On Wednesday, the FCA and PRA published the following consultation papers on the extension of the Senior Managers and Certification Regime (SM&CR) to all authorised firms under the Financial Services and Markets Act 2000 (FSMA):

The SM&CR, which was implemented in March 2016, currently applies only to banks, building societies, credit unions, PRA designated investment firms and certain insurers. Rolling it out to all financial services firms is a strategic priority for the regulators, as they continue their quest to strengthen individual accountability across the industry.

The new regime will replace the approved persons regime in force for authorised firms currently outside of the scope of the SM&CR. It represents a shift of responsibility from the regulators to firms to certify that many of their employees are fit and proper to carry out relevant functions. Consequently, human resources and compliance processes will require a complete overhaul. Insurers, who were previously not required to implement the certification regime, will now need to do so.

At its heart, the extended SM&CR is designed not as a burden but as a relief to firms by preventing the recycling of individuals with bad conduct histories (so-called "bad apples") in the financial services industry: to make the industry "safer". Despite these intentions, many firms will read the consultation with some degree of trepidation.

Even though the regulators are trying to impose a degree of proportionality in their approach (creating a "core" regime and an "enhanced" regime dependent on the size of firm), compliance with the core regime will place a significant burden on smaller firms such as asset managers and smaller insurers and reinsurers. Compliance and human resources processes will likely require dramatic redesign in order to ensure that employment contracts, policies and practices comply with the new regime.

Amongst other things, firms will have to: 

  • Identify relevant individuals as either senior managers or persons performing significant harm functions requiring certification 
  • Draft statements of responsibilities for senior managers
  • Evaluate their existing pre-employment checks
  • Update offer letters and employment contracts to ensure that employees do not start work until after they receive the certification required
  • Put in place appraisal systems enabling assessment of whether certification should be granted or maintained
  • Refresh HR data management systems to facilitate compliance with the regulatory reference regime
  • Implement adequate compliance procedures and training processes
  • Provide staff with sufficient information and training and ways to record it
  • Consider how the new regime impacts other HR policies such as disciplinary and grievance policies