Earlier this year, the FCA and PRA published new rules regarding regulatory references. Banks, insurers, building societies, credit unions and PRA-designated investment firms (“firms”) are now required to take “reasonable steps” to obtain “appropriate references” for candidates subject to the Senior Managers and Certification Regimes, and their insurance equivalents.

The purpose of these rules is to guard against employees with poor conduct records moving freely from one regulated firm to another…so-called “rolling bad apples”.

However, their application is proving somewhat problematic.

The new rules appear reasonably clear at first blush. Where a firm has been asked to provide a regulatory reference, it must give all information concerning the individual to whom the reference relates for the six year period preceding the request, which it reasonably believes is relevant to the assessment of that individual’s fit and proper status. A firm must also provide details of matters including any disciplinary action, breach of the FCA’s conduct rules or facts which led the firm to conclude the individual was not fit and proper.

But what information a firm actually has to disclose in satisfaction of these obligations, and how much detail needs to be given, is difficult to pin down in practice.

Disclosing "alleged misconduct" in regulatory references

Let’s take an example: a firm has been asked to provide a regulatory reference in relation to a former employee who, when they worked at the firm, was accused of misconduct and was the subject of an investigation. Before the firm concluded its investigation into the individual’s alleged misconduct, they resigned.

Whether or not information about the investigation ought to be included in a reference is unclear - the FCA guidance is confusing.

It suggests that firms are not obliged to provide this level of detail, and doing so may actually cast aspersions as to the individual’s guilt (by implying “that there is cause for concern about the ex-employee” when “the firm may not have established that the ex-employee was actually responsible for [any] misconduct”).

However, it also notes that firms may nevertheless wish to disclose this information in a reference, and are required to provide “as complete a picture as possible of an employee’s conduct record”.

Firms will therefore need to exercise their discretion on a case by case basis. The real dilemma will be: how best to balance the general duty which they owe to a prospective employer to write a reference which is accurate and, taken as a whole, not misleading, against the risk of the reference causing damage to the employee, against the obligations that they owe to the FCA and the PRA to adhere to the new regulatory references rules…which are internally inconsistent.

Arguably, the fact that there were concerns about the individual’s conduct, such that an investigation was instigated, could be relevant to the assessment of that individual’s status as a fit and proper person. This will be especially so if the alleged misconduct concerned a possible breach of the conduct rules.

In such cases, firms may prefer to disclose, rather than run the risk of being accused at a later date of having failed to provide potentially relevant information in breach of the new regulatory requirements.

Striking the balance

Criticism from the FCA and/or PRA for failing to comply with the new rules is likely to be of greater concern to firms than criticism from a disgruntled ex-employee who has received a less than helpful reference.

However, firms would be wise to weigh up their competing duties carefully. A negative reference can end an individual’s career. Career loss claims are very costly for employers, so firms should exercise caution.

Preparing references will be tough, considering that they need to:

  • be fair and accurate;
  • contain all relevant information;
  • not be misleading;
  • be supported by documented fact;
  • provide a complete picture of the individual’s conduct record; and
  • balance the competing interests of the ex-employee, prospective employer, former employer and regulators properly.

The FCA has suggested that the fairness of any such reference will depend, in part, upon whether the individual in question has been given an opportunity to respond to the information contained within it, either during their employment (e.g. as part of any disciplinary process) or after their departure.

Firms therefore need to think about what processes they should have in place to enable former employees to respond to any matters to which the firm proposes to refer in their reference.

Reference obligations beyond recruitment

Also, these issues are not just limited to recruitment. The FCA and PRA rules require employers to update references where information comes to light which would have affected their original drafting. In such cases, firms should be contacting the individuals in question to seek their comments.

In addition, the certification of individuals under the Senior Managers and Certification Regimes is an annual process. Assessing a person’s fit and proper status is therefore an ongoing task.

The new rules also state that a firm must not enter into any arrangement or agreement with a person which limits its ability to disclose relevant information about that person in a reference. If a firm is asked to provide a reference, what has otherwise been agreed with a former employee under cover of a settlement agreement, for example, may be of (comparatively) little importance.

Firms should consider reserving their rights to amend or update any references which they are required to give in accordance with their regulatory obligations as new information comes to light, to mitigate the risks of an individual issuing proceedings for breach of contract.

In reality, firms which are asked to provide a regulatory reference may find themselves erring on the side of caution, providing more information than they are strictly required to under the new rules in a bid to contextualise any issues properly.

However, if they do so, firms need to be careful. This is a complex area of law. If firms underestimate the difficulty of drafting regulatory references, or do not manage the risks adequately, they could find themselves defending claims for negligent misstatement, defamation (albeit, any reference would be subject to qualified privilege), breach of trust and confidence, and/or breach of the duty to exercise reasonable care and skill…and dealing with any regulatory fallout and reputational damage caused as a result.