Transcription
The Senior Managers and Certification Regime:Guide for insurersFebruary 2019
IntroductionSM&CR Insurers typeTerms usedOverviewFinancial Conduct AuthorityThe Senior Managers and Certification Regime: Guide for insurersHow to navigate this documentreturns you tothe contents listtakes you to theprevious pagetakes you tothe next pageprints documentWhen you see this iconThings to considerContents1Introduction4How this guide will help you. 4Who the guide is for. 4Context. 5What this guide covers. 6Next steps and implementation dates. 62Overview of the regime7Summary of the SM&CR tools. 8SM&CR readiness checklist. 93Terms used in this guideHow the SM&CR will apply to the different types of insurers?11134The Senior Managers Regime: overview for all firms14Senior Management Functions (SMFs).14Statements of Responsibilities (SoRs).16The Duty of Responsibility.16Fit and proper requirements.17Impact on firm governance and structure.17Holding more than one SMF .17Overseas Senior Managers.17Other SMR considerations.18Prescribed Responsibilities (PRs).19Extra requirements for Solvency II and large NDFs only.205How the Senior Managers Regime applies to Solvency II firms & large NDFs23Things to consider.23Solvency II firms and large NDFs SMFs.23PRs for Solvency II firms and large NDFs.25Extra requirements that only apply to Solvency II firms and large NDFs.276How the Senior Managers Regime applies to small NDFs, small run-off firms and ISPVs28Things to consider.28Small NDFs .28Small run-off firms.30PRs for small run-off firms.31ISPVs.312
IntroductionSM&CR Insurers typeTerms usedOverviewFinancial Conduct AuthorityThe Senior Managers and Certification Regime: Guide for insurers7Certification Regime33Overview.33Certification Functions.348Fit and Proper requirements - all insurers38Introduction.38The Fit & Proper test .38Evidence requirements.39Criminal records checks for Senior Managers.39Regulatory references for Senior Managers and Certified persons.39Summary of fitness and propriety requirements .409Conduct Rules42Overview.42Things to consider.42Two tiers of the Conduct Rules.42Activities the Conduct Rules apply to.43Who the Conduct Rules apply to .43Training requirements.44Conduct Rule breach reporting requirements.4410 How the Senior Managers Regime applies to UK branches of foreign firms46Things to consider.46Senior Managers Regime in EEA branches.46SMR in third country branches.47Annex 1Abbreviations in this document.513
IntroductionSM&CR Insurers typeTerms usedOverviewFinancial Conduct AuthorityThe Senior Managers and Certification Regime: Guide for insurersSection 11IntroductionHow this guide will help youThis guide is a summary of the FCA’s rules and guidance on the Senior Managers &Certification Regime (SM&CR). It gives an overview of how the SM&CR works and howwe will move firms and individuals from the existing Approved Persons Regime (APR) tothe new SM&CR.The guide brings together what we consulted on in Consultation Paper (CP) 17/26and CP17/41 with the changes that we made in response to feedback, as set out inPS18/15.It isn’t a substitute for reading the relevant Handbook requirements, but we haveprovided cross-references to where you can find further information whereverpossible.There are also questions and things for you to consider when applying the SM&CR.These shouldn’t be treated as a tick box exercise and we expect you to consider howapplying these requirements in your firm will support the aims of the SM&CR.If there are differences between this guide and our Handbook rules and guidance, therules and guidance take precedence. References in this Guide to rules and guidance inour Handbook are based on the near-final rules published in PS18/15.Who the guide is forThe SM&CR will apply to all insurers and reinsurers regulated by the FCA and the PRA. Itwill specifically apply to: Solvency II firms: (all firms in scope of the UK rules implementing the Solvency IIDirective). This includes the Society of Lloyd’s, managing agents, incoming branchesof non-UK firms and Insurance Special Purpose Vehicles (ISPVs) Non-Directive firms (NDFs): All insurers outside the scope of the Solvency IIDirective (referred to in this Guide as Non-Directive firms or NDFs). A small NDFis a firm where the value of assets for all the regulated activities it carries out is 25,000,000 or less. NDFs over this threshold qualify as large NDFs Small run-off firms: All insurers with less than 25,000,000 in technical provisionsthat no longer have permission to write or acquire new business. This category alsoincludes firms are not treated as Solvency II firms because they have had the ruleswhich implement the Solvency II Directive dis-applied to them (Rule 2 of the PRA’sRulebook ‘Solvency II firms: Transitional Measures’). References to run-off firms inthis guide include transitional firms4
IntroductionSM&CR Insurers typeTerms usedOverviewFinancial Conduct AuthorityThe Senior Managers and Certification Regime: Guide for insurersSection 1The SM&CR won’t apply to Appointed Representatives. They will continue to besubject to the Approved Persons Regime.ContextThe SM&CR introduces changes to how we regulate people working in financialservices. It will replace the revised APR. Appointed Representatives (that are not alsoFSMA firms) are an exception and will remain subject to the APR.The SM&CR aims to reduce harm to consumers and strengthen market integrity, bycreating a system that enables firms and regulators to hold people to account. As partof this, the SM&CR aims to: encourage staff to take personal responsibility for their actions improve conduct at all levels make sure firms and staff clearly understand and can show who does whatIn March 2016, we replaced the APR with the SM&CR for banking firms. The originallegislation didn’t cover insurers. However, considering the risks that such firms pose,and as part of implementing the EU Solvency II Directive’s guidance on systemsof governance, the Prudential Regulation Authority (PRA) introduced the SeniorInsurance Managers Regime (SIMR). We revised APR to complement the PRA’sproposals.SIMR and the APR revisions came into force on 7 March 2016. In May 2016, the Bank ofEngland and Financial Services Act 2016 made changes to FSMA that required us toextend the SM&CR to all firms authorised to provide financial services under FSMA.FSMAFSMA is the Financial Services and Markets Act 2000, which is an Act of the Parliamentof the United Kingdom.From 10 December 2018, the revised APR will be replaced by the SM&CR for insurers.The SM&CR consists of 3 parts, which apply on a legal entity basis: the Senior Managers Regime (SMR), which focuses on individuals who hold key rolesor have overall responsibilities for whole areas of relevant firms the Certification Regime, which applies to other staff who could pose a risk ofsignificant harm to the firm or any of its customers the Conduct Rules, which are high level requirements that hold individuals to account5
IntroductionSM&CR Insurers typeTerms usedOverviewFinancial Conduct AuthorityThe Senior Managers and Certification Regime: Guide for insurersSection 1What this guide coversThis guide explains: the different types of insurers under the SM&CR the Senior Managers Regime, including Senior Management Functions, PrescribedResponsibilities, and what firms and Senior Managers need to do how the Senior Managers Regime applies to different types of insurers the Certification Regime, fitness and propriety, and Conduct RulesNext steps and implementation datesFirms affected by these changes will move to the new regime from 10 December 2018.There are also 2 transitional provisions to help firms move to the new regime: firms will have to identify their Certification Staff ahead of 10 December, but have 12months from the Commencement date to complete the initial certification process(read Section 7 for information on the Certification Regime) Senior Managers and Certification Staff will need to have been identified and trainedon the Conduct Rules ahead of 10 December and abide by these from this date.Firms will have 12 months to train their other staff on the Conduct Rules (readSection 9 for information on the Conduct Rules)Figure 1: Summary of transitional arrangementsTransitional PeriodOne year postcommencement2019Commencement day2018Conduct Rules apply toSMFs and Certi ed Sta Train all other Conduct Rules sta Identify existingCerti ed Sta Assess Existing Certi cation Sta Conduct Rules applyto all sta Ongoing requirement to train new sta in the Conduct RulesOngoing requirement to recertify Certi edSta as t and proper at least annuallyInitial Certi cationassessmentscompletedIdentify new in-periodCerti ed Sta Assess Certi edSta hired duringtransition periodDownload diagram6
IntroductionSM&CR Insurers typeTerms usedOverviewFinancial Conduct AuthorityThe Senior Managers and Certification Regime: Guide for insurersSection 22Overview of the regimeTo help you understand our rules, we’ve provided: a diagram showing the key elements of the regime for all firms (see below) a summary of the SM&CR tools an SM&CR readiness checklistSenior Managers RegimeSenior ManagerConduct RulesThe most senior people in rms. Anyone who performs a Senior Management Function needs to be approved by us.Senior ManagementFunctionsStatements ofResponsibilitiesDuty ofResponsibilityCriminal RecordsChecksPrescribed Responsibilities(EEA Branches don’t needto do this)Extra requirements that only Solvency II rms & large NDFs need to meet.IndividualConduct RulesAdditional SeniorManagement lityFit and ProperRequirements- includingRegulatoryReferencesCerti cation RegimePeople who aren’t Senior Manager but whose job can cause signi cant harm to the rm or its customers. We don’t approve these people, but rms need to checkand con rm that these people are suitable to do their job at least once a year.Other Sta subject to the Conduct RulesAll sta who perform nancial services roles. This does not include ancillary sta (for example caterers, cleaners and security sta ).Note: Conduct Rules, Fit and Proper Requirements and Regulatory Reference will also apply to all Non-Executive Directors, even if they aren’t a Senior Manager.Download diagram7
IntroductionSM&CR Insurers typeTerms usedOverviewFinancial Conduct AuthorityThe Senior Managers and Certification Regime: Guide for insurersSection 2Summary of the SM&CR toolsTable 1: Summary of the SM&CR toolsToolsSeniorManagementFunctions1 (FCAonly)Solvency II &Large NDFsSMF 3 - ExecutiveDirector FunctionSMF 13 - Chair ofthe NominationCommitteeFunctionSMF 15 - Chair ofthe With-ProfitsCommitteeFunctionSMF 16 ComplianceOversight FunctionSmall NDFs &Small Run – offfirmsSMF3 - ExecutiveDirector FunctionSMF16 ComplianceOversightFunctionSMF17 - MoneyLaunderingReportingFunctionEEABranchesSMF21 EEA BranchSeniorManagerSMF17- MoneyLaunderingReportingFunctionSMF 27 - PartnerFunctionNon-EEABranchesSMF3 ExecutiveDirectorFunctionSMF 15 Chair of theWith-ProfitsCommitteeFunctionISPVsSMF3 ExecutiveDirectorFunctionSMF16 ComplianceOversightFunctionSMF16 ComplianceOversightFunctionSMF17- MoneyLaunderingReportingFunctionSMF 17 - MoneyLaunderingReporting FunctionSMF 18 Other OverallResponsibilityFunctionSMF22 Other LocalResponsibilityFunctionSMF 23b - ConductRisk Oversight(Lloyd’s) FunctionSMF 27 - PartnerFunctionDuty ofResponsibilityApplies to all firmsPrescribedResponsibilities19 in total, 3 FCAonlyStatements ofResponsibilitiesApplies to all Responsibility182N/A16 in total, 3FCA only5 in total, 2FCA only373373777737737CertificationRegimeApplies to all firmsConduct RulesRelevant to all firmsFit and Proper9 in total, 3 FCAonlyApplies to all firmsNote that these functions only apply where the firm already has someone fulfilling the role or if it is a required function for the firmtypeNote this includes the person(s) responsible for the with-profits advisory arrangement where relevant
IntroductionSM&CR Insurers typeTerms usedOverviewFinancial Conduct AuthorityThe Senior Managers and Certification Regime: Guide for insurersSection 2SM&CR readiness checklistThe checklist below isn’t exhaustive, but highlights some key questions that firms maywant to think about when preparing for the new regime.The SM&CR key questionsThe SMR & Prescribed Responsibilities (Section 4, The Senior Managers Regime: overviewfor all firms)All firmsIs my firm a Solvency II firm, large NDF, small NDF, small run-off firm or ISPV?Have I identified all the entities in the group that are caught by the regime?Do I know who will be a Senior Manager at my firm?Do I understand the implications of the SM&CR being set up at legal entity level? Does this mean I needto reassess who the Senior Managers will be at my firm?Do I need to change any existing approvals, or add new ones, ahead of conversion? Do I understand whatI need to do, and which forms are required, to amend these where appropriate?Do I know which of my current Approved Persons will no longer be approved (ie which APR approvals willlapse)?Do I know the Senior Managers responsible and accountable for the firm’s key activities?Does each of my firm’s Senior Managers have a Statement of Responsibilities (SoR)?Have all of the Prescribed Responsibilities (PRs) applicable to my firm been allocated to the relevantSenior Manager and clearly included in their SoR?Do you know which of your Senior Managers is accountable for your outsourced functions?Extra elements for Solvency II firms and large NDFs (Section 4, Extra requirements forSolvency II and large NDFs)Which additional Senior Management Functions do I need to allocate?Has the firm prepared and submitted the following documents to the FCA by the deadline? A Management Responsibilities Map Statements of Responsibilities for each of the firm’s Senior Managers A Form K, notifying the FCA of which currently approved individuals need to be converted to a mappedSenior Management Function.Do I know how to submit these documents?Am I aware of the implications if my firm missed the deadline?Has every activity, business area and management function been allocated to a Senior Manager underthe Overall Responsibility requirement?Have the additional PRs for Solvency II firms and large NDFs been assigned to appropriate SeniorManagers?Does my firm have appropriate Handover Procedures in place?The Certification Regime and Fitness and Propriety Checks (Sections 7 and 8)Do I know which of the Certification Functions apply to my firm?Can I identify the individuals within my firm that need to be certified on an annual basis?How might the annual fitness and propriety checks for Certification staff and Senior Managers fit into myfirm’s existing HR processes?Regulatory References and Criminal Records Checks (Section 8, Regulatory references forSenior Managers and Certified persons)How do the new Criminal Records Checks and Regulatory Reference Requirements fit into my firm’srecruitment processes?Does my firm have in place the appropriate processes to obtain Criminal Records Checks for new SeniorManagers? Eg is my firm registered with the Disclosure and Barring Service?9
IntroductionSM&CR Insurers typeTerms usedOverviewFinancial Conduct AuthorityThe Senior Managers and Certification Regime: Guide for insurersSection 2Conduct Rules (Section 9)Can I identify my firm’s ancillary staff (ie those to whom the Conduct Rules do not apply)?Have I identified all ‘other conduct rules staff’ (all other employees, except for ancillary staff)?Do I understand the Conduct Rules training and notification/reporting requirements for Senior Managersand all other staff?10
IntroductionSM&CR Insurers typeTerms usedOverviewFinancial Conduct AuthorityThe Senior Managers and Certification Regime: Guide for insurersSection 33Terms used in this guideTermAncillary staffCertification FunctionCertification RegimeCriminal recordschecksDuty of ResponsibilityEmployeeFit and properrequirementsHandover proceduresIndividual ConductRulesOther OverallResponsibility FunctionOverall ResponsibilityPrescribedResponsibilities (PRs)Regulatory referencesResponsibilities MapsSenior ManagementFunctions (SMFs)DescriptionEmployees who aren’t covered by the Conduct Rules, such as cleaners,receptionists, catering staff and security staff.A function performed by employees who are not Senior Managers butwho could pose a risk of significant harm to the firm or its customers. TheCertification Functions are defined in our Handbook, but we don’t approvethese people.This describes the overarching regime that covers Significant Harm Functions.A requirement for firms to conduct criminal records checks for SeniorManagers and NEDs (where a fitness requirement applies) as part of checkingthat they are fit and proper.Every Senior Manager will have a Duty of Responsibility as a result of FSMA.This means that if a firm breaches one of our requirements, the SeniorManager responsible for that area could be held accountable if they didn’t takereasonable steps to prevent or stop the breach.‘Employee’ is defined in FSMA 63E as a person who:personally provides, or is under an obligation personally to provide, servicesto A under an arrangement made between A and the person providing theservices or another person, andb) is subject to (or to the right of) supervision, direction or control by A as to themanner in which those services are provided.Firms must make sure all Senior Managers and people performing CertificationFunctions (ie people under the Certification Regime) are fit and proper toperform their role. This must be done on appointment and at least once a year.A firm must take all reasonable steps to make sure a new Senior Manager hasthe information/materials they need to do their job.These are basic standards of behaviour that apply to all individuals performingfinancial services activities in firms. The Individual Conduct Rules thereforeapply to Senior Managers, Certified staff and all other staff, excluding ancillarystaff. Firms need to train their staff on the conduct rules and how they applyto them. Firms will need to report breaches of Conduct Rules resulting indisciplinary action to us every year.An SMF that applies where a senior executive is the most senior personresponsible for an area of the firm’s business, but they don’t perform any otherSMF.A requirement for every area, activity and management function of the firm tohave a Senior Manager with Overall Responsibility for it. This should be limitedto regulated and unregulated financial services activities only.FCA-defined responsibilities that must be allocated to an appropriate SeniorManager.Information that firms need to share with each other when an employee ordirector moves from one firm to another (candidates for Senior ManagerFunctions, NEDs and Certification Functions).A document setting out a firm’s governance and management arrangements,and how responsibilities are allocated to individuals within the firm.The roles where the people doing them need to be approved by the FCA.These are defined in our Handbook.11
IntroductionSM&CR Insurers typeTerms usedOverviewFinancial Conduct AuthorityThe Senior Managers and Certification Regime: Guide for insurersSection 3Senior ManagerConduct RulesSenior ManagersThe Senior ManagersRegime (SMR)Statement ofResponsibilities(SoRs)12These are additional Conduct Rules that apply to all Senior Managers. Firmsneed to train Senior Managers so they understand what the Conduct Rules areand how they apply to them.Firms will need to report breaches of all Individual and Senior Manager ConductRules by Senior Managers resulting in disciplinary action to us within 7 days.The people who perform an SMF. These people need to be approved by theFCA.This includes SMFs, SoRs, Duty of Responsibility, Fit and Proper, ConductRules, Prescribed Responsibilities (PRs), Regulatory References and criminalrecords checks.For Solvency II firms (including large Non-Directive Firms), it also includesResponsibilities Maps, handover procedures and Overall Responsibility.A document that every Senior Manager needs to submit with their applicationfor FCA approval, setting out what they are responsible and accountable for.This needs to be kept up to date. Firms should have these documents readywhen the SM&CR commences.
IntroductionSM&CR Insurers typeTerms usedOverviewFinancial Conduct AuthorityThe Senior Managers and Certification Regime: Guide for insurersTypes of InsurersHow the SM&CR will apply to thedifferent types of insurers?SectionsWho should read this sectionSection 4, The Senior Managers Regime:overview for all firmsAll insurersSection 5, How the Senior Managers Regimeapplies to Solvency II firms & large NDFsAll insurers, excluding UK branches of EEA firms(EEA branches) and third-country branches(non-EEA branches)Section 6, How the Senior Managers Regimeapplies to small NDFs, small run-off firms andISPVsSmall NDFs, small run-off firms and InsuranceSpecial Purpose Vehicles (ISPVs)Section 7, Certification RegimeAll insurersSection 8, Fit and Proper requirementsAll insurersSection 9, Conduct RulesAll insurersSection 10, How the Senior Managers Regimeapplies to UK branches of foreign firmsEEA branches and non-EEA branches13
IntroductionSM&CR Insurers typeTerms usedOverviewFinancial Conduct AuthorityThe Senior Managers and Certification Regime: Guide for insurersSection 44The Senior Managers Regime: overviewfor all firmsThis Section explains how the Senior Managers Regime (SMR) will apply to Solvency IIfirms, large Non-Directive firms (NDFs), small NDFs, small run-off firms and InsuranceSpecial Purpose Vehicles (ISPVs). Specifically: what Senior Management Functions are what all firms and Senior Managers need to do under the SMR what a Statement of Responsibilities (SoR) is and how it should be used what Prescribed Responsibilities (PRs) are and how they should be allocated the extra requirements that Solvency II firms and large NDFs need to apply underthe SMRThe following Chapters then explain how these SMR requirements apply to differenttypes of the SM&CR firms.Senior Management Functions (SMFs)A Senior Management Function (SMF) is a new type of controlled function set out inFinancial Services and Markets Act 2000 (FSMA). Under FSMA s. 59AZ, a function is a‘senior management function’ as ‘in relation to the carrying on of a regulated activityby [a firm], if the function will require the person performing it to be responsible formanaging one or more aspects of the [firm’s] affairs, so far as relating to the activity,and those aspects involve, or might involve, a risk of serious consequences for the[firm], or for business or other interests in the United Kingdom’. Which ones will applyto you will depend on what SM&CR firm type you are. They are explained in Sections 5,Section 6 and Section 7.We call the people who hold these functions Senior Managers. They are the mostsenior people in a firm with the greatest potential to cause harm or impact uponmarket integrity.We decide which roles are FCA SMFs (as limited by the description in FSMA). These arein addition to those roles designated by the PRA.We make particular functions SMFs so that we know who a firm’s most senior decisionmakers are, and to make sure responsibilities are clearly allocated to key individuals.The list of SMF functions isn’t meant to change how firms organise themselves.14
IntroductionSM&CR Insurers typeTerms usedOverviewFinancial Conduct AuthorityThe Senior Managers and Certification Regime: Guide for insurersSection 4The only exception to this is for FCA Required Functions. The term ‘Required Function’is an existing definition under APR that we have carried over to the SM&CR. Insummary, it’s intended to categorise those functions that we require some types offirms to have.An example is the Compliance Oversight Function. We have broadened this functionunder the SM&CR to now cover all insurers for all requirements of the regulatorysystem for which the FCA is responsible (including all FCA rule requirements, as wellas any directly applicable UK or EU legislation where the FCA has responsibility forensuring compliance). Under the SM&CR all insurers (except EEA branches) will need tohave someone performing the SMF16 Compliance Oversight Function.By contrast, under our money laundering requirements, only some firms need to
extend the SM&CR to all firms authorised to provide financial services under FSMA. FSMA FSMA is the Financial Services and Markets Act 2000, which is an Act of the Parliament of the United Kingdom. From 10 December 2018, the revised APR will be replaced by the SM&CR for insurers. The SM&CR consists of 3 parts, which apply on a legal entity basis:
