SMCR+ View – April 2024

Welcome to the April 2024 edition of SMCR+ View. As we step into Spring (although the recent weather would fool anyone), we are bringing you another comprehensive edition, covering the latest on the ongoing SMCR review; the FCA and PRA’s updated AI strategies which lean heavily on the existing framework including the SMCR; the FCA’s updated Form A and more…

As always, we appreciate your feedback and ideas as to how we might improve for next time!

1. FCA/PRA - SMCR Consultation Paper incoming June 2024

We knew the FCA’s consultation paper on the SMCR was coming in Q2 2024, but buried in their recent Artificial Intelligence (“AI”) strategy update, is confirmation of their plan to publish it in June 2024, giving firms additional clarity. The PRA's Business Plan for 2024/25 only reconfirms the PRA’s plan to consult in H1 2024, but given it is working closely with the FCA and HMT on this topic, we expect June 2024 is what the PRA are aiming for also. In relation to overseas bank branches the PRA specifically states that it “intends to consult on clarifying expectations for group entity senior manager functions [(SMF 7s)]…”, which gives a sneak peek as to what might be in any consultation paper. The PRA outline in their business plan that over 90 responses were received relevant to its work “reflecting the significant level of stakeholder interest in the regime".

The PRA's Business Plan for 2024/25 covers a number of other topics from remuneration (where it states it is planning to consult on potential changes in 2024 H2) to diversity & inclusion (“D&I”) (where it just says in 2024 it will continue industry engagement and assess responses to the PRA’s D&I consultation paper), to AI, model risk management, private asset financing, and more.

On extending the SMCR to other portfolios - the FCA’s Perimeter Report was updated this month and the FCA reiterated their position that they are keen to apply the SMCR to credit rating agencies and continue to work with Treasury on this. There is a similar sentiment for payments and e-money firms. Cryptoasset businesses are also specifically referenced as not being within scope of the SMCR, meaning the FCA isn’t able to apply the same level of scrutiny to senior managers in these businesses.

This update on the Bank of England’s (“the Bank”) approach to enforcement following the Financial Services and Markets Act 2023 reiterates that FSMA 2023 includes new powers for the Bank to create a SMCR in respect of individuals working at Financial Market Infrastructures (FMIs), and that those new powers include certain enforcement powers. The Bank says it will consult on those new powers at a “later date”.

We’re following this closely and please do get in touch with Amy Sumaria (Managing Associate) or Penny Miller (Partner) if you have any questions.

2. FCA - Form A updates

Earlier this month the FCA finally rolled out their new Form A (SMF application form). Firms now need to include 10 years of job history, rather than uploading a CV. There are also new questions about a candidate’s right to work in the UK, previous names to be displayed on the FCA Register, and how candidates will split time between activities and directorships (note this latter question is similar to and borrows from one asked in the MiFID Article 4 form required of management body members only). The Form A has scrapped the "Send later" function and has merged the Statement of Responsibilities with the Form A, which means no need for a second, separate submission. These changes currently apply to standalone applications and from 24 May 2024 will also apply to new related applications (e.g. first time authorisation applications). This webpage answers a number of FAQs.

The FCA’s latest operating metrics are also here and they finally show the FCA being in the ‘green’ with approving SMCR applications within 3 months – only 19 were not processed within that window for Q3 2023/2024.

Do reach out to Amy Sumaria (Managing Associate) or Penny Miller (Partner) if you need any assistance.

3. FCA – Non-financial misconduct

You may have seen in the financial press following a recent freedom of information request that of the 1000 wholesale banks, brokers and insurers sent the FCA’s non-financial misconduct (“NFM”), 237 firms missed their deadline and 40 firms requested and were granted extensions.

We’ve worked with a lot of you on NFM matters, including this survey, and if you’d like to discuss the survey, its contents or any related NFM points further then please get in touch with Amy Sumaria (Managing Associate) or Andrea Finn (Partner).

4. FCA – Financial Crime Guide Updates – CP 24/9

The FCA is consulting on changes to its Financial Crime Guide to enhance relevant firms’ understanding of the FCA’s expectations and help firms assess the adequacy of financial crime systems and controls. The guide applies to all FCA Financial Crime Supervised Firms and firms supervised by the FCA under The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs), including cryptoasset businesses.

The proposals include self-evaluation questions and examples of good and bad practices. The guide doesn’t impose new requirements or rules on firms. There are various bits of new guidance that refer to senior management and governance – e.g. self-assessment questions such as “how are senior management kept up to date with sanctions compliance issues?” and “Does regular and ad hoc MI provide senior management with a clear understanding of the firm’s sanctions compliance risk?”
For more information please contact Amy Sumaria (Managing Associate) or Penny Miller (Partner).

5. FCA – Approach to International Firms

The FCA published its approach to international firms providing or seeking to provide financial services that require authorisation in the UK. There is a section on personnel and decision making where the FCA have stated that they would typically expect senior managers who are directly involved in the firm's UK activities to spend an adequate and proportionate amount of time in the UK to make sure those activities are suitably controlled. This said, the FCA acknowledges that individuals with purely strategic responsibilities for a UK branch may not be based in the UK. They have said that they expect individuals responsible for the day-to-day management of the UK branch activities to have sufficiently independent decision-making powers and to exercise independent challenge over strategic decisions that affect the wider firm. The FCA’s focus on senior managers spending time in the UK was reiterated in this recent speech by Sarah Pritchard.

We have increasingly seen the FCA become more robust in terms of assessing the location of Senior Managers and their level of seniority within the context of third-country branches - this seems to accord with that trend. For further details contact Amy Sumaria (Managing Associate) or Penny Miller (Partner).

6. FCA - Enforcement Guide Consultation Paper – CP 24/2

We’ve engaged with a huge number of you, as well as the Investment Association, Association of Foreign Banks, AIMA and UK Finance on the FCA’s CP24/2: Our Enforcement Guide and publicising enforcement investigations - a new approach. We also hosted a webinar with Therese Chambers, the FCA's Joint Executive Director and Market Oversight, on the proposals and how the FCA anticipates these would operate in practice, which you can watch on demand here.

As everyone will be aware, the FCA have had significant pushback on their proposals, including from the House of Lords Financial Services Regulation Committee and you can read the FCA’s response to the letter here. Financial services industry leaders have expressed their concerns in an open letter to the Chancellor, arguing that the proposals could negatively impact firms’ reputations, destabilise financial markets, and harm the competitiveness of the UK’s financial services sector.

The deadline for submitting responses is TODAY (30 April 2024) and can be submitted using the FCA's online form. We have submitted our own response after discussions with many of you, pushing back on some of the proposals, which we’d be happy to share if of interest. It will be interesting to see what happens next, but the proposals have come under heavy criticism both in principle and on the detail and the obvious fallback of an anonymised ‘Market Watch’ style periodical must be a possibility. That being said the FCA’s response to the House of Lords doubled down on the proposals and there is a meaningful risk that they will press ahead regardless of the blatant flaws in this proposal. Note there is also this update on the Bank of England’s (“the Bank”) approach to enforcement following the Financial Services and Markets Act 2023. Responses to the Consultation Paper are required by 28 June 2024.

To discuss, please contact Thomas Makin (Managing Associate), Caroline Hunter-Yeats (Partner), or Emma Sutcliffe (Partner) for more details. We also have Financial Markets Disputes View available here for regular updates on the FCA and PRA’s enforcement action and proposals.

7. FCA / PRA – Artificial Intelligence Update

Last week, the FCA and PRA published their updated AI strategies following the Government’s publication of its pro-innovation strategy in February 2024. In summary, there is no fundamental change in their position – the FCA reiterate their position as a ‘technology agnostic, principles-based, outcomes-focussed’ regulator and that their regulatory framework does not usually mandate or prohibit specific technologies. This is echoed by the PRA who add that “technology agnostic” doesn’t mean “technology blind” and the PRA are focussed on understanding and addressing risks that arise.

Neither regulator outlines any new AI specific rules although they don’t rule out ‘future regulatory adaptions’. Instead, the FCA and PRA give further examples as to how they will seek to regulate AI within their existing framework – i.e. there are specific references to the Threshold Conditions, Principles (2,3,6,7,8,9), SYSC (particularly general organisational requirements, risk management and operational resilience), SMCR and the Consumer Duty (and on the PRA side there’s reference to the Model Risk Management requirements data management requirements governance and operational resilience, amongst other things).

The SMCR is mentioned multiple times and whilst there is no designated SMF that must be responsible for AI, the regulators reiterate that each SMF will be responsible for the use of AI within their areas of responsibilities. There is also specific reference to SMF 24 (Operations function) and SMF 4 (CRO) who typically have responsibility for technology and risk, respectively. The PRA paper references the requirement for relevant firms that there must be a Senior Manager responsible for the model risk management framework, which will cover AI models. It’s clear that the SMCR is a clear regulatory lever for the FCA/PRA to pull in relation to the regulation of AI.

Other areas of focus are operational resilience, critical third parties and outsourcing – there is a clear focus on these as they are referenced multiple times . The FCA specifically states that there is a “growing urgency” to take a more proactive approach to risks in these areas.

For those subject to the Consumer Duty, the update very interestingly makes a suggestion regarding how the use of AI may be incorporated into annual Consumer Duty reports: “The first annual report is due on 31 July 2024. This additional layer of reporting and oversight by a firm’s board might also include consideration of current or future use of AI technologies where it might impact retail consumer outcomes or assist in monitoring and evaluating those outcomes.” (which is reasonably directional from them on this topic). Note there are lots of Consumer Duty updates from the FCA – for more on this sign up to Consumer Duty View here.

Quantum computing is also called out specifically as being an area both regulators are actively monitoring.

One final interesting snippet that caught our eye was reference to how the FCA/PRA are using AI themselves. The PRA has specifically stated that it has introduced a cognitive search tool with AI capabilities that helps supervisors gain more insights from firms’ management information by extracting key patterns from unstructured and complex datasets. For firms submitting Board packs etc to the PRA regularly it will be interesting to see how your supervisory engagement with the regulator evolves in light of this AI technology assisting them in their supervisory roles.

For those with an interest in this area the FCA have also published Feedback Statement FS 24/1 on the “Potential competition impacts from the data asymmetry between Big Tech firms and firms in financial services”. Much of the same themes of the AI update were also addressed in Nikhil Rathi’s latest speech on the Digital Regulation Landscape.

We are doing a significant amount of work in relation to the use of AI within financial services including cross-border surveys, obligations registers or mapping given the incoming EU AI Act, reviewing Terms of Reference for AI Committees (or similar), Board training on AI and more. We’ve also held peer roundtables for asset management clients and banks – if you’d like to be a part of these or for us to arrange one with your peers then do let us know.

For further details contact Amy Sumaria (Managing Associate), Minesh Tanna (Partner) or Sophie Sheldon(Partner) and to sign up to AI View please click here.

8. FCA – Complaints Data

The FCA’s complaints data may be interesting for certain senior managers within your firm and those working on the Consumer Duty. The new FCA page provides an overview of financial services firms' complaints reported to the FCA during 2023 H2 (1 July to 31 December 2023), including the latest trends and analysis by product groups. Whilst most products saw a decrease in the number of complaints, the product groups that experienced an increase in complaint numbers were: banking and credit cards, home finance and investments.

9. FCA – Dear CEO Letters

• The FCA’s thematic review of retirement income advice, and subsequent but related Dear CEO Letter, include a call to action for the CEOs of relevant consumer investment firms and senior managers to engage with the findings of the review and take action in response to them where required. The FCA has warned that there will be follow-up supervisory activity. The review highlights examples of good and bad practices, and whilst some firms are successfully considering customers' needs and designing advice models that lead to good outcomes, other firms are lagging behind. The Dear CEO letter outlines that the Thematic Review didn’t consider files against the Consumer Duty as it was conducted prior to 31 July 2023, but acknowledges that without firms taking appropriate action it’s unlikely that most firms will be compliant with all elements of the Consumer Duty.
• Here is another Dear CEO letter for those in the consumer finance portfolio relating to the requirement for relevant firms to maintain adequate financial resources. This was issued on 12 April 2024 and the FCA make it clear what immediate actions are required.
• This Dear CEO letter on consumer lending outlines the FCA’s priorities, how the FCA expects firms to reduce and prevent serious harm, setting and testing higher standards, policy changes and actions for firms. Specifically, the letter outlines that the FCA has identified poor governance and inadequate senior management oversight as a root cause behind several drivers of harm. It references the SMCR, its interlock with the Consumer Duty, the need for succession planning, improving D&I, removing non-financial misconduct and having proper regard for ESG. The letter requires firms (specifically directors/Board members) to consider the obligations and expectations set out in the letter and to agree necessary actions. The letter states that the FCA’s supervisory activity over the next 2 years will be to test firms against these expectations.
• Of interest to your CFOs might be the FCA’s recent financial reliance survey data published here.

Do get in touch with Penny Miller (Partner) if you’d like to discuss further.

10. FCA – Mr. Neil Woodford

The FCA’s announcements relating to the Woodford Equity Income Fund (“WEIF”) have been ongoing for years. Most recently, the FCA issued its Final Notice against Link Fund Solutions (“LFS”) finding it to have breached Principle 2 by failing to demonstrate the necessary skill, care and diligence in its management of WEIF and Principle 6 by failing to adequately manage the fund's liquidity, meaning that investors couldn't access their money at short notice.

The FCA has also issued a warning notice in respect of Neil Woodford and Woodford Investment Management Limited (“WIM”), proposing action against them for their conduct in respect of WEIF. The FCA considers Mr. Woodford (who held the CF 1 (Director) and CF 30 (Customer function) under the Approved Person Regime) to have breached Principle 2 (due skill, care, and diligence) and Principle 6 (due skill, care and diligence in managing the business of the firm). This is because the FCA considered Mr. Woodford to have (i) a defective and unreasonably narrow understanding of his responsibilities for managing WEIF’s liquidity, (ii) failed to ensure a reasonable and appropriate liquidity profile for WEIF when making investment decisions in the face of ongoing redemptions and net outflows; (iii) failed to take adequate steps to satisfy himself that the liquidity framework applied to the WEIF was appropriate; and (iv) not exercised adequate oversight in respect of certain delegated aspects of his responsibilities and interactions between WIM and LFS.
These might be interesting points to consider when providing training to relevant individuals subject to the SMCR. Contact Amy Sumaria (Managing Associate) or Penny Miller (Partner) to discuss further.

11. Diversity & Inclusion

Whilst there’s no update from the FCA and PRA on their D&I consultation paper since our last SMCR+ View, the Parker Review Committee's 2024 update report (“2024 Parker Review”) and Government’s Report and recommendations for improving diversity and inclusion (D&I) practice in the workplace (“D&I in the Workplace Report”) have arrived.

The 2024 Parker Review presents findings regarding the ethnic diversity of boards and senior management within FTSE 350 companies and large private companies. The report reveals that as of December 2023, 96% of FTSE 100 companies, 70% of FTSE 250 companies and 44% of private companies had at least one ethnic minority director. It also highlights the average ethnic minority representation in senior management, which was 13% for FTSE 100 companies and 12% for FTSE 250 companies which remains short of the average target for the proportion of ethnic minority representation in senior management in 2027.

The D&I in the Workplace Report follows a six-month long panel on Inclusion at Work. The report's recommendations include (i) endorsement of the government for a new framework for D&I practices, focusing on effectiveness and value for money; (ii) creation of a digital tool (funded and facilitated by the government) to help leaders and managers assess the efficacy of D&I practices and encourage providers of interventions to evaluate and demonstrate their impact; and (iii) clarification of legal status of D&I practices from the Equality and Human Rights Commission (“EHRC”) particularly in light of recent rulings and their implications for HR policies and staff networks. Beyond these recommendations, the report and contributors identified that change will not be possible without engagement and ownership by senior leadership, outside of HR functions. Amongst other things, it suggests that change requires a proactive and impartial leadership involved in the establishment of a culture of diversity and inclusion.

The FCA’s Executive Director of Authorisations, Sheree Howard, recently gave a speech entitled “Reaping the rewards of investing in women” (a sentiment we strongly support) which focuses on the importance of attracting and retaining women in financial services, amongst other things.

For more D&I related updates please sign up to DE&I View here and contact Andrea Finn (Partner) or Fiona Bolton (Partner).

12. FCA – Key Final Notices and Decision Notices

• In the latest cum-ex case, Mr. Nailesh Teraiya has been fined £5.95 million and banned from carrying out any regulated activity given his role as sole controller and CEO of Indigo Global Partners Limited which participated in a sham trading scheme. Mr. Teraiya was found to have breached Principle 1 (act with integrity) under the Approved Persons Regime. Mr. Teraiya has referred his Decision Notice to the Upper Tribunal.
• After an 8 week trial, Mr. Stuart Bayes was found guilty of insider dealing. He both traded relevant shares himself, and also encouraged another individual to do the same.
• Mr. Arthur Cobill was found to have breached Principle 2 (due skill, care and diligence) under the Approved Persons Regime for providing incompetent and unsuitable advice to customers. The FCA would have imposed a £1,113,225 fine on him but has instead agreed for Mr. Cobill to pay £120,000 to the FSCS to contribute to relevant customers’ redress.
• Mr. William Hofstetter has been found to have breached Principle 6 (take reasonable steps to ensure that the business of the firm for which they are responsible complies with the relevant requirements and standards of the regulatory system) because he incompetently oversaw a defined benefit pension advice process which resulted in customers’ retirement funds being put unnecessarily at risk. Mr. Hofstetter has also been banned from performing a SMF role in the future and the FCA has withdrawn his SMF 3 (director) and SMF 16 (compliance officer) approvals.

Please do reach out to Amy Sumaria (Managing Associate) or Thomas Makin (Managing Associate) if you have any specific questions.

13. FCA – Pensions Dashboard Service (“PDS”) Firms

Pension dashboards are digital interfaces allowing customers to find their pensions and view basic information about them in one secure place. To ensure sufficient consumer protection, the RAO (Regulated Activities Order) was amended to include operating a PDS as a regulated activity. The FCA’s consultation paper (CP 24/2) covers a number of matters including the fact that firms who only hold permission for regulated PDS activity and, if applicable, ‘making arrangements with a view to transactions in investments’ in limited circumstances, will be a Limited-scope SMCR firm.

For more information on this please contact Amy Sumaria (Managing Associate) or Penny Miller (Partner).

14. PRA - Approach for a Critical Third Parties (“CTPs”) regime in the UK

The consultation period for CP26/23 (Operational resilience: Critical third parties to the UK financial sector) closed mid-March, as covered in our previous edition of the December 2023 SMCR+ View. A recent speech by Gareth Truran outlines, amongst other things, how the proposed CTP regime will fit into the wider operational resilience framework. In particular, he highlights that it will "complement, but not replace, the responsibility of individual regulated firms and their senior management" and that firms still need to comply with the operational resilience requirements and be accountable for managing risks in their own outsourcing and third-party arrangements.

The PRA aims to issue final requirements and expectations for CTPs in the second half of 2024.

To discuss, please contact Rosali Pretorius (Partner).