Insurers, reinsurers and managing agents (which we will refer to in this article as “insurers”) will be fully within the scope of the Senior Managers and Certification Regime (“SMCR”) regime from 10 December 2019, following a staggered implementation period which started on 10 December 2018, with compliance with all aspects required by 10 December 2019.
Insurers were previously subject to the less stringent Senior Insurance Managers Regime (“SIMR”), which was driven by the EU Solvency II Directive. In this article, we first summarise the key changes as a result of the SMCR for Solvency II insurers (i.e. those insurers who are caught by the Directive) and large Non-Directive Firms (i.e. those smaller insurers outside of the scope of the Directive, but who have nonetheless applied for authorisation under it), and then suggest some important steps to take to ensure your firm is on track.
The extension of personal regulatory duties beyond approved persons will feel like the most significant change for most people working at insurers, most of whom have never been accountable directly to the regulators for their personal conduct.
The FCA’s and PRA’s Conduct Rules – contained in the Code of Conduct sourcebook (COCON) of the FCA Handbook and the Conduct Part of the PRA Rulebook respectively – currently apply only to Senior Management Function (“SMF”) holders, non-executive directors and certification staff. However, with effect from 10 December 2019, the Individual Conduct Rules will apply to all staff (except those carrying out a small number of purely administrative roles that are specified in the FCA’s rules). A failure to meet the standards imposed under the Individual Conduct Rules will mean that an employee could be liable to regulatory enforcement action. In addition, any employee will be susceptible to disciplinary action by the PRA or FCA if they are found to have been “knowingly concerned” in a breach by the insurer. These changes significantly extend exposure to personal regulatory action beyond the members of senior management, and require careful explanation and messaging from firms to their staff.
Insurers themselves have a statutory obligation under the new regime to provide suitable training to their Conduct Rules staff (i.e. those employees within scope of the Conduct Rules), to help them to understand their personal regulatory duties. This training will need to be provided by 10 December 2019. Insurers will also need to put a process in place to train new joiners, individuals who change roles and in relation to refresher training.
In the post-SMCR world, insurers must also notify the FCA and/or PRA if they take disciplinary action (the definition of which includes the issuance of a formal written warning) against a person relating to any action, failure to act, or circumstance that amounts to a breach of any of the Conduct Rules.
The new Certification regime requires insurers to identify which of their staff are performing certification functions (see below), and to assess the fitness and propriety of each individual to perform their roles, at least on an annual basis. The requirement to certify is being brought in alongside the existing requirement under SIMR (which the PRA has retained under the new regime) that firms should require their key function holders (i.e. those individuals who are responsible for discharging a key function) to observe certain of the PRA’s Conduct Rules and ensure their ongoing fitness and propriety.
Certification functions are defined by statute as “significant harm functions”, i.e. functions that allow the people performing them to pose a risk of significant harm for a firm or to any of its policyholders. The PRA and FCA have each been given statutory power to specify the functions they consider to be certification functions (which they have done in their respective rulebooks).
If, for whatever reason, a certification staff member cannot be certified fit and proper to perform their role at the annual certification deadline, they will need to be removed from their role or temporarily re-deployed. Regulatory references will also need to be obtained for new certification staff (i.e. those who were not already in role at the time of commencement) and insurers should have a written policy in place to address this.
Insurers were required to identify and provide Conduct Rules training to their certification staff by 10 December 2018, and must now put in place a process to certify them as fit and proper by 10 December 2019.
From our experience advising banks on the first wave of SMCR implementation, we expect the certification regime to necessitate various amendments to insurers’ HR policies and procedures, including appraisal forms, staff handbooks and employment contracts. It will also require difficult judgment calls to be taken in the event that there are questions over an individual’s fitness and propriety - it is worth thinking through in advance some scenarios where this may arise.
We have set out below 10 questions for insurers to consider when assessing whether they are currently complying with the requirements of SMCR (effective since 10 December 2018) and to use when planning towards the required full implementation by 10 December 2019:
From our experience helping banks to prepare for the implementation of the SMCR in March 2016 and insurers ahead of the 10 December 2018 initial commencement date, implementing these requirements takes longer than you would think. Our advice is to start as soon as you can.
This article was originally published by Thomson Reuters © Thomson Reuters