Now that the Senior Managers and Certification Regime (SM&CR) has been extended, how does it affect insurance firms? We have the answers to 17 frequently asked questions.
Almost every employee at an insurance firm regulated by the FCA is now affected by the regime. The SM&CR is designed to hold all financial sector employees to certain standards of conduct and to hold senior managers accountable for any misconduct that falls within their area of responsibility. Below we've answered the questions we've been asked most frequently, but if we've missed any, please let us know and we will happily add more!
1. When did the SM&CR become effective for insurers?
The extension of the SM&CR to insurers came into effect on 10th December 2018 for dual-regulated insurers and on 9th December 2019 for solo-regulated firms.
2. Do the same requirements apply to all insurers?
The full SM&CR applies only to Solvency II insurers, and insurers outside the scope of Solvency II with assets of at least £25 million (known as “large non-directive firms”).
A more “streamlined” SM&CR regime applies to Solvency II firms and large Non-Directive Firms ("NDFs") and a streamlined regime will apply to small NDF's, small runoff vehicles and Insurance Special Purpose Vehicles ("ISPVs").
As the SM&CR applies on a legal entity basis, if your firm is part of a group, you will also need to consider how each of the entities are caught by the regime.
3. What are the biggest changes for insurers?
The new certification regime, the extension of conduct rules to all staff except for ancillary and the new duty of responsibility.
4. To what activities do the Individual Conduct Rules and Senior Manager Conduct Rules apply?
The conduct rules apply to an individual’s activities in relation to the firm’s regulated and unregulated financial services activities (including any activities carried on in connection with a regulated activity).
5. Which staff will fall under the Certification Regime?
The Certification Regime applies to people whose jobs mean they can have a significant impact on customers, the firm or market integrity. The regime also applies to anyone who supervises or manages a Certified Function that isn’t a Senior Manager.
FSMA defines a Certification Function as one that "requires the person performing it to be involved in one or more aspects of the firm’s affairs, so far as relating to a regulated activity, and those aspects involve, or might involve, a risk of significant harm to the firm or any of its customers." (s63E(5) of FSMA).
The FCA and PRA has defined a series of 'certification functions'. The Certification Regime only applies to employees of firms, it doesn’t apply to Non-Executive Directors.
6. How does the Certification Regime differ from the Approved Persons Regime and Senior Insurance Managers Regime?
Firms must assess each year whether any person that is to carry out a certification function is fit and proper to perform their role, and issue a certificate to them if they are. Some of the staff in the scope of the Certification Regime may previously have been subject to regulator approval. This is no required under the Certification Regime. This reinforces that firms, rather than the regulator, are responsible for ensuring their staff are fit and proper.
7. What is the Duty of Responsibility?
The Duty of Responsibility specifies that the FCA and/or PRA can take action against a Senior Manager where they can show that:
- there was misconduct by the Senior Manager’s firm
- at the time of the misconduct or during any part of it, the Senior Manager was responsible for the management of any of the firm’s activities in relation to which the misconduct occurred
- the Senior Manager did not take such steps as a person in their position could reasonably have been expected to take to avoid the misconduct occurring or continuing
The burden of proof for all these elements lies on the regulators. The Senior Manager does not need to show that they took reasonable steps, it is for the regulator(s) to prove that they did not.
8. Can an individual be both a senior manager and a certified person?
Yes, if a Senior Manager performs a role that is subject to the certification regime, and that role is not related to their Senior Management Function, then they also need to be certified. For example, if a Senior Manager meets the definition of the client dealing function (broadly equivalent to the current CF30 role), they must be certified for that function. However, the FCA doesn’t think that there will be many such cases amongst insurers.
9. What is the Statement of Responsibilities?
The Statement of Responsibilities (SoR) is a single document that every Senior Manager must have which clearly sets out their role and responsibilities. It is the same in substance as a Scope of Responsibilities document, which some insurers were required to submit under the revised APR and PRA’s SIMR. Insurers are required to submit SoRs with an application for approval of a new Senior Manager and must keep these up to date and re-submit them whenever there is a significant change in responsibilities.
10. Do firms need to appoint someone to each Senior Management Function?
The SM&CR provides a more granular list of Senior Management Functions (SMFs) than the previous list of controlled functions. If a person is to carry out a role that is designated as an SMF they must be approved as such. Otherwise there is no general requirement to appoint individuals to hold SMFs.
11. Can a Senior Manager hold more than one SMF?
Yes, it is possible to hold more than one SMF. For example, an SMF3 – Executive Director may also hold the SMF17 – Money Laundering Reporting Officer function. Where this is the case, the individual needs approval from the regulator for each function. The Senior Manager only needs one SoR, but this must clearly describe all their responsibilities.
12. Does the new regime affect other employees?
Yes. Individual conduct rules are basic standards of behaviour that apply to all individuals performing financial services activities in firms. These rules apply to all staff except for ancillary staff, such as cleaners, receptionists, catering staff and security staff.
13. What is the new handover procedures requirement?
This requirement only applies to Solvency II firms and large NDFs. Such firms must take all reasonable steps to make sure that a person taking on a Senior Manager role has all the information and materials they could reasonably expect to have to do their job effectively. One way of doing this could be for the predecessor to prepare a suitable handover note. Insurers must have a policy to explain how they comply with this requirement and maintain adequate records of the steps they have taken.
14. What is the 12-week rule?
The Senior Managers Regime allows someone to cover for a Senior Manager without being approved where the absence is temporary or reasonably unforeseen, where the appointment is for less than 12 consecutive weeks.
15. The regime applies on a legal entity basis, what does this mean to firms?
Firms with complex group structures need to consider the impact of SM&CR on senior management within each legal entity, as well as the impact on any individuals within the wider group who exert significant influence over the management and conduct of UK‑regulated activities within the relevant legal entity. For groups with several legal entities, the SM&CR could apply in a differing way to each entity.
16. Are there any training requirements?
Yes, firms must make individuals who are subject to the Conduct Rules aware that this is the case, and take all reasonable steps to ensure that they understand how the rules apply to them and their role.
17. Does the regime affect recruitment?
HR processes will require modification to implement the new Regulatory Reference and Criminal Record Check Requirements. The regulatory reference requirements apply when appointing an individual to a Senior Manager or a Certified role and will also apply to all NEDs who aren’t Senior Managers. The criminal record checks apply to Senior Managers and NEDs (where a fitness requirement applies) as part of checking that they are fit and proper.
Want to learn more about SMCR?
If you'd like to stay up to date with SMCR best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech news, subscribe to the Skillcast Compliance Bulletin.
To help you navigate the compliance landscape we have collated searchable glossaries of key terms and definitions across complex topics including GDPR, Equality, Financial Crime and SMCR. We also regularly report key learnings from recent compliance fines.
You can follow our ongoing YouGov research into compliance issues, attitudes and risk perceptions in the UK workplace through our Compliance Insights blogs.
And if you're looking for a compliance training solution, why not visit our Compliance Essentials Course Library.
Last but not least, we have 60+ free compliance training aids, including assessments, best practice guides, checklists, desk-aids, eBooks, games, handouts, posters, training presentations and even e-learning modules!
If you've any questions or concerns about compliance or e-learning, please get in touch.
We are happy to help!