DP1/23 – Review of the Senior Managers and Certification Regime (SM&CR)

Privacy statement

By responding to this discussion paper, you provide personal data to the Bank of England, and the Financial Conduct Authority (FCA) – the regulators. This may include your name, contact details (including, if provided, details of the organisation you work for), and opinions or details offered in the response itself. Responses may also be shared with HM Treasury.

The response will be used to inform our work as regulators, and the Bank of England as central bank, both in the public interest and in the exercise of official authority. We may use your details to contact you to clarify any aspects of your response.

The regulators will retain all responses for the period that is relevant to supporting ongoing regulatory policy developments and reviews. However, all personal data will be redacted from the responses within five years of receipt. To find out more about how we deal with your personal data, your rights or to get in touch please visit Privacy and the Bank of England. Please see further information on how and why the FCA uses your personal data.

Information provided in response to this paper, including personal information, may be subject to publication or disclosure to other parties in accordance with access to information regimes including under the Freedom of Information Act 2000 or data protection legislation, or as otherwise required by law or in discharge of the Bank’s and FCA’s functions.

Please indicate if you regard all, or some of, the information you provide as confidential. If the regulators receive a request for disclosure of this information, we will take your indication(s) into account, but cannot give an assurance that confidentiality can be maintained in all circumstances. An automatic confidentiality disclaimer generated by your IT system on emails will not, of itself, be regarded as binding on the Bank of England or the FCA.

Responses are requested by Thursday 1 June 2023.

Please respond to this DP using the electronic survey if you can. Otherwise, please sent your response via email to: SMCR_DP@fca.org.uk.

Alternatively, please address any comments or enquiries to:
Prudential Regulation Authority
Governance, Remuneration, and Controls Team
20 Moorgate
London
EC2R 6DA

Financial Conduct Authority
Governance and Cross Cutting Standards Policy
Cross Cutting Policy, Supervision, Policy & Competition
12 Endeavour Square
London
E20 1JN

Executive summary

In December 2022, the government announced, as part of the Edinburgh Reforms, that HM Treasury (HMT), the Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) (‛the authorities’) would commence separate reviews of the Senior Managers and Certification Regime (SM&CR).^{footnote [1]}

The FCA and PRA are reviewing the effectiveness, scope, and proportionality of the regulatory regime, which is the basis for this Discussion Paper (DP). HMT has, in parallel, launched a Call for Evidence (CfE) to look at the legislative aspects of the regime. The reviews aim to understand stakeholders’ views on the functioning of the SM&CR and to identify ways to improve the regime to help it work better for firms and regulators, while preserving its underlying aims.

The SM&CR seeks to promote safety and soundness, reduce harm to consumers and strengthen market functioning by requiring that financial services professionals are individually accountable to their employers and to the regulators. A core requirement is that the most senior decision-makers in firms should be fit and proper for their roles, and take reasonable steps in the execution of their duties. The regime also aims to ensure that all financial services staff meet expected conduct standards.

The SM&CR was first introduced in 2016, following the recommendations of the Parliamentary Committee on Banking Standards, in the light of problems that became evident during the 2007-2008 financial crisis and subsequent conduct scandals.^{footnote [2]} Since 2019 the regime has been applied to almost all regulated financial services firms, including FCA solo-regulated firms, and is an integral part of the regulators’ supervisory approaches.^{footnote [3]}

The SM&CR comprises several, mutually reinforcing elements, centred on the Senior Managers Regime, the Certification Regime, and the Conduct Rules. These are summarised in Chapter 2. Chapter 3 seeks stakeholder feedback in relation to the general effectiveness, scope, and proportionality of the regime.

Several specific elements of the regime, starting with the approvals process, are examined in Chapter 4 to assist respondents in identifying other areas of potential enhancements. Finally, the Appendix to the DP outlines how other jurisdictions have employed individual accountability as a means of enhancing decision-taking and promoting regulatory goals.

The FCA and PRA are aware that some stakeholders have previously raised concerns about delays in obtaining regulatory approval for Senior Manager appointments. Significant improvements have been made already,^{footnote [4]} and there have been reductions in delays both at the FCA and the PRA, with a substantial reduction in the number of total open applications and those over three months. The regulators will undertake further work to address this issue alongside the current review.

Next steps

Respondents are asked to respond to this DP by completing an online response survey that lists the questions as set out in this paper.

The SM&CR is broad in scope and therefore some questions may be applicable to some firms but not others. However, the range of questions included is designed to obtain the fullest possible feedback to allow the regulators to identify potential policy and process enhancements to the regime and avoid unintended consequences.

1. Introduction

1.1 In December 2022, the government announced, as part of the Edinburgh Reforms, that HMT, the FCA, and the PRA would commence reviews on the Senior Managers and Certification Regime (SM&CR) in the first quarter of 2023.^{footnote [5]} Following this, the FCA and PRA (‛the regulators’) are publishing this joint DP to seek views from regulated financial services firms (firms), consumers, and other stakeholders on the effectiveness, scope, and proportionality of the regime. HMT is separately launching a Call for Evidence (CfE) to look at the legislative framework of the regime.

1.2 The regulators are keen to study these views, while drawing on their growing experience of the SM&CR, to identify areas where improvements could be made, consistent with promoting their primary statutory objectives.^{footnote [6]} The regulators will also conduct the review through the lenses of operational efficiency, proportionate regulation, trust and reputation, effective competition as well as in the context of the new secondary objective of competitiveness and growth for both the FCA and PRA included in the Financial Services and Markets Bill (‛the FSM Bill’).

1.3 The SM&CR is an individual accountability regime. It aims to promote the safety and soundness of regulated financial services firms, reduce harm to consumers and strengthen conduct and market integrity by creating a system that enables firms and regulators to hold individuals within firms, and particularly senior decision-makers, to account. The key features of the SM&CR are set out in the Financial Services and Markets Act 2000 (FSMA)^{footnote [7]} and made operational through rules and other policy documents published by the regulators.

1.4 From the time of its introduction in 2016, the SM&CR placed the UK in a leading position internationally with respect to individual accountability. Other countries have followed in introducing or developing similar accountability regimes (see Appendix). The SM&CR also formalises many aspects of accepted good governance practices seen in other jurisdictions internationally. The SM&CR is now an integral part of the regulators’ approaches to supervising and regulating financial services firms, and is embedded in firms’ business practices.

1.5 This DP, together with HMT’s CfE is the first full review of the SM&CR. While there have been other evaluations in the past, these were more limited in scope. The FCA conducted a stocktake in 2019 and observed that Senior Managers (see chapter 2) in the firms involved were clear on what accountability meant in the context of their roles. The PRA conducted an evaluation of the SM&CR for dual-regulated firms in 2020 which found that a large majority of the firms surveyed believed the SM&CR was having a positive effect on individual behaviour.^{footnote [8]} In addition, other feedback received over the years has stressed the regime’s positive consequences.

1.6 This DP is relevant to all financial services firms subject to the SM&CR. This includes all FCA solo-regulated firms. To facilitate responses to the DP, a single question bank is provided, and the responses will be shared between the authorities as appropriate. Responses will inform whether there is a case for the regulators to propose specific changes to the rules and guidance that implement the SM&CR, which if taken forward would be subject to the usual consultation process. Since the SM&CR is set in legislation as well as in rules made by the regulators, some of the areas of potential change covered by this DP may require legislative change, and stakeholders should consider this in the context of HMT’s CfE.

Background

Discussion paper structure

1.7 Chapter 2 – This chapter provides an overview of the SM&CR and outlines the elements that comprise the regime.

1.8 Chapter 3 – This chapter seeks high-level responses on the extent to which the current regime is effective in meeting its objectives alongside questions as to the scope and proportionality of the regime.

1.9 Chapter 4 – This asks a series of questions on the component parts of the SM&CR with a view to identifying potential specific enhancements.

1.10 Appendix – summarises international work relating to individual accountability.

Responses and next steps

1.11 The PRA and FCA invite answers on the specific questions set out in this DP, which closes on Thursday 1 June 2023. Please respond to the questions in this DP using our electronic survey if you can, or by using the email or postal addresses set out above.

Please respond to this DP using the electronic survey if you can. Otherwise, please sent your response via email to: SMCR_DP@fca.org.uk.

2. Overview of the SM&CR

2.1 This chapter sets out the main elements of the SM&CR, how they reinforce each other and the outcomes they seek to achieve.

2.2 The SM&CR had its origins in the 2013 report of the Parliamentary Commission on Banking Standards (PCBS).^{footnote [9]} The PCBS underlined the problems that arose in the years around the 2007-2008 financial crisis and subsequent conduct scandals, when some senior bankers were said to have avoided ‘accountability for failings on their watch by claiming ignorance or hiding behind collective decision-making’.^{footnote [10]} Therefore, The PCBS recommended a new Senior Persons Regime to ensure that key responsibilities were assigned to specific individuals. In the light of the PCBS recommendations, HMT and the regulators developed the SM&CR to address weaknesses inherent in the Approved Persons Regime.^{footnote [11]} It was rolled out to deposit-takers in 2016, extended to insurers from 2018, and since December 2019 it has been applied to most financial services firms.^{footnote [12]}

SM&CR – key elements

2.3 The SM&CR sets requirements on all professional employees (other than ancillary staff)^{footnote [13]} within a firm.^{footnote [14]} However, the degree of responsibility varies according to the relative impact of staff on a firm’s decision-making (see figure 1), namely:

• Senior Managers Regime (SMR): Senior Managers hold one or more roles designated as Senior Management Functions (SMFs). The individuals holding such roles are the firm’s most senior individuals. These include executive roles, such as chief executives and finance directors, as well as some oversight roles, such as chairs of boards and their sub-committees and senior independent directors.
• Certification Regime: covers functions at the firm that are not SMFs and that have a material impact on risks to customers and the risk profile of the firm.
• Conduct Rules: these set minimum standards of conduct for all professional employees, together with additional rules applicable to Senior Managers.

Figure 1: SM&CR coverage within a firm

Senior Managers Regime

2.4 Senior managers must be approved as fit and proper by their firm and the regulators, prior to appointment. In assessing fitness and propriety, firms and regulators consider three areas: honesty, integrity, and reputation; competence and capability; and financial soundness.

2.5 In ensuring an effective system of individual accountability, firms and regulators need to be clear about the key responsibilities of each Senior Manager (see figure 2). To that end:

• Senior Managers must have a Statement of Responsibilities (SoR), a single document that sets out their responsibilities. This is prepared by the firm and shared with the regulators. The responsibilities include those inherent in a Senior Manager’s role.^{footnote [15]}
• Firms must also allocate a set of mandatory prescribed responsibilities (PRs) across their Senior Managers.
• Dual-regulated firms and enhanced solo-regulated firms must prepare and maintain a Management Responsibilities Map (MRMs).^{footnote [16]} This is a firm-wide document that contains summary information covering the names of each Senior Manager and their responsibilities; the allocation of the prescribed responsibilities among Senior Managers and details of the firm’s governance arrangements.

Figure 2: How clarity of responsibilities is achieved

Certification Regime

2.6 Firms must assess and certify such individuals are fit and proper on appointment, and again on (at least) an annual basis. Employees subject to the Certification Regime do not require approval by the regulators.

Regulatory references

2.7 To support fitness and propriety assessments there is a system of mandatory employment references that firms must exchange when hiring Senior Managers or certified persons. These are known as regulatory references. The regulatory references must cover the previous six years of employment and be sought from all relevant former employers.

Conduct rules

2.8 The Conduct Rules require basic standards of individual conduct, for which all staff are accountable. There are additional conduct rules apply to senior managers only (see table 1).^{footnote [17]}

Maintaining standards

2.9 The SM&CR regime is primarily designed to act in a preventative manner, as well as to address concerns promptly when identified. Risk management is enhanced by making senior individuals accountable for taking reasonable steps to fulfil their duties. In the first instance, the SM&CR places the responsibility on firms to ensure that the firm and its Senior Managers have clearly allocated responsibilities, Senior Managers and other relevant staff are fit and proper to perform their roles, and good standards of behaviour are met by all staff.

2.10 At the same time, regulatory engagement is key to underpinning the SM&CR. A key part of this is assessing SMF applicants. As an integral part of supervision, supervisors also use the regime on a day-to-day basis to ensure that key risk issues, businesses and cross-cutting projects are overseen by an appropriately senior individual, identified by the firm, with responsibility for taking corrective action where this is necessary. The intensity of supervisory engagement depends on the significance of the risks involved and the extent to which a firm is actively addressing these.

2.11 Where breaches are identified, the regime also gives the regulators powers to take enforcement action against individuals (see Chapter 3). Moreover, in the case of banks, Senior Managers can also be held criminally liable if they take decisions that cause the failure of a firm, and this is subject to the criminal standard of proof.

3. Effectiveness, scope and proportionality

3.1 In this Chapter, the regulators invite general comments on the effectiveness, scope, and proportionality of the SM&CR.

Past assessments of the regime

3.2 The FCA and PRA have undertaken separate evaluations of the SM&CR since its implementation.

3.3 The FCA’s 2019 stocktake involved structured interviews with 45 Senior Managers and Certified staff at 15 banks.^{footnote [18]} This found that those individuals across all firms were clear on what accountability meant in the context of their jobs and day-to-day activities. They could explain how they were accountable for their own actions and their responsibilities as leaders in their organisations.

3.4 The PRA’s 2020 evaluation of the SM&CR gathered evidence from a broad range of deposit-taking institutions and insurers.^{footnote [19]} This examined the application of the SM&CR across the cycle of firm and supervisory activity: from appointment of individuals and determining fitness and propriety, to the role of accountability in business-as-usual conditions, to enforcement action. The main findings were that:

• the SM&CR had helped to ensure that senior individuals were taking greater responsibility for their actions (firms reported that this stemmed from a combination of factors, including clearer articulation of individual responsibility, improved handover arrangements, and enhanced compliance and ethics training);
• the SM&CR had made it easier for both firms and the PRA to hold individuals to account and was supporting better prudential outcomes (eg most firms surveyed noted that SoRs were linked to individual objectives and variable pay); and
• a large majority (around 95% of the 120 firms that responded) said the SM&CR was having a positive effect on individual behaviour, while around 70% of PRA supervisors surveyed found the SM&CR had helped them hold individuals to account.

3.5 Separately, the Financial Services Culture Board’s past annual surveys, which captured employees’ perceptions of their firms’ organisational cultures, have also provided evidence for increased accountability across firms. The proportion of respondents (employees) who agreed that senior leaders in their organisation took responsibility, especially when things went wrong, rose from 58% in 2016 to 68% in 2022.^{footnote [20]}

3.6 In addition, the feedback regulators have received on the regime from firms and other stakeholders over the years has been predominantly positive. Many see great value in the regime in improving conduct, governance, and individual responsibility, which helps them run their businesses more efficiently. In particular, firms have emphasised the importance of the regime during the operational disruption from the Covid-19 pandemic, and have highlighted how the SM&CR has helped them manage the disruption and ensure continuity of business.

3.7. At the same time, questions have been raised by at least some stakeholders about aspects of the regime, which can be revisited as part of this review. These include:

• challenges in completing regulatory references and the criteria for making conduct notifications;
• the growth in new expectations on Senior Managers in respect of new and emerging risks;
• the frequency of submitting SM&CR-related information; and
• delays in SMF approvals (see Chapter 4).

Effectiveness

Overall approach

3.8 The SM&CR aims to promote the safety and soundness of regulated financial services firms and reduce harm to consumers and strengthen market integrity by creating a system that enables firms and regulators to hold individuals, and Senior Managers in particular, to account. The SM&CR is mostly a preventative regime, and to this end, aims to:

• encourage staff to take personal responsibility for their actions;
• improve conduct at all levels;
• make sure firms and staff clearly understand, and can show, who is responsible for what; and
• improve corporate governance.

3.9 Ahead of implementation of the regime, the regulators noted that as well as creating ‘a new framework to encourage individuals to take greater responsibility for their actions’ it would ‘make it easier for both firms and regulators to hold individuals to account’.^{footnote [21]} This recognised the common interest of firms and regulators in promoting accountability, and that meaningful change would not result from a compliance-driven exercise. At the same time, a system of rules and guidance was required to ensure adherence to minimum standards. Consequently, in assessing the effectiveness of the SM&CR, it is important to understand interactions between firms’ internal processes, and rules and guidance.

Q1: To what extent do you agree or disagree that the SM&CR has made it easier to hold individuals to account?

Q2: To what extent do you agree or disagree that the SM&CR regime has improved safety and soundness and conduct within firms?

Fitness and propriety

3.10 Under the SM&CR, a key mechanism for improving behaviours and outcomes is to ensure that senior managers and certified persons are fit and proper for the roles they undertake. Appointments to these roles therefore need to be considered carefully. To support good conduct, it is essential that firms undertake robust due diligence before making an application to the regulators for an individual to hold an SMF and that the regulators maintain high standards at the point of entry.

3.11 Prior to its introduction, there was a concern the SM&CR might have unintended consequences by discouraging external candidates from applying for senior roles in financial services and that firms might be tempted to put forward candidates with similar characteristics to past candidates to facilitate regulatory approvals. The regulators have countered such attitudes, recognising there is no single ‘right background’ for such appointments. The FCA and PRA have underlined the importance of diversity and inclusion as a means of countering ‘group think’.^{footnote [22]}

Q3: To what extent do you agree or disagree that the fitness and propriety requirements support firms in appointing appropriately qualified individuals to Senior Manager roles?

Q4: Please provide any suggestions that can help ensure that appropriately qualified individuals are not deterred from taking up relevant Senior Manager roles.

Holding individuals to account and incentives

3.12 Firms will generally consider the role of the SM&CR alongside their internal approaches to managing staff, developing workplace culture, and setting appropriate incentives (including remuneration). An approach where regulatory and internal approaches complement each other will tend to promote better outcomes than one seen as a compliance exercise.

Q5: To what extent do you agree or disagree that the SM&CR has made it easier for firms to hold staff to account and take disciplinary action when appropriate against them?

Collective decision-taking

3.13 For firms, the SM&CR exists as part of a broader corporate governance framework, which includes provisions addressing the role of boards and directors. The regulators have sought to apply the SM&CR in ways which are consistent with the principle of collective decision-making by boards and executive committees. Past evaluation work did not identify a tension in this area. The fact that some non-executive directors are senior managers reflects the duties that are inherent in some key positions, such as Chair, Senior Independent Director, or the chairs of key board committees (audit, risk, remuneration and nominations). However, it is important to test this as part of this review.

Q6: To what extent do the specific accountabilities of individual directors established by the Senior Managers Regime work in ways that complement the collective responsibility of the board of directors or decision making committees? Are there ways this could be improved?

Enforcement

3.14 Preventative supervisory engagement is the main form of interaction between firms and regulators; the intensity of this varies according to the risks identified and how these are managed. However, the regulators have enforcement powers in cases where rule breaches occur.

3.15 Under the Duty of Responsibility, the regulators can take action against Senior Managers if they are responsible for the management of any activities in their firm in relation to which their firm contravenes a regulatory requirement, and they do not take such steps as a person in their position could reasonably be expected to take to avoid the contravention occurring (or continuing).^{footnote [23]}

3.16 The Duty of Responsibility exists alongside the Conduct Rules. The regulators may take disciplinary action against relevant individuals (to whom the Rules apply) where they consider conduct falls short of these standards. As noted above, a subset of the Conduct Rules applies only to Senior Managers (or certain other individuals).

3.17 The FCA or the PRA can impose a range of sanctions, which could include any, or all of the following:

• a public censure;
• a financial penalty; and
• a suspension, condition, or limitation in relation to an individual’s approval.

3.18 Where the FCA or the PRA determines that an individual is not fit and proper, they may withdraw their approval for the individual to hold an SMF (for senior managers only) under section 63 of FSMA and/or impose a prohibition order on that individual under section 56 of FSMA.

3.19. While the SM&CR is intended to operate in a preventative manner, the regulators have taken actions to enforce the rules. Feedback would be welcome on the extent to which the possibility of investigation and/or enforcement actions has consequences for the way in which firms undertake remedial action once risks start to crystallise.

Q7: To what extent do you agree or disagree that the prospect of enforcement promotes individual accountability?

Q8: How could our approach to enforcement be enhanced to better support the aims of the SM&CR?

Scope

3.20 The scope of the regime can be seen from two key perspectives: (i) the firms and (ii) the individuals to whom it applies.

Firms

3.21 The SM&CR seeks to improve governance and risk management in financial services firms operating or incorporated in the UK. The SM&CR was implemented in stages and now applies to all firms authorised under FSMA. The Financial Services and Markets Bill, which is currently before Parliament, includes provisions that would allow the government to extend the SM&CR to credit rating agencies, recognised investment exchanges, Central Counterparties, and Central Securities Depositories through secondary legislation. The regime therefore covers firms ranging widely in size, business sector, and geographical extent, although it applies differently to different firms. The regime also applies to numerous branches and subsidiaries of international firms, reflecting the UK’s position as an international financial centre.

Individuals

3.22 The SM&CR is an individual accountability regime. A key question therefore for the regulators is to ensure the right individuals are in scope. The SM&CR applies to individuals in the following ways:

• individuals within a regulated firm: components of the SM&CR apply to all professional staff within a regulated entity (depending on the type of regulated entity). How the regime applies to a particular individual will take account of the extent to which they have influence on decision-making and risk – with the SMR covering a comparatively small number of key senior individuals within a given firm. The Certification Regime, and Regulatory References apply to a wider set of individuals, while the Conduct Rules have broad applicability; and
• individuals at group and parent entities: some regulated entities will be part of a wider corporate group, in which senior individuals with group-wide responsibilities may have a significant influence on decision-making, management or conduct of business in the UK regulated entity. These individuals can also be in scope of the regime to reflect the influence and impact they may have on the UK regulated entity. This includes individuals who are based outside the UK (particularly in the case of internationally headquartered firms).

Q9: To what extent do you agree or disagree that the scope of the SM&CR is appropriate?

Q10: Are there actions the regulators could take in respect of the SM&CR that would help enhance competition or international competitiveness?

Proportionality

3.23 The SM&CR applies to a wide range of firms, with diverse business models and corporate structures, and was not designed to provide a one-size-fits-all approach. The regime embeds various elements of proportionality, which include:

• the SM&CR regime for solo-regulated firms introduced three categories of SM&CR firms – Core, Enhanced and Limited Scope. Some SM&CR rules apply differently to each of these categories, with Limited Scope firms having the fewest requirements, and Enhanced firms have additional requirements to Core firms;
• in addition, there is a reduced list of prescribed responsibilities for smaller deposit-taking firms and insurers; and
• banks, building societies, and insurers are not required under PRA rules to have more than three Senior Managers (Chair, CEO, and CFO).^{footnote [24]}

3.24 Furthermore, most firms that responded to the PRA’s 2020 evaluation felt the SM&CR was sufficiently proportionate to reflect their size and complexity, although the percentage favourably (while a majority in each case) was greater in the case of large firms than medium and smaller sized firms. More recently, respondents to the PRA’s DP on the Strong and Simple Prudential Framework favoured some simplification of the SM&CR, in terms of either minimum requirements, thresholds or processes for approving new individuals.^{footnote [25]}

Q11: To what extent do you agree or disagree that the SM&CR is applied proportionately to firms and individuals?

4. Other improvements to the SM&CR

4.1 In this chapter, we invite stakeholders to provide views on potential improvements to the SM&CR. In doing this, we have provided more granular questions to assist the regulators in identifying potential enhancements.

Senior Managers Regime

Regulatory approvals

4.2 Senior Managers need to be approved for their roles before they start to perform them, but the regulators also have the power to approve a Senior Manager subject to conditions, or for a limited time only. For example, time-limited approval may apply where a firm needs to appoint a candidate on an interim basis while seeking a permanent candidate for a particular function.

4.3 As set out in regulation, firms must provide the regulators with certain information on SMF applicants by completing the relevant application forms. In some cases, for example in higher-impact firms, or where supervisors wish to explore issues further, the regulators may ask to interview the candidate. Overall, the regulators must be satisfied that the applicant has the appropriate qualifications, training and competence, and personal characteristics needed to perform their function effectively and support sound management of the firm. There are various ways in which these skills and attributes can be demonstrated. While it is not the only route, previous professional experience in financial services in a similar role is often highly relevant, whether gained within the UK or internationally. Moreover, in assessing applications regulators consider where applicants have prior experience of working within a corporate or regulatory environment that already sets high standards of individual accountability (see Appendix).

4.4 There is a three-month statutory deadline within which the regulators must reach a SMF application determination.^{footnote [26]}

4.5 The regulators recognise that concerns have been raised by firms over delays in the Senior Manager approval process. These delays were mainly due to a large increase in applications following the extension of the SM&CR to all solo-regulated firms. Both the FCA and the PRA have already taken action to address these delays, and such work will continue while this review is underway. This includes increasing capacity and capability within their authorisations functions, transforming the application experience, system improvements and improved communications and engagement with firms.^{footnote [27]} While these changes have taken time to have full effect, there have been significant improvements and reductions in delays already both at the FCA and the PRA with a substantial reduction in the number of total open applications and those over three months. The FCA and PRA are monitoring this progress closely, and will continue to look for opportunities to streamline the authorisation processes, subject always to retaining confidence that this results in the correct decision and does not create risks to the safety and soundness of firms, consumer protection and the integrity of the financial system.

4.6 The regulators remain open to suggestions on what further changes and improvements could be made to achieve further efficiencies, both in terms of processes and rules, while ensuring the process remains robust and fit for purpose.

Q12: How could the process for SMF approvals be further improved?

Criminal records checks

4.7 Firms and candidates for SMFs need to undertake a criminal record check as part of the Senior Manager as part of the process for assessing fitness and propriety (to the maximum extent allowed by law). This is also required for non-executive directors that do not hold SMFs. Criminal records checks are not mandatory for Certification Functions, but firms may choose to conduct them as part of their fitness and propriety checks. The regulators invite views on how this process can be improved.

Q13: To what extent to do you agree that the process for obtaining criminal records and notifying these to the regulators is effective in supporting the aims of the SM&CR?

The 12-week rule

4.8 When a Senior Manager leaves an SMF role, the individual replacing them in performing that role must be approved by the regulators to perform the role. In the meantime, any Prescribed Responsibilities the previous Senior Manager held must be allocated to a different (appropriate) Senior Manager. The SM&CR gives some flexibility on this and allows someone to cover for a Senior Manager without being approved, where the absence is temporary or reasonably unforeseen, and the appointment is for less than 12 consecutive weeks. The regulators invite views and suggestions on how the 12-week rule can be improved.

Q14: To what extent do you agree or disagree that the 12-week rule sufficiently helps firms to manage changes in SMFs?

Senior Management Functions and Responsibilities

4.9 The SMFs applicable vary according to firm type. For solo-regulated firms, for example, there are 17 SMFs that apply to Enhanced firms, six that apply to Core SM&CR firms, and three that apply to Limited Scope SM&CR firms.

4.10 The FCA has an ‘Overall Responsibility’ requirement. This applies to a firm’s regulated and unregulated financial services activities and ensures that a Senior Manager has ultimate responsibility for managing or supervising every function within the firm relating to those activities. They must also report to the governing body about their area of responsibility; and send relevant matters about their area of responsibility to the governing body for decision.

4.11 A key objective of the SM&CR is that firms and individuals have a clear view of their responsibilities and discharge them appropriately. Every Senior Manager has a Duty of Responsibility under FSMA (2000). This means that if a firm breaches a requirement, the Senior Manager responsible for that area can be held accountable if they did not take reasonable steps to prevent the breach or stop it continuing.

4.12 Clarity of responsibilities within a firm is essential to the efficient working of the SMR. Statements of Responsibilities, and Management Responsibilities Maps^{footnote [28]} were designed to underpin this outcome. We would therefore welcome views on how their design, function and frequency of submission are operationally effective and proportionate.

4.13 PRs are allocated to Senior Managers to ensure oversight of key responsibilities across the firm by suitably senior individuals. Giving a Senior Manager a PR does not require reapproval by either the FCA or PRA. However, when a firm reallocates a PR between Senior Managers, the relevant SoRs must be updated to reflect these changes and submitted to the regulator. Enhanced solo-regulated SM&CR firms, have more PRs than Core SM&CR firms, and no PRs apply to Limited Scope firms.

4.14 In addition to the SMFs and PRs, the regulators have periodically set expectations or provided guidance that firms should assign oversight of specific risks to a Senior Manager. This has been used, for example, to ensure that appropriate attention is given to new and emerging risks.

Q15: To what extent do you agree or disagree that the regulators have in place:

a. an appropriate set of Senior Management Functions to achieve the aims of the SM&CR?

b. an appropriate set of Prescribed Responsibilities to achieve the aims of the SM&CR?

Q16: To what extent does the Duty of Responsibility support:

a. personal accountability?

b. better conduct of Senior Managers?

Q17: To what extent do you agree or disagree that Statements of Responsibilities and Management Responsibilities Maps help to support individual accountability?

Certification Regime

4.15 The Certification Regime covers specific functions at firm that are not SMFs and whose activities could have a material impact on risks to customers and the risk profile of the firm.^{footnote [29]} The regulators do not approve individuals appointed to such roles, but firms need to check and confirm (certify) at least once a year that these people are suitable to do their job. If a role meets the definition of a Certification Function, a firm needs to make sure that anyone doing that role has been certified, and issue them with a certificate.

Q18: To what extent do you agree or disagree that the Certification Regime is effective in ensuring that individuals within the regime are fit and proper for their roles?

Topics applicable to SMR and Certification Regime

Directory of certified and assessed persons

4.16 The FCA maintains a directory of certified persons, non-executive directors who are not Senior Managers, and others on the Financial Services Register. This allows consumers and professionals to check the details of key individuals working in financial services. Firms have an obligation to keep these details up to date. They must report within seven business days when an individual begins to undertake a relevant role, when their circumstances change or when they cease to perform a relevant role. If no changes are made, firms must confirm at least annually that information on these individuals remains correct.

Q19: Regarding the Directory of Certified and Assessed Persons, to what extent do you agree or disagree that:

a. it captures the appropriate types of individuals?

b. the requirements for keeping it up to date are appropriate?

Regulatory references

4.17 Firms are required to request a reference from all previous employers in the past six years for people applying for Senior Manager, Certification and as non-executive directors who are not Senior Managers. Firms are also required to provide such regulatory references on an individual involved with the firm upon request from a new potential employer of the individual. This includes details of any disciplinary action taken due to breaches of the Conduct Rules, any findings that the person was not fit and proper, and any other information relevant to assessing whether a candidate is fit and proper. The rules require firms to retain records of conduct rule breaches that have led to disciplinary action and negative fit and proper findings going back six years, and they need to update regulatory references where new, significant information comes to light.

Q20: To what extent do you agree or disagree that regulatory references help firms make better-informed decisions about the fitness and propriety of relevant candidates?

Conduct Rules

4.18 The Conduct Rules are described in Chapter 2. In addition, firms are required to notify the regulators when disciplinary action has been taken against a person for a Conduct Rules breach. For Senior Managers, firms are required to submit the notification within seven business days of concluding disciplinary action. For other individuals, firms are required to report on this annually.

Q21: To what extent do you agree or disagree that the Conduct Rules are effective in promoting good conduct across all levels of the firm?

Other issues

4.19 The questions set out above aim to cover the key aspects of the SM&CR and invite views on areas of potential change.

Q22: Are there other areas, not already covered in the question above, where you consider changes could be made to improve the SM&CR regime?

5. Questions

Q1: To what extent do you agree or disagree that the SM&CR has made it easier to hold individuals to account?

Q2: To what extent do you agree or disagree that the SM&CR regime has improved safety and soundness and conduct within firms?

Q3: To what extent do you agree or disagree that the fitness and propriety requirements support firms in appointing appropriately qualified individuals to Senior Manager roles?

Q4: Please provide any suggestions that can help ensure that appropriately qualified individuals are not deterred from taking up relevant Senior Manager roles.

Q5: To what extent do you agree or disagree that the SM&CR has made it easier for firms to hold staff to account and take disciplinary action when appropriate against them?

Q6: To what extent do the specific accountabilities of individual directors established by the Senior Managers Regime work in ways that complement the collective responsibility of the board of directors or decision making committees? Are there ways this could be improved?

Q7: To what extent do you agree or disagree that the prospect of enforcement promotes individual accountability?

Q8: How could our approach to enforcement be enhanced to better support the aims of the SM&CR?

Q9: To what extent do you agree or disagree that the scope of the SM&CR is appropriate?

Q10: Are there actions the regulators could take in respect of the SM&CR that would help enhance competition or international competitiveness?

Q11: To what extent do you agree or disagree that the SM&CR is applied proportionately to firms and individuals?

Q12: How could the process for SMF approvals be further improved?

Q13: To what extent to do you agree that the process for obtaining criminal records and notifying these to the regulators is effective in supporting the aims of the SM&CR?

Q14: To what extent do you agree or disagree that the 12-week rule sufficiently helps firms to manage changes in SMFs?

Q15: To what extent do you agree or disagree that the regulators have in place

a. an appropriate set of Senior Management Functions to achieve the aims of the SM&CR?

b. an appropriate set of Prescribed Responsibilities to achieve the aims of the SM&CR?

Q16: To what extent does the Duty of Responsibility support:

a. personal accountability?

b. better conduct of Senior Managers?

Q17: To what extent do you agree or disagree that Statements of Responsibilities and Management Responsibilities Maps help to support individual accountability?

Q18: To what extent do you agree or disagree that the Certification Regime is effective in ensuring that individuals within the regime are fit and proper for their roles?

Q19: Regarding the Directory of Certified and Assessed Persons, to what extent do you agree or disagree that:

a. it captures the appropriate types of individuals?

b. the requirements for keeping it up to date are appropriate?

Q20: To what extent do you agree or disagree that regulatory references help firms make better-informed decisions about the fitness and propriety of relevant candidates?

Q21: To what extent do you agree or disagree that the Conduct Rules are effective in promoting good conduct across all levels of the firm?

Q22: Are there other areas, not already covered in the question above, where you consider changes could be made to improve the SM&CR regime?