTs) whose professional activities have a material impact on the firm’s risk profile.
The FCA defines Certification functions more broadly than the PRA. The FCA’s list of prescribed Certification functions also includes:
- Significant Management Function (broadly equivalent to CF29 under APER)
- CASS oversight function
- Functions subject to qualification requirements
- Client dealing function
- Anyone who supervises or manages a person performing a Certification function.
If, for whatever reason, a Certification staff member cannot be certified fit and proper to perform their role at the annual certification deadline, they will need to be removed from their role or temporarily re-deployed.
From our experience advising banks on the first wave of SMCR implementation, we expect the Certification regime to necessitate various amendments to insurers’ HR policies and procedures, including appraisal forms, staff handbooks and employment contracts. It will also require difficult judgment calls to be taken in the event that there are questions over an individual’s fitness and propriety - it is worth thinking through in advance some scenarios where this may arise.
A longer list of S(I)MFs will exist under the new regime
The PRA will retain its list of SIMFs under SIMR (renaming them S(I)MFs) – although note that, by the time the extended SMCR takes effect, the list of SIMFs is likely to include the new Chief Operations SIMF (SIMF24) for Solvency II insurance firms and large NDFs, and an associated new prescribed responsibility for the oversight of outsourced operations. SMF24 is currently at consultation stage, with the relevant consultation period closing on 22 September 2017 (see PRA Consultation Paper CP 8/17, June 2017).
The FCA will add the following SMFs for insurers:
- SMF3 – Executive Director
- SMF23b – Conduct Risk Executive Officer (Lloyd’s only)
- SMF18 – Other Overall Responsibility
- SMF16 – Compliance Oversight (note that the scope of this role is to be broader than the equivalent APER role)
- SMF17 – MLRO
- SMF13 – Chair of Nominations Committee
- SMF15 – Chair of With-Profits Committee, or the person(s) responsible for the with-profits advisory arrangement
A longer list of prescribed responsibilities (“PRs”)
19 PRs will now be required to be allocated to S(I)MF holders under the SMCR. For example, the prescribed responsibility for ensuring compliance with SIMR has been split out into four separate prescribed responsibilities for ensuring compliance with different aspects of SMCR.
New regulatory notification duties
New regulatory notification duties will apply where a firm takes disciplinary action against a member of Conduct Rule staff where the disciplinary action relates to any action, failure to act, or circumstance that amounts to a breach of any Conduct Rule.
New requirements for handover notes
Firms will be required to take all reasonable steps to ensure that a person taking over a S(I)MF role has all the information and materials they could reasonably expect to have in order to do their job effectively.
Introduction of a ‘duty of responsibility’ upon S(I)MF function holders
Introduction of a ‘duty of responsibility’ upon S(I)MF function holders to take reasonable steps to avoid the firm breaching its regulatory duties in the area for which the S(I)MF holder is responsible. We mention this for completeness but, in our view, the ‘duty of responsibility’ is redundant as it adds nothing to in practice the regulatory duties that S(I)MF holders already have as a result of the Conduct Rules referred to above.
Different terminology for documentation
Scope of responsibility records for individual S(I)MFs and governance maps for firms, required under SIMR, will still be required under SMCR, but they will be renamed “Statements of Responsibility” (SoRs for short) and “Management Responsibility Maps” (MRMs), to accord with the terminology used in the banking regime. The FCA states that templates for these will be consulted on later in 2017.
We do not expect firms’ existing governance maps to differ substantially from the SMCR-compliant MRMs that will be required. The PRA Consultation Paper suggests that the main additional piece of information required to convert a governance map into an SMCR-compliant MRM will be “a record of any matters reserved to the governing body”. The PRA also states that it is “not proposing any changes to the current rules for the maintenance of these maps, or for the circumstances for their provision to the PRA”.
Those who are concerned about the acronyms becoming unmanageably clunky may take comfort from the promise of “a further CP in 2017 Q3/Q4 that would contain proposals for aligning some of the terminology more closely with the current SMCR for banking”.
When will these changes take effect?
The PRA states that it proposes to publish final policy during 2018. The commencement date for the new regime has not yet been set by HM Treasury, but is expected to be in 2018.
What can you be doing now ?
From our experience helping banks to prepare for the implementation of the original-scope SMCR, implementing these new requirements takes longer than you would think. Our advice is to start as soon as you can.