SMCR+ View – October 2022

After a short hiatus over September in which we have been busy with all things Consumer Duty, we thought what better way to welcome in the falling leaves, the chill in the air and the nights drawing in than an SMCR+ View…We’ve started this month’s with more ‘administrative’ points, but towards the end there are some more meaty, interesting pieces on lessons learned from both enforcement actions (pre-SMCR) and potentially helpful dicta from the SRA on non-financial misconduct.

As always, please do reach out to us with any feedback or questions.

1. Reminder – Annual Conduct Rule Breach Report (REP008) - FCA

A last-minute reminder that firms’ annual conduct rule breach report must be submitted using RegData to the FCA by Monday 31st October 2022. This should cover any Conduct Rule breaches resulting in disciplinary action by certification staff, non-Senior Manager directors (e.g. Non-SMF NEDs) and all other conduct rules staff. This form does not cover Conduct Rule breaches by Senior Managers. It should be submitted even if it simply confirms that there is nothing to report. Late forms will incur a £250 administration fee. More information can be found here.

Separately, we have been helping a lot of firms with a review of their Conduct Rule breach processes, their Conduct Rule breach panel/committee terms of reference and/or guidance, and more. If this is something we can also assist you with, please contact Penny Miller (Partner) or Emma Sutcliffe (Partner).

2. Form A and SMF application delays - FCA

In the FCA’s authorisation update, they confirmed that, as a result of the poor user experience when completing the FCA application forms, the FCA is going to start publicly testing beta versions of the new Form As (SMF application forms) towards the end of 2022. The process will involve digitising the form, data enrichment, removing unnecessary and duplicative requests etc.

The FCA also noted that the overall caseload for Approved Person applications was 8,000 in July 2021 and has reduced to 2,400 in September 2022. In the Annex highlights that the FCA are looking to reach their statutory target of approving SMFs (and others) within 90 days by March 2023 (it also notes YTD there were 1,008 breaches of the statutory timescale which explains some of the delays experience by firms!).

3. Consumer Duty (Duty) and COCON - FCA

After the inevitable large sigh of relief we expect you will all have once you’ve held your Board meetings to approve your implementation plans (or plan for an implementation plan) by 31st October 2022, everyone’s mind is going to focus on what’s next…One thing firms will need to consider is the SMCR implications of the Duty. To assist with this, we have put together a checklist of key SMCR uplifts that may be required and which may need to be addressed as part of your plan.

As you may have guessed from SMCR+ View, we are very well placed to advise on any SMCR uplifts. Please do get in touch with Penny Miller (Partner) or Caroline Hunter-Yeats (Partner) if you have questions or if we can assist you with your Consumer Duty implementation more broadly - we have been doing a huge amount of work on the Duty and assisting firms with their scoping, Board packs, implementation plans, product reviews, selection and briefing of Consumer Duty Champions and much, much more. You can also sign up to our Consumer Duty View here.

4. Significant SYSC firms - Quarterly Consultation No 37 - FCA

In August’s SMCR+ View we outlined the FCA’s plans to consult on the definition of ‘Significant SYSC firm’. Please see August’s publication for the background. The FCA has now consulted (the window for responses is closed) and, in summary, the FCA highlighted that its policy intent was for the scope of the SMCR Enhanced regime to be maintained precisely as it was prior to the implementation of the IFPR - i.e. it should simply continue to capture significant IFPRU firms as Enhanced firms, rather than a broader number of firms (which is what happened as a result of re-defining ‘significant IFPRU firm’ as ‘significant SYSC firm’ (the FCA estimates possibly as many as 700 (!) additional firms were accidentally captured).

As such, the FCA has proposed a rule change, by amending SYSC 23, Annex 1 of the FCA Handbook, to make clear that only firms that satisfy the relevant financial metrics AND would have been IFPRU investment firms under the pre-IFPR arrangements will fall within scope of a ‘significant SYSC firm’ for the purposes of the Enhanced regime. This also means relevant firms will not be subject to the other main regulatory obligation attached to Enhanced firm status – i.e. the operational resilience rules.

It is important to note, however, that the changes proposed in the FCA’s consultation would not have the effect of bringing firms that were not previously IFPRU investment firms outside of the ‘significant SYSC firm’ definition. As a result, based on the proposed rule amendments, such firms would (despite not being Enhanced firms for the purposes of the SMCR), still be subject to the limit on the number of directorships that members of their governing body can hold. We are aware that a number of trade associations responded to the FCA’s consultation paper by arguing that a true reset of the unintended consequences of the FCA’s change would exclude firms that were not previously IFPRU investment firms from the definition of ‘significant SYSC firm’, thereby also exempting such firms from the directorship limits rule. The responses encouraged the FCA to amend the definition of ‘significant SYSC firm’ instead…we will have to wait to see whether the FCA’s final rules have accommodated those requests.

Please get in touch with Darren Fox (Partner) or Amy Sumaria (Supervising Associate) for more information.

5. Thematic feedback on the PRA’s supervision of climate-related financial risk - PRA

Three years after Supervisory Statement 3/19 which outlined the PRA’s expectations regarding management of climate-related financial risks, the PRA has, in a Dear CEO letter, published its observations on whether these expectations are being met as well as examples of effective practices. Since the PRA started actively supervising firms in 2022 it has observed that whilst many firms have made considerable progress to embed their approaches to managing climate risks, the levels of embedding vary and supervisors believe further process is required by all firms. This letter will be particularly pertinent for the Senior Manager allocated the responsibility for the financial risks from climate change and they should consider it and the examples of effective practices carefully. There are two other key observations of interest from a SMCR viewpoint:

• Board oversight: Boards and senior management should be able to demonstrate that they understand how climate considerations are integrated into their decision making across business strategies, planning, governance, and risk management processes. Examples of effective practice highlighted include: embedding climate risk factors into strategic planning activities and senior remuneration targets; firm-wide training to build capabilities; and continuing development of the scope, quality, and frequency of climate-related management information provided to senior committees/the Board.
• Senior Manager (SM) responsible for financial risks from climate change: This SM should provide effective, holistic oversight of climate risks and the firm-wide climate agenda (this latter point is also the responsibility of the Board). Firms should ensure the SM is able to take appropriate ownership over the firm’s strategy for addressing the financial risks from climate change. Ensuring the UK firm’s SM is sufficiently empowered will likely be particularly important in global businesses.

A quick reminder that here is the PRA’s inventory of SM responsibilities referenced in PRA publications (last updated April 2022).

6. DP 5/22 – Artificial Intelligence (AI) and Machine Learning (ML) - PRA

We previously covered AI and ML in September and December 2021 editions of SMCR+ View with the publication of the IOSCO and AIPPF reports, respectively. This Discussion Paper asks stakeholders if the existing regulatory requirements and guidance are sufficient to address the risks and harms associated with AI, whether there are any gaps, and, if so, how these might be addressed. The Discussion Paper contains insights on how issues relating to AI/ML might be relevant under the existing SMCR regime and on how the FCA and PRA might use supervisory tools, guidance and expectations to manage relevant risks in the future:

• The AIPPF report highlighted that there may be a lack of understanding of the challenges and risks arising from AI and ML at senior management and Board level, both individually and collectively which may lead to ineffective governance. As firms are aware, there are existing PRA/FCA requirements regarding the skills and diversity of experience of the Board and a key question is how any identified deficiencies / gaps will be addressed. For example, in the future should competency be addressed through questions in SMF interviews and/or Board Effectiveness reviews?
• Senior management accountability and responsibility will be relevant to the use of AI, particularly for firms where the ‘no gaps’ principle applies – e.g. banks, insurance and enhanced firms. There is currently no dedicated ‘AI SMF’ role and ultimately there will be questions for firms over who is responsible for the oversight of AI development, testing, deployment, monitoring, and controls - should it be a single individual or shared between Senior Managers? The FCA/PRA are considering whether there should be a new, dedicated SMF role, Prescribed Responsibility, or whether a function should be created under the certification regime for AI as there is for algo trading.
• A key question and current uncertainty is how does the concept of “reasonable steps” apply in the context of AI, and do reasonable steps differ from what is more generally required by Senior Managers currently. DEPP, for example, does not explicitly refer to AI technology given it was drafted before it was as widespread. There’s a suggestion from the PRA/FCA that firms should approach reasonable steps and what it means by reference to each stage of the lifecycle of an AI system.

The deadline for the submission of responses to the Discussion Paper is 10th February 2023. If you have any questions please contact Minesh Tanna (Partner) and Angus Brown (Supervising Associate).

7. Dear CEO letter - Supervision strategy for Benchmark Administrators - FCA

The FCA’s September letter sets out their supervisory priorities in relation to benchmark administrators. In it they explicitly remind benchmark administrators that they are subject to the SMCR and the various obligations under the regime. But, perhaps more interestingly, the FCA highlight, in the context of reiterating the need for good oversight and robust governance, the importance of record keeping and audit trails outlining the rationale behind key decisions such as changes to benchmarks, policies and procedures. The FCA have been concerned that risks they’ve identified are exacerbated by not recognising and managing conflicts of interest and weaknesses in oversight and ineffective governance. This letter should be considered a flag to Boards and also Senior Managers regarding the documenting of their reasonable steps. As with all Dear CEO letters, the CEO (SMF 1) should carefully consider this letter and take reasonable steps to address any matters contained within it relevant to their business.

Given we’ve touched on it earlier, it’s worth mentioning that the FCA also highlight their expectations of benchmark administrators in the context of the Consumer Duty – i.e. they should support users of their benchmarks in meeting their obligations under the Duty.

8. Dear CEO letter - FCA strategy for firms providing high-cost lending products - FCA

The FCA’s letter sets out the FCA’s updated view on the key risks of harm high-cost firms pose to customers and markets. Surprise, surprise - they mention the cost of living crisis and the Consumer Duty, which we won’t go into now, but they do expressly state their expectations on culture and governance, which we will cover. Specifically, they emphasise the role of Boards and senior management in embedding a healthy culture, which has a meaningful purpose reflected in policies and decision-making and which is aligned with consumer interests and outcomes. The FCA cites poor governance and Senior Manager oversight as a root cause behind drivers of harm and emphasise that SMFs are responsible for ensuring their firms act in accordance with the FCA’s Principles, rules and guidance and that they are accountable for their firms’ conduct and should be driving the right culture. The FCA is clear that they will focus more in their supervision of firms on how Senior Managers execute their roles and the oversight of firm’s activities by their Boards. Again, this is a reminder to firms and Senior Managers of the importance of robust audit trails of decision making and reasonable steps. CEOs (SMF 1s) should ensure that they consider the letter carefully, together with the degree their firm presents risks of harm and take the necessary steps to mitigate these risks.

We note there’s also a Dear CEO letter from the FCA to insurers regarding their expectations on cost of living and insurance. The CEO should consider this carefully, especially the focus on the Consumer Duty which should be fed into relevant workstreams. To discuss this further, and particularly the potential implications from a Consumer Duty standpoint, please contact Penny Miller (Partner) or Caroline Hunter-Yeats (Partner).

9. HBOS plc PRA and FCA investigation

After the launch of an enforcement investigation in 2009, resulting in enforcement action being taken against the Bank of Scotland Plc and the CEO of HBOS’ Corporate Division, a report in 2015 focussed on the failure of HBOS with specific reference to its strategic and operational management and performance. The subsequent Green Report in 2015 caused the PRA and FCA to begin investigations into certain former HBOS Senior Managers, and 2022 brings the news that the FCA and PRA have concluded that no further action will be taken. We are preparing an insights piece on this which we can share in the next SMCR+ View, but if you have any questions in the meantime please contact Emma Sutcliffe (Partner).

10. Final notice - FCA

Sigma Broking Limited and three Senior Managers (directors) were fined and two of the Senior Managers (directors) prohibited. This related to failures to make reports to the FCA, including under the Market Abuse Regulation. The FCA found that many of these failings had their origins in the inadequate governance and oversight provided by the firm’s Board. Although this relates to a pre-SMCR era, this Final Notice is interesting considering the directors had continuously failed in their role as Senior Managers. Some key failings highlighted and some of our ‘lessons learned’ include:

• The Board failing to take fundamental steps to perform its role effectively - e.g. it failed to hold formal, regular board meetings and thus failed to maintain formal minutes meaning there was no record of attendees, matters discussed, challenges raised or decisions reached. Together with there being no terms of reference, the firm couldn’t demonstrate the proper functioning of the Board and its effective oversight. This highlights the importance of a strong governance framework and ensuring that there are robust procedures in place. We are helping a lot of firms with their governance frameworks and also on regulatory expectations around subsidiary governance;
• Management information (MI) - the FCA found that the firm’s arrangements were wholly inadequate to furnish the Board with the MI it needed to play its part in identifying, measuring, managing and controlling the risks. Where MI was produced there was no evidence that the Board used it to effectively monitor and oversee matters of concern raised – this highlights the role of the Board and Senior Managers in interrogating the MI they receive to ensure it is fit for purpose and covers all areas and risks relevant to their areas of responsibility, and that they actually read and act on it;
• The Board failed to establish, oversee and resource a sufficiently experienced and effective compliance function, which had no clear reporting lines, apportionment of responsibilities nor adequate policies and procedures in place. There is also a point about ineffective escalation and this echoes the regulator’s previous comments that middle management should not become a ‘permafrost layer’ and the importance of firms (from a conduct risk perspective) of focussing on tone from above, as well as tone from the top and tone from within; and
• The controlled functions assigned to the directors were allocated with little regard to each director’s capabilities, training or previous experience, without documentation in place setting out the expectations of each director. Again, this highlights the importance of firms in considering both the individual and collective suitability of Board members and also in clearly articulating an individual’s role and responsibilities – for Senior Managers this will include ensuring Statements of Responsibilities are up to date.

For more on this please contact Richard Sims (Partner) and Amy Sumaria (Supervising Associate).

11. Non-Financial Misconduct (NFM) Guidance - SRA

The SRA has set out detailed guidance as to their approach to sexual misconduct, what behaviours may become a regulatory matter, where the boundary between an individual’s private and professional life is and where there may be overlap, and what firms should be doing. It is a (genuinely) interesting read for those considering NFM within financial services. We note that many firms are struggling, in particular, with the lack of guidance from the FCA regarding how NFM should be treated under the Conduct Rules and we are planning to discuss this with the FCA further. Some particularly interesting points below:

• Assessing proximity to an individual’s professional practice (relevant to assessing NFM in the context of the Conduct Rules) will include consideration of whether it (1) took place on firm premises, (2) arose from a practice context (official or informal firm events on premises or at other locations) – e.g. Christmas party, (3) involved a colleague or client, (4) stemmed from a professional origin but was not firm sponsored – e.g. a training event, (5) took place after a firm event or event linked to the profession at a separate location.
• Guidance on seriousness – i.e. whether it involved physical contact, violence, exploitation, threats, manipulation, breach of privacy etc., if verbal – the nature of the comments and any gestures, whether it was repeated misconduct (and also whether it was planned or spontaneous), whether it was directed at a junior or vulnerable person, whether the individual was aware or should have been aware that their conduct was unwelcome.

Of course, this is not directly relevant to PRA/FCA authorised firms, but it is helpful dicta which may influence the FCA/PRA in the guidance they may release on NFM in the context of their DEI work. If you’d like to discuss NFM and this guidance further, please contact Emma Sutcliffe (Partner) or Penny Miller (Partner).

12. Whistleblowing quarterly report - FCA

The FCA have published their quarterly whistleblowing data showing the number of reports made April-June 2022 (Q2). In Q2, the FCA received 243 new whistleblowing reports containing 474 allegations (the majority were reported via the online form). 102 allegations related to F&P, 62 allegations related to firm culture and 76 allegations relating to compliance (i.e. allegations where a firm is not applying governance to an activity). To discuss this further, please contact Richard Sims (Partner).

13. Dear CEO Letter – Credit Rating Agencies - FCA

This SMCR+ View is already at risk of being the longest ever produced, so we’ll keep this quick. Here is the FCA’s letter to CEOs regarding the thematic findings on the effectiveness of governance in credit rating agencies (CRAs). Whilst focussed on CRAs, there are some general good governance principles covered that other firms may want to consider. The letter covers (1) the purpose of the Board and the role it has in overseeing and holding to account senior management and highlights poor examples where Board meetings were just seen as a regulatory formality with a lack of senior management participation, (2) the composition of the Board and the requirements for independent members, (3) the role of the independent non-executive directors (iNEDs) – including providing sufficient challenge, how they should be selected and how their independence should be maintained, and (4) how the Board operates including member behaviour, Board meetings and information flows to the Board.

Actions required by CRAs: the FCA have requested a Board-approved summary of each CRA’s assessment of key risks relating to governance and details of action plans (including timescales) by 30th January 2023. A member of senior management should be identified to oversee the provision of this and the implementation of the action plan and must be notified to the FCA by 11th November 2022.

14. CP 22/20 - Sustainability Disclosure Requirements (SDR) and investment labels - FCA

For all the highlights, please see our article on this Consultation Paper here. We just want to flag a governance point - in the cost-benefit analysis the FCA state that firms which decide to use sustainable investment labels will need to translate and operationalise the FCA’s qualifying criteria into concrete actions and ensure there is appropriate governance to ensure compliance. This may mean using existing governance structures (with appropriate adjustments made) but there may also be an increase in management oversight or project teams required. The consultation period closes on 25th January 2023.

For more information, please contact Nicholas Colston (Partner) or Lucian Firth (Partner).

15. Diversity, Equity and Inclusion (DEI) Spotlight initiative - FCA

The FCA has introduced the DEI Spotlight initiative to encourage firms developing innovative products focused in the DEI space to work with the FCA’s Innovation services. The FCA consider DEI critical to their work on culture and governance, particularly for Boards and senior management. The FCA sees FinTech as playing an important role in driving financial inclusion, but data suggests that FinTech firms lack diversity despite their being a significant correlation between diverse teams and overall innovation. The spotlight aims to promote diverse and inclusive culture, governance and practices across the FinTech industry.

The FCA are looking for firms wanting to launch an innovative product/service which focuses on fair treatment of consumers, vulnerability and the new Consumer Duty to work with the FCA. They particularly want to hear from firms with a focus on innovating in: consumer credit, debt advice, investment advice, robo-advice, insurance, pensions, financial education and enhancing customer journeys (including for vulnerable customers). Firms should apply to the FCA’s Regulatory Sandbox or Innovation Pathways in the usual way.

If you’re not already, you should definitely sign up to our quarterly D&I View here.

16. Applying the SMR to the FCA – FCA

The FCA has updated its version of its management responsibilities map. Here is the September 2022 version.