SMCR+ View – February 2023

All the way from Patagonia, we bring you February’s SMCR+ View. Many entries are focussed on big talking points for 2023 - the Consumer Duty, Artificial Intelligence and ESG. There’s also news on the FCA’s consultation on the ‘significant SYSC firm’ definition and some specific Dear SMF letters to flag to relevant Senior Managers.

Nothing yet on the eagerly awaited Call for Evidence. However, we note that the PRA are clearly cognisant that there may be changes to the administrative side of the SMCR (e.g. the forms) as they are looking to remove them from their Rulebook and house them on Connect, with the Edinburgh Reforms and SMCR review being cited as one of the reasons for this (more at Section 5). We are working with firms in preparing key lobbying and talking points with the regulators once the Call for Evidence is published - expected in Q1 – so, imminently. We are happy to share and discuss talking points.

As always, please do reach out to us with any feedback or questions, or any enhancements you would like to see.

1. FCA - Consumer Duty implementation plan findings

There is a lot to keep track of with the Consumer Duty and we expect you will have seen the FCA’s findings from its review of larger firms’ implementation plans. There are some useful nuggets in relation to governance, oversight and culture (amongst other things) where the FCA have identified examples of “good practices” and “areas for improvement”. For us, the key takeaways are the importance of scrutiny and challenge by the Board and responsible executives and ensuring there are effective minutes documenting this. Further, the importance of timely engagement of stakeholders in the 2nd and 3rd line, of clear tangible methods of implementing cultural change, and ensuring governance forums are updated in order for there to be an effective review process to ensure delivery by 31 July 2023. In more detail:

• Many firms had developed robust governance frameworks with clear executive accountability and good engagement with both executives and NEDs (they call out 1-1 deep dive sessions with the Board as good practice). However others lacked detail on who was leading the implementation programme and specific workstreams and in some cases there had been limited Board/Committee involvement and/or scrutiny and challenge – e.g. plans were approved without appropriate discussion (as detailed in the minutes). Aside from ensuring the right challenge and scrutiny occurs, this also highlights the critical importance of minuting Board and Committee meetings effectively during implementation and how the FCA may use them in its supervisory and enforcement capacity.
• Many firms had appointed an appropriately senior Consumer Duty Champion. One firm appointed two to reflect the diversity of their regulated entities which the FCA called out as good practice. Others, however, were slow to appoint Champions, or proposed individuals who were not sufficiently senior to provide effective challenge. Some firms suggested sharing the Champion across the entire board or executive, which the FCA made clear is not their intention and would dilute the role.
• Most firms had clear arrangements for ongoing updates to key governance forums including the Board, but others had no timing for progress updates or details on future engagement with governance forums. Further, others lacked detail on Board engagement post-implementation. Both were given as examples of areas for improvement.
• Broadly, firms were seen to be involving the risk, compliance and internal audit teams in a timely way, although some plans didn’t include a summary opinion from such teams. This may be something to consider if your firm has not done so already.
• Many firms appeared to have a clear approach to training to ensure staff understand their responsibilities under the Duty, and there was good evidence of firms embarking on communication campaigns and raising awareness – e.g. townhalls. Others were embedding the Duty within their purpose, values and internal culture materials as well as in their strategy, governance structures and decision-making. However, other plans lacked such detail and provided inadequate explanations of the tangible actions firms would take. From what we have seen, firms are looking at how to make training tailored and appropriate for different categories of staff (e.g. back office staff for whom only part of their role relates to retail business) and how they assess breaches of the new Conduct Rule 6 in practice. We are developing tailored training for firms across functions and types of entity so please get in touch if this is of interest.
• Many firms were conducting reviews of their reward and incentive structures and performance management frameworks to ensure they reflect the Duty, with some firms updating their SMCR framework to ensure senior leaders were leading the cultural change needed.

There is so much more in this FCA update to consider. Please do get in touch with Penny Miller (Partner), Caroline Hunter-Yeats (Partner), or Rosie Davies (Supervising Associate) if you have questions on the Consumer Duty. You can see the latest edition of Consumer Duty View here and sign up for Consumer Duty View here.

2. PRA – Dear CEO letter on priorities for international banks active in the UK

The PRA has published a letter setting out the priorities in 2023 for international banks active in the UK, and outlines that, alongside the CEO (SMF 1), individuals within the SMCR will be accountable for addressing the priorities set out in the letter. These priorities include operational risk and resilience, data, financial risks arising from climate change (for which we remind dual regulated firms that the PRA have created a quasi-prescribed responsibility whereby a Senior Manager must hold responsibility for this) and diversity, equity and inclusion (“DEI”). Senior Managers for international banks active in the UK should review these priorities and ensure they are appropriately discussed and addressed, as applicable.

With respect to DEI, the PRA confirms that they still plan to issue a consultation paper in 2023 setting out their proposals to introduce a new regulatory framework on DEI in the financial sector. We will keep our eyes peeled for this long-promised consultation paper…

For more information on this, or if you need any advice in relation to the TPR and landing slots then please don’t hesitate to contact Alex Ainley (Partner).

3. FCA - Speech on building better foundations in Artificial Intelligence (AI)

Coming hot on the heels of a number of speeches by the FCA on AI and governance (see our November edition of SMCR+ View), the FCA has published a speech by its Chief Data, Information and Intelligence Officer, which links the role of AI governance to obtaining DEI outcomes. The speech notes that one of the key findings from the recent FCA/PRA survey on the use of machine learning in financial services (well worth a read in its own right) is that data bias and data representativeness was identified as one of the biggest risks to consumers. While acknowledging that one of the most significant open questions in financial services is whether AI can be managed through the existing regulatory regime, it seems the FCA already has the answer: the SMCR. This reaffirms the views expressed in the speeches at the end of last year by the FCA that the SMCR gives it the right framework to respond to AI and to address the DEI-related risks that its use entails.

In particular, the FCA highlights the role of governance in addressing DEI-related risks in the use of AI, observing that when developing AI models, it matters who’s ‘in the room’. Effective governance and risk management in financial services firms using AI requires establishing rules, controls, and policies across the AI lifecycle. Good governance, though, must be complemented by a healthy organisational culture, which helps cultivate an ethical and responsible environment at all stages of the AI lifecycle, from idea, to design, to testing and deployment, and to continuous model evaluation. The SMCR framework creates incentives to collect data to measure the impact of technology on different demographics, and the FCA emphasises that this is important for linking Senior Managers’ objectives to DEI outcomes.

If you have any questions please contact Minesh Tanna (Partner) and Angus Brown (Supervising Associate).

4. PRA and FCA - Letter to SMF responsible for cyber on CBEST thematic findings

This joint letter is addressed to the SMF with the responsibility for cyber (often an SMF 24), and shares the FCA and PRA’s thematic findings from the latest annual cycle of CBEST assessments (testing which focusses on an organisation’s security controls and capabilities when faced with a simulated cyber-attack). SMFs with responsibility for cyber should take into account the findings in order to identify similar potential weaknesses in their firms, raise awareness to their firms’ senior executive team (as required), and use the findings to inform their work on their risk and internal audit functions.

It is worth noting that the regulators may use their findings to structure future supervisory interaction and to understand the engagement with senior executives, risk, and audit functions on issues identified within firms as in need of remediation.

If you have any questions please contact Penny Miller (Partner).

5. PRA - CP2/23 on moving the SMCR forms from the PRA rulebook and Form A changes

CP2/23 sets out its proposals to remove certain SMCR forms from the PRA Rulebook (they would be available in Connect instead). This would result in amendments to the Senior Managers Regime – Application and Notifications Part of the PRA Rulebook resulting in the removal of links to forms A, B, E, I, J and the statement of responsibilities. Why? Well it would mean administrative and non-material changes to the forms wouldn’t have to go through the formal statutory consultation process and notice of any changes would be published on the Senior Managers Regime pages on the PRA website instead. Perhaps of most interest, however, is that the PRA have said one of the reasons for doing this would be to support any future changes to forms that may result from the SMCR review announced by HM Treasury as part of the Edinburgh Reforms. So it seems likely we can expect changes to these in the future.

Note, Forms C and D would remain in the Rulebook as they are made by rules.

The PRA also proposes to change the length of employment history required in the long form A from 5 years to 10 years, in order to align with the requirements under MiFID related forms (there seems to be an irony here given the Edinburgh Reforms narrative…).

The consultation closes on Tuesday 28th February 2023. For more information please contact Penny Miller (Partner).

6. FCA - DP23/1 on finance for positive sustainable change

DP23/1 explores how firms’ sustainability related governance arrangements can help in driving positive sustainable change. There is a lot on culture and the importance of the Board and senior leaders in articulating and delivering a positive, inclusive culture where there is buy-in from employees. Not much of this section is ‘new’ but the FCA do ask stakeholders whether, beyond the FCA’s ongoing work on D&I and the Consumer Duty, they should consider setting regulatory expectations or guidance on how firms’ culture and behaviours can support positive sustainable change. It’s a long paper, worthy of a read but here are some other SMCR+ points to note:

• The FCA suggest that firms should be clear which roles at the firm are responsible for driving change and ensuring the firms’ organisation is aligned with its commitments, especially in relation to ESG including climate transition, biodiversity, human rights, health and safety, D&I and fair pay. The FCA hasn’t gone as far as creating ad hoc responsibilities that must be allocated (aside from the quasi-prescribed responsibility for identifying and managing financial risks from climate change for dual-regulated firms, which isn’t new and typically sits with the CRO (SMF 4) or CEO (SMF 1)), but this is food for thought for firms (particularly dual regulated and Enhanced firms) as to how they allocate responsibilities for these matters currently and in the future as this area and their engagement with it evolves.

  In particular, the FCA still expects firms to consider who is responsible and accountable for the delivery of climate or sustainability objectives for solo-regulated firms. The FCA have asked stakeholders whether they should provide additional regulatory expectations or guidance to enhance individual ownership and responsibility for sustainability-related matters, and whether they should set new regulatory expectations or guidance on senior management responsibilities for a firm’s sustainability‐related strategy, including the delivery of the firm’s climate transition plan. They’ve also asked which existing SMF(s) would be the most suitable to assume these responsibilities.

• In the case of climate in particular, which the FCA state is widely accepted as a financial risk to many firms, they consider it reasonable that CEOs, CROs and other appropriate members of senior management can already credibly articulate how climate-related risks and opportunities are identified and managed within their firm. It would be worth ensuring that these senior executives are au fait with this should the FCA ask questions in the future.

• Board members with a background in or expertise in sustainability-related matters may assist in ensuring that the Board is collectively suitable and able to effectively lead and challenge the firm on its sustainability-related risks, opportunities and ambitions. The FCA have asked whether they should consider setting any regulatory expectations or guidance in this area and, if so, what should be the scope of such expectations.

• The FCA wants to see firms being appropriately equipped with the relevant skills and expertise, and firms should ensure they have adequate training in place to ensure sustainability objectives can be met. There are questions around whether there is a need for the FCA to articulate additional training and competence expectations in existing rules or guidance.

• We haven’t the space to go into all the detail here but there is also a section on remuneration and incentive plans and the FCA have asked a couple of questions on what matters firms should take into consideration when designing remuneration and incentive plans linked to their sustainability‐related objectives and whether they should issue further guidance on this - we are sure this is something firms will have a lot to say on!

The FCA are asking for comments by 10 May 2023 and the FCA have said feedback will help them consider what direction their future regulatory approach should take and proportionality (which we know will be critical to many firms). There are a lot of big questions being asked by the FCA and we expect firms will have strong views. This topic also features heavily in our global legal and business outlook for 2023, and we will have a session that looks at the role of governance across ESG and for fast growth financial firms. Register here.

Do get in touch if you’d like to discuss or for more information please contact Penny Miller (Partner).

7. Crypto assets – Call for Evidence and the SMCR play

On 1 February 2023, HM Treasury published a long-awaited consultation and call for evidence on the future financial services regulatory regime for cryptoassets in the UK.

You can find a full summary in a special edition of Crypto View, but the high level takeaway is that HM Treasury are proposing to include cryptoassets as specified investments, and so require firms to be authorised under Part 4A of FSMA. By requiring a Part 4A permission to carry out cryptoasset activities the question as to whether cryptoasset firms would be brought within scope of the SMCR naturally arises. While the consultation does state that the FCA will consider whether to update the Senior Management Arrangements, Systems and Controls sourcebook (SYSC) and other financial crime rules to apply to new cryptoasset activities, it does not confirm whether firms will be subject to the SMCR. However, we would be surprised if in the long run, and in line with other changes to the SMCR regime under the Edinburgh Reforms, there won’t be increased oversight of the Senior Managers of cryptoasset firms by the FCA.

To discuss this further please contact George Morris (Partner) and Gordon Ritchie (Supervising Associate). Sign up to Crypto View here.

8. FCA - Final Notice to Amigo Loans Ltd – governance lessons learned

The FCA has published a Final Notice censuring Amigo Loans Ltd for failing to appropriately consider regulatory requirements in respect of affordability checks on borrowers and guarantors (the FCA would have imposed a find of £79.2 million were it not for the financial position of the firm and the FCA wanted to ensure that any assets were available to pay redress to customers instead). The FCA identified a number of governance and oversight failings, including:

• Overall responsibility for areas of the business such as affordability was unclear, as neither the Board nor any committees were expressly responsible. There were also significant management and leadership changes in the business in an attempt to change the culture, although no improvements were made. This highlights the importance of articulating the allocation of responsibility amongst governance structures (e.g. via terms of reference) and individuals (e.g. via statements of responsibility) clearly as part of effective governance structures.
• The Compliance function failed to complete its planned review of affordability, and the Board did not chase for the outstanding work product. This emphasises the role of the Board and the Office of the Board/Company Secretary for holding the executive to account and ensuring appropriate, timely submission of matters going to the Board.
• Amigo’s Management Information (“MI”) was seen to be deficient, meaning Senior Managers were unable to understand trends and address any issues. Amigo’s policies and procedures were also seen to be inadequate, with no procedures existing, procedures never being approved or procedures failing to be implemented in practice. This is a tale as old as time and both MI and policies and procedures are key elements of a Senior Manager’s reasonable steps – this example again highlights the importance of Senior Managers being comfortable with what MI is in place and ensuring that they respond effectively to any issues.

To discuss this further please contact Emma Sutcliffe (Partner).

9. PRA - PS 1/23 – Remuneration: unvested pay, MRTs and public appointments

We talked a lot about remuneration in last month’s SMCR+ View. More recently, the PRA published its Policy Statement in response to feedback on CP8/22 and the PRA’s proposal to add a new section to Chapter 4 of SS2/17, setting out the PRA’s expectations that: (1) in general, unvested, deferred claims that comprise the variable pay of MRTs should not be converted from an equity claim into a claim on other instruments (or vice versa) after an award has been made; (2) this expectation should apply to all unvested, deferred sums, and not exclude amounts above the regulatory minima; and (3) in exceptional circumstances, such as where there are potential conflicts of interest arising from a (proposed) public sector appointment that cannot otherwise be sufficiently mitigated, it may be appropriate for a conversion to occur subject to the PRA’s prior non-objection, and on the basis that the relevant retention requirements remain unchanged. It was also proposed that SS2/17 be amended to outline the circumstances in which the PRA considers it more likely a waiver or modification to the relevant remuneration rules would meet the FSMA statutory test, where, in wholly exceptional circumstances, an adjustment is sought in relation to a public sector appointment with a view to converting an award comprising equity or other instruments to a cash sum.

Broadly, the PRA is proceeding with the proposals and the Policy Statement follows the consultation paper but with some minor tweaks and adjustments to provide further clarity. The new policy took effect from 10 February 2023.

For more information or to discuss further please contact Tair Hussain (Partner).

10. FCA - Significant SYSC definition (solo-regulated firms)

Cast your mind back to October 2022 SMCR+ View where we discussed the FCA’s consultation on the definition of “Significant SYSC firm” as the FCA had caught a number of firms not previously subject to the Significant IFPRU firm definition and therefore had subjected them to additional regulatory obligations, including Enhanced firm status under the SMCR.

The FCA has now published its Handbook Notice 106 which confirms changes made to the rules (effective 27 January 2023) so that firms captured by the Significant SYSC firm definition will only be Enhanced firms under the SMCR if they would (pre-IFPR) have been classified as both IFPRU investment firms and Significant IFPRU firms under previous FCA rules.

However, as ever, there is a wrinkle which is that, despite industry feedback to the contrary, this is as far as the changes go. This means that, regardless of whether or not they were previously IFPRU investment firms, all firms that fall within the scope of the definition of a Significant SYSC firm (for example because their annual revenues from regulated activities exceed £160 million) will be subject to the rule that places strict limits on the number of directorships that can be held by individual members of their governing body. This could, in particular, have ramifications in the private equity and venture capital industries, to the extent that members of the relevant firm’s governing body hold multiple portfolio company directorships. It is possible to apply to the FCA for a waiver from the directorship restrictions for specific individuals.

We’ve helped a lot of firms with their directorship waivers / modifications – please do get in touch if you need any assistance. For more information please contact Darren Fox (Partner) or Nick Colston (Partner).