What is the NED taking On?

What is the NED taking On?

NEDs in the UK insurance sector are members of Boards that are highly regulated. Not only do their companies have to comply with the Companies Act 2006, but as NEDs on the Boards of insurers or intermediaries, their companies will fall within the remit of the current financial services regulators.


Many of todays regulations have their origins in the Financial Services and Markets Act 2000 (FSMA), which consolidated much of the existing, but quite disparate, regulations covering insurers, brokers and their agents. Under FSMA, a new regulator, the Financial Services Authority (FSA) was formed. Its regulatory objectives focussed on market confidence; financial stability; public awareness (of financial regulations); the protection of consumers and the reduction of financial crime.

Under the Regulated and Prohibited Activities section of FSMA, specific rules were drawn up for Authorised Persons to act only with permission. NEDs fall within the category of Approved Persons.

In 2013, the Financial Services Authority was replaced by the "twin peaks" regulators.

These regulatory bodies are the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA). Both bodies have statutory powers and obligations:

The PRA’s statutory objectives are to promote the safety and soundness of firms and, specifically for insurers, to secure an appropriate degree of protection for policyholders.

The PRA’s initial areas of focus are: management and governance; corporate culture and behaviour; the quality of capital and its adequacy; capital models and insurers’ compliance with Solvency II.

The FCA’s statutory objectives are to secure an appropriate degree of protection for consumers (especially retail customers); to protect and enhance the integrity of the UK financial system and to promote competition in the interests of consumers.

The PRA is part of the Bank of England (BoE). The FCA is an independent regulatory body which is accountable to HM Treasury.

In September 2018, BIBA published its Compliance Manual 2018, which offers a comprehensive summary of the FCA’s activities in the section Background and Introduction to FCA.


While it remains an EU member state, the UK also has to comply with financial regulations that are determined by the EU Parliament, in Brussels. HM Treasury and the BoE are responsible for ensuring that regulated firms in the UK financial sector are compliant with such regulations.

A notable example of such rules is those which are known, collectively, as Solvency II, promulgated, today, by EIOPA (European Insurance and Occupational Pensions Authority).

Following the UK’s decision to leave the EU, as a result of the Referendum held on 23 June 2016, the regulatory framework described above will change. The UK Government triggered Article 50 of the Treaty on European Union (the” Lisbon Treaty”) on 29 March 2017.

Article 50 allows a member state to notify the EU of its withdrawal and obliges the EU to try to negotiate a “withdrawal agreement” with that state.

The time-frame allowed in Article 50 is two years. This deadline can only be extended by unanimous agreement from all EU countries.

If no agreement is reached in two years, and no extension is agreed, the UK automatically leaves the EU and all existing agreements would cease to apply to the UK. If that happens, Brexit Day would be Friday, 29 March 2019.

Accordingly, all references to the current regulatory framework in this iNED Information Bank continue to regard the UK as having to comply with financial regulations that are determined by the EU Parliament.

As regulatory changes that affect NEDs are introduced, they will be explained and featured in this Information Bank.

In April 2017, Sam Woods, CEO of the PRA, wrote to all regulated firms in the financial services sector asking their Boards of Directors to confirm their contingency plans for the UK’s withdrawal from the European Union. This letter can be accessed via this attachment.

In the summer of 2018, Moore Stephens produced the following commentary on the Brexit White Paper Plan, which poses and answers a series of questions about future regulation:

“What is a white paper anyway?

It’s a formal statement of the British Government’s position on a matter of policy. It’s not a consultation paper – that’s a green paper. Generally, governments are reluctant to row back from the positions taken in white papers, which is why this one which is particularly controversial and has been followed by resignations.

What does this one say about the insurance market post-Brexit?

It says four main things:

  1. The UK wants to be able to diverge from the EU in terms of financial services regulation;
  2. Passporting will no longer be possible and there will be no right of market access in either direction;
  3. The UK will instead seek an enhanced equivalence regime that addresses some of the problems of the existing EU equivalence regimes and gives limited market access into the EU;
  4. The starting position, at 1 January 2021, will be simply one of equivalence.

What does it say about regulatory alignment?

The government is not in favour of it. The main reason given is that because of the importance of financial services to financial stability, the UK may need to be able to impose higher than global standards. Intriguingly, it also opens the possibility of relaxation in the other direction: “the UK market contains products and business models that are different to those found elsewhere in the EU, and regulation would need to reflect those differences” which is not true of the current regulatory regime, where the UK must always follow EU directives.

What does it say about passporting?

It isn’t going to be possible. The paper does not lay out an explicit logical connection between the first point and the second, but the implication is that the British Government has concluded that the EU will not allow passporting post-Brexit, except under circumstances where the UK accepts full regulatory alignment, which the Government doesn’t want. This is also logically consistent with the position being taken in the paper on goods, where the government is prepared to accept a “common rulebook” and is asking for full market access in return.

So what does the insurance market get instead?

If it can be negotiated; an enhanced equivalence regime. The paper notes that the existing EU equivalence regimes are flawed. The main reason comes last: “the existing regimes do not provide for phased adjustments and careful management of the impact of changes”. This is something of an understatement given the EU can withdraw equivalence at 30 days’ notice. So, the proposal is that an enhanced equivalence regime is negotiated. It is fair to say that at this point the language in the paper becomes somewhat abstruse, and it is difficult to follow precisely what is being said or asked for. This may reflect intellectual uncertainty on the part of the writers or, more likely, a degree of disagreement about what is desirable or negotiable. It may well also reflect a desire to keep options open during negotiation. In essence it is a wish list of possibly negotiated outcomes. One intriguing possibility is that for “the most important international financial services [sub-sectors]… those that generate the greatest economies of scale and scope” the new arrangement might provide for a cross-border provision. The paper is silent on which sub-sectors might be prioritised in this way.

Are there implications for the transition or implementation period?

Not directly, except in one important respect. The white paper makes no suggested changes to the transition, or implementation period, which is planned to run from 29 March 2019 to 31 December 2020. The position during that period is as follows. The EU Council issued guidelines on 29 January 2018 which set out their position in some detail. In particular, the whole of EU law and any changes to it will apply to the UK; the UK stays in the single market and the customs union; and the full competence of EU institutions is preserved. The UK position had been summarised in a speech by David Davies two days earlier and was remarkably similar: “Both sides must continue to follow the same, stable set of laws and rules, without compromising the integrity of the single market, and the customs union to which we will maintain access on current terms; maintaining the same regulations across all sectors of the economy — from agriculture to aviation, transport to financial services….in keeping with the existing structure of EU rules that will allow a strictly time-limited role for the European Court of Justice during that period. During this… period, people will of course be able to travel between the UK and EU to live and work.” Both these positions were incorporated in the text of the Withdrawal Agreement which was issued at the end of March 2018, with the parts referring to the transition period highlighted in green to indicate that they were agreed. So essentially, at a practical level, it seems likely that very little changes.

This all assumes that the Withdrawal Agreement is actually ratified?

Yes, this is the respect in which the white paper may impact the transition or implementation period. The paper repeats the EU’s mantra that “nothing is agreed until everything is agreed”, and specifies that “the Withdrawal Agreement should include an explicit commitment by both parties to finalise these legal agreements as soon as possible in accordance with the parameters set out.” In other words, the UK Government is expecting that the matters covered in the paper are broadly concluded before the Withdrawal Agreement is signed, even though the actual future agreements cannot be concluded until after the UK has ceased to be a member. This obviously increases the risk that nothing will be agreed, especially since it is difficult to characterise the UK Government’s approach as anything other than “cherry-picking”, something the EU has been long opposed to.

How has the paper gone down with the industry?

So far, badly. CityUK said: “Mutual recognition [of each other’s regulatory regimes] would have been the best [approach] and it is regrettable and frustrating that it has been dropped before getting to the negotiating table.” The outgoing CEO of Lloyd’s has said that the proposals are “very disappointing” and “do not provide the certainty we are looking for”. She reaffirmed plans for Lloyd’s in Brussels.

Do they have a point?

It is quite right that the paper does not provide certainty: the paper is only clear about what the UK Government does not want. On the question of what is to replace it, it provides a list of desiderata but not a clear picture. However, these reactions are not directly addressing a major problem: the political question of whether market access without regulatory alignment was ever really a runner.

So what are the problems with the industry’s alternative picture?

The basic problem is cakeism: the hope that we can get the best of both worlds overcoming the practical fact that we have to choose. Was it ever likely that the EU would concede full market access on the basis of mutual recognition of regulatory regimes which can by definition diverge? The UK Government has clearly concluded that it won’t. And what the industry has then failed to answer is the question of whether, forced to choose, they would prefer regulatory flexibility or market access. The London Market Group’s proposals issued in November 2017, for example, did not address this question.

So what does this mean for you?

As the outgoing CEO of Lloyd’s correctly observes, the white paper is the signal that businesses must now plan and execute those plans on the basis that there is going to be no agreement that preserves market access as we know it. In the worst case, this will happen from March 2019, because the unintended result of the UK government’s position is that no agreement is reached at all. But the far more likely outcome is that some agreement is reached so the implementation or transitional period will operate until 31 December 2020. However, not only is it unclear what can be negotiated but it is also clear that whatever is negotiated will not match up to the level of market access enjoyed under the current passporting regime.

This vindicates those businesses that have already started implementing their plans for an onshore entity and our advice to all clients that they should have a clear and comprehensive contingency plan. Those contingency plans should now be put into effect.”


Since this Information Bank was first launched, in September 2014, the regulations governing Board appointments and senior management positions in the UK insurance industry have changed significantly. In particular, the SIMR (Senior Insurance Managers Regime) has been introduced by the PRA along with the FCA’s RAPR (Reformed Approved Persons Regime), which are described more fully below.

Both the PRA and FCA have operated, and will continue to operate in a modified form, an Approved Persons Regime, but before they are examined it is worth looking at the context in which all approvals exist.


The PRA’s Fundamental Rules (FR) replaced their earlier Principles for Business.

The Fundamental Rules (FR) set out the PRA’s high-level expectations and they underpin the entire PRA Rulebook. The Fundamental Rules are:

FR 1: A firm must conduct its business with integrity.

FR 2: A firm must conduct its business with due skill, care and diligence.

FR 3: A firm must act in a prudent manner.

FR 4: A firm must at all times maintain adequate financial resources.

FR 5: A firm must have effective risk strategies and risk management systems.

FR 6: A firm must organise and control its affairs responsibly and effectively.

FR 7: A firm must deal with its regulators in an open and cooperative way and must disclose to the PRA appropriately anything relating to the firm of which the PRA would reasonably expect notice.

FR 8: A firm must prepare for resolution so, if the need arises, it can be resolved in an orderly manner with a minimum disruption of critical services.

The most notable difference between the previous Principles and Fundamental Rules is that under the Principles approach, firms had more freedom to achieve the intended outcomes in the way they deemed to be most appropriate. Rules, by their very nature, are less open to interpretation and so should provide greater clarity and certainty.

The PRA’s powers to address serious failings in the culture of firms

The PRA expects firms not merely to meet the letter of its requirements, but to maintain sight of the overriding principle of their safety and soundness and to act accordingly. As such, the PRA expects firms to have a culture that supports their prudent management.

The PRA does not have any “right culture” in mind; rather it focuses on whether Boards and management clearly understand the circumstances in which the firm’s viability would be under question, whether accepted orthodoxies are challenged and whether action is taken to address risks on a timely basis.

The PRA also expects that individuals, whatever their position in the firm, should take responsibility for acting in a manner consistent with its safety and soundness and that remuneration and incentive structures should reward careful and prudent management.

Identification of failings in culture is not limited to individual serious occurrences, but may include:

  • The observation of multiple examples of firms failing to conduct their business in a safe and sound manner, including failings in different business areas, that may not be related or that when examined individually may not be considered serious
  • Evidence of a poorly functioning Board that fails to challenge Executives or take a lead in consideration of conducting business in a safe and sound manner; which can include setting, articulating and embedding an appropriate culture in the firm and drawing up clear policies and guidelines that are linked to staff objectives, training, evaluation and incentives.
  • Evidence of weak control areas such as risk, compliance and internal audit that may indicate poor management, lack of resource, or insignificant representation on the Board.
  • Evidence of other weaknesses in Board or senior management behaviour and influence on its firm’s culture, including incentives and their adherence to the firm’s values.
  • Any other evidence of failings in culture identified by the PRA’s supervisory approach.
The need to challenge Executives represents a major responsibility for NEDs and underlines their role in ensuring that a firm’s culture is appropriate.

It should be understood that the PRA seeks to address serious failings in culture as part of its approach to supervision. If serious failings in culture are identified, the PRA has a variety of powers which it may use if deemed necessary to reduce risks and achieve desired supervisory outcomes. The powers include the use of Section 166 Skilled Persons Reports, Variation of Permissions (which can extend as far as withdrawal of authorisation) and various other means.


Historically, the PRA, which has oversight of insurers’ (including Lloyd’s managing agents’) prudential activity, has referred to certain management functions (and not just Directors) as being Controlled Functions.

It should be noted that Insurers can be dual regulated. This means that applications from dual regulated firms will be considered by both the PRA and the FCA.


Both the PRA and the FCA will have regard to a number of personal factors when assessing the fitness and propriety of an individual to perform a particular controlled function. Both UK regulators’ assessment criteria relate to the person’s:
  • Honesty, integrity and reputation
  • Competence and capability
  • Financial soundness (as an individual)

These requirements are known as The FIT and Proper Test for Approved Persons and appear under the regulators’ handbooks with the acronym FIT.

The PRA publishes guidance entitled Approved Persons – FAQs.


The past few years have seen very significant changes to the rules and regulations that govern the appointment, behaviour and expectations of NEDs. The following pages set these reforms in their historical context and offer an introduction to the new SMCR regime to which reference is made below.

Because they are ever-changing (and becoming more proscriptive and onerous) these regulations will be updated in this Information Bank in their latest reiteration in Q1 2019.


In November 2014, the PRA published its Consultation Paper (CP26/14) entitled “Senior insurance managers regime: a new regulatory framework for individuals”.

The current regime is the result of changes required by Solvency II and the regulators’ intention to bring insurance into line with banking supervision rules. The insurance regime (SIMR) is aligned with the Banking One SMR and reflects changes made in the banking sector as part of the Financial Services (Banking Reform) Act 2013.

The FCA consulted via its CP14/25, outlining its proposals to update their Approved Persons Regime, as a result of which they now operate a Reformed Approved Persons Regime.

Both UK regulators have introduced Conduct Standards (PRA) and Conduct Rules (FCA) aimed at shaping the culture, standards and policies of authorised firms as well as acting as a deterrent against misconduct.

The Chartered Insurance Institute (CII) issued a Policy Briefing, in November 2015, which covered SIMR comprehensively and contains links to both the PRA’s and FCA’s source materials. The following section is based largely upon this CII document.


The Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA) have introduced rules for the new regulatory framework for insurance.

This strengthening of accountability in insurance is a result of a number of developments: Solvency II requirements, European Insurance and Occupational Authority (EIOPA) requirements and a move to bring insurance into line with new banking conduct rules.

There has been a need to incorporate legal requirements under the Solvency II Directive implementation of the “fit and proper” requirement for relevant individuals.

In parallel with this need is the UK regulators’ wish to align the insurance sector with changes made to banking supervision as a result of the Banking Act and the belief that the previous “approved persons’ regime” was no longer fit for purpose for any part of financial services.

The main impact of the changes was to strengthen the regulatory regime applicable to individuals (including NEDs) and to toughen the governance and vetting regime at firm level. Today’s regime reflects the regulators’ increased focus on greater personal responsibility.

This regime aims at identifying and approving those senior persons responsible for running an insurer or who have responsibility for a key function. SIMR and SMCR seek to ensure those holding senior responsibility “behave with integrity, honesty and skill”.

The regulators also require governance maps to confirm the allocation of these responsibilities and they have introduced new conduct standards and fitness requirements.

The current regime impacts all insurers who fall within the scope of Solvency II and applies to the Society of Lloyd’s and to Lloyd’s managing agents, the UK branches of third country insurers and Insurance Special Purpose Vehicles.

Variations of the new regime have also been proposed for non-Solvency II insurers, so-called non-Directive firms (NDFs). Those NDFs with assets over £25 million from regulated activities will be subject to a similar SIMR/ SMCR to Solvency II firms, while NDFs with fewer assets than this will be subject to a streamlined version of the SIMR.

Most of the SIMR information in this website refers to Solvency II insurers.

Senior Insurance Management Functions

The PRA’s SIMR focuses on those holding critical high level roles within Solvency II insurers. The result is a narrower set of Control Functions, meaning fewer individuals coming under the remit of the new regime. However, those who are covered by SIMR will face greater scrutiny from the PRA.

This narrower set of control functions is known as Senior Insurance Management Functions (SIMFs) and individuals require pre-approval by the PRA before assuming responsibility for any one of them.

From January 2016, regulated firms have to submit a Scope of Responsibilities document with each individual’s application for PRA approval. It may be possible for a SIMF to be shared by two people, though only when it is “appropriate and justified”.

List of SIMFs

PRA Control Function - Title

Chief Executive function SIMF1

Chief Finance function SIMF2

Executive Director SIMF3

Chief Risk function SIMF4

Head of Internal Audit SIMF5

Group Entity Senior Insurance Manager function SIMF7

Third country branch manager function SIMF19

Chief Actuary function SIMF20

With-Profits Actuary function SIMF21

Chief Underwriting function SIMF22

Underwriting Risk Oversight function (Lloyd’s only) SIMF23

Key Functions

The Solvency II Directive requires firms to have “an effective system of governance”.

This system includes a Risk Management function, a Compliance function, an Internal Audit function and an Actuarial function.

In addition, the PRA has identified a number of other functions that firms might want to consider as “key”. These are: Investment, Claims management, IT, and Reinsurance.

However, this list is not exhaustive and firms are required to identify their own key functions, depending on their business. As with those holding a SIMF, key function holders will require pre-approval by the PRA. There is scope for overlap between SIMF and key function holders. Where this occurs, firms will need to show how conflicts of interest are minimised and that the individual is competent to undertake both roles.

Significant Influence Functions (SIFs)

There are a number of control functions that are beyond the scope of the PRA regime, but that instead require FCA approval. These are known as FCA Significant Influence Functions (SIFs). They are:

Directors (CF1) not otherwise approved by the PRA

Apportionment and oversight function (CF8)

Compliance function (CF10)

CASS Operational Oversight function (CF10a)

Money Laundering Reporting Officer (CF11)

Significant Management function (CF29) not otherwise approved by the PRA

Customer function (CF30)


Given the nature of the PRA and FCA regimes, there is scope for regulatory overlap. If an individual were to perform an FCA SIF and was already approved by the PRA to hold a SIMF, the FCA function would be included with the PRA function. Therefore, the individual will need to provide information on the FCA function they are looking to perform in their Scope of Responsibilities document.

Prescribed Responsibilities

Firms are required to allocate a number of prescribed responsibilities between those who hold a SIMF or SIF, or in some cases Non-Executive Directors.

In practice, the PRA expects firms will generally allocate prescribed responsibilities to the function to which they are most closely linked. These can be summarised as follows:

  1. Ensuring that the firm has complied with the obligation to satisfy itself that persons performing a key function are fit and proper;
  2. Leading the development of the firm’s culture and standards;
  3. Embedding the firm’s culture and standards in its day-to-day management;
  4. Production and integrity of the firm’s financial information and regulatory reporting;
  5. Allocation and maintenance of the firm’s capital and liquidity;
  6. Development and maintenance of the firm’s business model;
  7. Performance of the firm’s Own Risk and Solvency Assessment (ORSA);
  8. Induction, training and professional development for all the firm’s key function holders;
  9. Maintenance of the independence, integrity and effectiveness of the whistleblowing procedures, and the protection of staff raising concerns; and
  10. Oversight of the firm’s remuneration policies and practices.

FCA RAPR Significant Influence Functions

The FCA requires pre-approval of all individuals taking up Executive and certain other functions who are not PRA approved under SIMR. They will become FCA Significant Influence Functions.

For NDF firms with assets of less than £25 million, the PRA have introduced a reduced set of prescribed responsibilities. They are required to seek approval for a single function called the Small Insurer Senior Management Function (SISMF).

Fit and Proper Assessment

A key element of the new regime is the focus on personal responsibility. Individuals, including NEDs, will need to show that they possess the necessary level of competence, knowledge and experience, as well as hold the requisite qualifications and be able to demonstrate integrity.

There is a greater emphasis on technical and personal characteristics in the preapproval process. It is the responsibility of firms to carry out fit and proper tests. They will need to be satisfied that individuals looking to hold roles that are SIMFs or SIFs (including “governing NEDs”) meet the requirements before seeking approval from either the PRA or FCA.

Conduct Standards

A key element of the current regime is a highly prescriptive set of Conduct Standards – for SIMF and SIF holders. The regulators rely on these standards when taking enforcement action against individuals.

The PRA’s standards for SIMF holders are similar to the previous Approved Persons Conduct Standards but with a new responsibility for the oversight of the discharge of any delegated responsibilities, along with a responsibility related to the PRA’s insurance objective.

Anyone performing a key function needs to observe standards 1-3.

SIMFs and Key Function Holders, in addition, are required to observe standards 4-8.

Firms will be required to consider whether a person has observed the conduct standards as part of ongoing assessment of their being considered “fit and proper”. This can be achieved through firms’ performance management cycles.

The PRA requires firms will keep records of the extent to which individuals are following necessary Conduct Standards.

PRA Conduct Standards:

Standard 1: You must act with integrity.

Standard 2: You must act with due skill, care and diligence.

Standard 3: You must be open and cooperative with the FCA, the PRA and other regulators.

Standard 4: You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively.

Standard 5: You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system.

Standard 6: You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively.

Standard 7: You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice.

Standard 8: When exercising your responsibilities, you must pay due regard to the interests of current and potential future policyholders in ensuring the provision by the firm of an appropriate degree of protection for their insured benefits

FCA Standards

The FCA’s standards follow the PRA’s conduct rules but with the addition of treating customers fairly. The first tier rules apply to all FCA and PRA approved persons in Solvency II firms. The second tier ones relate to those holding a SIF.

FCA First Tier

Individual Conduct Rules:

Rule 1: You must act with integrity.

Rule 2:  You must act with due skill, care and diligence.

Rule 3: You must be open and cooperative with the FCA, the PRA and other regulators.

Rule 4: You must pay due regard to the interests of customers and treat them fairly.

Rule 5: You must observe proper standards of market conduct.

FCA Second Tier

Significant Influence Function Holder Conduct Rules:

SIF 1: You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively.

SIF 2: You must take responsible steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system.

SIF 3: You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively.

SIF4: You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice.

Governance Maps

Firms subject to SIMR are required to develop a “Governance Map” detailing the positions of senior personnel and key functions. Its purpose is to confirm the firm’s allocation of the aforementioned responsibilities.

The map is used by the PRA in its supervision of the firm. It also forms part of enforcement cases against individuals as evidence of individual responsibility. This map must be kept up-to-date on at least a quarterly basis.


Certain “Prescribed” Responsibilities can only be assigned to NEDs who have been approved by the PRA or FCA to perform a governing function. These relate especially to policies on remuneration and whistleblowing (see below).

The responsibilities for which NEDs are accountable are more limited than SIMF or SIF holders. Their accountability is restricted to activities for which they are responsible, such as ensuring that the Board or Board Committees that they chair meet regularly; fostering open and challenging discussion and providing independent oversight of Executive decisions.

NEDs with specific responsibilities, such as the Chairman of the Board, come under the SIMR, but not all NEDs are affected (see below).

The “governing NED” roles are:

  • Chairman
  • Senior Independent Director
  • Chairs of the Risk, Audit, Remuneration and Nominations Committees.

The individuals performing these roles are subject to all aspects of the SIMR, including regulatory pre-approval, the FCA’s and PRA’s new Conduct Rules and the presumption of responsibility. They are be known as “governing NEDs”.

“Unapproved” NEDs, referred to as “Standard” NEDs, who are not “governing”, fall outside of the SIMR and are no longer subject to regulatory pre-approval, are not subject to the Conduct Rules nor the presumption of responsibility. The PRA has instead, adopted a fitness requirement and notification process for Standard NEDs as an alternative to pre-approval.

This revised notification process allows firms to:

  • Assess the fitness and propriety of all NEDs not subject to pre-approval before appointing them and periodically thereafter;
  • Notify the PRA that such NEDs have been deemed fit and proper, and provide the PRA with the information set out in the proposed notification form;
  • Notify the regulators of any other information which would be reasonably material to the assessment of a NED’s fitness and propriety.

The following graphic, supplied by the accountants Moore Stephens, sets out the roles of NEDs within the SIMR:

As a result of the above proposals bringing certain NED functions into scope of the SIMR, the PRA requires firms to allocate the following two SIMR Prescribed Responsibilities to a NED within the SIMR:

1. Maintenance of the independence, integrity and effectiveness of the whistleblowing procedures, and the protection of staff raising concerns. 
2. Oversight of the firm’s remuneration policies and practices.

The FCA originally suggested that NEDs should be whistleblowers’ champions in PS 15/24, section 1.9.

Extension of the Senior Managers and Certification Regime (SMCR)

In October 2015, the Treasury announced that the Senior Managers and Certification Regime (SMCR) will be extended to all sectors of financial services with the aim of creating a fairer, more consistent and rigorous regime for authorised financial services firms”.

Although the insurance sector was covered by SIMR from March 2016, further requirements in relation to the SMCR have been updated throughout 2018.

In August 2018, Moore Stephens provided a comprehensive overview of the new SMCR with guidance as to the latest requirements and time-lines which can be accessed under the attached link.

The Treasury acknowledges that SIMR “paves the way for the application of the SMCR to insurers” given that SIMR incorporates many of the banking regime’s principles.

HM Treasury has stated: “This expansion of the SM&R to all financial services firms will enhance personal responsibility for senior managers as well as providing a more effective and proportionate means to raise standards of conduct of key staff more broadly, supported by robust enforcement powers for the regulators.”

An overview of SMCR, as at November 2018, is shown on the attached three-page appendix.

As SMCR is still evolving, further updates will be included in Q1 2019, as indicated above.

SIMR & RAPR Historical and Prospective Timeline:

1 January 2016 - Governance maps required to be in place. Scope of responsibilities form required for new SIMF applications.

8 February 2016 - Closing date for submission of grandfathering notifications to the PRA and FCA (for SIF holders).

7 March 2016 SIMR & RAPR came into force. Grandfather existing Control Functions holders in NDFs into the regime.

7 September 2016 - Closing date for submission scope of responsibilities form for grandfathered individuals to the PRA. Notification required for those transitional key function holders at 1 January 2016 (who were not grandfathered). These are key function holders who do not need to be preā€approved by the PRA, but have to be notified to the PRA (for its assessment).

7 March 2017 - Small NDFs required having Scope of Responsibilities documents in place for all SIFs.

2018 - Senior Managers and Certification Regime (SMCR) for all sectors of financial services being refined.


Extending Personal Responsibility and Accountability

The PRA has stated: “Senior managers will be held individually accountable if the areas they are responsible for fail to meet our requirements. Our new accountability regime will hold all senior managers, including non-executive directors, to a clear standard of behaviour and we will take action where they fail to meet this”.

In May 2016, Moore Stephens published an Insurance Update article that addressed the issue of personal responsibilities within the new regime entitled “Senior Insurance Managers Regime – the onus on the individual”.

Further valuable information on SIMR and RAPR can be obtained from the following sources:


Attestation is a formal supervisory tool used with increasing regularity by both the PRA and the FCA.

The primary aim is to attach personal responsibility and accountability to Board members (including NEDs), senior management and anyone performing a controlled or significant influence function, to ensure that firms are meeting their regulatory responsibilities.

The key words are “personal responsibility” and “accountability”, so if, or when, adverse issues arise, no longer can Board members or senior management hide behind the concept of collective responsibility or blame the less tangible “corporation” or “firm” rather than the individuals who run the company. The impact of statements made in an attestation can also potentially “follow” an individual throughout his or her career.

The FCA has stated: “When we use an attestation, we do so to gain personal commitment from an approved person at a regulated firm that specific action has been taken or will be taken. The aim of an attestation is to ensure that there is clear accountability and senior management focus on those specific issues where we would like to see change within firms…”

The focus of the regulators when using attestations is on Boards taking corrective action. This is a crucial point because if a regulated entity has been asked to attest to something then it is almost guaranteed that the regulator making the request either knows, or seriously suspects, that something has gone wrong in the area in which the attestations are requested. There are four typical (but not exclusive) scenarios in which attestations are used:
  • Notification: For emerging risks that are unlikely to result in material consumer detriment or negative impact on market integrity, the regulator may ask an appropriate individual at a firm to attest that they will notify the regulator if the risk changes in its nature, magnitude or extent. The responsibility on the person making the attestation is to ensure that the firm appropriately monitors the risk and makes any notifications which the regulator deems appropriate.
  • Undertaking: Where the regulator wants a firm to take specific action within a particular timescale, the risk is one which is unlikely to result in material consumer detriment or negative impact on market integrity, but nonetheless, the regulator requests an attestation undertaking that certain action will be taken.
  • Self-certification: For more significant issues but ones where the regulator is confident that a firm can resolve the issue unilaterally, an attestation that certain risks have been mitigated or resolved will be requested.
  • Verification: In certain cases, the regulator may not only require that certain risks have been mitigated or resolved, but will also request positive verification (e.g. by an internal audit report) that those risks have indeed been resolved.

Throughout the process it is essential to have an open dialogue with the regulators. Authorised Directors, including NEDs are under a regulatory obligation to deal with the PRA and the FCA in an open and cooperative way.

On receipt of an attestation request, communication with the regulator must be undertaken to inform them that the Board is aware of the nature of the attestation; that it will make an appropriate attestation at an appropriate time and that the company intends to deal with the regulator on the matter in question in a transparent and cooperative manner.


Since the early 1990s, a number of reports have been published seeking to codify and comment upon corporate governance and the requirements and behaviour of Boards, including NEDs.

Electronic links to the most relevant codes are included at the end of this section.

The most notable codes were as follows:

Cadbury Report 1992: Entitled Financial Aspects of Corporate Governance, the report was issued by The Committee on the Financial Aspects of Corporate Governance chaired by Adrian Cadbury (former Chairman of Cadbury Schweppes plc and a Director of the Bank of England). It set out recommendations on the arrangement of company Boards and accounting systems to mitigate corporate governance risks and failures. It made a series of strong recommendations about the value, number and roles of NEDs on Boards. The origins of the Combined Code were to be found in the Cadbury Report.

Turnbull Report 1999: The report on corporate internal controls known as the Turnbull Report was drawn up on behalf of the London Stock Exchange for UK listed companies. The committee which wrote the report was chaired by Nigel Turnbull of The Rank Group plc. The report informed Directors of their obligations under the Combined Code with regard to establishing and maintaining effective “internal controls” in their companies through good audit procedures and checks to ensure that the quality of financial reporting was of a high standard and capable of detecting any fraud before it became manifest.

In October 2005, the Financial Reporting Council (FRC) issued an updated version of the guidance entitled Internal Control: Guidance for Directors on the Combined Code. Subsequently, further research with companies, investors and advisers concluded that whilst the original reports were “still broadly fit for purpose, some change was needed to reflect the role of the Board as articulated in the new version of the UK Corporate Governance Code”.

Higgs Report on Non-Executive Directors 2003: In April 2002, Derek Higgs, the then accountant and merchant banker, was appointed by the Secretary of State for Trade and Industry to head the above review. His report, entitled Review of the Role and Effectiveness of Non-Executive Directors, was published in January in the following year. In a series of annexes, Higgs made reference to the role of a NED with particular emphasis on challenge and contribution to the development of the company’s strategy; scrutinising performance of management in meeting agreed goals and monitoring performance; the accuracy and robustness of financial information and financial controls, as well as that of risk management. Higgs argued that NEDs should determine Executive Directors’ remuneration and the report emphasised the fact that a NED’s prime role is in appointing and/or removing senior management. The Higgs Report also detailed a number of personal attributes and behaviours (all of which have been included in this website), before commenting on the need for NEDs meeting annually without their Executive colleagues and the necessity of carrying out due diligence before joining a Board.

Walker Review 2009: The HM Treasury Review of Corporate Governance of the UK Banking Industry, led by Sir David Walker, a former merchant banker, initially examined management practices within UK banks consequent upon the “banking crisis".

Its conclusions concentrated on the effectiveness of risk management at Board level, including the incentives in remuneration policy to manage risk effectively; the balance of skills, experience and independence required on the Boards of UK banking institutions; the effectiveness of Board practices and the performance of Audit, Risk, Remuneration and Nomination committees; the role of institutional shareholders in engaging effectively with companies and monitoring of Boards; and whether the UK approach is consistent with international practice and how national and international best practice can be promulgated.

Its terms of reference were extended so that the review could identify where its recommendations would be applicable to other financial institutions, including those in the insurance sector.

Much of the guidance offered by this Information Bank originates within these reports and codes, and it is not difficult to detect the key influences that have shaped today regulatory framework for Boards of Directors, especially NEDs.


While the foregoing reports and codes are of interest and underpin much of the guidance contained within this website, all Directors, including NEDs, should be familiar with the UK Corporate Governance Code, formerly called the Combined Code.

The UK Corporate Governance Code sets out standards of good practice in relation to Board leadership and effectiveness, remuneration, accountability and relations with shareholder.

The requirements of the UK Corporate Governance Code are of such a seminal nature that they can be said to represent good practice for most financial services firms and are recommended reading for all aspiring or existing NEDs.

In 2015, the FRC confirmed proposals for Boards to include a “viability statement in the strategic report to investors. This statement will provide an improved and broader assessment of long-term solvency and liquidity. It is expected that this statement will look forward significantly longer than 12 months. The Code has also been changed in relation to remuneration. Boards of listed companies will now need to ensure that Executive remuneration is designed to promote the long-term success of the company and demonstrate how this is being achieved more clearly to shareholders. The key changes to the Code include:

Going concern, risk management and internal control

  • Companies should state whether they consider it appropriate to adopt the going concern basis of accounting and identify any material uncertainties to their ability to continue to do so;
  • Companies should robustly assess their principal risks and explain how they are being managed or mitigated;
  • Companies should state whether they believe they will be able to continue in operation and meet their liabilities taking account of their current position and principal risks, and specify the period covered by this statement and why they consider it appropriate. It is expected that the period assessed will be significantly longer than 12 months; and Companies should monitor their risk management and internal control systems and, at least annually, carry out a review of their effectiveness, and report on that review in the Annual Report.

Companies can choose where to put the risk and viability disclosures. If placed in the Strategic Report, Directors will be covered by the safe harbour provisions in the Companies Act 2006.

In Q1 2017, the FRC announced that it will be reviewing the UK Corporate Governance Code. How will the proposed changes affect business?

At the end of August 2017, Theresa May announced plans for corporate governance reform “to enhance the public trust in business by making the UK biggest companies more transparent and accountable. The changes received a mixed response, with many critical that they do not adequately address the issues raised in the initial consultation. The question remains, will the reforms improve transparency and accountability? The FRC Proposed Revisions to the UK Corporate Governance Code were published in December 2017. The period for consultation closed at the end of February 2018.

The attached Briefing Paper from Condie Risk provides a thematic outline of the FRC Proposed Revisions to the UK Corporate Governance Code 2018. The proposed FRC revisions to the UK Corporate Governance Code are likely to become effective on 1 January 2019.


  • Greater emphasis will be placed on ensuring that remuneration policies are designed with the long-term success of the company in mind, and that the lead responsibility for doing so rests with the Remuneration Committee (normally comprising NEDs only); and
  • Companies should put in place arrangements that will enable them to recover or withhold variable pay when appropriate to do so, and should consider appropriate vesting and holding period for deferred remuneration.

Shareholder engagement

  • Companies should explain when publishing General Meeting results how they intend to engage with shareholders when a significant percentage of them have voted against any resolution.

Other issues

  • The FRC has also highlighted the importance of the Board’s role in establishing the “tone from the top” of the company in terms of its culture and values.
  • The Directors should lead by example in order to encourage good behaviours throughout the organisation.
  • In addition, the FRC has emphasised that key to the effective functioning of any Board is a dialogue which is both constructive and challenging.
  • One of the ways in which such debate can be encouraged is through having sufficient diversity on the Board, including gender and race. Nevertheless, diverse Board composition in these respects is not on its own a guarantee. Diversity can be just as much about difference of approach and experience.

A valuable summary of current corporate governance issues is contained within Grant Thornton’s annual 2017 FTSE 350 Corporate Governance Review released in October. This report makes particular reference to the roles of NEDs in FTSE 350 companies in the UK.


Reputation is an increasingly important consideration for NEDs. In 2017, a WCI iNED Forum addressed this topic during a session entitled Rethinking Reputational Risk.

A paper written by the presenter on that occasion, Anthony Fitzsimmons, of Reputability LLP, identifies six key lessons that are fundamental to understanding this risk and which sit at the heart of an appreciation of this topical and increasingly important subject.

Financial Services and Markets Act 2000 (FSMA)

Consultation Paper CP18/15

Approved Persons PRA: Electronic link to BoE / PRA website for Approved Persons

Approved Persons FAQs: Electronic link to BoE / PRA website for Approved Persons FAQs

Approved Persons FCA: Electronic link to FCA website for Approved Persons

The Chartered Insurance Institute (CII) Policy Briefing

CII Policy Briefing EU Referendum Result

Moore Stephens Insurance Update

Principles for Businesses: Electronic link to FSA / PRA & FCA Principles for Businesses

PRA: Strengthening Accountability (issued January 2016)

Grant Thornton: Strengthening Accountability in Insurance

FCA: Culture and Conduct – Extending the accountability regime

FCA report NEDs as whistleblowers champions, PS 15/24, section 1.9

Cadbury Report 1992: Electronic link to the Judge Business School / Cambridge University: Cadbury Report

Turnbull Report 1999: Electronic link to the ICAEW Library & Information Service: Turnbull Report

iNED Sponsors