The Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) have made it clear that they want to drive greater diversity and inclusion (D&I) and higher standards of personal integrity in the financial services industry. The regulators are currently consulting on new rules and guidance that aim to enhance D&I within regulated firms and toughen up Conduct Rules and fitness and propriety in the area of non-financial misconduct. The industry needs to consider these proposals carefully. Below we summarise the proposals and set out some top tips for firms who want to get out ahead of the proposals. If you would like our detailed Client Guide on steps for implementation and feedback to the FCA, you can register to express your interest in receiving a copy using the form at the bottom of this article.
The FCA and PRA have been clear that research shows diversity in organisations helps to reduce groupthink, supports healthy work cultures, improves the understanding of and provision for diverse consumer needs and unlocks talent. They believe better diversity and inclusive cultures can improve outcomes for markets and consumers, and this will in turn support the competitiveness of the UK’s financial services sector.
Is that ambition served by their new Consultation Paper (CP) that sets rules on D&I reporting, governance and management responsibility and broadens the concept of fitness and propriety to private life?
Here's a snapshot of the proposals and five practical steps for implementing them:
Overview of the FCA’s Proposals
Please click here if you are viewing the image on a smaller device.
Diversity and inclusion proposals
D&I strategy and targets
- Firms are expected to develop a D&I strategy covering their values, goals and plans and put in place ways of measuring progress. Firms will need to assess the risks of any obstacles in meeting those objectives and goals, and how these risks could be mitigated and managed.
- Firms will be expected to set appropriate D&I targets and keep them under review and demonstrate how they are addressing underrepresentation of demographic characteristics within the firm.
Risk and governance
- The FCA is proposing introducing new guidance for firms to incorporate D&I into the firm's governance and recognise a lack of D&I as a non-financial risk.
- Although the CP is not prescribing how firms should consider these risks, it mentions internal audit and risk functions will play an important role in managing the risks.
The responsibilities of senior management
- The FCA is proposing firms' boards would be held responsible for the implementation, maintenance, and oversight of the D&I strategy. The FCA has decided not to amend its rules and guidance to require an individual within each firm to be assigned SMF responsibility for D&I but this is optional for firms.
- The FCA has also clarified that senior managers will be accountable for progress within their areas of responsibility. The FCA proposes amending COCON to add guidance on this as follows:
"A firm may allocate responsibility for diversity and inclusion and fair treatment of its staff to a particular senior manager or central function. If it does, any other manager still has responsibility for developing and embedding healthy cultures in their areas of responsibility, albeit under the direction or supervision of the centralised function or the senior manager."
- The PRA is proposing to embed D&I into board succession planning on the expectation that responsibility for D&I is allocated to the relevant Senior Management Functions (SMFs), with this being reflected in their Statements of Responsibilities and expanded prescribed responsibilities so that measures for accountability are put in place. The PRA CP make clear that SMFs would not be held to account for a failure to meet diversity targets, but rather, proposes expectations on how SMFs should understand the targets and be able to discuss reasons why they are not being met.
Data reporting and disclosure
- Firms will be required to collect demographic and inclusion data from staff and report that to the regulators on an annual basis.
- They will also need to report detailed information on the D&I targets that they have set and their progress against these targets. This data must be retained and disclosed in their annual reports and accounts.
- Firms need to make sure such disclosures do not breach any applicable data protection laws.
- To reduce regulatory burden on smaller firms, the D&I proposals will only apply to FSMA Part 4A firms (i.e. those with a regulated activities permission) with 251 or more employees (other than limited-scope SM&CR firms irrespective of their size). The requirement for a D&I strategy will also apply to dual-regulated firms subject to the UK Capital Requirements Regulation and UK Solvency II firms (including third country branches in the UK), regardless of their size.
- Firms seeking to determine if they would fall within the scope of these proposals will need to consider carefully the draft rules on how to calculate this threshold and what type of 'employee' will apply to this calculation.
- The proposals do not apply to non-CRR, non-directive and non-Part 4A firms.
Changes to the meaning of integrity
Different meaning of integrity in the Conduct Rules and the fit and proper test
The FCA has introduced a key distinction between its interpretation of Conduct Rule 1 "honesty and integrity" (which applies to all Conduct Rules staff, Certified Persons and Senior Managers) and the first limb of the fit and proper test for Certified Persons and Senior Managers which is also "honesty and integrity".
- For Conduct Rules staff, their private life will not be relevant to their integrity. Treatment of colleagues, however, is expressly added to the COCON guidance as relevant to their integrity.
- For Certified Persons and Senior Managers, firms will now need to consider both treatment of colleagues and matters relating to their private life as potentially breaching the integrity limb of the fit and proper test.
The integrity test – treatment of colleagues
- Behaviour which violates a fellow member of the workforce's dignity or creates an intimidating, hostile, degrading or humiliating environment, is offensive, intimidating or violent, is unreasonable or oppressive and humiliates, degrades or injures a person, will be in breach of the integrity test in both the Conduct Rules and the fitness and propriety definitions of integrity.
- This behaviour will breach the integrity test unless the individual did not intend to have a negative impact and thought there was a good and proper reason for the conduct (except in cases of bullying, sexual harassment and violence which cannot be justified on this basis).
- Where a person is asked to resign as a result of involvement in discriminatory practices, firms will also need to give thought to whether their conduct amounts to a lack of fitness and propriety.
The integrity test – private life
- The definition of integrity in the fit and proper test will include matters wholly within an individual's private life which are "disgraceful" or "morally reprehensible" or otherwise serious whether or not resulting in a criminal conviction.
- The proposed guidance says it would also include, for example, misconduct at home against a family member while working from home, misconduct commuting to work against a member of the public and misconduct against a colleague at a social event organised in their own time.
- Misconduct is not defined. This guidance is likely to present firms with some challenging calibrations both as to what to ask staff about in annual self-reporting and in determining breaches. The Upper Tribunal has made clear that regulators must balance the integrity test with the right to private life under Article 8 of the ECHR.
Key assessment triggers
Please click here if you are viewing this image on a smaller device.
Five practical tips to get ahead of the changes
Many firms will be looking to start implementing changes and develop processes now in readiness for the rules anticipated next year. Here are some practical suggestions:
- 1) For firms with no formal D&I strategy in place, bringing one in is a good place to start. For those with an existing strategy and annual report, start looking at how to update and amend these in line with the CP core expectations.
- 2) Review existing or develop new policies and procedures and embed them into the organisation to demonstrate you are progressing a D&I strategy. Factor in training and communication plans.
- 3) Start to assess what systems and controls are in place for the collection of data and begin collating data on current diversity to help meet future data reporting requirements. Check any collection or reporting of diversity data complies with data protection legislation.
- 4) Revisit internal and external communication processes and assess whether management information processes (through which the board can receive updates) are adequate or would need to be changed.
- 5) For the amendments to integrity, review and update staff onboarding processes, annual self-appraisal as part of the fit and proper assessment, Conduct Rules and fitness and propriety breach framework, staff training, regulatory reference procedures and regulator reporting.