Approved persons (APER) | FCA regulatory compliance manual | Template for FCA authorised firms

1 What is an approved person?

An approved person (AP) is an individual given authorisation by the FCA to carry out a controlled function.

From the 9th December 2019 and the advent of the Senior Managers and Certification Regime (SMCR), there are two categories of controlled functions applicable to Insurance Intermediaries:
(1) An FCA-designated senior management function
(2) An FCA controlled function that is not a designated senior management function.

Senior Management Functions (SMF) are new roles applicable from 9/12/2019 and apply to all firms which are subject to SMCR. They replace the previous Controlled Functions CF1-30 which applied to Approved Persons in Insurance Intermediaries.

Other Controlled Functions are the same as were in force prior to 9/12/2019 for all firms but from that date only apply to firms which are exempt from the SMCR regime. In the Insurance Intermediary sector that effectively means just Appointed Representatives.

2 Controlled functions

Controlled Functions are specific functions or job types that the FCA, as directed by the Financial Services Marketing Act 2000 (FSMA), deem to be central to an organisation’s ability to meet its regulatory requirements. They are specified in the Supervision guidance in the handbook and are the backbone to how the FCA see businesses being controlled and managed.

a) Senior Management Functions

The Senior Management and Certification Regime is described more fully elsewhere in this manual, primarily in the SYSC, SUP and Special Topics sections. Under SMCR there are 3 categories of Firm – Core, Enhanced and Limited Scope.
N.B. The requirements for Enhanced Firms are not covered by this manual.

1) Core Firms

Under SMCR the Senior Management Functions are:

Notes

1. For Core Firms generally there are two other SMFs – SMF16 (Compliance Oversight) and SMF17 (Money Laundering Reporting Officer) but these do not normally apply to General Insurance Intermediaries whose permissions are only for Insurance Distribution and Credit Broking.

2. Non-Executive Directors do not need to be approved for SMFs unless they hold the role of Chair and then will need SMF9

3. Senior Managers can hold more than one SMF, e.g. CEO and Executive Director but will need the approval of the FCA for each function.

2) Limited Scope Firms

In the Insurance Intermediary sector Limited Scope Firms are likely to be either Sole Traders or firms whose principal business is not Insurance intermediation and only have permission to carry on insurance distribution activity for non- investment insurance contracts.
In theory 3 possible SMFs could apply:

SMF29 – Limited Scope Function
SMF16 – Compliance Oversight
SMF17 – Money Laundering Reporting Officer

In practice none are likely to apply for most mainstream Insurance Intermediaries.
As for Core Firms, SMF16 and SMF17 are not normally applicable in the General Insurance Intermediary sector and SMF29 is the replacement for the CF8

Apportionment and Oversight controlled function which did not apply to Sole Traders. So SMF29 will generally only be applicable for:

1. A few limited companies who prior to SMCR did not have any Approved Persons with controlled functions other than CF8.

2. Secondary Insurance intermediaries whose principal business is not insurance intermediation and who only have permission to carry on insurance mediation activity in relation to non-investment insurance contracts

b) Controlled Functions

As mentioned, these are the same as in the Approved Persons regime prior to SMCR but from 9/12/2019 will effectively only continue to apply to Appointed Representatives. The Controlled Functions are:

It is advisable to retain an up to record of approved persons at all times.

As explained in the Supervision (SUP) section of this manual, under SMCR, Senior Managers must have a prescribed Statement of Responsibilities (SoR) document and this should meet record-keeping requirements.

Appointed Representatives are not subject to SMCR so do not have a SoR but APER Template 1 can be used as an alternative basic record.

3 Requirements of an Approved Person

There are two general requirements of an Approved Person:

1. That such a person fulfils the FCA Fit and Proper Test for Employees and Senior Personnel (FIT); and
2. Abides as appropriate by either the Code of Conduct (COCON) for Senior Managers or the Statements of Principle and the Code of Practice for Approved Persons (APER)

The Fit and Proper requirements are covered separately in High Level Standards – Section 5 (FIT) of this manual as they now also apply to some staff who are not Approved Persons.

The Code of Conduct (COCON) requirements are also covered separately in High Level Standards – Section 6 (COCON) of this manual.
COCON is a new FCA Sourcebook effective from 9/12/2019 for Insurance Intermediaries. It contains rules on conduct standards for both Approved Persons and Insurance staff in general. It only applies to SMCR firms so is not applicable to Appointed Representatives.

Approved Persons in Appointed Representatives continue to be subject to the same conduct rules which applied prior to SMCR and these are covered below in 4.4.

The individual’s wider responsibility

The responsibility on the individual AP is wider than satisfying the FIT rules and compliance with COCON or the Principles and Code of Practice for APs.

It is also the individual’s responsibility to work collectively to ensure that the firm, as a whole, is in compliance with the Principles for Businesses (PRIN) and Senior Management Arrangements, Systems and Controls (SYSC). Although individual APs are assigned individual responsibilities, compliance with the new FCA regime requires a global and collective outlook by the individuals within the firm in order for the Firm to satisfy its requirements, i.e. the Principles for Businesses and SYSC.

As an AP, a thorough understanding of the SYSC rules is essential as the individual has a responsibility for ensuring compliance with these standards. The individual needs to make sure that they are fully aware of the systems and controls are not only in place, but are also being used effectively.

4 Conduct Rules – Appointed Representatives

Approved Persons in Appointed Representatives continue to be subject to the same conduct rules which applied prior to SMCR and comprise statements of principles for APs and a code of practice.

Statements of Principle

There are seven Statements of Principle and the code of practice provides guidance on how the seven Statements of Principle can be applied. The AP needs to understand the Statements of Principle and their obligation to adhere with them. It is recommended that these form part of the conditions of employment.

The FCA Principles for Approved Persons

‘Reasonableness will be judged on the information that a firm knew or ought to have known at the relevant time, and the actions taken in the light of that knowledge, and good business practice applicable at that time’.

The Code of Practice for Approved Persons

Key Elements

• Individuals should not continue to undertake a controlled function, having failed to meet the standards of knowledge and skill required to perform the role.
• In organising business for which the individual performs a significant influence function, the individual should bear in mind the risks the business is prepared to take.
• The individual should consider reviewing each area of the business for which they are responsible, so that it is clearly assigned to a particular individual.
• The organisation of the business and the responsibility of those within it should be clearly defined.
• If an individual’s performance is unsatisfactory, then the firm should carefully review whether to allow this individual to continue in their position.
• Where the individual is not an expert in a business area, they should consider whether they or those that they work with have the necessary expertise.
• When delegating a task, there should be reasonable grounds for believing the delegate has the competence, knowledge, skill and time to address the issue.

Code of Practice – key areas to consider

The Code of Practice is intended to help determine whether or not an approved person’s conduct complies with the various Statements of Principle. It refers to an AP being in breach of a principle where they are personally culpable.

1. What is personal culpability? – breaches of the principles where conduct is deliberate or the standard of conduct is below that which would be reasonable in the circumstances. This includes omitting to do something as much as doing something inappropriate and whether reasonable care was taken when considering information available and how this was acted upon. This includes failing to have an adequate understanding of regulation and the personal responsibilities arising out of being an AP.

2. Statements 1 & 2 – breaches occur where APs deliberately mislead or attempt to mislead a client, the business or the FCA and/or fail to inform or advise the significance of material information. This includes:
• falsifying documents of any sort (all client documents and internal records including training, qualifications or past employment records);
• continuing to perform a controlled function despite having failed to meet FCA training and competence requirements (this includes relevant insurance and management/regulatory training);
• failing to pay due regard to the interests of a customer, without good reason;
• deliberately misusing the assets or confidential information of a client or the business. In the case of clients this applies to funds (including retaining a client’s funds wrongly), market/price sensitive information or failing to advise the client they are incorrect in their understanding of a material issue including the required technical insurance knowledge related to the insurance services provided by the business;
• destroying, or causing the destruction of, documents (including false documentation), or tapes or their contents, relevant to misleading (or attempting to mislead) a client, his firm, or the FCA;
• deliberately preparing inaccurate or inappropriate records or returns in connection with a controlled function;
• misleading others in the senior management team about the nature of any increased risk to the business through any types of new business being undertaken;
• deliberately designing contracts to include insurance in an implicit rather than an explicit way so as to disguise breaches of FCA requirements and standards of the regulatory system;
• deliberately failing to disclose conflicts of interest to a client including fees and profit sharing arrangements when asked;
• providing false information to the FCA;
• deliberately misleading clients;
• providing inaccurate or inadequate information to the firm or its auditors;
• failing to segregate client money and failing to process clients payments in a timely manner; and
• not ensuring that there is a process in place to complete a fact- find on the demands and needs of the proposed client. This ensures any advice given is with a reasonable understanding of the risks involved in the transaction, including information on any other form of existing insurance in force, e.g. dual insurance or any overlap in cover that may affect the decision by the client to purchase further insurance. This should also be monitored and audited to ensure it happens.

3. Statement 3 – breaches of market conduct occur where APs permit professional relationships to be influenced through conflicts of interest or through putting their own interests above their duty to any customer for whom they act.

4. Statements 4 & 7 – breaches occur where APs fail to set up and implement adequate and appropriate systems of control to ensure compliance with FCA regulation and/or fail to disclose information in accordance with these internal systems or direct to the FCA as required. This includes:
• failing to ensure the compliance systems and controls of the whole business are appropriately set up, monitored and reviewed; failures or breaches are dealt with in a timely manner, bringing in external support and advice as appropriate. This includes failure to act on knowledge of breaches of regulation in areas of the business other than under the AP’s direct control;
• failing to take reasonable steps to ensure that procedures and systems of control are reviewed and if appropriate, improved in a timely and appropriate manner, following the identification of significant breaches (whether suspected or actual) of the relevant requirements and standards;
• failing to take reasonable steps adequately to inform himself about the reason why significant breaches (whether suspected or actual) of the relevant requirements and standards;
• not implementing recommendations made as a result of an independent review of the business;
• not providing information to the FCA when requested and to the specified timescale;
• not attending interviews or answering questions requested or demanded by the FCA;
• failing to have a clearly defined reporting process regarding FCA/compliance issues within the business and not communicating it to all staff.

The key message regarding relations with FCA is “no surprises” – it is better to advise them of a situation with some idea of how you will put things right than for them to find out through other means. When considering whether information is material and should be reported to the FCA, it is worth bearing in mind that the FCA assesses the risk a business brings to them, by considering their three main objectives which are:

1. Securing an appropriate degree of protection for consumers. Vetting at entry aims to allow only those firms and individuals satisfying the necessary criteria (including honesty, competence and financial soundness) to engage in regulated activity. Once authorised, the FCA expect firms and individuals to maintain particular standards set by them. They will monitor how far firms and individuals are meeting these standards. Where serious problems arise the FCA investigates and, if appropriate, disciplines or prosecutes those responsible for conducting financial business outside the rules. The FCA can also use their powers to restore funds to consumers;
2. Protecting and enhancing the integrity of the UK financial system to include its soundness, stability and resilience and ensuring it is not used for a purpose connected with financial crime; and
3. Promoting effective competition in the interests of consumers taking into account of the needs of those consumers who use or may use services

5. Statement 5 – breaches occur when APs fail to organise the business appropriately, including unclear reporting lines and levels of authorisation or confusing job descriptions. This includes:
• failing to apportion significant responsibilities among the business’s directors and senior managers;
• failing to review the competence knowledge skills and performance of staff to assess their suitability for their jobs;
• giving undue weight to financial performance over working in a compliant manner when considering the suitability and continuing suitability of an individual for a particular role;
• failing to review whether poor performers should remain in their role;
• allowing the business managerial or other vacancies to remain unfilled without adequate cover, thereby putting compliance with FCA requirements at risk; and
• failing to ensure that job descriptions show clear reporting lines, responsibilities, including limits of authority, competences, qualifications, experience and skills required.

6. Statement 6 – breaches occur where APs fail to keep themselves adequately informed about the aspects of the firm’s business for which they are responsible. This includes:
• failing to ask for adequate reports on business performance;
• failing to ensure progress happens, in a timely manner, of tasks or business issues which are delegated to others either in-house or externally;
• accepting implausible or unsatisfactory explanations from others on regulated business issues;
• permitting insurance contracts or deals or new areas of business without assessing the impact on the business;
• allowing inadequate monitoring of highly profitable transactions or unusual transactions or business practices;
• failing to ensure where an AP has delegated authority, investigation, management or resolution of an issue to another party, that they have the skills, knowledge, expertise and time;
• failing to understand the business for which the AP has responsibility;
• failing to ensure that where the AP does not have the expertise ensuring there is sufficient expertise in the business to provide him with adequate explanations of issues within the business area; and
• delegating work (either in-house or externally) without checking that the individual has the appropriate capacity, competence, knowledge or seniority or skill to deal with it.

5 Personal files for approved persons

A full history of the AP will be required to enable the completion of the FCA AP application Form. This will include:
• financial services’ employment history over the last 5 years; and
• any implications to their Fit and Proper standing arising out of previous personal conduct.

The firm also has responsibilities to ensure that APs remain fit and proper and need to have a process in place to monitor this on a regular basis.

FIT Template 1 contains an initial and annual self-declaration on criminal records, civil proceedings, reputation, etc. and financial standing which Firms can adopt. Competence should be assessed as part of formal appraisal processes for which templates can be found in the TC section of this manual.