Insurers set to be captured by enhanced Senior Managers and Certification regime from 2018.
In July, the PRA and FCA released their highly anticipated consultation papers (FCA CP17/26 and PRA CP14/17) setting out their proposals to extend the Senior Managers and Certification regime (“SM&CR”) to insurers from 2018. In this blog, we explore the most significant changes affecting insurers and steps that firms can take to prepare for the new regime.
Objectives of the proposals and the SM&CR
The proposals are designed to align the SM&CR individual accountability regimes for the banking and insurance sectors while continuing to respect the different business models of the two sectors and requirements of Solvency II. The proposals are also intended to support improved governance and culture across the industry and are summarised below.
Key proposed changes
The FCA has proposed the introduction of new functions: SMF 3 Executive Director, SMF 18 Other Overall Responsibility, SMF 16 Compliance Oversight and SMF 17 Money Laundering Reporting Officer. The FCA has highlighted that banks found SMF 18 one of the more difficult areas to implement and has emphasised that firms need to consider carefully their business model in order to identify all relevant functions.
The PRA consultation paper CP8/17 (now closed) also included proposals for a new Chief Operations SMF (SMF 24) and a new Head of Key Business area SMF (SMF 6) for individuals who are responsible for large business areas or divisions.
One of the most significant changes for insurers is likely to be the introduction of the certification regime. This requires firms to identify staff captured by the regime and establish a new process to certify them as “fit and proper” on an annual basis (replacing regulatory pre-approval under the previous Approved Persons Regime).
A firm’s certification population is proposed to include Material Risk Takers (“MRTs”), Key Function Holders (“KFHs”) and employees who are not Senior Managers but whose role means it is possible for them to cause significant harm to the firm or its customers. Identifying those employees that are MRTs or who could cause “significant harm”i requires judgement, although helpfully an insurer’s MRT population will already be defined under Solvency II requirements.
Complying with the proposed certification requirements will require firms to establish new processes and implement changes throughout the employee lifecycle (including interviewing employees, on-boarding new joiners, tracking training compliance and conduct breaches, performing annual appraisals, issuing certificates and issuing references). Those banks which implemented the certification regime most effectively had active engagement throughout from both HR and compliance functions.
Application of Conduct Rules
The PRA and FCA propose to extend the application of the Conduct Rules to all employees except those in ancillary roles and to introduce notification requirements for breaches of the Conduct Rules.
To comply with the proposals, firms will need to determine what constitutes a Conduct Rule breach (which may differ from a breach of internal standards and policies) and embed systems and processes for monitoring and reporting Conduct Rule breaches. The desire for a transparent and well-governed process led a number of banks to set up a Conduct Committee to allow management to review and consider potential conduct breaches.
Firms are also required to make employees aware that they are subject to the Conduct Rules and train them on how the rules apply to them.
New “duty of responsibility”
Although this does not change any of the responsibilities of Senior Managers, and does not constitute a change in the expectations and requirements of Senior Managers, the new “duty of responsibility” will enable the PRA and FCA to hold Senior Managers in insurance firms accountable if a breach of a regulatory requirement takes place in their area.
To support Senior Managers and promote a consistent approach, many banks (to whom the “duty of responsibility” already applies) have set out and communicated expectations of the “reasonable steps” that Senior Managers should be taking and able to evidence to demonstrate they are discharging their responsibilities.
Further changes that the PRA and FCA are consulting on include:
- A requirement to provide Handover information to S(I)MFs and implement a Handover policy.
- Amendments to the Senior Manager Prescribed Responsibilities (“PRs”), including some new PRs such as a new PR for preventing financial crime and amending the fitness and propriety PR to reflect the proposed extension to the regime.
- Renaming and enhancing SIMR documentation; under the proposals, the governance map will become the management responsibilities map and scope of responsibility documents will become statements of responsibility (“SoRs”). The regulators have emphasised the need to include a full set of responsibilities in SoRs, not just a summary of significant responsibilities.
- Introduces new Senior Management Functions (“SMFs”) to replace remaining FCA Approved Person designations and complement existing Senior Insurance Management Functions (“SIMFs”).
What steps should firms be taking now?
The PRA and FCA consultations closed on 3 November 2017. Practical steps which firms should be taking now include:
- re-mobilising your SM&CR project team now, assigning responsibility for the implementation of the enhanced requirements under SM&CR to an appropriate individual and preparing an implementation plan;
- determining the impact on your firm’s functions and processes, starting to map changes that are needed to meet the enhanced SM&CR requirements, particularly employee processes; and
- engaging senior management early by socialising the new SM&CR requirements with them to smooth the transition process.
We have significant experience in delivering implementation and post-implementation support on SM&CR and are currently assisting insurers and other financial services firms to prepare for the extension, including embedding “reasonable steps”, preparing for the certification regime and monitoring Conduct Rule breaches. For further information and to find out more about how Deloitte can support your firm, speak to one of our experts.
iThe FCA has suggested eight Certification Functions which include MRTs, anyone who supervises or manages a person performing a Certification Function, SMFs and functions subject to qualification requirements. The PRA has proposed a slightly different set of Certification Functions, which do not conflict with FCA proposals and comprise all KFHs and MRTs for large Solvency II insurers.