Senior Managers & Certification Regime for insurance firms – What now?
As of the 10th December, insurance firms are now subject to the Senior Managers and Certification Regime. So as an insurance firm what do you need to be doing now to ensure continued compliance?
SM&CR: A Summary
The Regime replaces the revised Approved Persons Regime, and last month’s extension to insurance firms is part of the eventual roll-out of the Regime to all financial services firms. The SM&CR was introduced to banking firms in 2016 to address some of the issues that contributed to the financial crisis, seeking to encourage a culture of personal responsibility from the top down by making staff individually accountable for their competence and their actions.
Although there are similarities with the previous regime, it is important to note a number of key differences, both administratively and practically. Whilst those carrying out specific functions - Senior Managers – still require FCA approval, some individuals who carry out other key functions – known as ‘Certification Functions’ under the new Regime – will not need FCA approval, but will need to be certified by the firm. This shifts responsibility for certifying these employees as competent from the regulator to the firm, reflecting one of the objectives of the Regime, to reinforce that firms, and not the regulator, are responsible for making sure their staff are fit and proper.
Firms will need to certify that these individuals are competent and able to carry out their function at least annually. Along with training requirements – for both Senior Managers and Certification staff – firms need to have in place policy and procedure to ensure that training, assessment, and certification are undertaken as required.
There are also new requirements that firms undertake criminal records checks as part of Senior Managers approval applications, and request regulatory references from the previous employers of Senior Managers and those in Certified roles. Firms will also need to update regulatory references where new and significant information comes to light.
The Conduct Rules are a new set of enforceable rules, set out in the FCA’s Code of Conduct Sourcebook. These lay out basic standards of good personal conduct that will apply to staff directly, and against which the FCA can hold individuals to account. They are designed to help shape the culture and standards of a firm from the top down, and apply to most employees in affected firms, other than ancillary staff (e.g. receptionists, reprographics staff), whose role could affect the integrity of the UK financial system. Firms must train all relevant staff on how the Conduct Rules affect them.
Depending on the category of firm, there are a number of new requirements relating to evidence and documentation, including responsibilities maps, statements of responsibilities, certification, and the submission of the new forms where approvals are to be requested or where changes are required, and new reporting obligations that need to be built into procedure.
At this stage, insurance firms should have completed any required transitionary paperwork and be settling into the Regime. Successful implementation is only the first step, however, and firms should now be concentrating on embedding the culture of responsibility that will help to improve the standard of conduct at all levels. One of the main objectives of the SM&CR is this improvement in culture, leading to individual accountability, improvements in conduct, and the resulting benefits to consumers and to businesses.
Banks have been subject to the Regime since 2016 and have seen a noticeable shift in culture – insurers should learn from the banks’ experience and at this stage be concentrating on building positive culture within their firms. In context, the term ‘culture’ is difficult to define, and even more difficult to translate into practical measures. A good starting point is to think of a positive culture as being one that embodies and encourages good ethical behaviours and that is exemplified from the most senior individual down. Training offers a perfect opportunity to begin to embed these positive behaviours.
Senior Managers and Certification Staff should have received training on the Conduct Rules prior to the commencement of the Regime, but firms should ensure that other employees receive adequate training within the next 12 months, and that there is sufficient provision for regular ongoing training. The FCA have made it clear that they expect to see positive changes in a firm’s culture from the top down, and training offers a clear opportunity to begin to embed the right cultures and behaviour in staff at all levels. Sessions aimed at Senior Managers can also help these individuals to understand their new responsibilities under the regime, and the potential personal consequences following a failure to comply, whilst providing a strong framework that gives them the confidence they need to go about their day to day work, as well as foresee any potential issues or breaches.
The roll-out of the Regime to other financial services firms continues, with a 9 December 2019 transition date for solo-regulated financial services firms. These firms should be proactive, and learn from the experience of banking and insurance firms that planning for changes to ensure compliance from start of regime and begin to embed culture and accountability can take some time. The transition is designed to be proportional but firms of all sizes will be affected and need to begin planning for transition and implementation.
To help, we have created SM&CR compliance resources that will be available to download on our website in the New Year. To be the first to hear about these resources, sign up to our Compliance Insights email series.