Insurance Firms and The Duty of Responsibility Under SM&CR
With the commencement date looming, insurance firms should be well within the final stretch of their preparation for the new Senior Managers and Certification Regime. The new regime replaces the Approved Persons Regime, following the enactment in May 2016 of the Bank of England and Financial Services Act, which required the SM&CR be extended to all authorised financial services firms. The SM&CR has been in place for banking firms since March 2016, and will apply to insurance firms from 10 December 2018, with the final roll-out to solo-regulated firms due in 2019.
How insurance firms will be transferred to the new regime – and what they need to do – depends on the type of firm they are and the FCA has provided a range of guidance documents for Solvency II, NDF, and Small run-off firms. The Regime comprises three parts: the Senior Managers Regime, designed to ensure that important senior management functions are allocated to individuals with appropriate knowledge, competence and skill, and that those individuals are directly accountable to the regulator for their actions; the Certification Regime, which requires firms to certify that their staff are “fit and proper” to perform their role; and the Conduct Rules, which introduces a set of expectations in a code of conduct which applies to all non-ancillary staff. For more transition specific information, see our previous publications: What Insurance Firms Need to Know About the Incoming SMCR and Preparing for the Senior Managers and Certification Regime.
Smaller sized firms face a unique set of challenges in transitioning to new regulatory regimes, and the SM&CR is no exception. Smaller firms should ensure they read the full suite of available Consultation Papers, Policy Statements, Guidance documents, and relevant Handbook sections published by the FCA to ensure they are clear on how the new rules will affect them. The FCA have clearly stated that the application of the regime to small NDFs, small run-off firms, and ISPVs is designed to be proportionate, and to this end, there are fewer applicable Senior Management Functions and Prescribed Responsibilities.
Although in most cases, individuals in smaller firms will be automatically converted to the new regime, those who will be undertaking Senior Management Functions should ensure they are clear about their responsibilities and obligations under the SM&CR; while some aspects of the FCA’s approach to regulation of the regime are designed to be proportionate, Senior Managers are equally accountable for their conduct whatever the size of their firm.
Under the Approved Persons Regime, approved persons were accountable to the regulator where they had been “knowingly concerned” in a breach; under the SM&CR, Senior Managers have a “duty of responsibility”, meaning that in the event a firm breaches a regulatory requirement, the FCA can hold the Senior Manager with responsibility for that area accountable if they did not take “reasonable steps” to prevent or stop the breach. The burden of proof lies with the regulator, which would need to show that:
There was misconduct by the Senior Manager’s firm
The Senior Manager was responsible for the management of any of the firm’s activities relating to the misconduct, at the time of the breach/event/issue
The Senior Manager did not take reasonable steps to avoid the misconduct occurring.
Whilst in such a case, the Senior Manager does not need to show that they took reasonable steps (it is for the regulator to show otherwise), Senior Managers do need to ensure they are clear about their duty of responsibility.
Feedback received following Consultation Paper 17/42 highlighted some concerns from a small number of respondents that smaller firms would be disproportionately affected by the Duty of Responsibility, and suggested that the FCA should consider producing guidance specifically for smaller firms. The FCA noted that some of the concerns were about the existence of the Duty of Responsibility, created by Parliament and applied to firms as a result of a Treasury decision – and therefore not subject to amendment by the FCA - and points out that the Duty of Responsibility was originally created to apply to credit unions, many of which are very small. The FCA state that their guidance on the Duty of Responsibility was produced with firms of all sizes in mind, and that the FCA will take account of all of the circumstances in determining what steps they consider a person in the Senior Manager’s position could reasonably have taken.
Section DEPP 6.2.9-E of the Handbook sets out how the FCA will consider such cases. Although the list of considerations is non-prescriptive and expressly non-exhaustive, it provides a useful insight into the expected conduct of Senior Managers. Among other considerations, DEPP 6.2.9-E covers:
the exercise of reasonable care,
whether the Senior Manager reached a reasonable conclusion on which to act,
the knowledge of the Senior Manager of regulatory concerns relating to their role and responsibilities
whether the Senior Manager took reasonable steps to ensure the issues were dealt with in a timely and appropriate manner
whether the Senior Manager took reasonable steps to ensure that any delegation was reasonable, and was to an appropriate person
whether the Senior Manager followed the firm’s procedures
whether the Senior Manager took reasonable steps to implement adequate systems and controls to comply with relevant requirements and standards of the regulatory system for the activities of the firm.
The Handbook also highlights the importance of Senior Managers ensuring that for their areas of responsibility, the firm has appropriate policies and procedures for reviewing the competence and knowledge of their staff, and for assessing and monitoring governance, operational and risk management arrangements for the activities for which they are responsible.
The Duty of Responsibility demonstrates the importance that smaller firms, and individual Senior Managers, are clear about the activities for which they are responsible. Should a breach occur, the FCA will expect to see evidence that the Senior Manager ensures adequate reporting, maintains an appropriate level of understanding about issues that have been delegated, that they seek expert opinion where appropriate, adequately assess potential risks, and adequately monitors highly profitable transactions, business practices, unusual transactions and individuals who contribute significantly to the profitability of a business area, and could take action against that individual if there is a lack of evidence of responsible behaviour.
In addition to the FCA’s publications, particularly the Guide for Insurers and the relevant Handbook sections, Senior Managers should also ensure that they are clear on their statutory, common law, and other legal obligations (including those set out in the Companies Act 2006 and the FCA Handbook).