www.pwc.co.uk/fsrr July 2018 Stand out for the right reasons Financial Services Risk and Regulation Hot Topic SM&CR for insurers: The regulators release near-final rules Highlights The PRA and FCA have confirmed nearfinal SM&CR rules for insurers. These rules largely implement the proposals in previous consultations. The FCA is also consulting on a new public register to include a wider population of individuals. The PRA and FCA have confirmed that they intend to implement the Senior Managers & Certification Regime (SM&CR) broadly using the rules set out in their previous consultations. The regulators have published near-final rules, feedback on their earlier consultations and a guide for insurers to the new regime, which is effective from 10 December 2018. The PRA intends to implement SM&CR as an extension of the Senior Insurance Managers Regime (SIMR). It issued PS15/18: Strengthening individual accountability in insurance: Extension of the Senior Managers and Certification Regime to insurers (the PRA Policy Statement) on 4 July 2018, which contains final rules and feedback to previous consultations CP14/17 and CP28/17. The FCA plans to introduce SM&CR as a replacement for the Approved Persons Regime (APR) for insurers. On 4 July, it published PS18/15: Extending the Senior Managers & Certification Regime to insurers Feedback to CP17/26 and CP17/41 and near-final rules and PS18/16: Final Guidance: the Duty of Responsibility for insurers and FCA solo-regulated firms (the FCA Policy Statements). The FCA also released The Senior Managers and Certification Regime: Guide for insurers (the Guide). Finally, the FCA published CP18/19: Introducing the Directory, in which it proposes to create a new public register (the Directory). The FCA intends for the Directory to include information on a wider population of individuals than are currently included on its Register, including employees of financial services firms that are not subject to regulatory approval. In this Hot Topic, we describe the main changes between SM&CR and the existing rules in SIMR and APR, discuss the potential impact for insurers and outline steps firms should be taking to prepare for implementation.
Confirmation of near-final rules for insurers The PRA and FCA intend to implement SM&CR for insurers using the rules that they consulted on during 2017. Many of the concepts will be familiar to insurers from the existing SIMR and APR, including Senior Management Functions (SMFs), Prescribed Responsibilities (PRs) and management responsibilities maps (previously governance maps ). However, SM&CR introduces a number of new elements that insurers must prepare for. We set out below the most significant changes that will apply under the new regime. Duty of responsibility The most significant change for individuals currently approved under SIMR or APR will be the introduction of a duty of responsibility. This concept already applies to Senior Managers in the banking sector, and has been extended to insurers by HM Treasury. The duty of responsibility will allow the PRA and FCA to hold one or more Senior Managers accountable, and potentially take disciplinary action against them, where: The individual was a Senior Manager in an authorised firm; The firm has breached a regulatory requirement; The Senior Manager was, at the time, responsible for the firm s activities relating to the breach; The Senior Manager did not take reasonable steps to stop the breach from occurring or continuing. Certification Regime In addition to Senior Managers, insurers will need to identify those employees performing Certification Functions within their organisations. These are individuals whose roles involve a risk of significant harm to the insurer or its customers, and who are not otherwise Senior Managers or non-executive directors. The regulators have separately defined which roles constitute Certification Functions. The PRA definition includes Key Function Holders (KFHs), Material Risk Takers (MRTs) and anyone that supervises an MRT. The FCA definition comprises significant management functions; functions subject to qualification requirements; MRTs; client dealing functions; proprietary or algorithmic trading functions; the CASS oversight function and anyone that supervises a certified employee. Certified employees are not subject to regulatory approval. However, insurers will be responsible for certifying that they are fit and proper to perform their roles. They must then reassess their fitness and propriety on an annual basis. While insurers must identify their certified employees ahead of the commencement date of SM&CR, they will have up to 12 months after this date to complete the initial certification process. Conduct Rules The regulators will extend the scope of their respective Conduct Rules to a wider population of employees: The FCA will extend the scope of its five Individual Conduct Rules to cover all employees of an insurer (excluding ancillary staff). The PRA will require certified employees to observe its three Individual Conduct Standards. Both regulators will require non-executive directors to observe their respective individual conduct rules, as well as selected Senior Manager Conduct Rules. The new rules also require insurers to report to the regulators on any disciplinary action that they take against employees or directors in relation to breaches of Conduct Rules. Forms The FCA s Policy Statement includes a number of new and revised forms to be used in relation to SM&CR. These forms will be available from September, and should be used for approval requests where the candidate s proposed date of appointment is after the commencement date of the new regime. Insurers are required to submit a Form K to the FCA to request conversion of their existing Approved Persons to new SMFs. This form must be submitted no later than one week before the implementation of the new regime. Diversity Insurers are also reminded that, since 9 April 2018, the PRA has required them to have in place a policy promoting diversity on the governing body. Firms must also ensure that they consider a broad range of qualities and competences when recruiting for such roles. These requirements should be taken into account by firms when identifying their senior managers. Other changes The PRA will introduce two new roles not currently found in SIMR: the Chief Operations Function (SMF24) and Head of Key Business Function (SMF6). It will introduce a new Prescribed Responsibility (PR) for outsourced operations. The PRA has also amended the rules for designated large firms, such that an individual may not hold both the Chair (SMF9) and CEO (SMF1) roles, and an executive of a parent entity may not hold one of the firm s non-executive oversight roles. 2 Hot Topic Financial Services Risk and Regulation
The FCA will replace its existing Controlled Function roles with Senior Management Functions. The specified roles include Executive Directors (SMF3), the Compliance Oversight function (SMF16) and the Chairs of the Nominations and With-Profits Committees (SMF13 and SMF15 respectively). The FCA will also introduce new PRs to ensure Senior Manager accountability for key conduct risks. The Guide The Guide provides an overview of the new regime for insurers. It includes information on how SM&CR will apply to different types of firms, including UK branches of foreign firms. It also covers the process firms will need to follow when converting existing FCA approvals into SMFs, and guidance on which forms will be required. In addition, the FCA has provided an SM&CR readiness checklist that should help firms identify gaps in their preparation. Proposed new financial services directory In CP18/19, the FCA outlines its proposal to create a new financial services public register (the Directory). The Directory is intended to serve as a single source of information on Senior Managers, certified employees and individuals performing a wide range of other financial services roles (including those who the FCA does not currently approve such as financial advisers, traders and portfolio managers). Firms will be expected to provide timely and accurate information about relevant individuals to the regulators so that the Directory can be kept up-todate. Such information will include details of an individual s current and historic roles, workplace location and the type of business they are qualified to undertake. Feedback to the consultation on the Directory should be submitted to the FCA by 5 October 2018. The FCA intends to publish its final rules on the Directory during the winter. Impact on firms Helping staff adapt to greater accountability The duty of responsibility imposes a far greater level of accountability on Senior Managers than before. Firms should ensure that their Senior Managers are sufficiently aware of this, and of the implications of being found responsible for a regulatory breach. For those individuals affected, the matter of what constitutes reasonable steps is important. Senior Managers may wish to review their responsibilities (including any allocated PRs) to ensure they fully understand what is encompassed, and consider whether they have access to the resources and information necessary to discharge their duties appropriately. In addition, insurers will need to consider whether their internal governance processes allow Senior Managers to demonstrate and evidence that they have exercised a suitable duty of care and oversight in taking the decisions that affect regulatory activities. Getting the process right: who needs to be certified? The Certification Regime will expand the population of fit and proper roles within a firm. Insurers will need to begin identifying these individuals at an early stage to ensure they have adequate time to gather the necessary information. The need to certify these individuals annually may constitute a significant administrative exercise for some firms. It will therefore be necessary to clearly identify who in the organisation is responsible for this process, and will likely require closer collaboration between Compliance, HR and other functions to properly embed it into business as usual. Firms will also need to consider that their certified employees may not be as familiar with regulatory focus as existing Senior Managers or Approved Persons. The personal impact on these individuals of having their fitness and propriety assessed, or having their details published on a public registry, should not be underestimated. Meeting staff training needs on individual conduct rules Insurers will need to ensure that their staff and directors are aware of the Conduct Rules that apply to them, and provide for appropriate training in the application of the Rules. Transitioning to the new regime For individuals currently approved by the FCA, the process of transitioning to new SMFs is not automatic. Firms will need to submit a conversion notification (Form K) to the FCA by 3 December at the latest. Insurers must identify their certified employees ahead of the implementation date. While they have up to 12 months after this to complete the initial certification process, firms must be in a position to assess the fitness and propriety of all new employees who take on a Certification Function after 10 December. The steps firms should be taking It is important that insurers begin planning for SM&CR now, to ensure they have enough time to implement it in their businesses. SM&CR will capture a broader range of individuals than the current rules. The potential impact on staff training and recruitment processes, as well as record keeping, should not be underestimated. To support a successful implementation, involvement of senior stakeholders is recommended to set the tone, and to coordinate activities across the various areas of the business that will be affected. 3 Hot Topic Financial Services Risk and Regulation
Despite this, firms should not view SM&CR solely as a compliance exercise. Its implementation brings with it the chance to review and optimise governance arrangements, building on the previous experience of SIMR. Potential benefits include improved clarity of ownership and accountability, streamlined decisionmaking, and the opportunity to refine, redefine or reinforce culture throughout the organisation. The impact on branches and smaller firms There are certain groups of firms for whom SM&CR may not be familiar. For example, branches of EEA insurers currently taking advantage of passporting to operate in the UK will not previously have been subject to SIMR. Where firms anticipate converting to a third country branch or establishing a UK subsidiary as part of their Brexit plans, the new entity will be subject to SM&CR. Appendix 1 provides more information on the application of SM&CR to different types of insurer, including EEA branches, third country branches, small non-directive firms and insurance special purpose vehicles. 4 Hot Topic Financial Services Risk and Regulation
Stand out for the right reasons Financial services risk and regulation is an opportunity At PwC we work with you to embrace change in a way that delivers value to your customers, and long-term growth and profits for your business. With our help, you won't just avoid potential problems, you'll also get ahead. We support you in four key areas. By alerting you to financial and regulatory risks we help you to understand the position you're in and how to comply with regulations. You can then turn risk and regulation to your advantage. We help you to prepare for issues such as technical difficulties, operational failure or cyber attacks. By working with you to develop the systems and processes that protect your business you can become more resilient, reliable and effective. Adapting your business to achieve cultural change is right for your customers and your people. By equipping you with the insights and tools you need, we will help transform your business and turn uncertainty into opportunity. Even the best processes or products sometimes fail. We help repair any damage swiftly to build even greater levels of trust and confidence. Working with PwC brings a clearer understanding of where you are and where you want to be. Together, we can develop transparent and compelling business strategies for customers, regulators, employees and stakeholders. By adding our skills, experience and expertise to yours, your business can stand out for the right reasons. For more information on how we can help you to stand out visit www.pwc.co.uk. 7 Hot Topic Financial Services Risk and Regulation