In the process of implementing the SMCR, Conduct Rule staff may have been overlooked. Your initial focus will have been on your Senior Management Functions (SMFs) and certification functions. But Conduct Rule staff may form the majority of your employee population and many of those will fall within the scope of the regulatory regime for the first time. They may be worried or confused by the impact on how they carry out their jobs, which are now being expected to meet PRA/FCA requirements. Some of the changes that you’ve been making to your policies, processes and contracts are just as relevant for your Conduct Rule staff as they are for SMFs and Certified staff.

Who is defined as “Conduct Rule staff”?

The definition of Conduct Rule staff covers anyone who is not a senior manager or a certified function holder and who does not fall under the FCA’s list of Ancillary Staff. This list includes, for example, receptionists, property facilities management, events management, security, cleaners and catering staff. Perhaps surprisingly, given some well publicised insider dealing cases, the list of Ancillary Staff also includes those working in post, reprographics or the print room. It also includes employees handling archive and record management, personal assistants and secretaries, data processors and human resource administrators or processors, despite the fact such staff will have significant access to commercially sensitive data and about colleagues and customers as well as, in the case of HR, involvement in helping to manage referencing and certification processes.

Some firms are taking an inclusive “we are all in this together” approach to training on the Conduct Rules, training everybody or most staff even if some fall under the list of Ancillary Staff.

What should we do?

1. Put a Conduct Rules training programme in place

Conduct Rules staff must be trained on the Conduct Rules. The purpose of the training is to ensure that staff know what the Conduct Rules are, and that they understand what they mean in practice. Interactive case study- based training works best. It’s advisable for the training to cover the implications for staff personally of a breach of a Conduct Rules.

2. Update Conduct Rule staff employment contracts

In the same way as for Senior Managers and for Certified staff, you should update your employment contracts for all new hires and consider revisions to the employment contracts for all your current Conduct Rules staff. For example, contracts should make clear that:

  • your organisation complies with the FCA’s Code of Conduct
  • there is a contractual obligation for employees to undertake necessary training in relation to FCA requirements
  • there is an obligation for employees to report misconduct or wrongdoing committed by themselves or others,
  • breaches of the Conduct Rules could amount to misconduct or gross misconduct, meaning that an employee would be subject to disciplinary action in the event of a breach.

3. Amend your disciplinary processes to include Conduct Rule breaches

Whenever you are investigating the conduct or performance of any Conduct Rule staff member, you will need to consider whether there has been a breach of a Conduct Rule, alongside deciding whether the employee’s conduct or performance falls short of your employer requirements. This is because you need to report Conduct Rule breaches to the FCA and keep records of the decision-making process and any remedial action which has been taken in respect of such a breach.

Your disciplinary policies must make clear that this regulatory aspect will be covered in any disciplinary or performance management process. The regulatory implications should also be reflected in the formal correspondence with the staff member under investigation, for example, the invitation letter to a disciplinary meeting and the decision letter.

4. Update your Data Retention policy

Whilst Conduct Rule staff don’t require regulatory references, be mindful that some may move to Certified Roles as their career develops. You cannot rule out the possibility that you may be asked for regulatory reference in the future, which means you should be keeping records of Conduct Rule breaches by Conduct Rules staff in the same way as for Certified staff. You may need to look at your data privacy statement or your document retention policy to ensure that this is clear and that day to day practice reflects this.