Will the SMF duty of responsibility by shelved under the current SMCR review
21 April 2023
21 April 2023
Time is fast disappearing for the industry to respond to the review of the UK Senior Managers & Certification Regime (SMCR) (HM Treasury's "call for evidence" and the PRA/FCA joint Discussion Paper (DP23/3)). Submissions are due in by 1 June – before which we have three bank holidays and one King's coronation to distract us.
One issue we have thought long and hard about in the context of the SMCR review is whether the "duty of responsibility" serves any useful purpose (and putting to one side its comically tautologous name).
Since May 2016, Senior Manager Function holders (SMFs) of banks - and more recently SMFs of other regulated firms – have had this additional personal duty imposed on them under s. 66A(5) FSMA to take such steps as a person in their position could reasonably have been expected to take to avoid a breach of regulatory rules from occurring or continuing within an area of the business for which they are responsible. Originally devised as the "presumption of responsibility", but amended as a result of strong industry lobbying (as it was effectively a strict liability offence with a reverse burden of proof), it sits alongside the Conduct Rules and "knowingly concerned" liability as a further basis on which the PRA or FCA can take disciplinary action against an SMF.
In all the time that the duty of responsibility has been in place, neither the PRA nor the FCA has concluded any disciplinary action against an SMF for a breach of the duty. Furthermore, in our view the conduct covered by the duty of responsibility is already comprehensively covered by the parallel responsibility of SMFs imposed under Senior Manager Conduct Rule 2 – which requires SMFs to take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system.
If the two obligations cover exactly the same ground then there must be an argument for this duplication to be removed by shelving the duty of responsibility. The recent PRA enforcement action against an SMF in the context of problems arising from a significant IT migration (for a breach of Senior Manager Conduct Rule 2, but not the duty of responsibility) demonstrates that the duty is not a necessary part of the regulators' arsenal in order to hold SMFs to account.
Perhaps the only reason for retaining the SMF duty of responsibility is the fact that it is simple and easy for SMFs to understand. For this reason it is the basis on which many "reasonable steps" frameworks for SMFs have been built and explained to executive teams. Many in the industry have therefore described the duty of responsibility as a "game changer" for individual accountability in terms of cultural change and something that sharpens the regulators’ spurs in relation to individual accountability at the senior management level.
As a result of this simplicity of message for the industry, and despite this duplication with other rules imposed on SMFs, we suspect that the duty of responsibility is one aspect of SMCR that is very unlikely to change as a result of the current review.
Authors: Nathan Willmott and Aaron Marchant
The information provided is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to.
Readers should take legal advice before applying it to specific issues or transactions.