SMCR+ View – March 2024

Well…the FCA’s non-financial misconduct survey to banks and insurers has been keeping us very busy and today we bring you the BREAKING NEWS that the Treasury Select Committee’s Sexism in the City Report has been published.

All of this excitement has meant that we’ve missed the Pancake/Valentines Day edition of SMCR+ View. However, we’re hoping to make up for it by bringing you a bumper March edition – it’s so long we need a contents page. So…without further ado:

1. Non-financial misconduct – the FCA survey and Treasury Committee’s report on Sexism in the City
2. CRD VI – a lighter touch SMCR coming for Europe?
3. FCA/PRA Final Notices (firms and individuals)
4. Form A changes and approval metrics
5. Corporate accountability and the enforcement gap
6. FCA Consultation Paper and speech on their new approach to enforcement
7. FCA - Dear CEO letter to Asset Managers
8. New UK Corporate Governance Code 2024
9. FCA speech on Consumer Tech and the interlock between AI, Consumer Duty and SMCR
10. Bank of England 2024 priorities for the insurance sector
11. PRA Policy Statement on Enforcement Approach
12. FCA - Dear CEO letter – AML framework failings (Annex 1 firms only)
13. Economic Crime & Corporate Transparency Act 2023 (ECCTA) – our new Toolkit!

We would love to help you navigate any of the below, so please do reach out if we can assist.

1. BREAKING NEWS – Treasury select Committee’s report on Sexism in the City

Where to start?! It’s been a wild ride for many firms over the last few weeks trying to navigate the FCA’s non-financial misconduct survey, which we alerted you to in our previous SMCR+ View Flash Alert. This survey was sent out to wholesale banks, brokers and insurers (various sources suggest 800-1000 firms received the survey and it follows things like the Insurance Market Priorities for 2023-2025 report, which outlined the strategy to tackle NFM). The survey is extensive (covering all SMCR staff, all allegations of NFM made in 2021-2023 (inclusive), and outcomes to those allegations raised, amongst other things). Something is bound to come from the FCA as a result of this (and the FCA indicated their analysis of the surveys will be completed in summer 2024) – Thematic Review perhaps? You can see the possible areas of good practice / bad practice that the FCA may emphasise based on the questions asked – e.g. they ask if Boards receive management information on NFM – which suggests that an example of good practice will be Boards receiving this MI going forwards. The FCA’s oral evidence also noted that the FCA might require firms to disclose the use of non-disclosure agreements (“NDAs”) to them, and this survey will likely help inform their thinking on that.

We’ve worked with a huge number of firms on completing these survey, so if you’d like to discuss this further then let us know – it’s been a very interesting exercise to be involved with!

BREAKING NEWS: And if you thought you were going to have some welcome respite from this topic, you were wrong. Today, we have the breaking news that the Treasury Committee have published their report into Sexism in the City.

The headline? The Committee found that in the last 5 years “not much” has changed and “many of the barriers identified in 2018 remain stubbornly in place” – this is largely ascribed to a lack of cultural change driven by senior leadership and Boards. Specific reference is made to anecdotal evidence that worse cultures exist in smaller firms. The Committee said they were shocked by how prevalent sexual harassment and bullying remain in financial services. They have particular concern over the misuse of NDAs. They reference “incremental improvements” in the proportion of women holding senior roles but note that some sectors show no progress (venture capital, private equity and hedge funds were called out specifically) and point to only a “small reduction” in the average gender pay gap. The Committee express concerns about firms treating D&I as a tick-box exercise only, when it should be seen as a moral imperative and a competitive advantage. The Committee are supportive of the FCA and PRA’s strengthening of NFM-specific rules – so it seems unlikely for these to fall away as part of the D&I consultation paper…

However, and of particular interest, the Committee welcomes the focus of the regulators on D&I, but notes that it is “concerned by their proposals to require firms to implement strategies, collect and report data and set targets.” Their view is that the proposals would be costly, create a tick-box culture and there’s no clear benefit to the proposals. They suggest that the FCA and PRA should drop prescriptive plans for data reporting and target setting, focussing more on getting Boards and senior leadership to take greater responsibility for improving D&I. This isn’t a surprise given the transcript of the FCA’s oral evidence given in January where the Treasury’s first line of questioning was the rationale for regulatory intervention in this area. This, on top of the FCA and PRA’s 334 responses (257 FCA responses and 77 PRA responses), is going to make it fascinating to see where the D&I final rules end up and (perhaps) whether we get any D&I rules at all.

Whilst the Committee acknowledge there is no “silver bullet” for making the changes required, there are a number of other recommendations that have been made – we’ve outlined the most interesting (to us) below. That said, it is a long road from Committee recommendation to actual regulatory or legislative change, and there are meaningful arguments against some of these proposals – we’d be very pleased to discuss with you:

• NDAs: ban the use of NDAs in harassment cases. FCA to collect data on the use of NDAs in the context of NFM and make it clear that NDAs cannot prevent disclosures being made to the police or the FCA (this reflects existing requirements and law).
• Handling NFM: the Committee suggests that firms take a zero tolerance approach (a suggestion which we think is likely to create employment law risk) and that senior leadership/Boards take ownership of complaint handling processes. There is also a suggestion that a separate, more independent process that reports directly to the Board/senior leadership should be established.
• Whistleblowing: strengthen whistleblowing legislation to provide greater protection and support to whistle-blowers in sexual harassment and abuse instances.
• Gender Pay Gap: Government to strengthen gender pay gap reporting legislation so that firms with pay gaps over a certain level have to explain and produce an action plan. The FCA/PRA to monitor closely and formally review the impact of the bonus cap removal on gender pay inequality in two years’ time.
• Women in Finance Charter: extending the scope of the HMT Women in Finance Charter to focus beyond senior management and nurture a pipeline of female talent.
• Linking pay/bonuses to D&I: making the link between delivery of gender diversity targets and executive pay a firmer commitment under the Women in Finance Charter such that it is implemented on a comply or explain basis.
• Parental leave: Government and regulators to encourage all firms to consider equalising their offer of parental leave for men and women and actively encourage men to take it up. There is a further recommendation about firms being more transparent as to their maternity and parental leave policies.
  There are also recommendations relating to the impact of menopause, salary information, and flexible working amongst others.

To discuss this further, please contact Andrea Finn (Partner), Amy Sumaria (Managing Associate) and Penny Miller (Partner).

2. CRD VI – Europe: a new SMCR-type regime?

The proposed CRD VI brings with it a raft of new provisions. The focus of many banks has been on Article 21c and the requirement for third country firms to set up a branch in each Member State in which they are conducting certain in-scope cross-border business. This would clearly be a huge undertaking for firms and we’re doing a significant amount of work for a number of you on the scope of CRD VI and how it may impact particular business units and products. If this is something you’re grappling with, we’d love to come and discuss with you.

Apart from this (and the million other requirements around things like regulatory capital, ESG risk management, public disclosures, risk management of crypto asset exposures, etc.), there are some provisions buried within CRD VI that look like an SMCR-type regime. Some of the concepts are lifted straight from the SMCR (e.g. statements of responsibilities) and others give a nod to what we currently have in the UK (e.g. a Form A-type requirement for management body members). Alongside all the other elements of CRD VI, we’re doing a lot of work across our network on this and we’d be delighted to support you further on your scoping and interpretation projects.

CRD VI could, given Article 21c, almost be seen as another Brexit event and demonstrates Europe’s seriousness with regards to disentangling itself from the UK. This links to perhaps another word of warning from Europe. We’ve seen in the financial press the European Central Bank reiterating its expectations that, post-Brexit, rather than relying on London decision makers, overseas banks should be managing their EU business with local, sufficiently senior employees with reporting lines within the European entity.

Plenty of food for thought for firms and if you’d like to discuss any of the above further, please contact Amy Sumaria (Managing Associate) and Alex Ainley (Partner).

3. PRA and FCA - Final Notices with specific dicta around the allocation of Senior Manager responsibilities

The PRA has fined HSBC Bank plc (“HBEU”) and HSBC UK Bank plc (“HBUK”) £57,417,500 for violations of various PRA Fundamental Rules and certain Depositor Protection rules (“DP Rules”). There are some key bits of dicta from the PRA in this Final Notice relating to the SMCR and allocation of responsibilities which firms should take note of – we have written up our thoughts on this here.

There are also two Final Notices against individuals to bring to your attention this month:

• The FCA found Nicholas Andrew McNeil (previously an SMF 3) to lack honesty and integrity and has prohibited him from performing a role within financial services. This follows his conviction for possessing a false instrument (being a guarantee bond worth £1.7 million dated 2 April 2014, which was false), with the intention of inducing others to accept it as genuine when it was effectively valueless. He received an 18-month suspended prison sentence and a significant financial penalty.
• Floris Jakobus Huisamen has also been prohibited from performing a role within financial services due to a lack of integrity, and received a £31,800 financial penalty due to his role in disseminating misleading financial promotions at London Capital & Finance plc (“LCF”). Mr Huisamen was approved as a CF1 Director and CF10 Compliance Oversight and played a key role in the drafting and approval of LCF’s financial promotions, including confirming that they complied with the financial promotion rules. In reality, the financial promotions in question presented a misleading picture of LCF’s mini-bonds, failing to give investors the full picture about the risks of the product. Aside from demonstrating a lack of integrity, Mr Huisamen was considered to pose a risk to consumers and the integrity of the UK financial system.

Please do reach out to Amy Sumaria (Managing Associate) or Thomas Makin (Managing Associate) if you have any specific questions.

4. FCA – Form As and approval metrics 2023/24 Q4

In its Regulation round-up and, as we’ve noted before, the FCA has been updating its Form A. The FCA, on its Form A webpage, confirms that from Spring 2024 new applicants will be required to use the “improved” Form A (details of changes made are here). Any outstanding drafts using the old version will remain accessible until they are submitted. We draft a significant number of Form As, and if you’d like us to assist with yours, then please get in touch!

On the topic of Senior Manager approvals, we expect you’ve been on the edge of your seat waiting for the latest statistics from the FCA on their authorisations metrics. Well, for October to December 2023, the statistics show that the Approved Person applications metric has now moved from amber to green. This indicates that the FCA is now approving 98.6% of applications within the statutory deadline of 3 months, with 1,400 cases determined in the reporting period with a median determination time of 38 days.

We assist a lot of firms with their Senior Manager applications and we have a very good sense of the questions the regulators ask of applicants. If you would like to discuss further, please contact Penny Miller (Partner) and Amy Sumaria (Managing Associate).

5. Corporate accountability: report on addressing the enforcement gap

This report, published by Spotlight on Corruption (a charity working to highlight corruption and campaigning to improve the UK’s legal system to tackle corruption), provides an overview of the current senior executive accountability landscape for economic crime in the UK. Using research into the various legal and regulatory actions which are available to combat economic crime, including regulatory action under the SMCR, the report includes a number of findings:

• FCA fines and prohibition orders against individuals are declining: The FCA issued half as many fines to individuals in 2022 as it did in 2013, and the number of prohibition orders issued decreased by 62% in the same time period.
• The FCA issued significantly more penalties and prohibition orders against directors of SMEs than senior executives in large firms: 84% of the individual fines issued by the FCA against directors were given to those in the SME sector.
• There has been very limited enforcement of the SMCR: Only six financial penalties have been issued under the SMCR by the PRA and FCA since it came into force in 2016 (with one of these overturned and another unenforced). Only two of these were issued by the FCA, both in relation to non-financial misconduct, and of the 70 investigations the FCA opened between 2016 and 2022, 76% were into senior managers, but only 6% resulted in any enforcement action. There was also reference to the UK’s National Audit Office December 2023 report, which found that there were “significant delays” between the FCA identifying an issue and taking regulatory action.

Based on these findings, the report includes a number of recommendations, including reviewing obstacles to enforcing the SMCR, improving transparency and data consistency on SMCR enforcement, and the development of clear accountability principles. The report’s findings will be discussed in the UK Parliament, which we will follow closely and keep you updated, particularly against the ongoing backdrop of the SMCR review.

If you have any questions, please reach out to Amy Sumaria (Managing Associate) and Thomas Makin (Managing Associate).

6. FCA Consultation Paper - New approach to enforcement

The above section is probably the perfect segue into the FCA Consultation Paper CP24/2 “Our Enforcement Guide and publicising enforcement investigations - a new approach” published on 27 February with a commitment to carrying out enforcement cases more quickly. The regulator also plans to increase transparency of its enforcement process by naming the identity of the subject it places under investigation (although generally not when this is an individual unless the FCA assesses it is in the public interest to do so), the industry sector and regulatory or legal provisions the investigation relates to, and the nature of the suspected breaches. The FCA proposes to give updates throughout the enforcement process (including where investigations are closed without further action). As Therese Chambers put it in her speech published on the same day, *"The first rule of enforcement club is that you do in fact talk about enforcement club."* The aim is to shorten the gap between the activity and any public outcome, and therefore increase deterrence.

The FCA says that it will, in future, focus on “a streamlined portfolio of cases, aligned to its strategic priorities where it can deliver the greatest impact.” It will also close cases where no outcome is achievable more quickly. If implemented, the proposals would represent a step change from the existing process where the subjects of investigations are generally identified only once regulatory action has been taken and the subject has had the opportunity to make representations on it.

The consultation closes on 16 April 2024 and we will be one with many firms responding on this hot topic.

It’s worth noting that the FCA has also updated its webpage on investigation opening criteria, adding new sections such as one on the key question they ask themselves: “overall, is enforcement action likely to drive impactful deterrence?”. They have also amended the section “How we assess serious misconduct” and the section “Addressing harm”, amongst other changes.

If you would like to discuss our response, please contact Caroline Hunter-Yeats (Partner) and Thomas Makin(Managing Associate).

7. FCA - Dear CEO letter to Asset Managers – Interim update on its supervisory strategy

The Dear CEO letter sent to asset management firms at the start of March provides an update on its previous portfolio letters issued in August 2022 and February 2023. As the FCA notes, there is a considerable amount of current and planned regulatory change in this sector, and we’ve identified some of the highlights from an SMCR+ View perspective:

• Consumer Duty: The letter has a strong focus on Consumer Duty, particularly in relation to assessments of value, including a multi-firm review examining valuation practices for private assets which will include a review of the governance of valuation committees, the information reported to Boards about valuation and the oversight by relevant Boards of these practices.
• Change management: Noting the high volume of regulation both in play and upcoming for this sector, the FCA has identified a risk of firms being inadequately resourced to handle the changes at the same time as transformation programmes and strategic developments. The FCA indicates that this year it will be assessing how firms’ governance and resourcing of change programmes has considered and mitigated this risk (with a particular focus on the implementation of SDR and building operational resilience). We know of firms being asked these types questions by the FCA, so they really do have a keen focus on this. Another area we are aware of them being focussed on is Senior Manager accountability for these changes.
  The FCA expects CEOs to have discussed this letter with the Board and Executive Committee and consider whether the risks of harm identified in the letter are present and, to the extent they are, adopt strategies for mitigating them. CEOs are expected to reinforce accountabilities for relevant risks with Senior Managers. The FCA notes that in any future engagement with firms it will consider whether the governing body and Senior Managers have taken appropriate action to ensure that consumers and markets are adequately protected from harm.

If you have any questions on the content of the letter, please reach out to Catherine Weeks or Amy Sumaria.

8. FRC launches the UK Corporate Governance Code 2024

The Financial Reporting Council (“FRC”) has published a new version of the UK Corporate Governance Code 2024 (the “2024 Code”) together with new guidance to the 2024 Code for Boards. The 2024 Code will be effective for accounting periods starting from 1 January 2025 and emphasises a principles-based approach, encouraging companies to apply the Code flexibly and innovatively, moving away from a prescriptive mindset.

The key changes to the 2018 Code are focussed on internal controls, with the annual reports required to include explanations as to how the Board monitors and reviews the effectiveness of its internal control framework, a description of any material controls which have not operated effectively, and any action (or proposed action) to improve them. Other changes include an increased emphasis that governance reporting should focus on outcomes as well as embedding culture within the organisation and providing that appointments to the Board and succession planning should promote diversity, inclusion and equal opportunity.

If you would like to dive deeper into recent Corporate Governance updates, please see our Spring 2024 update here. If you have any questions, please reach out to David Hicks (Partner), Caroline Chambers (Senior Professional Development Lawyer) and Sally Childs (Professional Development Lawyer).

9. FCA speech on leaning in on making consumer tech a force for good

Bringing together perhaps two of the hottest topics for the FCA at the moment – AI and Consumer Duty – the FCA’s speech on how consumer-facing technology can help keep consumer markets honest, looks at how AI can assist in delivering good customer outcomes under the Consumer Duty. When using AI innovations in the context of consumer-facing technology, the FCA is of the view that these can be made without excessive regulatory intrusion by using the Consumer Duty and existing Senior Manager accountability. The FCA indicates that firms will need to have governance in place to fix issues after problems arise, such as issues with the way that AI models work, any data bias issues or uncertain long-term outcomes, given that not every issue that arises will be able to be stopped in advance. The FCA also highlights it’s focus on operational resilience as an existing tool through which it can address challenges in relation to AI.

We are doing a lot of work on AI and the legal/regulatory framework applicable to financial services firms. We have produced a summary to the EU AI Act here (due to be approved imminently) and we have an insight piece on Board level considerations in relation to AI which we’d be happy to share if of interest.

If you have any questions on AI within financial services firms, please reach out to Minesh Tanna (Partner and Global AI Lead) and Amy Sumaria (Managing Associate).

10. Bank of England 2024 priorities for the insurance sector

The Bank of England and PRA have published a Dear CEO letter to the insurance sector setting out their priorities for 2024. Some of the key areas to highlight include the expectations around Operational Resilience, with the PRA reiterating that they expect Boards and senior management to actively oversee the delivery of their firm’s operational resilience programme, which will be of interest to your relevant Senior Managers. Other areas of the PRA’s focus include risk management as well as the financial risks arising from climate change, with the PRA indicating improvement needed in scenario analysis capabilities.

We would recommend that firms ensure their CEOs are apprised of this letter and consider the PRA’s priorities. If you have any questions, please reach out to Jonathan Thorpe (Partner).

11. PRA Policy Statement on Enforcement Approach

Cast your minds way back to the SMCR+ View for May 2023 and you may remember the PRA’s Consultation Paper on proposed changes to its enforcement approach. The PRA has now published Policy Statement 2/24, which confirms that it will go ahead with the proposed “Early Account Scheme” (“EAS”), under which the subject of an investigation would be compelled to undertake the “fact-find” phase of the review itself and to report to the PRA together with a Senior Manager attestation (an “Account”).

The PRA has confirmed that the EAS is voluntary, and no adverse inferences will be drawn to the extent it is not used. In relation to the Senior Manager attestation, despite pushback from respondents, the PRA will continue to require that the attestation be made, but has provided further clarification as to requirements and scope: the Senior Manager will be required to attest as to the process followed in preparing the Account, their role in overseeing its production, the robustness and diligence of the process, and that the Account accurately reflects any investigatory findings, as well as attesting that, in relation to the matters to be covered by the Account and based on the scope and methodology of the Account, there are no other related matters, relevant information or potential breaches of which the Senior Manager is aware and which should be notified to the PRA. The PRA also provides further clarity regarding the process for selection of the relevant Senior Manager to give the attestation.

If you have any questions, please reach out to Thomas Makin (Managing Associate).

12. FCA – Dear CEO letter on AML framework failings (Annex 1 firms only)

This letter from the FCA outlines actions required in response to common control failings identified in AML frameworks. Common weaknesses related to (i) discrepancies between firms’ registered and actual activities, and lack of Financial Crime controls to keep pace with business growth, (ii) weaknesses in Business Wide Risk Assessments and Customer Risk Assessments, (iii) lack of detail in policies creating ambiguity around actions staff should take to comply with their obligations under the MLRs, and (iv) lack of resources for Financial Crime, inadequate Financial Crime training and absence of a clear audit trail for Financial Crime-related decision-making. The FCA clearly state, amongst other things, their expectation that senior management take clear responsibility for managing Financial Crime risks and that Financial Crime should be a standing agenda item at senior management meetings rather than considered on an exceptions-only basis.

There is an expectation that senior management of relevant firms carefully consider the letter and complete a gap analysis against each of the common weaknesses we have outlined within six months. The FCA say they’re likely to ask firms to provide this in the future as well as evidence of any remedial actions/enhancements made as a result of the analysis. Although this applies to Annex 1 firms, this may be interesting for SMF 17s and those holding prescribed responsibility for Financial Crime, as well as senior management more broadly.

13. Economic Crime & Corporate Transparency Act 2023 (ECCTA) - Simmons & Simmons Toolkit

Following the implementation of the recent Economic Crime and Corporate Transparency Act, institutions are now faced with increasing corporate criminal risk exposure across their global business. The Simmons & Simmons ECCTA Fraud Prevention Toolkit provides a range of resources to help organisations understand, assess and mitigate the risks created by the reforms and to develop reasonable anti-fraud procedures.

You can learn more about the Economic Crime and Corporate Transparency Act and ECCTA Fraud Prevention Toolkit here.

If you’d like to schedule time with our team to discuss what this means for you, please contact Camilla de Silva (Partner), Jon Malik (Supervising Associate) or David Bridge (Senior Professional Support Lawyer).