Attestations are part of the FCA supervisory toolkit used to ensure accountability from senior management in all regulated firms. They are a means by which the FCA can gain personal commitment from an approved person that specific action has been taken or will be taken, often without requiring ongoing regulatory involvement. We have seen attestations commonly used in conjunction with other FCA supervisory powers, such as following the conclusion of a Skilled Person Review under Section 166 Financial Services and Markets Act 2000.
The most appropriate person (or persons) to make an attestation will very much depend on the situation of the firm, the objectives of the attestation and the particular factual circumstances surrounding the FCA’s request, but we would generally expect most attestations that undertake to take future actions to be made by the most senior individual(s) in the firm who has/have both the necessary authority and responsibility to initiate the changes required. However, we have seen these being directed towards compliance officers for whom it may not be appropriate to take on the personal liability attestations bring without at least the CEO or a Board member attesting alongside them.
The FCA’s stance on enforcement action more generally is clear; it intends to pursue more cases against individuals and hold members of senior management accountable for their actions. There are echoes here of sentiment surrounding the forthcoming introduction of the Senior Managers Regime and Senior Insurance Managers Regime, and extension of the Senior Managers and Certification Regime across the regulated financial services sector.
Ultimately those providing an attestation, and also potentially the firm itself, remain exposed to the full suite of enforcement measures open to the FCA to take for regulatory breaches (this may include, for example, public censure, financial penalties or suspension/withdrawal of permissions).
The FCA has publically stated that attestations should be clear and realistic: i.e. specific, achievable and have realistic (but demanding) timelines. Depending on the circumstances, it may also be necessary to engage in constructive dialogue and negotiation with the FCA on the proposed terms of the attestation. The scope, content and timing of the proposed attestation should be given careful consideration, alongside the objectives the FCA is thereby attempting to achieve. Independent legal advice can help individuals to evaluate and consider the potential consequences and personal risks, and to help them (and the firm) to put together a tailored strategy in order to mitigate these.
There are several key issues for firms and individuals to consider if, after having made an attestation, it turns out to have been untrue or any of its terms not complied with (on which we would urge specialist legal advice is sought).
- Enforcement action against the individual under the terms of the attestation given.
- Potential obligations to notify the regulator that the attestation is/may be false, misleading, inaccurate etc .
- Enforcement action against firms/individuals for underlying regulatory breaches.