A new approach to ensuring that individuals with responsibility for management and governance in insurance firms is being introduced by the United Kingdom regulators. The Senior Insurance Managers Regime (“SIMR”) will require that individuals in specified roles are approved by the Prudential Regulation Authority (PRA) before they take up their appointments. These changes will accompany the implementation of Solvency II governance provisions in the UK which require that all those in a key function within the firm are assessed as fit and proper.
Although the two new regimes are being introduced in a combined package of regulatory measures, it is important not to confuse the purpose of the two developments. Importantly, Solvency II puts the emphasis upon the firm itself to determine whether those in charge of key functions are fit and proper for their roles, while the SIMR determines that applicants for defined roles within insurance firms must be pre-approved by the regulator before taking up their posts.
The SIMR is a pale imitation of the Senior Managers Regime being applied to those who work in UK banks, building societies and credit institutions. Following the financial crisis and Libor scandal, the UK Parliament legislated to ensure that individuals within banking entities could be more easily held to account for poor leadership. There have been notably few prosecutions following the banking collapse in 2008 and Libor fixing. To address these concerns, the Senior Manager Regime for banks applies a reverse burden of proof (a “presumption of responsibility”) requiring that firms show that a manager took all reasonable steps to avoid a regulatory breach. The banking regime also imposes criminal sanctions for failing to adhere to regulatory obligations and requires that all senior individuals annually certify that they have complied with regulatory standards. Nearly all bank staff (with the exception of cleaning staff and those in similar roles) are required to comply with a new code of conduct. The insurance regime does not extend this far. The PRA decided to apply a similar approach to individual accountability as that for banks on the basis that operating two distinct regimes would be “complex and inefficient”. Accordingly, a similar but simpler regime has been devised for insurance firms (non-Solvency II firms will escape the full application of the SIMR).
“Fit and proper”
Solvency II introduces a risk-based solvency regime applicable to insurers and reinsurers across the EU. Solvency II requires firms to capture all their risks in order to better understand how much capital they need to hold in order to meet their liabilities. To ensure good governance within firms, Solvency II requires that all those who effectively manage the firm or who “have other key functions” should be fit and proper.
The Solvency II Directive identifies four specific key functions within insurance firms with the result therefore that those in charge of these functions must meet the “fit and proper” requirements. These are:
- the risk management function;
- the compliance function;
- the internal audit function; and,
- the actuarial function.
In addition to the Solvency II Directive key functions, the PRA has identified additional functions that firms should consider to be key within the organisation:
- the investment function (accordingly, investment managers will be “key function holders”);
- the claims management function (especially in general or health insurance firms);
- the IT function;
- the reinsurance function (where this role is different to other key functions such as risk management).
Assessing whether individuals are fit and proper will mean checking that they have the education, experience and competence to perform their role. Propriety checks will extend to reviewing regulatory references and criminal records. The PRA will expect firms to have policies and procedures in place for these assessments. The identity of all key function holders and details of their assessment as fit and proper must be provided to the PRA. Pre-approval, however, is not required.
In addition to the above functions, firms should consider whether there are any other key decision-makers who might need to be vetted as key function holders.
New categories of approved persons
Alongside the Solvency II requirements, the PRA will replace the existing approved persons regime with the SIMR in order to more clearly delineate responsibilities within firms and to ensure greater personal accountability in senior management. Instead of the current PRA approved persons, Senior Insurance Management Functions (or “SIMFs”) will need approval. These will be the PRA controlled functions under the Financial Services and Markets Act 2000. With a closer alignment between specific roles and responsibilities, the PRA hopes to make lines of accountability clearer and to be able to more easily hold individuals to account when needed. The requirements for each SIMF will be more closely tailored to the specific roles that individuals undertake, enabling the regulator to better assess whether the person to be appointed is suitable for that role.
Alongside the newly allocated SIMFs, a list of “prescribed responsibilities” must be allocated to all those who have been approved as either SIMFs or FCA significant influence functions. The full list of those in key functions for Solvency II purposes, SIMFs and their responsibilities must be set out in a governance map which shows lines of reporting and organisational responsibility. The PRA proposes that this map should be used as a tool in the supervisory process.
The Financial Conduct Authority will make some amendments to its list of approved persons but will broadly maintain the list of functions for which approval must be sought. Director (CF1), Compliance (CF10), Cass operational oversight (CF10a), Money Laundering Reporting officer (CF11) and Significant management (CF29) remain significant management functions that require approval.
The SIMFs for which pre-approval from the PRA will be required is:
- SIMF1 – Chief Executive
- SIMF2 – Chief Finance
- SIMF4 – Chief Risk
- SIMF5 – Head of Internal Audit
- SIMF7 – Group Entity Senior Insurance Manager (capturing those in parent or subsidiary companies who direct the business but who are not already SIMFs)
- SIMF9 – Chairman (NED role)
- SIMF10 – Chair of Audit Committee (NED role)
- SIMF11 – Chair of Risk Committee (NED role)
- SIMF12 – Chair of Remuneration Committee (NED role)
- SIMF14 – Senior Independent Director (NED role)
- SIMF19 – Third Country Branch Manager (only applied in non-EEA branches)
- SIMF20 – Chief Actuary
- SIMF21 – With-profits Actuary (where relevant)
- SIMF22 – Chief Underwriting Officer (applicable to general insurance firms and Lloyd’s managing agents)
- SIMF23 – Underwriting Risk Oversight (only applied to the Society of Lloyd’s)
Notably, certain Non-Executive directors (NEDs) will require approval under the SIMR: the Chairman (SIMF9) and Chairs of the Audit (SIMF10), Risk (SIMF11) and Remuneration (SIMF12) Committees. Similarly, where a firm has a Senior Independent Director they should be approved (as SIMF14). The FCA has determined that two NED positions, where such committees exist, should require pre-approval as governing functions: the Chair of the Nominations Committee (CF2a) and Chair of the With-Profits Committee (CF2b).
Both the PRA and FCA will introduce new conduct requirements: the PRA will have “Conduct Standards”, while the FCA will have “Conduct Rules”. These will be based upon the existing Statements of Principle currently in APER. The FCA Conduct Rules and PRA Conduct Standards are largely identical. However, the PRA will additionally require that individuals have regard to the interests of policyholders while the FCA will require individuals to treat customers fairly and observe proper standards of market conduct.
The key function holder requirements under Solvency II must take effect from 1 January 2016. The SIMR will take effect from 7 March 2016 (when the changes introduced by the Financial Services (Banking Reform) Act 2013 come into effect).
On 7 March 2016 those currently performing a PRA or FCA controlled function who will be taking up a substantially corresponding PRA SIMF or FCA SIF will be grandfathered into the new post provided that a notification is submitted by 8 February 2016. Otherwise, approvals will lapse on 7 March and new applications must be made.
Firms should be planning now to ensure that they have allocated people to the new SIMFs and have identified all the key function holders. Reporting lines and responsibilities should be captured in a governance map and new terms must ensure that staff comply with the relevant conduct rules and standards.
The change to a new regime applied to senior individuals shows how important individual accountability has become to the regulators. Whether or not the regime change will introduce a step change in the ethical conduct of senior managers or increase the number of regulatory scalps on the wall remains to be seen.