The FSA’s relentless drive to impose personal responsibility on senior management took another significant step recently when the person with “responsibility for the compliance oversight function of the UCIS activities” in their firm had to complete (and submit to the FSA’s UCIS review team) an ‘information request template’ confirming the adequacy of their firm’s policies and procedures to ensure compliance with its regulatory obligations.
In a ‘Dear Compliance Officer’ letter issued to over 250 providers and intermediaries in June, the FSA boasted its record on UCIS enforcement notices which, since 2010, include 20 Final Notices and four Decision Notices. Given that most relate to systemic misunderstandings of the UCIS promotion rules, any senior manager asked now to attest to their firm’s compliance with the UCIS regime may be understandably nervous.
As noted here previously, the FSA’s recent Enforcement Conference (entitled “Credible Deterrence: Here to Stay”) confirmed the FSA remains (and the FCA will remain) committed to the pursuit of the ‘making it personal’ agenda. The effective creation of a ‘CF UCIS’ function – to add to the various others recently created and those still to come – is part of a deliberate strategy to hold individual senior managers to account.
Inevitably, compliance officers are likely to have been asked to step forward and sign the UCIS return but (particularly those relatively new to the post) are likely to be uneasy about taking personal responsibility for confirming previous compliance. This may be the awkward position the FSA is trying to create (although the historical questions do only relate to any review the firm itself has already done rather than whether or not the firm has always been compliant).
As for the question of current compliance, the compliance officer must either risk their own position by confirming in the information request template form that they are “satisfied that [their] firm has adequate policies and procedures sufficient to ensure compliance” or they must report their concerns to the FSA now. Or, in the words of the invitation in the FSA’s template, “disclose any additional information in relation to UCIS risks at your firm”.
Against the backdrop of its warning to the industry sent out by the Final Notice against Towry (for too readily responding to a Dear CEO Letter to confirm its compliance with CASS), the FSA is learning how to ensnare many in a net designed to catch only the odd one.