The Financial Conduct Authority (FCA) has published a number of documents which set out new rules concerning the senior managers and certification regime, provide feedback on its implementation so far and propose measures to further strengthen the regime. The proposed rules will reinforce the importance of individual accountability at the most senior levels of organisations.
What is the background to the latest rules, guidance and proposal?
They form part of the ongoing development of the new regulatory framework for financial services contained in the senior managers and certification regime, and the new conduct rules. Since the Parliamentary Commission on Banking Standards there has been a concerted drive to improve the culture of financial services, to avoid future financial scandals and ensure that there is accountability and responsibility for risk management, compliance and wrongdoing from the top down.
How have the regulators dealt with regulatory references in their final rules?
The regulators have now published their final rules on regulatory references. The full reference regime will come into effect on 7 March 2017 (at the same time as the full certification regime and the application of the conduct rules to the bulk of employees in financial services). Firms need to review their reference processes, and ensure that their staff and systems are ready for the implementation date.
Previously the regulators consulted on their proposals to require ‘full-scope regulatory reference firms’ to request, provide and update employment references using a set form containing information on candidates’ conduct, fitness and propriety on recruitment into relevant roles and functions. They then published their initial response to consultation and interim rules in February. Therefore their final rules and guidance contain few surprises, but are plainly significant nonetheless.
Banks and insurers will be required to take reasonable steps to seek references and request prescribed information from any current or previous employers in the past six years (increased from the five year period prescribed in the interim rules). The rule will apply even if such employers are overseas or non-financial services firms. It is up to firms to judge on a case by case basis what ‘reasonable steps’ means in the context of obtaining a reference, but it appears that the regulators recognise that limited information might be forthcoming in the case of overseas employers or those in other sectors. Regulated firms providing references should do so as soon as reasonably practicable and in any event within six weeks.
While the final rules do not require full regulatory references for internal and intra-group hires and promotions, this is subject to the proviso that firms must have adequate systems and procedures to ensure the hiring firm can access the necessary information internally to satisfy its obligations to ensure the individual is fit and proper.
In light of industry feedback following the amendment of the Financial Services and Markets Act 2000, regulatory references must include a factual description of all instances of breaches of applicable conduct rules and standards resulting in disciplinary action (rather than any known or suspected breaches, as originally proposed). In the case of serious matters it will not matter how long ago the misconduct occurred. Banks and insurers will be required to retain records of disciplinary, fitness and propriety findings for six years.
The regulators have chosen to retain the controversial requirement for banks or insurers to update regulatory references if significant information comes to light that would have caused them to draft the reference differently, had they known about it at the time. However, they have made some amendments and clarifications. The final rules only require an update to be provided to the current employer (after due enquiries as to the identity of that employer), while the updating obligation will be limited to any notice period and the six years following termination of employment.
Firms would be well advised to ensure individuals have the right to comment on adverse information contained in updates. In any case, the regulators have indicated that there should always be reasonable grounds to believe the misconduct took place, based on proper investigation. It is apparent that they are concerned about due process and accuracy in relation to disciplinary action and references. Whenever a firm takes disciplinary action it will need to consider if there has been a breach of a conduct requirement as part of the notification process of breaches of the Conduct Rules subject to disciplinary action.
For FCA-only authorised firms, the full regulatory reference regime will not apply. They will, however, remain subject to the requirement to provide a reference on request that includes all relevant information pertaining to the hiring firm’s consideration of whether an individual is fit and proper for their role. Firms must not enter into any agreements with employees that could limit their ability to disclose any relevant information in references (for example, in settlement agreements).
What about the duty of responsibility and reasonable steps?
The regulators have published consultation papers setting out their expectations in relation to the duty of responsibility and what may amount to reasonable steps.
Action can be taken against a senior manager under the duty of responsibility if they are responsible for the management of activities in their firm in relation to which there has been a regulatory contravention, and they did not take such reasonable steps as a person in their position ought reasonably to have done to prevent the contravention occurring or continuing. In determining the extent of a senior manager’s responsibilities, statements of responsibilities and management responsibilities maps will be relevant considerations, but all the circumstances will be considered—it is possible for senior managers to be held responsible for areas lying outside their prescribed responsibilities.
The draft guidance indicates that if a senior manager has not complied with any applicable statutory, common law or other legal obligations (including the conduct rules), then this will be an important consideration for the regulators when assessing whether that individual acted reasonably. There will be no materiality threshold for any enforcement action, but the FCA will look at all the circumstances, including the seriousness of the breach, the relevant individual’s position, responsibilities and seniority, and the need to use enforcement powers effectively and proportionately. When deciding what if any action to take, the regulators will consider what steps ‘a competent senior manager would have taken at the time in that specific individual’s position with that individual’s role and responsibilities in all the circumstances’.
The PRA draft guidance includes the following examples (among others) of reasonable steps which a senior manager ought to take to prevent a contravention from taking place:
- conducting initial reviews of the business or business area on taking up a senior manager function
- implementing, policing and reviewing appropriate policies and procedures
- investigating their area of responsibilities
- structuring day-to-day operations
- critically interrogating and monitoring relevant information
- raising, reviewing, and following up issues with relevant staff
In its draft guidance, the FCA suggests that it would also consider (among other things) whether the senior manager exercised reasonable care when considering information available to them and reached a reasonable conclusion, whether any delegation of his/her responsibilities was reasonable and made to an appropriate person (with the requisite skills, capacity etc), whether reporting lines were clear and operated effectively, and whether or not the senior manager took reasonable steps to implement adequate and appropriate systems and controls.
Has the question of buy-outs now been settled?
Previously the PRA consulted on buy-outs of variable remuneration, seeking views on how to deal with buy-outs by new employers of unvested remuneration awards, which offer a potential loophole to the principles of malus and clawback.
The PRA’s proposed solution was a contract between the new employer and the employee providing for malus and clawback to be applied on the basis of a determination by the old employer. The old employer would need to notify the new employer via a reduction notice of the appropriate amount to be subject to malus or clawback, and the new employer would be required to act on receipt of notification from the old employer.
These proposals have now been translated into final rules which will apply from 1 January 2017. One change is that responsibility will now lie with the employee to obtain a remuneration statement from their old employer, which the employee can then provide to their new employer so it is aware of the necessary details of the unvested remuneration at issue before it agrees to the buy-out. It will then be required to inform the previous employer of the details of the buy-out in a buy-out notice.
The aim is to ensure that the practice of buy-outs does not blunt the beneficial incentive effects of the existing rules on malus and clawback, or allow employees to avoid the proper consequences of their actions. Previous employers will be required to take reasonable decisions on the application of malus and clawback to unvested and bought-out remuneration, including by providing their former employees with the details and reasons, and an opportunity to make representations, prior to determining whether malus or clawback shall apply.
This article was first published on Lexis®PSL Financial Services analysis on 25 October 2016. Click for a free trial of Lexis®PSL. Andreas White was interviewed by Kate Beaumont.