Compliance Officer Bulletin

2015

Making individuals accountable: new regulatory frameworks for banking andfor insurers

Jenny Stainsby and Karen Anderson

Subject: Financial regulation. Other related subjects: Banking and finance. Insurance

Keywords: Banks; Certification; Corporate governance; Financial regulation; Insurers; Managers;Professional conduct

Legislation: Financial Services (Banking Reform) Act 2013 (c.33)

Financial Services and Markets Act 2000 (c.8)

CONTENTS

1. Introduction

2. Background: “A complex and confused mess”

3. The New Framework for Banks

4. The Proposed New Framework for Insurers

5. Checklist

*C.O.B. 1 1 Introduction

Banks, and now insurers, face an onerous task in the coming months as they prepare for afundamental overhaul of the regulatory framework for individuals within their firms.

In this Bulletin, we examine the key elements of the new statutory regime which impacts almosteveryone employed by a UK bank, building society, credit union, and PRA-designated investmentfirm:1

(1) the Senior Managers Regime , which is focused on those at the top of the organisation;

(2) the Certification Regime , the scope of which is broader than the existing Approved Personsregime, and which puts the onus on the firm to assess fitness and propriety and the burden on thefirm of renewing certifications annually; and

(3) the Conduct Rules , a creature of the new regime on which employees will need to be trained.

We also explore how proposed changes to the Approved Persons Regime which adopt some of thefeatures of the Senior Managers Regime will affect insurers.

2 Background: “A complex and confused mess”

*C.O.B. 2 In July 2012, following a series of banking scandals culminating in the LIBOR findings, aCommission was appointed by both Houses of Parliament to consider and report on:

(1) professional standards and culture of the UK banking sector, taking account of regulatory andcompetition investigations into the LIBOR rate-setting process; and

(2) lessons to be learned about corporate governance, transparency and conflicts of interest and theirimplications for regulation and for Government policy; and to make recommendations for legislativeand other action.2

Page1

One of the key criticisms coming out of this Parliamentary Commission on Banking Standards(“PCBS”)’ Report, published in June 2013 and entitled “Changing Banking for Good”,3 was of a culturein banks which gave rise to a lack of accountability of the senior management, damningly describedby the Commission as follows:

“One of the most dismal features of the banking industry to emerge from our evidence was thestriking limitation on the sense of personal responsibility and accountability of the leaders within theindustry for the widespread failings and abuses over which they presided. Ignorance was offered asthe main excuse. It was not always accidental. Those who should have been exercising supervisoryor leadership roles benefited from an accountability firewall between themselves and individualmisconduct, and demonstrated poor, perhaps deliberately poor, understanding of the front line. Seniorexecutives were aware that they would not be punished for what they could not see and promptlydonned the blindfolds. Where they could not claim ignorance, they fell back on the claim thateveryone was party to a decision, so that no individual could be held squarely to blame - the Murderon the Orient Express defence.”4

The PCBS said that:

“The public are rightly appalled by the small number of cases in which highly-paid senior bankershave been disciplined for the costly mistakes they have allowed to occur on their watch.”5

and

“It is imperative that in future senior executives in banks have an incentive to know what is happeningon their watch - not an incentive to remain ignorant in case the regulator comes calling.”6

The PCBS put some blame for this “accountability firewall” at the door of the current ApprovedPersons Regime which it described as “a complex and confused mess”.7

Its specific criticisms of the Approved Persons Regime were:

(a) its narrow scope;

(b) the absence of individual accountability;

(c) the “one-shot approach”; and

(d) its “bureaucratic complexity and inertia”.

*C.O.B. 3 2.1 Narrow scope

The Commission found that a relatively small proportion of the approximately 450,000 people workingin banks in the UK are subject to the Approved Persons Regime. They estimated that coverage waslikely to be less than 10 per cent overall and said that the Regime “misses out a number of groupswho might nevertheless play important roles in banks and contribute directly or through weaksupervision and control to both prudential and conduct failures in standards”.8

This has consequences for enforcement action since the Regulators can only use their full range ofenforcement powers against individuals who are Approved Persons. This limitation was referred to byMartin Wheatley, Chief Executive of the FCA, and Tracey McDermott, then Head of Enforcement atthe FCA, in their evidence to the PCBS, noting in particular that this was a factor inhibiting the takingof action against certain individuals implicated in the LIBOR scandal.

Part of the reason for the problem with the current Approved Persons Regime was said to be the twodistinct roles it plays:

(1) defining jurisdiction for enforcement action (which, the Commission thought, ought to mandate abroad remit); and

(2) a regulatory pre-approval mechanism (which, for practical reasons, militates towards the inclusionof a smaller number of individuals).

2.2 Absence of individual accountability

In its evidence to the PCBS, the FSA described the difficulties in bringing enforcement cases against

Page2

individuals in large organisations:

“It is unclear who was responsible for a decision (or series of decisions) because lines ofaccountability are unclear or confused, or because they pass, at some point, through people who arenot approved (and are not required to be).”9

The Commission acknowledged that the Approved Persons Regime was not designed “to assignresponsibilities, but rather to verify whether individuals are fit and proper to take up fairlybroadly-defined roles”. As a result, “the Approved Persons Regime is not currently a mechanism forinstilling a sense of personal responsibility among senior bank staff. Nor can it be used as the basisfor identifying who is responsible for key activities, and for requiring them to take corrective action orholding them to account when things go wrong”.10

2.3 “A one-shot approach”

As noted above, the current Regime is a regulatory pre-approval mechanism. While that is, of course,important, the PCBS highlighted its limitations as:

(1) the absence of any further scrutiny if someone's role significantly changes since, althoughindividuals need new approval if they take up a new controlled function, no regulatory approval isrequired if the nature of their existing function changes; and

(2) the Regulators' lack of powers to follow up on any concerns raised and learning and developmentplans agreed at the time of approval.

2.4 “Bureaucratic complexity and inertia”

The Commission also criticised halted attempts to amend the existing Approved Persons Regime.

2.5 The need for overhaul

The upshot, in the Commission's view, was that the Approved Persons Regime “fails to perform anyof its varied roles to the necessary standard”.11 In its Report, it summarised the failings as follows:

“It is the mechanism through which individuals can notionally be sanctioned for poor behaviour, but itscoverage is woefully narrow and it does not ensure that individual responsibilities are adequatelydefined, restricting regulators' ability to take enforcement action. In principle, it is the means by*C.O.B. 4 which the regulator can control those who run banks, but in practice it makes no attempt toset clear expectations for those holding key roles. It operates mostly as an initial gateway to taking upa post, rather than serving as a system through which the regulators can ensure the continuingexercise of individual responsibility at the most senior levels within banks.”12

Its conclusion was that “… incremental change will no longer suffice. A new regulatory framework forindividuals within banking is urgently needed, and it cannot be secured by adding new layers on therickety foundations of the Approved Persons Regime”.13

The Commission went on to describe a proposed new system consisting of a “Senior PersonsRegime” and a “Licensing Regime” with a set of “Banking Standards Rules”, applicable to thosesubject to both new regimes:

(1) “The Commission recommends that the Approved Persons Regime be replaced by a SeniorPersons Regime. The new Senior Persons Regime must ensure that the key responsibilities withinbanks are assigned to specific individuals who are aware of those responsibilities and have formallyaccepted them.”14

(2) “… the Commission recommends the establishment of a Licensing Regime alongside the SeniorPersons Regime. Under this a broader set of bank staff would be contractually obliged to adhere to aset of Banking Standards Rules, which the regulators could enforce against and which would replacethe existing statements of principle.”15

(3) “The Commission recommends that regulators develop, after consultation with banks, staff, unionsand those bodies already working on codes of conduct, a new set of Banking Standards Rules. Theseshould draw on the existing principles and apply to a wide group of individuals, forming the foundation

Page3

of their understanding for how they are expected to behave: the rules should be written in a waywhich is readily meaningful for those who must adhere to them….The rules should explicitlyencapsulate expectations about behaviour which are currently absent from the statements of principlefor individuals, such as treating customers fairly and managing conflicts of interest and a requirementto draw to the attention of senior management and regulators conduct which falls below the standardsset out.”16

3 The New Framework for Banks

The fundamental elements of this new regulatory framework for individuals were included in theFinancial Services (Banking Reform) Act 2013, which received Royal Assent in December 2013 (the“2013 Act”).

The changes recommended by the Commission and brought in under the 2013 Act apply to UKbanks, building societies, credit unions, and PRA-designated investment firms17 and have come to bedescribed as follows:

(1) The Senior Managers Regime ;

(2) The Certification Regime ; and

(3) The Conduct Rules .

Greater detail on the proposed implementation of these elements of the new regime has been set outby the FCA and PRA in two joint consultations:

(1) “Strengthening accountability in banking: a new regulatory framework for individuals” (FCACP14/13/PRA CP14/1418 ) published in July 2014 (the “July CP”); and

(2) “Strengthening accountability in banking: forms, consequential and transitional aspects” (FCACP14/31/PRA CP28/1419 ) published in December 2014 (the “December CP”).

In the sections that follow, we describe the elements of this new framework, its implications, and whatrelevant firms ought to be doing now in preparation.

While the rules are not yet finalised, given that the fundamental elements of the new arrangementsare contained in the 2013 Act, it is safe to plan on the basis of what we know to date and prudent todo so given the extent of changes required and the fact that there will likely only be a six-monthperiod between publication of the final rules and implementation.

*C.O.B. 5 3.1 The Senior Managers Regime

• A Senior Manager is someone who carries out a Senior Management Function.

• Senior Managers will require approval by the PRA/FCA.

• The Senior Managers Regime is intended to ensure that major activities, responsibilities, and risksof the firm's affairs are clearly allocated by firms to key individuals within, or thereby brought within,the Senior Managers Regime, leading to enhanced individual accountability.

• Senior Managers are expected to be a relatively small group of individuals; likely the top two layersof governance (Board and Board -1).

• Ultimate authority over, and decision-making power of, a firm will remain with its board/governingbody acting collectively.

The Senior Managers Regime is succinctly described in the July CP as “for individuals who aresubject to regulatory approval, which will require firms to allocate a range of responsibilities to theseindividuals and to regularly vet their fitness and propriety”.20 The July CP goes on to say that theSenior Managers Regime will focus accountability on a narrower number of senior individuals in a firmthan the Approved Persons Regime.

The 2013 Act enables the PRA and FCA to decide which functions to specify as Senior ManagerFunctions (“SMFs”) provided they are satisfied that a function falls within the statutory definition of an

Page4

SMF.21 Under the Act, an SMF is a function that will require the person performing it to be responsiblefor managing one or more aspects of the relevant firm's affairs, so far as relating to regulatedactivities, and those aspects involve, or might involve, a risk of serious consequences for theauthorised person, or for business or other interests in the UK.22

In the July CP, the PRA and FCA each set out a list of functions to be designated as SMFs. Thesediffer slightly from each other, reflecting the statutory objectives of each regulator:

*C.O.B. 6 (1) The PRA's list contains the functions the PRA considers could directly affect a firm'ssafety and soundness.

(2) The FCA's list is longer and is “designed to deliver against the strategic objective of makingrelevant markets work well, and the operational objectives of consumer protection, market integrityand promoting competition”.23

The combined list is set out below.

3.1.1 Senior Management Functions

Combined list of Senior Management Functions

Chief Executive function PRA & FCA SMF1

Chief Finance function PRA & FCA SMF2

Executive Director FCA only SMF3

Chief Risk function PRA & FCA SMF4

Head of Internal Audit PRA & FCA SMF5

Head of key business area PRA & FCA SMF6

Group Entity Senior Manager PRA & FCA SMF7

Credit union SMF (small creditunions only)

PRA & FCA SMF8

Chairman PRA & FCA SMF9

Chair of the Risk Committee PRA & FCA SMF10

Chair of the Audit Committee PRA & FCA SMF11

Chair of the RemunerationCommittee

PRA & FCA SMF12

Chair of the NominationsCommittee

FCA only SMF13

Senior Independent Director PRA & FCA SMF14

Non-Executive Director FCA only SMF15

Compliance Oversight FCA only SMF16

Money Laundering Reporting FCA only SMF17

Significant Responsibility SMF FCA only SMF18

Some points to note in respect of the SMFs:

Page5

(1) Every firm (other than a small credit union) will be required to have one or more personsperforming the following SMFs:

i. Chief Executive function (SMF1).

ii. Chief Finance function (SMF2).

iii. Chairman (SMF9).

(2) There is no requirement to have an individual performing the corresponding SMF where a firm isnot required to have a particular board committee or independent control function. Therefore somefirms (likely smaller, less complex ones) will not have, for example, SMF5 (Head of Internal Audit) orSMF11 (Chair of the Audit Committee). However, if a firm not otherwise required to do so chooses tohave a committee or control function, the chair of the committee or the head of the control functionmust have the relevant SMF approval.

(3) SMF6, Head of key business area, is to be assigned to individuals managing a business area ordivision so large in relative terms to the size of the firm that it could jeopardise its safety andsoundness, and so substantial in absolute terms that it warrants an SMF, even though the seniormanager performing it may report to the Chief Executive or another SMF. The July CP says that anindividual will require approval as a Head of key business area if they manage an area with grosstotal assets of £10bn or more which accounts for either 20 per cent or more of the firm's grossrevenue or, where the firm is part of a group, 20 per cent of the group's gross revenue.

*C.O.B. 7 (4) Similarly to the position under the current regime, an individual who is employed by aparent or other entity in the same group as the firm and deemed to exercise “significant influence”over the firm's affairs will be required to seek approval as Group Entity Senior Manager (SMF7).SMF7s will need to clarify the nature of their influence over the relevant firm and any areas of the firmthat they are responsible for overseeing in their Statement of Responsibilities. The regulators willassess whether certain employees or officers in a parent or group entity meet the Group Entity SMFtest on a case-by-case basis in light of all relevant circumstances.

(5) The Significant Responsibility SMF (SMF18) is to be designated to any individual who has overallresponsibility for one or more Key Functions (as set out by the FCA and described below) withresponsibility for reporting to the Board in respect of that function but whose role is not otherwise anSMF.

(6) The PRA proposals do not designate all Non-Executive Directors as SMFs, only the Chairman, theSenior Independent Director and the Chairs of the Risk, Audit and Remuneration Committees. It isapparent from Consultation Paper in relation to the changes to the Approved Persons Regime forSolvency II firms, published in November 2014, that this has been the subject of a significant debate.

The July CP says that “although there is no hard and fast restriction against individuals below the toptwo layers of management being approved as SMFs--because it is the policy intention to give firmsflexibility--it is expected that such appointments will be the exception rather than the rule”.24 The FCAdraft Handbook text says (SYSC 4.5.21G(1)): “A person with overall responsibility for a matter willeither be a member of the governing body or will report directly to the governing body for that matter.”

There are certain restrictions on the combination of SMFs an individual may perform within a firm asfollows:25

SMF Restrictions

Chief Executive Chairman A firm must ensure that an individual whoperforms the Chairman Function on its behalfdoes not simultaneously perform the ChiefExecutive Function within the same firm.

Chief Risk Must be an independent senior manager withdistinct responsibility for the risk managementfunction. Where the nature, scale and complexityof the activities of the CRR firm do not justify aspecifically appointed person, another seniorperson within the firm may fulfil that function,

Page6

provided there is no conflict of interest (SYSC7.1.22R). See also the guidance in SYSC 21.

Head of Internal Audit Must be separate and independent from the otherfunctions and activities of the firm (SYSC 6.2.1R).

Chair of the Risk Committee Chair of theRemuneration Committee

Must not perform any executive function in thefirm (SYSC 7.1.18R and SYSC 19A.3.12R).

While the PRA's expectation is that the “norm should be for every firm to have a single individualperforming each of the PRA SMFs which the firm is required to have”, more than one individual canbe approved to perform an SMF, where it is “appropriate or justified”.26 However, each individualapproved will be accountable for all of the responsibilities conferred on that SMF and each may berequired to show that they have taken reasonable steps to prevent a breach from occurring orcontinuing in the management area covered by that SMF.27 For example, where a firm has joint headsof Internal Audit working part-time under a job-share arrangement, both will require approval as theHead of Internal Audit function and each will be jointly responsible for all responsibilities inherent in orallocated to that SMF.

The July CP makes it clear that this allocation of responsibility is not intended to undermine theprinciple of collective responsibility of the Board, which will “retain ultimate decision-making powerand authority over all aspects of the firm's affairs”.28

*C.O.B. 8 3.1.2 Prescribed Responsibilities and Key Functions

In addition to the responsibilities inherent in the definition of each PRA SMF, the PRA has created 21“Prescribed Responsibilities”. These are responsibilities which must be allocated amongst the SeniorManagers.

Prescribed Responsibilities

1. Performance by the firm of its obligations under the seniormanagement regime, including implementation and oversight.

2. Performance by the firm of its obligations under the CertificationRules.

3. Compliance with the rules relating to the firm's managementresponsibilities map.

4. The induction, training and professional development of allpersons performing senior management functions on behalf of thefirm and all members of the firm's management body.

5. Ensuring and overseeing the integrity and independence of theinternal audit function in accordance with SYSC 6.2 (Internalaudit).

6. Ensuring and overseeing the integrity and independence of thecompliance function in accordance with SYSC 6.1 (Compliance).

7. Ensuring and overseeing the integrity and independence of therisk function in accordance with SYSC 7.1.22 R (Risk control).

8. Ensuring and overseeing the integrity, independence andeffectiveness of the firm's policies and procedures onwhistleblowing and for ensuring staff who raise concerns areprotected from detrimental treatment.

9. Allocation of all prescribed responsibilities.

Page7

10. Leading the development of the firm's culture and standards inrelation to the carrying on of its business and the behaviours of itsstaff.

11. Embedding the firm's culture and standards in relation to thecarrying on of its business and the behaviours of its staff in theday-to-day management of the firm.

12. The development and maintenance of the firm's business model.

13. Management of the allocation and maintenance of capital, fundingand liquidity.

14. The firm's treasury management functions.

15. The production and integrity of the firm's financial information andits regulatory reporting in respect of its regulated activities.

16. The firm's recovery plan and resolution pack and overseeing theinternal processes regarding their governance.

17. If the firm carries out proprietary trading, the firm's proprietarytrading activities.

18. If the firm does not have an individual performing the Chief Riskfunction, overseeing and demonstrating that the risk managementpolicies and procedures which the firm has adopted in accordancewith SYSC 7.1.2 R to SYSC 7.1.5 R satisfy the requirements ofthose rules and are consistently effective in accordance withSYSC 4.1.1R.

19. If the firm outsources its internal audit function, taking reasonablesteps to ensure that every person involved in the performance ofthe service is independent from the persons who perform externalaudit, including:

(a) supervision and management ofthe work of outsourced internalauditors; and

(b) management of potentialconflicts of interest between theprovision of external audit andinternal audit services.

20. If the firm does not have a person who performs the SeniorIndependent Director function:

(a) carrying out oversight of theperson who performs theChairman function; and

(b) oversight of the adequacy andquality of the resourcesavailable to the office of thatperson to enable the role to befulfilled within the firm.

Page8

21. In respect of ring-fenced banks, ensuring compliance with thering-fencing requirements by the areas of the firm which the SeniorManager is responsible for managing (likely to apply to themajority, if not all, Senior Managers in a ring-fenced bank).

*C.O.B. 9 Many Prescribed Responsibilities link obviously to a specific SMF. For example, PR 7,“ensuring and overseeing the integrity and independence of the risk function” maps to SMF4, theChief Risk function.

Others are less clearly aligned, for example, PR 10, “leading the development of the firm's culture andstandards”.

The following responsibilities can only be allocated to non-executive Senior Managers:

PR5 Ensuring and overseeing the integrity andindependence of the internal audit function inaccordance with SYSC 6.2 (Internal audit).

PR6 Ensuring and overseeing the integrity andindependence of the compliance function inaccordance with SYSC 6.1 (Compliance).

PR7 Ensuring and overseeing the integrity andindependence of the risk function in accordancewith SYSC 7.1.22 R (Risk control).

PR8 Ensuring and overseeing the integrity,independence and effectiveness of the firm'spolicies and procedures on whistleblowing andfor ensuring staff who raise concerns areprotected from detrimental treatment.

PR20 If the firm does not have a person who performsthe Senior Independent Director function:

(a) carrying out oversight of the person whoperforms the Chairman function; and

(b) oversight of the adequacy and quality of theresources available to the office of that person toenable the role to be fulfilled within the firm.

In its “Draft Supervisory Statement: the PRA Senior Managers Regime”,29 the PRA says that itexpects firms to allocate the following Prescribed Responsibilities to the Chairman:

(1) The induction, training and professional development of all persons performing SMFs on behalf ofthe firm and all members of the firm's management body (PR4).

(2) Leading the development of the firm's culture and standards in relation to the carrying on of itsbusiness and the behaviours of its staff (PR10).

(3) Ensuring and overseeing the integrity and independence of the firm's policies and procedures onwhistleblowing and for ensuring that staff who raise concerns are protected from detrimentaltreatment (PR8).

The FCA has prescribed 27 “Key Functions”. These include “the firm's information technology”,“human resources”, “mortgage advice”, “design and manufacture of products intended for retailcustomers”, and “middle office”.

Page9

Key Functions

1. Establishing and operating systems and controlsin relation to financial crime.

2. Safekeeping and administration of assets ofclients.

3. Payment services.

4. Settlement.

5. Investment management.

6. Financial or investment advice.

7. Mortgage advice.

8. Corporate investments.

9. Wholesale sales.

10. Retail sales.

11. First line quality assurance of sales.

12. Trading for clients.

13. Investment research.

14. Origination/syndication and underwriting.

15. Retail lending decisions.

16. Wholesale lending decisions.

17. Design and manufacturing of products intendedfor wholesale customers.

18. Design and manufacture of products intended forretail customers.

19. Production and distribution of marketing materialsand communications.

20. Customer service.

21. Customer complaints handling.

22. Collection and recovering amounts owed to a firmby its customers/Dealing with customers inarrears.

23. Middle office.

24. The firm's information technology.

25. Business continuity.

26. Human resources.

Page10

27. Incentive schemes for the firm's staff.

*C.O.B. 10 If an individual has overall responsibility for any of these functions, they will be performingan SMF and will require approval for these Key Functions. Some explanation as to what thesefunctions mean is set out in the July CP.

Taken together, the SMFs, Prescribed Responsibilities and Key Functions are likely to capture, andtherefore require a new role description for, most Senior Managers at Board and Board -1 (“ExCo”)level.

3.1.3 Statement of Responsibilities and Management Responsibilities Map

The 2013 Act introduced the requirement for firms to submit Statements of Responsibilities whenapplying for approval for an individual to perform an SMF and whenever there is a significant changein the Senior Manager's responsibilities.

The statutory requirement for Statements of Responsibilities implements the ParliamentaryCommission on Banking Standards recommendation that “the key responsibilities within banks areassigned to specific individuals who are aware of those responsibilities and have formally acceptedthem”.

In its “Draft Supervisory Statement: The PRA Senior Managers Regime”,30 the PRA says that it willdetermine whether a “significant change” has taken place on a case-by-case basis. It does, however,give *C.O.B. 11 a list of non-exhaustive examples of potential significant changes which may requirethe submission of a revised Statement of Responsibilities:

(1) a variation of the individual's approval, either at the firm's, the PRA's or the FCA's initiative,resulting in the imposition of a condition or time limit;

(2) fulfilling or failing to fulfil a condition on approval imposed by the PRA or FCA;

(3) the addition, re-allocation or removal of a PRA Prescribed Responsibility, an FCA key businessfunction or an additional responsibility; and

(4) the sharing of an SMF originally performed by one individual among two or more individuals.

This clarification from the PRA is useful but possibly not useful enough in practice. In particular, thereis room for a variety of interpretations of “the addition, re-allocation or removal of a PRA PrescribedResponsibility, an FCA key business function or an additional responsibility”.

The December CP contains a proposed form of notification of significant changes in responsibilities--aForm J. This does not provide any further guidance on what a “significant change” might be.

In deciding who to hold to account for a rule breach, the Regulators will rely on Senior Managers'Statements of Responsibilities and the firm's Management Responsibilities Map, which describes howresponsibilities are allocated.

A template Statement of Responsibilities is provided in the December CP. The template requires firmsto identify which prescribed responsibilities and key functions they have allocated to a candidate. Italso contains some free text boxes which allow the firm or candidate to:

(1) provide further details about relevant prescribed responsibilities and key functions, in particularwhere they are shared or divided with other senior manager(s);

(2) include additional responsibilities not covered in the regulators' rules; and

(3) provide additional relevant information.

It is noted in the December CP, however, that any free text:

(1) Must not dilute, qualify or undermine the responsibilities prescribed or required by the regulators.

(2) Should be justified and seek to serve a useful regulatory purpose, namely to clarify the nature andextent of a senior manager's responsibilities.

Page11

The message is very clear in the December CP that the Regulators expect Statements ofResponsibilities to be very brief and high level. Guidance in the template form31 says: “A statement ofresponsibilities should be drafted in such a way as to be practical and useable by regulators. TheFCA and the PRA consider that this would be achieved by succinct, clear statements for eachresponsibility which would not usually exceed a word limit of 300.”

If a statement is overly long, complex, or insufficiently clear, or where the wording dilutes or limitsaccountability, the Regulators may require the firm to revise and resubmit it.

While it is helpful to have a template, it is not clear that it will be straightforward or that such brevitywill be in the firm's or individual's interests. The proposed requirement that a Statement ofResponsibilities must be “self-contained, and must not cross refer to or include other documents,attachments or links”32 is controversial and may be difficult to accomplish in practice.

The apparent consequence of not meeting these expectations in relation to Statements ofResponsibilities is that the senior manager(s) with responsibility for the Prescribed Responsibility “forthe performance by the firm of its obligations under the senior managers regime, includingimplementation and oversight” and for the “allocation of all prescribed responsibilities” may be askedto justify the length and complexity of the statement.33

The PRA's and FCA's rules and FCA guidance require firms to develop and maintain a ManagementResponsibilities Map which must be a single, up-to-date document that describes the firm'smanagement and governance arrangements. The document needs to be maintained and updated.

*C.O.B. 12 A key purpose of the Map is to ensure that the allocation of responsibilities (as set out inStatements of Responsibilities) does not leave any gaps in accountability.

What should a Management Responsibilities Map contain?

• An up-to-date list of, and details concerning, all senior managers approved by the PRA and theFCA.

• A list of each senior manager's responsibilities as set out in their current Statement ofResponsibilities.

• A checklist confirming that all PRA Prescribed Responsibilities and relevant FCA Key Functionshave been allocated.

• A list of matters reserved to the board and board committees.

• A list of all reporting lines from all senior managers to other individuals in the firm, the board, andany board committees.

• Where the firm is a subsidiary or part of a group, details of any reporting lines from senior managersin the firm to individuals and decision making bodies outside of it.

• An explanation of the overall management and governance functions of the firm.

A firm's board will have to confirm annually by way of a certificate of compliance that they havecomplied with the requirements in relation to the Management Responsibilities Map (and handovercertificates described below). Note also that PRs 1, 3, and 4 envisage that a senior manager will beaccountable for:

• performance by the firm of its obligations under the senior management regime, includingimplementation and oversight;

• compliance with the rules relating to the firm's management responsibilities map; and

• the induction, training and professional development of all persons performing senior managementfunctions on behalf of the firm and all members of the firm's management body.

The PRA has said34 that its supervisors are likely to refer to the Statements of Responsibilities andManagement Responsibilities Map in the following scenarios:

(1) during the initial assessment for PRA approval; and

Page12

(2) in daily supervision, where the PRA expects to use them to:

i. identify the relevant Senior Manager to whom specific regulatory queries should be directed;

ii. understand changes to the allocation of responsibilities to individuals in response to changes to thefirm's business model or as a result of changes in the external environment;

iii. clarify which individuals are ultimately responsible for actions which supervisors expect the firm totake; and

iv. in enforcement cases as evidence of individual responsibility for the area where the breachoccurred.

3.1.4 Handover certificates

The July CP sets out a proposal whereby newly appointed Senior Managers are made aware of allnecessary materials/information and risks of regulatory concern in order to perform theirresponsibilities effectively. This could be done by way of a handover certificate but in any event is tobe a “practical and helpful document and not just a record”.

Handover materials should include an assessment of what issues should be prioritised andjudgement and opinion, not just facts and figures.

The handover material is intended as a tool to allocate responsibility between successive functionholders should failings arise across their tenures.

*C.O.B. 13 It is proposed that firms should have a policy showing how they comply with the handoverrequirements.

3.1.5 Approval process

The mechanics for applying for approval as a Senior Manager will remain similar to the currentprocess. Where an SMF requires approval by both regulators, a single application can be submitted.Individuals intending to perform more than one SMF will require approval for each SMF, which maybe sought in a single application.

Under the new regime, the expectation on a firm to conduct its own due diligence on candidates hasbecome a legal requirement that the firm satisfy itself, before applying for approval on a candidate'sbehalf, that the candidate is fit and proper to perform the function to which the application relates.

The PRA draft supervisory statement on assessing fitness and propriety35 states that, in addition to itsnew rules, in assessing whether an individual is fit and proper to perform an SMF, the PRA will haveregard to the European Banking Authority's Guidelines for the assessment of suitability of members ofthe management body and key function holders,36 in particular to the Assessment Criteria therein.Firms should also have regard to these Guidelines as appropriate.

In the July CP, the PRA said that it intends to interview a higher percentage of overall SMFcandidates than under the current Approved Persons Regime.

The 2013 Act introduced amendments to the FSMA where, in circumstances in which it appears tothe regulators “desirable to do so to advance any of their statutory objectives”,37 they may:

(1) approve applications to perform an SMF: (i) subject to any conditions that they may considerappropriate; or (ii) for a limited period; and

(2) vary existing approvals either at the firm's initiative or their own, for example by imposing, varying,or removing conditions and/or time-limits on the approval.

The objective is to strengthen the effectiveness of the PRA and FCA's supervision of individuals. TheFCA has said that it thinks it will use these conditional or time-limited approval powers for instancewhere an individual has demonstrated they have the skills and aptitude for conducting a function butmay require particular training and coaching support to be able to discharge the role or where theFCA is content to approve the individual to take on a senior function as part of a transitional plan inthe management of the firm rather than the long-term incumbent of the role.38

Page13

The firm is also required to assess, at least annually and in respect of each approved person, whetherthere are any grounds on which a Regulator could withdraw the approval and, if so, notify theRegulator.39

FSMA requires the Regulators to publish a Statement of Policy.40 Drafts are contained in the July CP.

3.1.6 Grandfathering

The Regulators have said that they intend to allow existing Significant Influence Function holders tobe “grandfathered” without needing to undergo a fresh authorisation process for the equivalent SMFprovided that a notification is submitted to the appropriate Regulator. However, they may need to gothrough the process for any additional SMFs which are not “equivalent”.

*C.O.B. 14 The table below sets out the existing approvals which will be eligible to be grandfathered:

All relevant firms except small credit unions42

Current Controlled Function Potential corresponding PRASenior Management

Functions

Potential corresponding FCASenior Management

Functions

Director (CF1) Chief Finance function (SMF2) Executive Director (SMF3)

Partner (CF4) Chief Risk function (SMF4)

Director of unincorporated Head of Internal Audit (SMF5)

association (CF5) Head of Key Business Area(SMF6)

Group Entity Senior Manager(SMF7)

Current Controlled Function Potential corresponding PRASenior Management

Functions

Potential corresponding FCASenior Management

Functions

Non-executive director (CF2) Group Entity Senior Manager(SMF7) Chairman (SMF9)

Chair of the NominationsCommittee (SMF13)

Chair of the Risk Committee(SMF10)

Non-executive Director Function(SMF 15)

Chair of the Audit Committee(SMF11)

Chair of the RemunerationCommittee (SMF12)

Senior Independent Director(SMF14)

Chief executive (CF3) Chief executive (SMF1)

Compliance oversight (CF10) Compliance oversight (SMF16)

Money laundering reporting(CF11)

Money laundering reporting(SMF17)

Systems and controls (CF28) Chief Finance function (SMF2)

Page14

Chief Risk function (SMF4)

Head of Internal Audit (SMF5)

Significant management (CF29) Head of Key Business Area(SMF6)

Significant Responsibility SMF(SMF18)

Group Entity Senior Manager(SMF7)

Small credit unions

Current Controlled Function PRA Senior ManagementFunctions

FCA Senior ManagementFunctions

Director (CF1) Credit Union Senior Manager(SMF 8)

Executive Director (SMF3)

Non-executive director (CF2) Credit Union Senior Manager(SMF 8)

Non-executive Director Function(SMF 15)

Chair of Nominations Committee(SMF13)

Chief executive (CF3) Chief Executive (SMF1)

Credit Union Senior Manager(SMF8)

*C.O.B. 15 For all other existing Controlled Functions, prior regulatory approval will no longer berequired and existing approvals will lapse when the new regime begins. Such individuals may becomepart of the PRA and/or FCA Certification Regimes. (The FCA retains the ability to specify othercontrolled functions although have not, at this stage, done so.)

A person will only be grandfathered into a new function if he or she is performing the correspondingrole under the existing regime on the date of the notification to the Regulators and on the date theregime comes into force. For example: an individual currently approved as CF28 (Systems andControls function) who is acting as Chief Risk Officer at the date of notification will be eligible to begrandfathered on commencement to the SMF4 Chief Risk function, but would not be able to begrandfathered into, for example, the SMF2 Chief Finance Function because he or she is notperforming the finance role under the existing regime.

If the result of grandfathering would be that a person is approved for both an FCA governing functionand for a PRA Controlled Function, the FCA function does not apply and the PRA function is widenedto cover the FCA function. For example, a current CF1 (Director) would not become an SMF3(Executive Director) if they are also grandfathered to a new PRA function; instead, the PRA functionwould be widened to cover their SMF3 function.

To benefit from the grandfathering provisions, firms will need to submit a notification to theRegulators. A Grandfathering notification Form is included in the December CP.

The notifications must be accompanied by a Statement of Responsibilities for each individual who willbe performing a Senior Management Function and a Management Responsibilities Map, showinghow all the key responsibilities will be allocated across the firm, as described earlier.

At the point of transition to the new regime, firms will not be required to obtain references or criminalrecords checks for those individuals who are being grandfathered into Senior Management Functions.

Firms may continue to apply for approval for individuals under the current Approved Persons Regimeuntil the new regime comes into force on the commencement date. If an application remains pendingat the commencement date (so-called “in flight applications”), the firm will be required to update theapplication to make clear which Senior Management Function will be performed. The updated

Page15

application will need to be accompanied by a Statement of Responsibilities and a ManagementResponsibilities Map and will be determined in accordance with the Regulators' new fit and properrequirements. Firms would not be required to obtain regulatory references for “in-flight” applications.Firms will, however, be required to undertake a criminal records check.

Grandfathered persons In-flight applications

Criminal records checks No Yes

References No No

Statements of Responsibilities Yes Yes

3.1.7 Implications of being a Senior Manager

There are two very significant legal changes to the enforcement of the new SMR.

Reversed burden of proof

First, the reversed burden of proof against a senior manager. This applies where a firm hascontravened a rule.

While previously the burden was on the Regulator to show that the individual was “knowinglyconcerned” in the firm's breach, the Senior Manager responsible for the area of the business in whichthe breach occurred will now be deemed guilty of misconduct, unless the Senior Manager can showthat they took reasonable steps to prevent, stop or remedy the breach.

What constitutes “reasonable steps” will be determined on a case-by-case basis.

*C.O.B. 16 Criminal offence

Secondly, a new criminal offence has been created of failing to take reasonable steps to prevent thefailure of the financial institution.

Liability for the offence will arise in the event of failure. “Failure” is defined as entering insolvency,having to be stabilised under the Banking Act, or being unable to satisfy claims under the FinancialServices Compensation Scheme.

The test for guilt is recklessness, based on an objective standard of what would reasonably beexpected of a person in his/her position.

Demonstrating “reasonable steps”

Senior Managers will need to be ready to evidence reasonable steps.

The following need to be considered:

(1) Does the Statement of Responsibilities accurately reflect the individual's role and responsibilities?

(2) Is there a clear and comprehensive framework showing appropriate delegation?

(3) How does the Senior Manager effectively monitor his/her responsibilities and how can this bedemonstrated?

Some practical steps to consider now

• How will the firm map the senior management functions, prescribed responsibilities, and keyfunctions to current roles, and allocate them to the appropriate senior managers?

• How will the management responsibilities map and accompanying processes be set up both to

Page16

capture all of the relevant information expected by the regulators and to log changes as they occur?

• What will statements of responsibilities and handover certificates contain?

• How will senior managers demonstrate reasonable steps in carrying out their senior managementfunctions? What framework can be put in place to assist them to articulate and record this?

• What will the annual assessment involve and how will this be aligned with the firm's performancereview process?

3.2 The Certification Regime

• The Certification Regime sits alongside the Senior Managers regime; Senior Managers are notcertified.

• The scope of employees subject to the certification regime is much broader than the ApprovedPersons Regime.

• The firm must take on the primary duty of assessing fitness and propriety, rather than the regulator.

• Firm will have to renew certifications annually.

• Certified Persons will be subject to the PRA's Individual Conduct Rules as well as the FCA'sIndividual Conduct Rules.

The second fundamental element of the new regime is the Certification Regime . This is theimplementation of the PCBS' recommendation for a “licensing regime” to address its concerns thatthe existing Approved Persons Regime brought too narrow a set of individuals within the scope ofregulation. *C.O.B. 17 Individuals within the Certification Regime will not be subject to regulatorypre-approval. The duty will be on firms to:

a. review and renew certification of certified individuals annually; and

b. take reasonable care to ensure that no employee performs a relevant function without having beencertified as fit and proper.

Each of the Regulators may specify a set of “significant harm functions”. A function is a “significantharm function” if the person performing it will be involved in aspects of the firm's affairs (so far asrelating to a regulated activity carried on by the firm) that might involve a risk of significant harm to thefirm or any of its customers. These “significant harm functions” are described as “certificationfunctions”.

The regulators have proposed certification functions which align with their statutory objectives.

The PRA's proposed Certification Regime focuses on those functions which might involve a risk to thesafety and soundness of the relevant firm. It is, therefore, basing the scope of its Certification Regimeon the criteria used to define “material risk takers” under the Capital Requirements Directive andRegulation ((EU) No.604/2014). However, some individuals classified as material risk-takers underthe Remuneration Rules will not fall within the Certification Regime. In particular, anyone whoperforms a controlled function for a firm will not be treated as performing a certification function forthat firm (since they have already been subject to regulatory pre-approval). Also, an employee who isnot sufficiently involved in a regulated activity of the firm to meet the statutory test for a certificationfunction will fall outside the scope of the Certification Regime.

The FCA agrees that “material risk takers” are those who have the potential to cause significant harmto a firm and, therefore, should be subject to the Certification Regime. However, consistent with itsstatutory objectives, it brings within scope the following individuals who are in a position to causeharm to consumers:

(1) Individuals performing functions that would formerly have been Significant Influence Functions thatwould not fall within the scope of the new SMFs; significant management functions, those proprietarytraders who would currently fall under CF29, Client Assets Sourcebook and benchmark submissionfunctions.

(2) Individuals in customer-facing roles which are subject to qualification requirements as set out inthe FCA's Training and Competence Sourcebook, for example mortgage and retail investment

Page17

advisers.

(3) Anyone who supervises or manages a Certified Person, if they are not an SMF holder.

The PRA and FCA expect that firms will be able to put in place a single process for certifying eachemployee who falls within either Regulator's regime.

In assessing fitness and propriety (of both Senior Managers and those within the CertificationRegime), a firm should have regard to any general rules the Regulators have made around thequalifications, training, competence and personal characteristics required by an individual in that role.In the July CP,41 FCA lists the following by way of example of general rule:

(1) In the case of very senior employees: SYSC 4.2 (Persons who effectively direct the business) andSYSC 4.3A.3 (management body).

(2) For employees of firms generally: SYSC 5.1.1 (the so-called competent employees rule).

(3) In relation to retail activities: TC 2.1.12 (competence for the relevant role).

Firms should refer to the FCA's current FIT sourcebook for guidance on how to assess fitness andpropriety under the new regime. The FCA proposes to make amendments and clarifications to the FITguidance, as set out in Annex D to the July CP.

The PRA proposes to create new rules and publish a supervisory statement. Drafts of both are set outin the Annexes to the July CP.

*C.O.B. 18 There will be new requirements in relation to the evidence that relevant firms shouldcollect as part of their diligence in relation to the initial assessment of fitness and propriety:

(1) Firms will be required to run criminal records checks, rather than relying on assurances from theindividual. Where an individual has spent a considerable amount of time working or living outside ofthe UK, firms should consider undertaking an equivalent check with the appropriate regulatory bodywhere available.

(2) References must be sought from a candidate's past employer(s), covering the previous five yearsemployment history. References should include, if applicable:

i. facts that led a previous employer to conclude that the candidate breached a Conduct Rule; and

ii. a description of the basis and outcome of disciplinary action taken in relation to a breach by thecandidate of any of the Conduct Rules.42

Where an employee performs multiple certification functions within their role, their fitness andpropriety for each function needs to be assessed against the applicable standards, although theirmultiple certification functions may be covered by a single certificate.

In taking reasonable care to ensure that a person does not perform a certification function withouthaving been certified as fit and proper, a firm must satisfy itself that an individual moving from onerole to another within the Certification Regime is fit and proper for that new role. Where an individualmoves to a new certification function during the 12-month period in which their certificate is valid, tothe extent that that new role may have different requirements relating to fitness and propriety, the firmshould assess that the individual is fit and proper for the new function before they start it. The firmshould not wait until the point of annual re-assessment.

It is proposed that relevant firms should have a period of 12 months from commencement of theregime to issue individuals with their first certificate of fitness and propriety under the new regime, inorder to accommodate all firms' annual appraisal cycles.

The PRA has said that it may test the robustness of a firm's policies and procedures for reviewing thefitness and propriety of relevant individuals as part of its supervision of management and governance.Where necessary, this may result in the PRA requiring a firm to make changes to its framework.

Some practical steps to consider now

• How will the firm go about identifying those in scope of the certification regime?

Page18

• What changes will be required in the process for assessing fitness and propriety ?

• What will the annual renewal process entail and can this be aligned with the firm's performancemanagement process?

• What steps should be taken to monitor certified individuals taking on new certification roles?

3.3 The Conduct Rules

• The PRA's rules apply to Senior Managers and those within PRA's Certification Regime.

• The FCA's rules apply much more broadly, to anyone performing a job related to the provision offinancial services.

• Suspected breach of a Conduct rule will trigger regulatory notification requirements

The Conduct Rules are a creature of the new regime and will replace the existing APER principlesand guidance which currently apply to Approved Persons.

They are expected to be an important tool by which the regulators set expectations about standardsof behaviour and influence the behaviour of individuals. They will “provide a framework against whichthe regulators will make judgements about an individual's actions as part of their general supervisionof firms”.43

*C.O.B. 19 Although new, as the PCBS had recommended, the Conduct Rules draw on theStatements of Principles for Approved Persons and for Businesses and are deliberately set at a highlevel of generality.

The first tier rules are relevant to all individuals subject to the Conduct Rules. The second tier rulesapply only to Senior Managers.

The combined rules are set out below.

First tier: Individual Conduct Rules

Rule 1: You must act with integrity. PRA & FCA

Rule 2: You must act with due skill, care anddiligence.

PRA & FCA

Rule 3: You must be open and cooperative withthe FCA, the PRA and the other Regulators.

PRA & FCA

Rule 4: You must pay due regard to the interestsof customers and treat them fairly.

FCA only

Rule 5: You must observe proper standards ofmarket conduct.

FCA only

Second tier: Senior Manager Conduct Rules

SM1: You must take reasonable steps to ensurethat the business of the firm for which you areresponsible is controlled effectively.

PRA & FCA

SM2: You must take reasonable steps to ensurethat the business of the firm for which you areresponsible complies with relevant requirementsand standards of the regulatory system.

PRA & FCA

SM3: You must take reasonable steps to ensurethat any delegation of your responsibilities is toan appropriate person and that you oversee the

PRA & FCA

Page19

discharge of the delegated responsibilityeffectively.

SM4: You must disclose appropriately anyinformation of which the FCA or PRA wouldreasonably expect notice.

PRA & FCA

3.3.1 PRA

PRA has produced a draft supervisory statement44 in relation to the Conduct Rules.

The PRA proposes to apply Conduct Rules to all individuals who are approved by the PRA or FCA asSenior Managers or who fall within the PRA's Certification Regime i.e. the set of individuals it hasidentified as being able to cause significant prudential harm to a firm and thereby to have an impacton the PRA's general safety and soundness objective.

3.3.2 FCA

The FCA has provided draft guidance,45 drawing on the existing Code of Practice within APER, withadditional text added in respect of rules for which there is no direct parallel in APER.

In light of its objective and to assist the desired culture change, the set of individuals within scopefrom the FCA's perspective is wider: the FCA proposes to apply its individual Conduct Rules to thelarge majority of those working in relevant firms. They will apply to:

(1) all individuals approved by the FCA or PRA as Senior Managers;

(2) all individuals covered by the FCA or PRA's Certification Regime; and

(3) all other employees other than those ancillary staff who perform a role that is not specific to thefinancial services business of the firm. The exhaustive list of ancillary staff is set out at 5.13 of theJuly CP and includes receptionists, drivers, cleaners, catering staff and similar roles. It is important tonote that the definition of employee46 is not confined to those with employment contracts, and is castwidely enough to include secondees and contractors.

In its report, the Parliamentary Commission on Banking Standards recommended that all SeniorPersons should have an explicit duty to be open with the regulators. This recommendation isaddressed in SM4: “You must disclose appropriately any information of which the FCA or PRA wouldreasonably *C.O.B. 20 expect notice.” The FCA's draft guidance in relation to SM4 explains that“Rule 3 normally relates to responses from individuals to requests from the regulator, whereas SM4imposes a duty on SMF managers to disclose appropriately any information which the appropriateregulator would reasonably expect, including making a disclosure in the absence of any request orenquiry from the appropriate regulator.”47

In order to support the FCA's objectives of achieving an appropriate level of protection for consumers,and of supporting market integrity, it has proposed two rules additional to those of the PRA:

• Rule 4: You must pay due regard to the interests of customers and treat them fairly.

• Rule 5: You must observe proper standards of market conduct (essentially replicates APERStatement of Principle 3).48

The FCA will include the Conduct Rules in a new Code of Conduct sourcebook (“C-CON”). C-CONwill contain specific guidance regarding individual conduct rules.

The PRA will include guidance on the Conduct Rules in a supervisory statement on conduct rules, adraft of which is included in the July CP at Annex 9.4.

In light of the differences in application of the Conduct Rules, the scope of enforcement powersavailable to the PRA and FCA will be different:

FCA will be able to enforce:

Page20

• all the Conduct Rules against all Senior Managers; and

• individual Conduct Rules 1-5 against those within its Certification Regime and all other employees,other than those ancillary staff listed in 5.13 of the July CP.

PRA will be able to enforce:

• all the Conduct Rules, other than Individual Conduct Rules 4 and 5 against all Senior Managers; and

• individual Conduct Rules 1-3 against those within its Certification Regime.

Firms must make individuals who are subject to the rules aware that this is the case. Firms will berequired to train all of their staff who are subject to the Conduct Rules so that they are able tounderstand them. This training is expected to take account of the particular role that an individualcarries out: the expectation appears to be that there will be general training with bespoke training inaddition where appropriate.

The Regulators will require Senior Managers and those within the Certification Regime to be subjectto the Conduct Rules from the initial commencement of the regimes. This will mean that firms willneed to have trained these individuals in the Conduct Rules and how they relate to their role beforecommencement . The rationale is that all Senior Managers and many Certified Persons will havebeen Approved Persons under the current regime, and should, therefore, require less training thanemployees who have never previously been subject to regulatory oversight.

For those subject to the Conduct Rules but outside of the Senior Managers and CertificationRegimes, the FCA proposes a 12-month grace period, with the Conduct Rules applying 12 monthsafter initial commencement of the regime.

Firms must notify the Regulators when they are aware that, or suspect that, a person has breachedthe Conduct Rules.

Firms must also notify the Regulators when they have taken formal disciplinary action against aperson for any reason specified by the regulator. The Regulators' proposed approach is thatnotification of disciplinary action will only be required if that action was taken in response to anyaction, failure to act, or circumstance that amounts to a breach of the Conduct Rules. Suspension ordismissal are not the only triggers: the issuing of a formal written warning, or the reduction or recoveryof any of the person's remuneration will also trigger the notification requirement, provided that abreach of the Conduct Rules was involved.

*C.O.B. 21 Where a breach or suspected breach of the Conduct Rules is by a Senior Manager, theRegulators have proposed that the firm be required to notify the Regulator within seven days of thefirm becoming aware of the matter. The PRA (but not the FCA) proposes the same for those withinthe PRA Certification Regime.

For other individuals, including those not in the PRA Certification Regime, the proposal is for quarterlyreporting. However, the July CP specifically notes that these new reporting obligations do not limit thescope of existing reporting requirements such as FCA Principle11 or PRA Fundamental Rule 7.

3.4 The position of legal staff

Both the PRA's and the FCA's draft Conduct Rules will apply to senior managers and certifiedpersons, including “significant risk takers”. This definition includes a person who heads a functionresponsible for legal affairs.49 Depending on how the firm is structured, this may mean that theGeneral Counsel could be brought within scope of the Certification Regime, and thus be subject toboth PRA and FCA Conduct Rules.

In addition, the FCA's Conduct Rules will apply to all employees other than “ancillary staff” in relationto the performance by them of functions relating to the carrying on of activities (whether or notregulated activities) by their employer. Since the list of “ancillary staff” at C-CON 1.1.2 R (2) does notinclude legal staff, the policy intention appears to be that all in-house legal staff will be subject to theFCA's Conduct Rules.

Bringing in-house lawyers within the scope of the financial services disciplinary regime represents asignificant change. Professional in-house lawyers are subject to regulation by their own professional

Page21

bodies. In the main, those standards are (broadly speaking) not dissimilar to those enunciated in theConduct Rules. However, bringing lawyers within the scope of financial services regulation will subjectthem to two concurrent regulatory regimes and also potentially extend the scope of certain of theircurrent “legal” professional obligations.

3.4.1 Legal Professional Privilege

Because the role of in-house lawyers typically involves the provision of legal advice to the firm whichemploys them (and may also involve advice in contemplation of litigation and other adversarialmatters), much of the documentation that evidences the way in which those lawyers conduct theirfunction is likely to be subject to legal professional privilege. (Where the lawyer takes on more than amere advisory role, and becomes more actively involved in the making of business decisions, hiscommunications will not be covered by privilege.) The legal privilege will, of course, be that of the firm(or of a particular client team within the firm), and not that of the lawyer. The in-house lawyer does nothave a right to waive their client's privilege for their own benefit.

Section 413 of the FSMA gives firms and individuals statutory protection from being required todisclose communications (both oral and written) between a professional legal adviser and his client(or any person representing his client) made in connection with the giving of legal advice and/or inconnection with, or contemplation of, legal proceedings and for the purposes of those proceedings. Inso far as the Regulators are exercising their powers under the FSMA, the protection of s.413 willapply to requirements imposed by the Regulators in respect of the Senior Managers' Regime, theCertification Regime, and under the Conduct Rules and would protect communications regarding theprovision of legal advice between the firm and its professional in-house lawyers.

3.4.2 Duty to co-operate

Both the PRA and FCA Conduct Rules50 provide:

“You must be open and cooperative with the FCA, the PRA and other regulators.”

The FCA is plainly mindful of the risk that provisions that impacted a bank's right to claim legalprofessional privilege would be subject to challenge. The FCA's proposed guidance in respect of Rule3 acknowledges that “a right to preserve legal professional privilege” would supply a good reason forfailing to supply information, answers or documents to the regulator. A purposive reading of theguidance suggests that the right being asserted need not be the right of the individual asserting it(which must be the correct approach, in view of s.413 of the FSMA). The proposed PRA provisions donot, however, currently address this issue.

*C.O.B. 22 3.4.3 Duty to report

The duty to report (in SM4) will apply to senior managers and, under the FCA rule, to personsresponsible within the firm for reporting matters to the Regulator concerned.

In the July CP,51 the FCA provides that there is no duty on a person to report information directly tothe Regulator concerned unless they are one of the persons responsible within the firm for reportingmatters to the regulator concerned. However, the FCA guidance goes on to warn that “if a persontakes steps to influence the decision not to report to the regulator concerned or acts in a way that isintended to obstruct the reporting of the information to the regulator concerned, then the appropriateregulator will, in respect of that information, view them as being one of those within the firm who hastaken on responsibility for deciding whether to report that matter to the regulator concerned”. Anin-house legal adviser, who is consulted about a reporting issue, will therefore need to be mindful ofthe risk of being deemed a person responsible within the firm for taking decisions on reporting, eventhough their role is to provide legal advice rather than to make the decision whether or not to report.

Some practical steps to consider now

• What steps will be needed to design and implement training , bearing in mind the enormousvariety of roles that will need to be covered?

• How will the firm systems record training ?

Page22

• What impact will the new rules have on existing policies ?

3.5 The application of the regime to UK branches of foreign institutions.

While UK branches of overseas firms are not currently included under the definition of “RelevantAuthorised Person” (FSMA s.71A, as amended by the 2013 Act), on June 12, 2014, the Chancellorannounced in his Mansion House Speech52 that it was his intention to extend the regime to cover allbanks that operate in the United Kingdom, including branches of foreign banks.

A consultation paper was published by the Treasury on November 17, 201453 . At the time of writing,the Government is analysing feedback.

The effect of the Order proposed by the Treasury would be to make foreign financial services firmsthat have a branch in the UK and are credit institutions or PRA-designated investment firms “relevantauthorised persons” for the purposes of Part V of the FSMA.

However, the proposed Order would not make a senior manager in a branch potentially liable to theoffence in relation to a decision causing a financial institution to fail, as set out in s.36 of the 2013 Act.

A further consultation is expected following the outcome of the Treasury's consultation. However,some insight into the proposed changes can be found in the July CP in which the PRA and FCAanticipated these changes as follows.

3.5.1 PRA

In the July CP, the PRA proposed to require that one individual per incoming non-EEA branch beapproved as an Overseas Branch Senior Executive Manager.

This function would be defined as that of having “responsibility alone or jointly with others, for theconduct of all activities of the UK branch of an overseas firm which are subject to the UK regulatorysystem”.54

The PRA's Certification Regime would also be extended to cover incoming branches of non-EEAdeposit takers and PRA regulated investment firms. The criteria in Commission Delegated Regulation(EU) No.604/2014 will be applied to persons acting in relation to such branches.

*C.O.B. 23 3.5.2 FCA

As conduct issues in relation to UK branches of EEA banks are not exclusively reserved to the HomeState Regulator, the FCA's application of the regime to these branches is likely to be morecomplicated. The FCA confirmed that it will only be in a position to publish its proposals forconsultation once it has had the opportunity to review a draft Order.

In relation to the Senior Managers Regime, the FCA has said that it will consider the extent to which itmay be possible to adapt existing rules in the FCA handbook concerning Significant-InfluenceFunctions. In relation to those individuals which fall within the Certification Regime, the FCA willconsider adopting the current rules which apply to UK banks insofar as this is consistent with theSingle Market Directives for EEA branches.

4 The Proposed New Framework for Insurers

• Amends the current Approved Persons Regime as it applies to insurers (not driven by the 2013 Act)

• A narrower group of individuals will require pre-approval by the PRA under the SIMR than under thecurrent Approved Persons Regime

• However, the FCA will require pre-approval of anyone appointed to an SIF.

• The range of individuals the firm must assess to be “fit and proper” will be wider than at present.

• Firms will be required to produce and maintain a Governance Map, a single document establishingthe responsibilities of senior insurance managers.

Page23

• The proposed reforms extend to group companies, consistent with Solvency II.

The PRA and FCA published their proposals for reforming the Approved Persons Regime forSolvency II insurers on November 26, 2014:55

(1) Senior insurance managers regime: A new regulatory framework for individuals (PRA CP26/14).

(2) Changes to the Approved Persons Regime for Solvency II firms (FCA CP14/25).

The proposals apply to firms within the scope of the Solvency II Directive.

Taken together, the primary objectives of the CPs are to:

(1) amend the current Approved Persons Regime to meet the governance and fit and properrequirements of Solvency II; and

(2) extend to insurers aspects of the Senior Managers Regime proposed for banks.

Consistent with the approach to banks, the PRA believes that “it should expect those who runregulated firms to have clearly defined responsibilities and to behave with integrity, honesty and skill”.The PRA also recognises that many groups contain banks and insurers and that operating twodifferent regimes would be “complex and inefficient”.

At the same time, the PRA acknowledges that the regime for insurers should not be identical to thescheme for banks.

Relevant amendments to the 2013 Act did not apply to insurers and so there are some legalconstraints on what can be introduced. In particular, there is no presumption of individual culpabilityfor failures occurring within a senior insurance manager's area of responsibility, and the criminaloffence of reckless misconduct in the management of a bank will also not apply.

The PRA had been clear for some time that it wanted to align the regime for insurers with the newSenior Managers Regime for banks.

While the FCA does seek to adopt some of the new conduct rules for banks, it does not seek to adoptthe Senior Insurance Managers Regime (“SIMR”) which means that two separate regimes will apply:a SIMR operated by the PRA and an amended Approved Persons Regime operated by the FCA.

*C.O.B. 24 There will be a further consultation on the role of NEDs and on technical issues (bothexpected in early 2015).

The initial tranche of the SIMR will come into force, along with Solvency II, on January 1, 2016. This isexpected to include the requirements for firms to ensure that all persons performing key functions arefit and proper, and the identification of key functions and the production of the Governance Map(described below). Remaining elements, including the conduct rules and allocation of prescribedresponsibilities, are expected to follow at a later date.

4.1 Senior Insurance Managers Regime

The scope of the proposed SIMR will cover:

(1) Senior insurance managers who are subject to pre-approval by the PRA for specified ControlledFunctions (as defined in s.59 of the FSMA). These are Senior Insurance Manager Functions orSIMFs.

(2) Other senior persons who are effectively running an insurer or who have responsibility for otherkey functions. These “key function holders” will need to be assessed as being fit and proper by thePRA, but will not require pre-approval.

The PRA has designated a number of Controlled Functions (“CFs”) as SIMFS, as set out in the tablebelow, saying: “The more focused range of people that the PRA proposes to be subject to regulatorypre-approval for a CF reinforces the critical role that these individuals play within an organisation.These are the individuals who would be held responsible and accountable for ensuring the ongoingsafety and soundness of their firm and the appropriate protection of policyholders.”56

The PRA's CFs may not cover all members of the board and executive committee. The PRA has said

Page24

that it will, nonetheless, still engage with non-CFs, e.g. NEDs.

The FCA, however, has opted to retain the concept of a significant influence function and will continueto require pre-approval of anyone appointed to an SIF. The FCA's proposals include an expansion ofSIF categories to cover executive directors who would no longer require PRA pre-approval becausethey are not an SIMF.

A decision on NEDs is deferred pending responses on this subject to the PRA and FCA's jointconsultations relating to Senior Managers Regime for banks.

CFs designated as SIMFs by the PRA and those designated by the FCA as SIFs are set out in thetable below.

PRA SIMFs FCA SIFs

SIMF1: Chief Executive Function CF1: Directors not otherwise approved by thePRA

SIMF2: Chief Finance Function CF8: Apportionment and oversight (to bereviewed in due course)

SIMF4: Chief Risk Function CF10: Compliance

SIMF5: Head of Internal Audit CF10a: CASS Operational Oversight

SIMF20: Chief Actuary CF11: Money Laundering Reporting Officer

SIMF21: With-Profits Actuary CF29: Significant Management not otherwiseapproved by PRA

SIMF22: Chief Underwriting Officer CF30: Customer function (not a SIF)

SIMF23: Underwriting Risk Oversight (Lloydsonly)

SIMF7: Group Entity Senior Insurance Manager

Similarly to the position in relation to banks, the PRA proposes an SIMF (Group Entity SeniorInsurance Manager: SIMF7) for holding (or other group) company senior executives who have asignificant influence on the management or conduct of the affairs of the insurer.

For Insurance Special Purpose Vehicles (“ISPVs”), the PRA proposes not to require pre-approval forcandidates for the Chief Risk and Chief Internal Audit functions. The FCA, however, believes they areimportant for the purposes of conduct regulation and, as such, will designate them as FCA SIFs.

*C.O.B. 25 In relation to UK branches of non-EEA Solvency II firms, the PRA intends to require onlyone individual, the “third country branch manager” to be subject to its pre-approval. The FCA,however, proposes that individuals who perform CFs which are not subject to PRA pre-approval willbe FCA CF holders. Where these functions are currently SIFs, they will remain so.

Similar to the position in respect of banks, it is permissible for more than one individual to beresponsible for a single CF. However, again similarly, this seems to be discouraged with the “norm”being for every firm to have a single individual performing each of the PRA's CFs which the firm isrequired to have. The individual should be the most senior employee or officer responsible formanaging that area.

The table below shows the changes to CFs under the proposed new regime.

UK incorporated (non-ISPV) firm

Current APR59 Reformed APR

Page25

Current PRA/FCA ControlledFunction

New PRA CF FCA SIFs

PRA Director (CF1) CFO (SIMF2) CF1s not otherwise approved

CRO (SIMF4) by the PRA

Head of Internal Audit (SIMF5)

Chief Actuary (SIMF20)

Underwriting Function (GeneralInsurance Firms) (SIMF22)

Underwriting Risk OversightOfficer (Lloyd's) (SIMF23)

Group Entity Senior Manager(SIMF7)

PRA NED (CF2) To be consulted on separately To be consulted on separately

PRA CEO (CF3) CEO (SIMF1)

FCA Apportionment andoversight (CF8)

To be reviewed in due course

FCA Compliance (CF10) Compliance (CF10)

FCA CASS OperationalOversight (CF10a)

CASS Operational Oversight(CF10a)

FCA Money LaunderingReporting (CF11)

Money Laundering ReportingOfficer (CF11)

PRA Actuarial function holder(CF12)

Chief Actuary (SIMF20)

PRA With-profits Actuary(CF12A)

With-profits Actuary (SIMF21)

PRA Lloyd's Actuary (CF12B) Chief Actuary (SIMF20)

PRA Systems and Controls CFO (SIMF2)

(CF28) CRO (SIMF4)

Chief of Internal Audit (SIMF5)

FCA Significant Management(CF29)

Underwriting Function (GeneralInsurance Firms) (SIMF22)

CF29s not otherwise approvedby the PRA

Underwriting Risk OversightOfficer (Lloyd's) (SIMF23)

Group Entity Senior Manager(SIMF7)

FCA Customer function (CF30) Customer function (CF30)

Page26

*C.O.B. 26 ISPV

Current APR Reformed APR

Current PRA/FCA ControlledFunction

New PRA CF FCA SIFs

PRA Director (CF1) CFO (SIMF2) All CF1s not otherwise

Chief Actuary (SIMF20) approved by the PRA.

Group Entity Senior Manager(SIMF7)

PRA NED (CF2) To be consulted on separately To be consulted on separately

PRA CEO (CF3) CEO (SIMF1)

FCA Apportionment andoversight (CF8)

To be reviewed in due course

FCA Compliance (CF10) Compliance (CF10)

FCA CASS OperationalOversight (CF10a)

CASS Operational Oversight(CF10a)

FCA Money LaunderingReporting (CF11)

Money Laundering ReportingOfficer (CF11)

PRA Actuarial function (CF12) Chief Actuary (SIMF20)

PRA Systems and Controls(CF28)

CFO (SIMF2) CF28s not otherwise approvedby the PRA60

PRA Significant Management(CF29)

Group Entity Senior Manager(SIMF7)

All CF29s not otherwiseapproved by the PRA

FCA Customer function (CF30) Customer function (CF30)

Third country branch

Current APR Reformed APR

Current PRA/FCA ControlledFunction

New PRA CF61 FCA SIFs62

PRA Director (CF1) Director (CF1)

PRA NED (CF2) To be consulted on separately To be consulted on separately

PRA CEO (CF3) Third Country Branch Managerfunction (SIMF19)

FCA Apportionment andoversight (CF8)

To be reviewed in due course

FCA Compliance (CF10) Compliance (CF10)

FCA CASS Operational CASS Operational Oversight

Page27

Oversight (CF10a) (CF10a)

FCA Money LaunderingReporting (CF11)

Money Laundering ReportingOfficer (CF11)

PRA Actuary function holder(CF12)

Actuarial conduct function holderin a third country branch (CF51)

PRA With-profits Actuary(CF12A)

With-profits Actuary (SIMF21)

PRA Systems and Controls(CF28)

Systems and Controls (CF28)63

FCA Significant Management(CF29)

Significant Management (CF29)

FCA Customer function (CF 30) Customer function (CF30)

*C.O.B. 27 4.2 Prescribed Responsibilities and Key Functions

The PRA proposes that firms allocate certain prescribed responsibilities to one or more persons whohave been approved for a CF. The objective is to ensure that responsibility for certain key activitiesrelating to the effective governance of the firm and to its ongoing safety and soundness are allocatedto a designated senior person. The prescribed responsibilities are additional to the attributes of aSIMF.

1 Ensuring that the firm has complied with theobligation to satisfy itself that persons performinga key function are fit and proper.

2 Leading the development of the firm's culture andstandards.

3 Embedding the firm's culture and standards it itsday-to-day management.

4 Production and integrity of the firm's financialinformation and regulatory reporting.

5 Allocation and maintenance of the firm's capitaland liquidity.

6 Development and maintenance of the firm'sbusiness model

7 Performance of the firm's Own Risk and SolvencyAssessment (“ORSA”).

8 Induction, training, and professional developmentfor all the firm's key function holders.

9 Maintenance of the independence, integrity, andeffectiveness of the whistleblowing procedures,and the protection of staff raising concerns.

10 Oversight of the firm's remuneration policies andpractices.

Page28

As noted above, key function holders (i.e. those individuals who effectively run the firm or areresponsible for a key function but are not an SIMF) will need to be notified to the PRA, althoughpre-approval will not be required.

Firms will, however, need to carry out their own fit and proper assessment of these “key functionholders”. In respect of these individuals, the PRA proposes to supervise insurers' assessments offitness and propriety on an ex-post basis.

A fit and proper assessment is also required under Solvency II for any other individuals performing akey function (but who are not responsible for that function).

Firms will need to determine themselves which are their key functions depending on their businessand organisation. However, the PRA has defined “key function” as:

(1) The risk management function.

(2) The compliance function.

(3) The internal audit function.

(4) The actuarial function.

(5) The function of effectively running the firm.

(6) Any other function which is of specific importance to the sound and prudent management of thefirm.

*C.O.B. 28 Insurers will be required to complete and provide to the PRA a form containing relevantinformation about individuals who are taking up a post as a senior insurance manager or “key functionholder”. The required information will include information about their skills and experience, as well asthe scope of all their responsibilities in the firm. Further information will be provided in the forthcomingtechnical CP. This document appears to be akin to the Statement of Responsibilities required forsenior managers in banks.

The PRA is also proposing something akin to the Management Responsibilities Map for banks. Forinsurers, this is described as a Governance Map. The Governance Map must record the positions ofthose that effectively run the firm along with the key functions within the firm, and the names of theindividuals in each of those positions or with responsibility for a key function. This document shouldalso record the allocation of significant management responsibilities and reporting lines for each ofthese senior persons within the firm or group.

The PRA notes that the allocation of individual responsibilities is not intended to undermine or changethe fiduciary, legal or regulatory responsibilities of the board which will retain ultimate decision-makingpower and authority over all aspects of the firm's affairs.

4.3 Conduct Rules and Standards

The PRA proposes to amend the current Approved Persons Principles in line with the conduct rulesfor individuals working for banks and investment firms.

The PRA's proposed “conduct standards” will include three generic standards relevant to allindividuals performing a key function, as well as five additional conduct standards applicablespecifically to Senior Insurance Managers and “key function holders”.

The FCA refers to the standards as “rules” and proposes that rules 1-5 below apply to all FCAapproved persons and PRA approved persons in Solvency II firms. The FCA proposes to apply rules6-9 to FCA SIF holders within Solvency II firms and to all PRA approved persons in such firms.

Rule/Standard Regulator APER?

First tier: Individual Conduct Rules

1. You must act withintegrity.

PRA & FCA Yes

Page29

2. You must act with dueskill, care, anddiligence.

PRA & FCA Yes

3. You must be open andcooperative with theFCA, the PRA, andother regulators.

PRA & FCA Yes

4. You must pay dueregard to the interestsof customers and treatthem fairly.

FCA only No

5. You must observeproper standards ofmarket conduct.

FCA only Yes

Second tier: Significant Influence FunctionHolder Conduct Rules

6. You must takereasonable steps toensure that thebusiness of the firm forwhich you areresponsible is controlledeffectively.

PRA & FCA Yes

7. You must takereasonable steps toensure that thebusiness of the firm forwhich you areresponsible complieswith relevantrequirements andstandards of theregulatory system.

PRA & FCA Yes

8. You must takereasonable steps toensure that anydelegation of yourresponsibilities is to anappropriate person andthat you oversee thedischarge of thedelegated responsibilityeffectively.

PRA & FCA No

9. You must discloseappropriately anyinformation of which theFCA or PRA wouldreasonably expectnotice.

PRA & FCA Yes

10. When exercising yourresponsibilities, youmust pay due regard to

PRA only No

Page30

the interests of currentand potential futurepolicyholders inensuring the provisionby the firm of anappropriate degree ofprotection for theirinsured benefits.

*C.O.B. 29 The new conduct standards will be applied from the date the SIMR is commenced. FromJanuary 1, 2016 until then, the APER Principles remain in place.

The PRA expects insurers to:

(1) notify the Regulators when they know or suspect that a key function holder has breached conductstandards; and

(2) notify the Regulators when they have taken formal disciplinary action against an individual formatters related to a breach of conduct standards.

4.4 Fit and proper assessments by firms

There is a legal requirement in Solvency II on insurers to satisfy themselves, before applying forapproval on an individual's behalf, that the candidate is fit and proper to perform the function to whichthe application relates.

The PRA has produced a non-exhaustive list of factors that should be considered by firms whenassessing fitness and propriety. This is set out in the “Insurance - Fitness and Propriety” part of PRARulebook. The firm must be satisfied that the individual:

(1) has the personal characteristics (including being of good repute and integrity);

(2) possesses the level of competence, knowledge and experience;

(3) has the qualifications; and

*C.O.B. 30 (4) has undergone or is undergoing all training required to enable the individual toperform his or her key function effectively and in accordance with any relevant regulatoryrequirements, including those under the regulatory system, and to enable sound and prudentmanagement of the firm.

The firm must consider the individual's past business conduct and be satisfied that the individualdischarges his or her key functions in accordance with the relevant Conduct Standards.

In addition, firms will be required to request regulatory references and to carry out criminal recordschecks for all individuals taking up a CF.

The fitness assessment must be on an ongoing basis.

A firm must notify the PRA if it becomes aware of any information, including any breaches of thePRA's Conduct Standards that would reasonably be material to the fit and proper assessment of anyPRA approved person or key function holder.

In the approval process for CFs, the PRA will assess whether the insurer has conducted anappropriately rigorous recruitment process and will take into account the due diligence undertaken.

The FCA proposes to amend its current Fit and Proper Test for Approved Persons to state that it willtake into account the Solvency II framework when making its assessment. This will includeconsideration of the firm's own assessment of candidates' fitness and propriety as required under thePRA rules and the Solvency II Regulation and EIOPA Guidelines.

5 Checklist

Page31

Identify who is subject to which regime(s) Banks only

• How will prescribedresponsibilities and keyfunctions be allocated?

#

• Will changes to role descriptionsbe required to address newresponsibilities/functions?

• Early thought to be given tostrategic structural decisions forgroups headquartered outside ofUK.

• Ensure that allocation offunctions and responsibilities iscomprehensive and fits together.

• Decide whether new policiesand procedures are required, forexample, in relation todelegation.

• Identify which roles can be“grandfathered”

• Determine what a “significantchange” is in respect of SeniorManagers.

#

Documenting the arrangements

• Statements of Responsibilities(and equivalent for insurers) tobe drafted.

• Management ResponsibilitiesMap (for banks); GovernanceMap (for insurers) to bedesigned.

• Processes to be designed toensure that Statements ofResponsibilities and Maps arekept up-to-date.

• Consider what steps arerequired to enable annualattestation in relation toarrangements (including annualassessment).

#

• Determine what policy changesmay be required to reflect newregimes.

Demonstrating “reasonable steps” #

• What procedures can be put in #

Page32

place to demonstrate SeniorManagers have taken“reasonable steps”?

• Is additional reporting,monitoring and/or ManagementInformation required?

#

Certification Regime #

• Can the annual review processbe aligned with annualperformance review processes?

#

• How will relevant individualinternal moves be captured?

#

Fit and proper assessments

• Equip those tasked withassessing fitness and propriety,including in relation to recordingof due diligence.

• To the extent not already inplace, ensure that reference andbackground checks areincorporated into procedures.

Preparing training

• Devise training on ConductRules/Standards, includingbespoke elements whereappropriate.

• Develop procedures to recordtraining given.

• Equip those responsible fornotification to know whenrules/standards may have beenbreached.

C.O.B. 2015, 124(Mar), 1-33

1. The reforms apply to “relevant authorised persons”--under s.71A of the FSMA (as amended), these currently are banksincorporated in the UK, UK building societies and credit unions, as well as certain UK-based investment firms whichhave been designated by the PRA. Designation criteria for investment firms is contained in the PRA's “Statement ofPolicy: Designation of investment firms for prudential supervision by the Prudential Regulation Authority”.

2. http://www.parliament.uk/business/committees/committees-a-z/joint-select/professional-standards-in-the-banking-industry/news/appointment-of-commission/.

3. http://www.parliament.uk/business/committees/committees-a-z/joint-select/professional-standards-in-the-banking-industry/news/changing-banking-for-good-report/.

4. PCBS Report para.105.

5. PCBS Report para.564.

6. PCBS Report para.105.

Page33

7. PCBS Report para.564.

8. PCBS Report para.549.

9. PCBS Report para.553.

10. PCBS Report para.556.

11. PCBS Report para.564.

12. PCBS Report para.564.

13. PCBS Report para.566.

14. PCBS Report para.616.

15. PCBS Report para.632.

16. PCBS Report para.634.

17. See footnote 1.

18. http://www.fca.org.uk/your-fca/documents/consultation-papers/cp14-13.

19. http://www.fca.org.uk/news/cp14-31-strengthening-accountability-in-banking.

20. July CP at 1.2.

21. FSMA s.59(6) and (6A) (as amended).

22. FSMA s.59ZA (as amended).

23. July CP at 2.35.

24. July CP at 2.46.

25. PRA “Draft Supervisory Statement: The PRA Senior Managers Regime” at Table C.

26. PRA “Draft Supervisory Statement: The PRA Senior Managers Regime” at 2.15.

27. July CP at 2.20.

28. July CP at 2.6.

29. July CP at Annex 9.1.

30. July CP at Annex 9.1.

31. December CP at Appendix 3.

32. December CP at 3.7.

33. December CP at 3.11.

34. July CP at 7.26.

35. PRA “Draft Supervisory Statement on assessing fitness and propriety and providing references”.

36. (EBA/GL/2012/06).

37. FSMA s.61(2C) (as amended).

38. July CP at 7.49.

39. FSMA s.63(2A) FSMA (as amended).

40. FSMA s.63ZD FSMA (as amended).

41. July CP at footnote 35.

42. Note also the requirement under s.64C of the FSMA on firms to notify the regulator of disciplinary action taken.

Page34

43. July CP at 5.2.

44. July CP at Annex 9.4.

45. July CP, Annex A (C-CON).

46. FSMA s.64A(6).

47. July CP, Annex A (C-CON) at 4.2.26G.

48. Note however that the scope of APER Statement of Principle 3 is confined to the carrying out of the Approved Person'saccountable functions whereas the FCA's conduct rules will apply to the performance of functions relating to thecarrying on of activities (whether or not regulated) by the employee's employer.

49. PRA draft Certification of Employees Instrument at 1.3; FCA SYSC 5.2.21R.

50. July CP, PRA Conduct Rule 3 (at 2.3 of the proposed Conduct Rules) and FCA Conduct Rule C-CON2.1.3R.

51. See draft C-CON 4.1.10 G.

52. https://www.gov.uk/government/speeches/mansion-house-2014-speech-by-the-chancellor-of-the-exchequer.

53. https://www.gov.uk/government/consultations/regulating-individual-conduct-in-banking-uk-branches-of-foreign-banks/regulating-individual-conduct-in-banking-uk-branches-of-foreign-banks.

54. July CP at 6.5.

55. http://www.bankofengland.co.uk/pra/Documents/publications/cp/2014/cp2614.pdf andhttp://www.fca.org.uk/static/documents/consultation-papers/cp14-25.pdf.

56. PRA SIMR CP at 2.11.

© 2015 Sweet & Maxwell and its Contributors

Page35