While a number of measures amplifying senior management responsibility and accountability draw ever closer, the FCA is increasingly turning to senior management attestations as a supervisory tool.
What should you do if faced with a requirement to provide an attestation?
Firms and individuals should consider any attestation requests very carefully. Giving an incorrect or misleading attestation leaves you and the firm open to enforcement action so you should certainly treat a request with care.
- Don't feel under pressure to sign without taking advice (making use of legal privilege where possible).
- Ensure the board and wider senior management are aware of the request.
- Look to engage in dialogue with the regulator about the scope and timing of the attestation.
- Ask the FCA for time to conduct due diligence on the subject of the attestation – and for further time to address any necessary remedial work.
- Firms should think who is placed to give the attestation – should it always be the CEO? The person with the knowledge of the subject of the attestation would be a better choice.
- Keep a record of discussions, due diligence and concerns raised about the attestation or your ability to sign it – particularly if you are not in a controlled function or on the board or if you fill a CF 10, CF 10A, CF 11 or CF 28 position.
- Refusing to sign or looking for too many carve-outs may cause regulators to have suspicions and initiate investigations (with possible enforcement) or a skilled person's review.
Attestations can support regulatory objectives and even pave an easier path to enforcement or skilled persons investigations, but they are not themselves derived from any law or regulation. The UK regulators see them as a simple way of getting firms, and individuals, to deal with high priority areas and to ensure their supervisory approach is focused on the root causes of failings in firms.
Senior management responsibility
The regulators want senior personnel to lead by example and hammer home cultural change. Management (including the board) must think carefully about the reality of the compliance culture and the "tone from the top" at their firm. Responsibility cannot be devolved to more junior staff, control departments should be adequately resourced and performance shortcomings (especially in compliance teams) should be addressed. The FCA clearly believes that their use of attestations helps with their mission to focus attention on and clarify accountability.
If, as a compliance officer, you do not feel that you have adequate resource to support an effective compliance function, you should make a request to the Board. It makes sense to ensure the request sets out your rationale, the request is documented and that you maintain sound records of your requests. This should assist your position if there is a request for an attestation on a compliance-related issue at your firm.
As the regulators continue to attempt to cause a cultural shift towards senior management responsibility for firm failings, lessons can be taken from their mixed success.
- In 2012, the Upper Tribunal decided to overturn the fine of a senior manager for failing to oversee and improve performance in his team.
The Financial Services Authority (FSA) intended to fine Mr Pottage for misconduct when CEO at a leading wealth management business. The FSA contended he failed to ensure the business complied with the relevant requirements and standards of the regulatory system, used flawed oversight and monitoring techniques and was slow to institute improvements.
The Tribunal took the view that the evidence did not support the case of misconduct against Mr Pottage. The business was represented as an interested party, refuting aspects of the allegations, although the Tribunal did not opine on the firm and the adequacy of its systems and controls.
The case highlights the collateral damage that can result from regulatory action. The outcome is somewhat immaterial – the personal implications are clear. But the case also underlines why the firm needs to be interested in an attestation request. The Tribunal decided this case 5 years after the detailed supervision leading to the action. The impact on a firm's brand is secondary to the enormous drain on its resources caused by investigations, skilled persons' reviews and enforcement.
- Asset management firms will recall that the FSA published a Dear CEO letter concerning the management of conflicts of interest in November 2012, following thematic visits at selected firms. The CEOs of target firms were asked to provide a written attestation that their firm’s arrangements were effective and compliant with FSA rules and firms can expect also to see the FCA use attestation letters to address areas requiring remedy following on from Thematic Reviews.
- The trend towards individual accountability is also seen in enforcement decisions (e.g. see the action against Barclays and Plunkett and the discussions on the Principle 2 breaches and attestations in the FCA's Rabobank LIBOR fine).
This approach will be further reinforced by the overhaul of the Approved Persons regime initiated by the Financial Services (Banking Reform) Act 2013, supported by the Banking Standards Council, pioneered by Sir Richard Lambert.
Certainly proceed with caution but don't expect attestations to drop away.