In October 2015 the FCA and PRA issued a joint consultation paper (FCA CP 15/31 or PRA CP 36/15) on regulatory references for the banking and insurance sectors, taking into account the recommendations of the Fair and Effective Markets Review (FEMR). The new rules are aimed at minimising risk to the financial sector caused by individuals with poor conduct records moving from firm to firm. It forms part of a wider package of reforms aimed at improving accountability in banks, building societies, credit firms and PRA investment firms (Relevant Authorised Persons (RAPs)) and insurers, and ensures that firms rather than the regulators will act as gatekeepers. Given the importance of ensuring that senior employees are fit and proper under the new senior managers and certification regimes (SMR and CR) regulatory references will become a key tool in showing that proper checks have been carried out.
The FEMR stated that firms should provide to new employers as complete a picture of an individual’s conduct record as possible. Senior managers (SMs) will need to have in place policies, procedures and practices which deliver clear and accurate references.
Meanwhile, it is vital that firms should not lose sight of other employment considerations impacting on the retention of information and supplying a reference. This area is likely to develop into a minefield as senior managers seek to comply with the new rules whilst avoiding the legal risks inherent in providing a reference.
Consultation ends on 7 December 2015 and the new rules come into force on 7 March 2016. The FCA has stated that final rules will be published in a Policy Statement in early 2016, ahead of the accountability regime.
Who will be affected?
- Senior management functions under the SMR
- Significant harm functions under the CR
- NED roles in credit unions
- Notified NED roles within a RAP
- PRA senior insurance management functions under the Senior Insurance Mangers Regime
- FCA insurance controlled functions
- Key function holders and notified NED roles within an insurer/ Solvency II firm
- APER statements of Principle and Code of Practice
- Applies to approved persons
- Duty to provide relevant information to ‘fit and proper’ assessment of candidate for controlled function
- Reference must be clear, accurate and fair
Position as at March 2016 for RAPs and insurers
- Existing position remains, plus:
- References to be obtained before approval or certification
- RAPs/ insurers must take reasonable steps to collect regulatory references for regulated roles for the past six years
- Breaches of Conduct rules, breaches under APER and details of disciplinary action to be included
- References must be updated where matters arise later that would affect any reference given in the last six years (references given before 7 March 2016 excepted)
All authorised firms:
- Must not enter into any agreement that limits their ability to disclose relevant information (e.g. settlement agreement)
- Must enhance systems and controls requirements relating to the retention of records and procedures for requesting/ providing regulatory references
What should go in a reference under the new rules?
Regulatory references should focus on regulatory matters only, such as fitness and propriety or confirmed misconduct. Any investigative procedures should be completed before employees depart. Disclosure should be made in a standard form (a template is provided). As a minimum, a regulatory reference must include:
- Details of any certification function or controlled function or of any notified NED, credit union NED or KFH role held, summarising the role and its responsibilities
- Details of any other roles performed while an employee of the firm, or any firms in the same group, in the last six years
- Details where a regulated firm has concluded at any point in the last six years that the candidate was in reach of COCON or APER, or breaches of a PRA Conduct rule or a Conduct standard and the background facts
- Details where the firm has concluded that at any point in the last six years that the candidate was not fit and proper to perform a function and the background facts
- Details of any disciplinary action as a result of the two points above
Settlement agreements commonly include an agreed reference. The scope for doing so will now be reduced for all authorised firms under the new rules since a firm must not limit its ability to disclose relevant information. Any agreed reference that is not compliant will be trumped by the new rules.
Duties under Common Law
Under common law, there is no duty to request or provide a reference. If one is provided it must be true, accurate and fair and not give a misleading impression. If a firm goes beyond what it should put in a reference or gives inaccurate or misleading information, there are potential areas of tortious liability:
- Breach of statutory duty: s. 138D Financial Services and Markets Act
- Negligent misstatement
- Malicious falsehood
The scope for claims is likely to increase given that firms will have to decide for themselves what is ‘fit and proper’. Employees who face not working again in the same industry will be more willing to bring claims. They will be less likely to be able to mitigate their loss and so claims are likely to be significant.
- References must not discriminate on any protected ground
- References must not be tainted by the fact that the employee has previously complained about or brought a claim based on alleged discrimination
Data protection Issues
- Firms should retain records of ex-employees’ conduct and fit and proper information for six years following termination or resignation.
- Firms must establish and maintain adequate policies and procedures to comply with regulatory requirements.
- The Information Commissioner’s Office (ICO) makes clear that retention periods should be based on business need and should take into account any professional guidelines.
- Information on employees should be retained for as long as is necessary to provide a reference compliant with the new rules whilst ensuring that the information retained is processed and kept securely in accordance with DPA requirements.
- Firms should be careful when supplying information that may qualify as ‘sensitive personal data’
Issues for Employers
- Record keeping will become key for employers. Employers will need to balance data protection and confidentiality issues against retaining adequate information on relevant employees and ex-employees for a period going back six years.
- Updating employee information may be difficult for ex-employers who may not have had an opportunity to investigate fully any concerns before an employee left employment. One response to the consultation suggested that information from an ex-employer is neither helpful or useful but that where it is provided, only matters resulting in disciplinary sanctions should be disclosed.
- The proposals for updating references have been contentious. As drafted, respondents have commented that they will be administratively burdensome and may lead to litigation from employees who have not had a chance to respond.
- Employees may be more ready to resort to legal proceedings in relation to a regulatory reference to clear their name. References should avoid subjectivity and be capable of objective verification.
- Concern has been expressed about the viability of implementing the new system by 7 March 2016.
- Timing could be an issue for hiring firms since a response for a regulatory reference must be given as soon as reasonably practicable. Respondents to the consultation have asked for clarity on this.
- What should a hiring firm do with information provided by a past employer which it is not able to investigate itself? This could prove problematic.
- Suspension is included by the regulators as a disciplinary action yet the Acas Code on Disciplinary and Grievance Procedures that employers should make clear that suspension is not a disciplinary sanction.
What should we be doing now?
- Consider whether a person is ‘fit and proper’ early in the disciplinary process. This raises questions of when to involve a SM in the disciplinary process and how that overlaps with the hearing manager.
- Review disciplinary procedures.
- Enhance systems and control requirements relating to the retention of records: make sure that retention policies are proportionate.
- Be ready to demonstrate to the regulators how you meet these standards. Put in place policies, procedures and practices which deliver clear and accurate references.
- Check existing policies and procedures to ensure they are compliant.
- Make sure that staff understand that references should not be provided on ‘agreed’ terms.
- Ensure that SMs are fully familiar with the terms of the prescribed template and their duties under the new rules and at common law.