The Financial Services and Markets Act 2000 (FSMA 2000) introduced, for the first time, a statutory regime for the regulation and approval of individuals working for authorised firms and there are now over 165,000 such approved persons. An approved person owes duties to both the Financial Services Authority (FSA) and his employer. As some degree of personal responsibility is involved in virtually every problem, the conduct of the individuals involved is central to:
- the possibility of disciplinary or enforcement proceedings being brought against the firm by the FSA;
- the conduct of any internal disciplinary procedure by the employer against the employee; and
- the possibility of disciplinary proceedings for misconduct being brought against the individual by the FSA.
In addition, the approved person status affects the employer/employee relationship at all points, including recruitment, training, termination and references.
Brief Introduction to Approved Persons
Under FSMA 2000 persons performing certain functions (known as ‘controlled functions’) for regulated firms in relation to their regulated activities are, broadly, required to be approved by the FSA for the performance of the particular function. Applications for a person’s approval must be made by the regulated firm rather than by the person himself when individuals move to new controlled functions within the same firm or move firms (even where they are moving to perform the same controlled function at the new firm).
Controlled functions fall into three broad categories (FSMA 2000, section 59) covering:
- the exercise of a significant influence on the conduct of the firm’s affairs;
- dealing with the firm’s customers; and
- dealing with the property of customers.
The basic criterion for the approval of a particular person to perform a particular controlled function is that the FSA is satisfied he is a fit and proper person to perform the function to which the application relates (FSMA 2000, section 61(1)). If it is not, it will refuse to grant him approval. The obligation to be fit and proper is a continuing one. If the FSA considers that an approved person is not fit and proper, it may withdraw his approval (FSMA 2000, section 63).
As a result of being an approved person, an individual is subject to the FSA’s Statements of Principle and Code of Practice for Approved Persons (FSMA 2000, section 64) and is also amenable to disciplinary proceedings for misconduct (FSMA 2000, section 66).
In addition to the granting and withdrawal of approvals, the FSA has the rather broader power to prohibit any person, whether an approved person or not, from performing particular functions (FSMA 2000, section 56). The basis for imposing a prohibition order is, again, that the person is not fit and proper to perform functions in relation to a regulated activity carried on by an authorised person.
The 'Fit and Proper' test
The three primary considerations to be taken into account in determining whether someone is fit and proper (said to be the most important considerations and presumably, therefore, not the only ones) are:
- honesty, integrity and reputation;
- competence and capability; and
- financial soundness.
In Hoodless and Blackwell v FSA (2003) FSMT 007, the Financial Services and Markets Tribunal (FSMT) held that two tests have to be fulfilled before a person is found to be dishonest. First, there is an objective test: the person’s conduct must be dishonest by the ordinary standards of reasonable and honest people. Second, there is a subjective test: the person must realise that the relevant actions would be dishonest by the aforementioned standards. It is not a defence that the person himself has low standards and does not consider dishonest conduct that would offend others.
‘Integrity’ was defined by the FSMT in Hoodless and Blackwell v FSA (2003) FSMT 007 as ‘moral soundness, rectitude and steady adherence to a moral code’. A person lacks integrity if he is unable to distinguish between what is honest or dishonest by ordinary standards. The FSMT also distinguished conduct that might show a lack of reasonable skill and care and that showed a lack of integrity, accepting that mistakes could be made ‘even by relatively experienced and conscientious people’.
Each consideration is the subject of detailed, but not exhaustive, guidance from the FSA, which will be applied in general terms1. The guidance sets out circumstances that could lead to a person being declared not fit and proper to perform a particular function in a particular firm. A person does not fail to be fit and proper merely because his conduct falls within one or more of the matters listed in the guidance. If a matter comes to the FSA’s attention and suggests that the person might not be fit and proper, the FSA will take into account how relevant and how important that matter is.
Honesty and Integrity- What does the FSA take into account?
Among others, factors considered are:
- criminal offences, particularly for dishonesty, fraud or financial crime (even where the conviction is ‘spent’ under the Rehabilitation of Offenders Act 1974)2;
- adverse findings or settlements in relevant civil proceedings;
- involvement in investigations or disciplinary proceedings by the FSA or other bodies and any suspension, criticism or censure, public or private;
- contraventions of the FSA rules or other applicable regulatory standards or rules;
- justified complaints relating to regulated activities;
- dismissals, including resigning when asked; and
- whether the person has been candid and truthful in his dealings with regulators3, and whether he demonstrates a readiness and willingness to comply with the requirements and standards of the regulatory system and other legal, regulatory and professional requirements and standards.
The breadth of the guidance shows that the FSA is casting its net widely to ensure any issue that could potentially affect an individual’s integrity cannot be hidden from it or be prevented from being taken into account. An example would be settling legal proceedings on a without prejudice basis (correspondence that is without prejudice may not fall within the statutory protection that protects legally privileged material from disclosure) or asking the employee to resign rather than dismissing him.
While there may be good reasons for the FSA to take this approach, the effect of it doing so is far-reaching, risking unfairness and people, in effect, being found guilty unless subsequently proven innocent4. For example, it is excessive to find a lack of fitness and propriety where a person has merely been interviewed in the course of an investigation or has been the subject of a complaint that was never substantiated5. Each of these is included within the guidance. In simple terms, however, any matter that affects the honesty, integrity or reputation of a person is relevant to whether he is fit and proper.
Competence and Capability- What does the FSA take into account?
This involves considering whether the person satisfies the requirements of the FSA’s Training and Competence Sourcebook and whether he has demonstrated by experience and training that he is able, or will be able if approved, to perform the particular controlled function6. The FSA has also used the criterion of competence and capability as an alternative in a case where it was not clear whether or not an individual’s lack of honesty and integrity was deliberate. It stated that even if the individual did not deliberately lack honesty and integrity some competence or capability failings demonstrated such a fundamental lack of due skill, care and diligence that the individual would fail to satisfy the necessary criteria.
In assessing financial soundness, the FSA will consider factors including (but not limited to) whether the person has, in the UK or elsewhere:
- been the subject of a judgment debt or award that remains outstanding or was not satisfied within a reasonable period of time; or
- made an arrangement with creditors, been made bankrupt or had assets sequestered.
The fact that a person is of limited financial means will not, in itself, affect his suitability.
In practice, the following factors have also been taken into account by the FSA when deciding whether a person is fit and proper:
- even where the individual has led an otherwise unblemished career, a single lapse may call fitness and propriety into question, especially where the lapse is continuing7; and
- a possible lack of fitness and propriety has been considered to be ‘particularly serious’ where the individual has had extended experiencein a position.
Recruitment and Form A
The obligations on the regulated employer commence at the time of recruitment because, if the regulated employer wishes to employ an individual to carry out a controlled function, or that individual is a senior manager having significant influence, approved person status must be obtained. The regulated employer cannot permit that individual to carry out any of those controlled functions until they have been approved as fit and proper for that purpose by the FSA.
The application for approved person status is made on Form A, which requires a considerable amount of information. It is the responsibility of the prospective employer to submit the application, and reckless submission of inaccurate or misleading information is a criminal offence (FSMA 2000, section 398) and potentially a breach of Principle 11 of the Principles for Businesses.
Wide-ranging checks are needed pre-employment. These should be explained to the prospective employee and specific written consent should be obtained from him to ensure compliance with the Data Protection Code (DPC) and to allow the employer to undertake various credit checks, court proceedings and criminal checks. The only way an employer can obtain details of all past convictions, including spent convictions, is to require the employee to make a joint request with the employer to the Criminal Records Bureau.
Form A states that the full five-year employment history of the candidate must be provided, with all gaps explained. If the record of employment does not go back five years all periods of education and unemployment must be indicated.
References should also be sought from previous employers and many financial institutions have developed a standard form of questionnaire that usually flows directly from the questions on the Form A application itself.
Part 1 of the DPC deals with recruitment and selection and obliges employers to tailor their investigations into a candidate’s personal data and to be proportionate and necessary. Every search or question must be proportionate and justifiable. Access to sensitive data must be restricted and kept in a secure place. Although the DPC also provides that preemployment vetting should be limited so far as possible. However, in the case of an approved person, the regulatory requirements will override the guidance in the DPC.
Once the employee has been recruited, Part 2 of the DPC comes into play regulating the maintenance of employee records. One aspect of FSMA 2000 that directly contravenes the guidance in the DPC is that the FSA has the right to ask an employer for all spent warnings on an employee’s disciplinary record.
This may cause problems because most company policies provide that disciplinary warnings will be spent or disregarded after a certain period, typically after 12 months, provided the employee has not re-offended. The DPC provides that spent warnings must be destroyed. However, if the employee is an approved person the employer should keep the record of spent warnings on a separate file in case the FSA requests this information. Destroying spent warnings is likely to prejudice the quality of information disclosed to the FSA and could result in an inaccurate disclosure.
Record keeping is very important in the case of approved persons to ensure all checks carried out at the recruitment stage are tracked and verified to avoid any claims that this was not done properly in the first place. The human resources (HR) and compliance departments should also liaise when a reference request is received from a prospective regulated employer.
Contract of employment
The offer of employment and the employment contract itself should state that any statement of misleading or inaccurate information made to the FSA at the time of the application by the employee is grounds for instant dismissal. Any offer of employment must be conditional upon the candidate being deemed fit and proper by the FSA.
The employment contract should:
- incorporate the FSMA 2000 regulatory regime and the terms governing the conduct of approved persons by making it a term of the contract that the employee must comply with regulatory requirements;
- contain an express statement that a breach of FSA rules and/or loss of fitness and propriety can justify summary dismissal;
- contain an express right to suspend the employee should any breach of FSA rules be suspected. This is to ensure that the individual can be removed immediately from carrying out that controlled function or functions while the investigation takes place. The normal disciplinary process of several warning stages and a period for improvement may not be appropriate where the employee is suspected of misconduct in carrying out a controlled function; and
- expressly refer to the fact that the FSA may require information regarding expired disciplinary warnings.
In describing the role and duties of the employee, it will be advisable to have a view as to what senior management responsibilities he may be going to carry out and to amend this description as new responsibilities are taken on.
This ensures that the employee’s obligations under the contract reflect the obligations and duties he is required to carry out, preventing dispute at a later stage.
Various steps can be taken, including the following.
Control of Interview Notes
There should be strict control of the interview notes and recruitment documentation to ensure they comply with the Data Protection Act 1998 (DPA) and evidence by paper trail that the authorised firm has complied with its regulatory obligations in carrying out necessary checks on the candidate.
Obtain necessary Consents
The employer must obtain all the necessary consents to make the wideranging checks that it is obliged to carry out under the FSMA 2000 regime, otherwise it will be in breach of the DPA.
The selection criteria for the candidates should be consistent and applied in accordance with Equal Opportunities Commission guidance to avoid any claims of discrimination.
The offer made to the candidate should be conditional upon approved person status being achieved.
offerComply with the DPA
To comply with the DPA the HR and compliance departments should ensure they have a retention policy setting a time limit for retention of records with a particular view to spent warnings relating to approved persons that may have to be disclosed to the FSA. File storage should also be structured to ensure that if legal advice has been taken on an employee’s recruitment, this is stored separately from the personal data on the HR file. In addition, if personal data is stored in the compliance department, the HR function should be aware of that information and its content. There is always a risk of a firm receiving a subject access request served by a former employee. This can cause problems if documentation control procedures for the storage of information have been lax.
Changing Employee Details Forms: B, C, D and E and References
Form B must be submitted when a firm or applicant wishes to withdraw an application to perform controlled functions under the regime – an application under Form A – before a determination has been made. Under FSMA 2000, section 61(5) the firm may withdraw the application only if it has the consent of the candidate, and the person by whom the candidate is or would have been employed, if this is not the firm making the application.
Form C must be used when an approved person ceases to perform one or more controlled functions. A firm must submit this form no later than seven business days after the controlled person ceases to perform the controlled function. If a firm has reasonable grounds to believe that it will submit a qualified Form C it must notify the FSA of this as soon as is reasonably practicable. The circumstances in which a qualified Form C will be submitted are discussed further below.
A firm must submit Form D to notify the FSA of changes in the personal details of an approved person (not including a change to private address) or changes in the details of an application to perform controlled functions. A firm must keep the FSA informed of any significant circumstances directly affecting an approved person that a reasonable person would consider relevant to the approved person’s position under FSA rules.
A firm must submit Form E to notify the FSA of the internal transfer of an approved person. The form specifically refers to the firm’s obligation to inform the FSA of any matter of which the firm is aware and that in its reasonable opinion is relevant to the approved person ceasing to perform their controlled function. For example, concerns about an individual’s fitness and propriety would be relevant.
The FSA Handbook (SUP 10.13) provides that if firm A is considering appointing a person to perform any customer functions it can request that a reference or certain information be provided by the old employer, firm B. Provided that firm A indicates the purpose of the request, firm B must, as soon as reasonably practicable, give to A all relevant information of which it is aware.
SUP 10.13.12(2) specifies that:
‘When giving the information to A under (1), B must have regard to the purpose of the request and in particular to:
(a) any outstanding liabilities of that person from commission payments;
(b) any relevant outstanding or upheld complaint against that person;
(c) section 5 of Form A which asks questions relevant to fitness and propriety, for example, concerning previous convictions and, in particular, whether or not the individual has ever been investigated for possible conduct of unauthorised regulated activities or investigated for alleged misconduct or malpractice;
(d) FIT 2 (Main assessment criteria for becoming and remaining an approved person); and
(e) if SUP 16.8.1 (Persistency reports from insurers) applies to B, the persistency of any life policies sold by that person.’
SUP 10.13.13 also points out that:
‘… a firm supplying a reference in accordance with SUP 10.13.12 owes a duty to its former employee and the recipient firm to exercise due skill and care in the preparation of the reference. The reference should be accurate and based on documented fact. The firm may give frank and honest views, but only after taking reasonable care both as to factual content, and as to the opinions expressed, and verifying the information upon which they are based.’
Firm B therefore has a duty to provide certain information to firm A.
Obligation to the Employee
The employer owes a number of duties and obligations to the former employee. These include a duty to take reasonable care and skill in preparation of any reference or information about that individual.
Most relevant in these circumstances is the duty owed to the employee to take reasonable skill and care to ensure the accuracy of the facts set out in the reference. The leading case in this area is the 1994 decision by the House of Lords in Spring v Guardian Assurance8. In that case Mr Spring was dismissed from his job with Guardian Assurance and sought new employment with Scottish Amicable. Under the rules of the Life Assurance and Unit Trust Regulatory Organisation (LAUTRO), one of the selfregulating organisations that preceeded the FSA, the employer was required to supply a reference and to make ‘full and frank disclosure of all relevant matters which are believed to be true to the other member’. As a result of the information given, Scottish Amicable refused to take Mr Spring on.
The House of Lords held that in these circumstances, even where under an obligation to comply with regulatory rules, the employer owed the former employee a duty to take reasonable care in its preparation of any reference and would be liable in negligence if it failed to do so and the employee suffered damage. The House of Lords specifically held that the LAUTRO rule did not preclude a duty of care being owed by the employer to the employee.
This case was followed by the Court of Appeal decision in Cox v Sun Alliance Life Ltd9. Lord Justice Rix stated, ‘Above all, if the reference impugns his honesty, he is likely to find his career destroyed. This is particularly so in the financial services industry, in which Mr Cox has spent his life’. He went on to agree with Lord Woolf in Spring v Guardian Assurance that public policy comes down firmly in favour of not depriving an employee of the right to recover damages simply because the employer was complying with a regulatory obligation, and in circumstances where he would otherwise be entitled to damages as a victim of a negligent reference.
Practical guidelines on how to comply with a regulatory obligation to provide information in such circumstances without breaching the duty of care to the employee can be taken from the various cases addressing this point.
- The regulatory obligation to provide information should be construed strictly taking into account the specific matters addressed at SUP 10.13.12(2)(a)–(e).
- Any unfavourable statements must be confined to matters into which a reasonable investigation has been carried out before termination whether by dismissal or resignation.
- Statements must be confined to matters the employer has reasonable grounds to believe are true.
- If an investigation is discontinued after an employee resigns, unfavourable comments must be confined to matters that had been investigated before the resignation.
- Reasonable care must be taken by the employer to be accurate and fair in providing a reference. Even if all the facts are accurate a breach of that duty may occur where the impression given by the juxtaposition of those facts is misleading. Therefore, the employer must look at the overall impression given by the response in deciding if an accurate representation is being made.
- Where the terms of an agreed resignation or of the compromise of an unfair dismissal claim make provision for the supply of a reference, the parties should ensure as far as possible that the exact wording of the reference is fully discussed, clearly agreed and carefully recorded when the settlement agreement is entered into.
- Ensure that oral representations are avoided – the reference should be given in writing.
- Do not include reference to allegations or complaints that were never raised with the employee before dismissal even if the fact that such complaints were raised is true (TSB Bank plc v Harris10).
Obligation to the new employer
There is a strong suggestion in Spring v Guardian Assurance that employers owe a duty to subsequent employers with regard to the content of any reference. In preparing the reference, the current employer will be fully aware that the new employer will be relying upon that reference and as such a duty of care exists to that employer to take reasonable care when compiling it.
Forms C and D
In circumstances where a request is made by the new employer under SUP 10.13.12, it is almost inevitable that one of Forms C or D will have been filed by the former employer with the FSA on the termination of the employment of the approved person.
Both Forms C and D require the former employer to give details to the FSA of any matters relating to fitness and propriety. The guidance to Form D (under SUP 10.13.16) states that, in filling in Form D, the firm’s obligation to notify under SUP 10.13.16 extends to ‘any circumstances that would normally be declared when giving the information required for section 5 of Form A or matters considered in FIT 2’. Thus, where an approved person has done something that affects his fitness and propriety, the former employer should have submitted relevant information to the FSA. If an employer has concerns about an individual’s fitness and propriety on his ceasing to carry out a controlled function, Form C must be submitted within one business day and additional information provided (see ‘Disciplinary process and regulatory investigations’ below).
The new employer must apply for approved person status for the new employee using Form A. If the FSA refuses the application on the basis of information contained in the Form C or D that was submitted by the former employer, the new employee will not be able to carry on the controlled function. The new employer should employ a new employee for an approved person position subject to the condition that he obtains approved person status. It is therefore unlikely that the new employer could claim damages against the employer for breach of duty of care in preparation of the reference, unless the former employer had also misrepresented the conduct of the employee in Form C or D to the FSA.
The bigger risk of any breach of duty claim is therefore from the former employee. A response to any request made under SUP 10.13.12 should therefore be made with reasonable care and attention and applying the guidelines set out above. However, the obligation to ‘have regard to’ SUP 10.12.12(2)(a)–(e) would include making all reasonable enquiries regarding those matters before responding.
Statement of Principle and the Code of Practice For Approved Persons
Pursuant to its powers under FSMA 2000 (FSMA 2000, section 64), the FSA has issued Statements of Principle setting out standards to be expected of approved persons, together with a Code of Practice giving guidance as to whether or not conduct complies with the Statements of Principle.
What are the statements of principle?
The Statements of Principle are the fundamental, high-level principles applicable to approved persons from day to day in the performance of their controlled functions, breach of which can give rise to disciplinary or other enforcement consequences for the individual.
What conduct is subject to the statements of principle?
The Statements of Principle do not apply to the conduct of all employees working for authorised firms: they apply to approved persons and only in relation to the performance of the controlled functions for which they are approved.
Two points should be noted. First, the fact that a person has approval for one function does not mean that all of his responsibilities are controlled functions. To the extent that he performs other functions for the firm, he is not subject to the Statements of Principle. This is subject to the caveat that issues arising in relation to functions may affect whether the person is fit and proper to be performing a controlled function.
Second, the basic premise is that any person who carries out a controlled function needs to be an approved person and is therefore subject to the Statements of Principle. There are complex rules on the territorial scope of the approved persons regime that depend on the nature of the firm concerned and are not within the scope of this chapter.
What is the code of practice for approved persons?
The Code of Practice (Code) sets out the FSA’s guidance as to whether or not conduct complies with the Statements of Principle (FSMA 2000, section 64(2)). Most of the Code describes conduct that should be regarded as noncompliant and the factors to be taken into account in determining whether or not the conduct complies.
The Code is an aid to interpreting the Statements of Principle. It has evidential effect and may be relied upon only so far as it tends to establish whether or not conduct complies with a Statement of Principle (FSMA 2000, section 64(7)). The Code does not determine whether conduct complies with a Statement of Principle but is strong evidence either way. Further, the Code is not exhaustive: conduct must be measured against the Statements themselves, using the Code as an indicator.
Three additional points are relevant in applying the Code. First, where there is a risk that unacceptable practice may become prevalent, the FSA has the power to supplement or amend the Code to clarify conduct it thinks will fall below the expected standards. However, it is the Code in issue at the time when the conduct occurred that is relevant to assessing whether the person complied with the Statement of Principle (FSMA 2000, section 64(7)). Given that the Code is not exhaustive the Statements of Principle could, in exceptional circumstances, be breached, even if the relevant conduct concerned was not expressly prohibited under the Code.
Second, to the extent that the Statements impose particular standards, for example to take reasonable care, it may be necessary to look beyond the Code to understand what the applicable standard of behaviour was and whether the person’s conduct fell below that standard11. In addition, all circumstances are considered when assessing the significance of the conduct specified in the Code in showing compliance or a breach, including:
- the circumstances of the particular case;
- the characteristics of the particular controlled function; and
- the behaviour to be expected in that function.
Third, when considering the consequences of a breach, a breach of a Statement of Principle may lead to disciplinary action, but not every breach will do so; the FSA may take action only where it appears appropriate in all the circumstances to do so. Personal culpability is required.
The statements and code
The Statements of Principle are set out below, together with an outline of the Code applicable to each and some general provisions of the Code applicable to all Statements of Principle. There are seven Statements of Principle. The first four apply to all approved persons and the final three only to those performing a significant influence function12.
Statement of principle 1- intregrity
Approved persons must act with integrity in carrying out controlled functions. Examples of conduct that does not comply include
- deliberately misleading clients, the firm or the FSA;
- deliberately recommending unsuitable investments;
- deliberately failing to correct misunderstandings of the customer, the firm or the FSA;
- deliberately preparing inaccurate or inappropriate records in connection with a controlled function;
- deliberately misusing assets or confidential information belonging to a client or the firm;
- deliberately designing transactions to disguise regulatory breaches; or
- deliberately failing to disclose conflicts of interest.
The use of the word ‘deliberately’ reflects the fact that this Statement of Principle is directed at integrity.
Statement of Principle 2- acting with due skill, care and dilligence
Approved persons must act with due skill, care and diligence in carrying out controlled functions. Some of the examples of non-compliant conduct given are similar to those applicable to Statement of Principle 1, save that in each case, the emphasis is on doing something without reasonable grounds, or failing to do something that ought to have been done. This reflects the difference between lack of integrity (which would seem from the above to involve proof of deliberate misconduct) and a failure to take reasonable care. Additional areas covered include undertaking, recommending or providing advice on transactions without a reasonable understanding of the risk exposure to a customer or the firm, or continuing to undertake a controlled function despite having failed to meet the training and competence standards.
Statement of principle 3- proper standards of market conduct
Approved persons must observe proper standards of market conduct in carrying out controlled functions. A factor to be taken into account is whether the relevant person, or his firm, has complied with the Inter- Professional Code, the Code of Market Conduct or another relevant market code or exchange rule. Compliance with such codes or rules will tend to show compliance with this Statement of Principle. Accordingly, where the FSA brings disciplinary action against an individual for market misconduct, the FSA is also likely to allege a breach of this Statement of Principle. This leaves two questions. First, is this Statement of Principle capable of being breached in a situation where there is no code or set of rules applicable to the particular market? In principle, it is likely that the answer is yes. This is particularly the case given the Statement of Principle’s wide wording.
Second, is the Statement of Principle capable of being breached where the conduct falls within the scope of a market code or rule and does not amount to a breach of that code or rule? The answer is that it cannot be ruled out that a breach of the Statement of Principle would still have been committed, particularly where the reason for the lack of breach is technical or unmeritorious. The Code provides that compliance with applicable market codes or rules will tend to show compliance with the Statement of Principle, but this falls short of providing a safe harbour.
Statement of principle 4- dealings with regulators
Approved persons must deal with the FSA and other regulators in an open and co-operative way and must appropriately disclose any information of which the FSA would reasonably expect notice.
It should be apparent that this Statement of Principle broadly parallels the firm’s obligation under Principle 11 of the Principles for Businesses, taking into account that in many situations the individual’s disclosure obligation should be limited to making the appropriate report internally, rather than reporting direct to the FSA.
Statement of Principles 5-7- for those exercising significant influence functions
The last three Statements of Principle are key in the attainment of the FSA’s objective of holding senior management accountable for general compliance with the key regulatory objectives set by FSMA 2000. The text of the Statements of Principle, and in particular Statement of Principle 5, is closely linked to the requirements imposed on firms by the FSA Handbook to ensure proper apportionment of responsibilities. These require firms not only to assign specific responsibilities to particular individuals but also to assign to a particular person the function of apportioning responsibility. As a result, there should always be an individual in the firm capable of taking responsibility for a particular matter.
Statement of principle 5- organising the business
Approved persons performing significant influence functions must take reasonable steps to ensure that the business areas of the firm for which they are responsible, in their controlled function(s), are organised so that they can be controlled effectively. Conduct indicated as non-compliant includes:
- failing to take reasonable steps to apportion responsibilities for all areas of the business under control;
- failing to take reasonable steps to apportion responsibilities clearly, including implementation of confusing or uncertain reporting lines, authorisation levels or job descriptions; or
- failing to take reasonable steps to ensure that suitable people are responsible for those aspects of the business under control, including failing properly to review staff, giving undue weight to financial performance when considering suitability or allowing managerial vacancies to remain without arranging suitable cover.
The business strategy in the relevant area is also relevant if the strategy is to enter high-risk areas; then the degree of control and strength of monitoring required will be higher.
Statement of principle 6- managing the business
Approved persons performing significant influence functions must exercise due skill, care and diligence in managing the areas of the firm’s business for which they are responsible. Examples are:
- failing to take reasonable steps to inform themselves about the affairs of the business for which they are responsible;
- delegating authority without having reasonable grounds for believing that the other person has the necessary capacity, competence, knowledge, seniority or skill; or
- failing to take reasonable steps appropriately to understand matters that have been delegated and adequately to supervise and monitor the persons delegated to.
Relevant factors to be taken into account include the competence, knowledge, seniority and past performance of the delegate.
Statement of principle 7- complience with regulatory requirements
Approved persons performing significant influence functions must take reasonable steps to ensure that the areas of the firm’s business for which they are responsible comply with the relevant requirements and standards of the regulatory system. Non-compliant conduct includes failure to:
- take reasonable steps to implement adequate and appropriate systems of control;
- take reasonable steps to monitor compliance with relevant requirements and standards;
- obtain information about the reason why actual or suspected significant breaches may have arisen; or
- review and, if appropriate, improve systems following the identification of significant breaches.
Provisions of the code applicable of all statements of principle
The Code contains factors relevant in determining whether or not conduct complies with each of the Statements of Principle and, in addition, some further factors relating solely to Statements of Principle 5-7. The factors to be taken into account in relation to all of the Statements of Principle are whether:
- the person’s conduct relates to activities that are subject to other provisions of the FSA Handbook; and
- his conduct is consistent with the requirements and standards of the regulatory system relevant to his firm.
However, these are only factors to be taken into account. The fact that an individual complied with, or did not breach, the relevant part of the FSA Handbook, or did not cause the firm to breach any of its own obligations, would not preclude a finding that a Statement of Principle had been breached.
The factors to be taken into account in relation to Statements of Principle 5-7, which apply only to those exercising a significant influence function, are:
- whether the person exercised reasonable care when considering the information available to him;
- whether he reached a reasonable conclusion upon which he acted;
- the nature, scale and complexity of the firm’s business;
- the person’s role and responsibility as an approved person performing a significant influence function; and
- the knowledge that he had, or should have had, of regulatory concerns arising in the business under his control.
In addition, when considering whether Principles 5-7 may have been breached, the provisions of the FSA’s rules relating to senior management arrangements, systems and controls need to borne in mind.
Training and Competence
During the contract of employment the employer is obliged to ensure that any person carrying out controlled functions is competent and remains so. Therefore, there is an obligation on the employer regularly to review the competence of approved persons employed by it, assess their training needs and provide any necessary training. If an employer believes that an employee’s competence falls below acceptable levels, it is not permitted to allow that person to continue to engage in any regulated activity. It is essential therefore that the employer does reserve the right to remove that individual immediately from regulated activities if there is a concern about his competence.
The employer also needs to have the power to oblige the individual to engage in and successfully conclude whatever training the employer considers necessary to ensure the relevant standards of competence are met. If there is a requirement to pass certain examinations within a specified time this obligation should be reflected in the employment contract so that if the employee fails to meet those requirements he can be dismissed. Records should be maintained by the employer to ensure it can meet any complaint either from an employee or from the FSA that competence training was inadequate. These records should be held and co-ordinated by the compliance department, but a copy of the training records should ideally be held on the HR file of the individual employee.
It is crucial to be able to spot a situation where an employee is underperforming in carrying out a controlled function. Inclusion of clear obligations on the employee in the employment contract to maintain competence will assist the employer in demonstrating that it has acted reasonably in using performance failure as a ground for suspension and subsequent dismissal.
The employer is obliged to monitor the employee’s competence and maintain that competence throughout his employment. Consequently, managers should be encouraged to conduct candid and realistic performance assessments. Where an assessment calls into question someone’s competence, an employer who fails to take action will lay itself open to criticism from the FSA, particularly if an individual’s incompetence causes a regulatory lapse or loss to a client.
It is also essential to have the power to move an employee away from a regulated duty if there is any concern about his performance. Without that express power the employee may be able to claim there has been a lack of procedural fairness in that he should have received a series of warnings and time to improve.
HR professionals and managers must ensure that appraisals highlighting problems are followed up promptly and well documented. There should also be periodic audits of training records for approved persons to make sure they continue to have the necessary skills.
If a complaint is received either from the FSA or from the employee regarding the adequacy of training, it will be necessary to check the contract of employment, employee handbook, individual’s training record and firm’s training procedures to establish whether or not there has been a breach. Adequacy of training also affects the firm’s position where there is an FSA investigation.
Conduct giving rise to regulatory ordisciplinary action
Types of conduct by individuals that may give rise to regulatory or disciplinary action
There are frequent examples of incidents that constitute both a breach by a firm and misconduct by an individual. Regulatory problems do not arise in a vacuum. If ‘the firm’ has done or omitted to do something, and has so committed a breach, at some level this is almost bound to have been caused by the acts or omissions of particular individuals. Relevant individuals might include not only the particular salesman who missold the investment to a consumer but also the back-office staff who failed to notice the consumer had not returned the relevant form, the internal audit staff who did not pick up the same problem on their periodic review the following week, the training department whose courses had not been sufficient to make the salesman aware of his responsibilities, the line manager who took three months to refer the consumer’s complaint to the relevant department and the compliance officer who investigated the matter and identified only that there had been a problem with the sale of the investment but not with the other matters outlined above and decided that the issue could be resolved without needing to tell the FSA.
Not all of the above individuals will have done something wrong. Some of them may not even be at risk of FSA discipline13. However, the example illustrates the number of people who may, in some way, be culpable.
FSMA 2000 leaves the question of when individuals are to be subjected to enforcement action largely in the hands of the FSA. It is for the FSA to determine its policy on the imposition of penalties against approved persons (FSMA 2000, section 69(1)(a)), in other words, to set out the circumstances in which it will seek to discipline individuals and consider it appropriate to do so (FSMA 2000, section 66(1)(b). Outlined below are the types of acts that could give rise to regulatory and disciplinary action against individuals, both approved persons and others.
Grounds for action
There are four general bases upon which the FSA may take enforcement action against individuals:
- not being a fit and proper person to perform functions in relation to a firm’s regulated activities, which could lead to the FSA not granting approval to the person, withdrawing the person’s approval (FSMA 2000, section 63) or imposing a prohibition order (FSMA 2000, section 56);
- failing to comply with a Statement of Principle giving rise to disciplinary action for misconduct (FSMA 2000, section 66(2)(a)) or to the FSA applying to the court for an injunction or restitution order (FSMA 2000, sections 380 or 382);
- breaching or being so likely to breach a requirement imposed by or under FSMA 2000 as to allow the FSA to apply for an injunction or a restitution order (FSMA 2000, sections 380 or 382); or
- being so knowingly concerned14 in a contravention by an authorised person as to give rise to disciplinary action for misconduct (FSMA 2000, section 66(2)(b)) or as to allow the FSA to apply to the court for an injunction or restitution order (FSMA 2000, sections 380 and 382).
Failure to comply with a statement of principle
A failure by an approved person to comply with a Statement of Principle can, in some circumstances, give rise to disciplinary action for misconduct against the individual and could also lead to an injunction or restitution order being imposed. In addition, it may be relevant in demonstrating that the person is not fit and proper to carry out a controlled function, in which case it could lead to refusal of an application for approval, his approval being withdrawn or a prohibition order being made against him.
What reglatory or disciplinary action will the FSA decide to take?
As the various regulatory and disciplinary powers available against those who work for firms are aimed at addressing different concerns, they are not mutually exclusive and may be used separately or in combination. For example, if an approved person caused the firm to commit a serious regulatory breach and then tried to conceal assets and destroy incriminating evidence, his conduct could potentially give rise to disciplinary action, the withdrawal of his approval, the making of a prohibition order15, a civil injunction and prosecution for criminal offences. The purpose of and basis for the exercise of each power would be different. The various regulatory and disciplinary powers outlined in the next two sections therefore need to be viewed not in isolation but as part of an overall scheme to allow the FSA to take appropriate regulatory and enforcement action regarding the activities of those who work for firms.
Disciplinary process and regulatory investigations
A firm must deal with its regulators in an open and co-operative way and must disclose to the FSA anything relating to the firm of which the FSA would reasonably expect notice (Principle 11 of the Principles for Businesses). Disclosure to the FSA would therefore be an issue to consider where there is a question as to whether:
- the firm has conducted its business with integrity and in compliance with proper standards, including the Conduct of Business Requirements set out in the FSA Handbook;
- the firm has conducted its affairs with the exercise of due skill, care and diligence;
- approved persons within the firm have acted with due skill, care and diligence in performing their ‘controlled functions’ or managing the business for which they are responsible;
- the firm has established and maintained adequate internal supervision and controls; and
- the firm has dealt with its customers appropriately.
Therefore, finding out that an employee has engaged in misconduct in some way in carrying out a controlled function is very likely to fall within one or more of the above categories and the firm may have a duty to disclose such matters to the FSA. It should be noted that a firm must notify the FSA if any of the matters set out in SUP 15.3 arises. In particular, in relation to an individual employee’s conduct, if a significant breach of a rule or Statement of Principle by an approved person has occurred (SUP 15.3.11), or if the employer becomes aware or suspects that an employee has committed fraud or is guilty of serious misconduct concerning his honesty or integrity that is connected with the firm’s regulated activities (SUP 15.3.17), the FSA must be notified if, in either case, the event is significant having regard to the size of any monetary loss, the risk of reputation to the firm or whether the incident reflects weaknesses in the firm’s internal controls.
Suspension of employee(s)
It is likely that, once potential misconduct in an individual’s performance of a controlled function has been discovered, the firm will need to remove the employee from carrying out that controlled function – usually by suspending him or, in less serious cases, by moving him into an unregulated job pending the completion of the investigation.
Notification to the FSA of ceasing to perform a controlled function
If an employee ceases to perform a controlled function or functions, a notification has to be provided to the FSA on Form C. The form has to be submitted to the FSA no later than seven business days after an approved person has ceased to perform a controlled function. However, if the firm has reasonable grounds for believing that it will submit a qualified Form C, it has an obligation to notify the FSA of that fact as soon as practicable, and ideally within one business day of becoming aware of the facts. A Form C will be qualified if:
- the firm submitting Form C reasonably believes that the information contained in it may affect the FSA’s assessment of the approved person’s fitness and propriety;
- the firm dismisses or suspends an approved person from its employment; or
- an approved person resigns while under investigation by the firm, the FSA or any other regulatory body.
The employer is obliged to make full disclosure of a suspected misconduct issue even where the employee has resigned before this has been investigated or fully investigated.
The employer has an obligation to behave in a demonstrably fair manner – this is extremely important both for the employment law claims that might be brought if it does not and because the FSA would wish to see the employer acting in a responsible manner when faced with misconduct that affects the performance of controlled functions. Normally, therefore, it will be appropriate to suspend the employee, but the employee handbook and contract should be checked to see what they say on the matter. Due consideration should also be given to whether the employee ought to be kept on the premises at work and put in an alternative role to maintain his co-operation and access to him during any investigation.
This investigation should be carried out entirely separately from the employment disciplinary process that will have to be followed in due course with the employee and that will be on open record. Often an attempt is made to use lawyers to claim privilege and specific advice should be taken regarding the nature and form of the investigation and any report to the FSA. However, it should be recognised that recent case law has limited the ambit of legal privilege where16 litigation is not contemplated and therefore notes of interviews, even if taken by lawyers, that simply record facts rather than the giving of legal advice, may in fact be disclosable. It may also be difficult to persuade a court that litigation is reasonably contemplated.
The FSA issued guidance in May 2002 that actively encourages and requires authorised institutions to set up whistleblowing procedures. It has also promoted an employee hotline to the FSA.
FSA policy goes on to state that if the FSA discovers evidence that a firm has treated a whistleblower incorrectly, this might call into question the firm’s fitness and propriety, and therefore affect the firm’s regulated status and the status of the approved person working for the firm who has been directly responsible for the treatment of the whistleblower.
So, if the employer has discovered the misconduct by reason of a whistleblower, ideally it must follow a whistleblowing policy that sets up a procedure and mechanisms for the worker to make the disclosure and for the employer to investigate and respond to it. There should be absolute clarity of reporting lines to an independent person enshrined within that policy.
If that employee himself is part of an ongoing investigation, a separate investigation will have to be carried out into the whistleblowing allegation to ensure it is dealt with appropriately before any disciplinary process can commence. An independent person should be appointed to deal with this aspect. Suspension of the individual is an option in the meantime if he is also suspected of misconduct in carrying out a regulatory function.
At the start of the internal investigation it will be necessary to gather and review documents, computers and tapes. Employee monitoring is covered by Part III of the DPC. The DPC recognises that monitoring is important to allow employers to:
- monitor quality and quantity of work;
- carry out health and safety checks; and
- comply with regulatory obligations.
Any monitoring must be lawful and fair and the DPC requires the employer to carry out an impact assessment before retrieving information. In addition, employee monitoring is covered by:
- the Regulation of Investigatory Powers Act 2000 (RIPA), which prohibits interception of a communication without consent;
- the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000, which contains practical exceptions to RIPA; and
- the Human Rights Act 1998, which gives individuals a right to respect for private life.
Essentially, if the employer weighs up the effect monitoring will have on the employee against the benefits it will deliver to the employer, and the employer has a legitimate ground and conducts the monitoring in a proportionate manner, the Code will not prohibit it. When retrieving the documents and/or tapes it will be important to check the employee monitoring policy in place at the firm to ensure the employees were aware that they could be monitored.
Disclosure to the FSA
Under FSMA 2000, section 413 the definition of ‘privilege’ covers communication between a professional legal adviser and his client and any items enclosed with or referred to in those communications, provided they were created in connection with the giving of legal advice or in contemplation of legal proceedings. It is prudent at present to assume that the limitations in relation to privilege being imposed by the courts under the common law may also apply in the context of section 413. Additionally, without prejudice communications are not, according to the legislation, ‘protected items’ and thus there is a risk that they may be disclosable to the FSA.
Documentation created during the investigation should be controlled to ensure that potentially privileged material does not find its way onto the HR file (and then is inadvertently disclosed by reason of a subject access request).
It will normally be necessary to delay dealing with the employment issues until the investigation has been completed and a report finalised for the FSA. The only step that will have been taken in respect of the employees concerned is that they will have been either suspended or moved to a nonregulated function while the investigation is carried out.
Subject access requests are a useful tool for a disgruntled employee and inadvertent filing or reference to individuals by name might open up the employer to having to disclose more material than would otherwise have been necessary.
The labelling and filing of the report to the FSA will be important in protecting it from disclosure to any relevant employee under a subject access request under the DPA. The report should not be included on the HR file and should ideally not be labelled with the individuals’ names or filed by reference to their names.
Termination of Employment
Disciplinary process and terminations
Following the conclusion of a regulatory investigation, it is likely that the individuals concerned will need to be disciplined.
The disciplining of an approved person will be similar to the process applied to any employee. However, it will be essential for the employer to ensure the disciplinary process is handled in a way that is consistent with any report given to the FSA following an investigation. It should also ensure that any disciplinary steps are taken properly in accordance with the firm’s obligations to the FSA. It is important to note that the FSA will be concerned, in assessing the firm’s own conduct, to see what internal disciplinary process the firm has instigated against the individual employee(s) concerned.
Therefore, there should be real interaction between the compliance and HR departments in the drafting of the disciplinary documentation. The letter asking the employee to attend the interview should include a summary or ‘charge sheet’ of the allegations against him. These should obviously be prepared in a way consistent with any report to the FSA that has resulted from the investigation.
On termination of employment a Form C or D must be filled in. It may be that a provisional qualified Form C was supplied to the FSA when the employee was suspended. A completed Form C may be lodged on termination and should be as consistent as possible with that earlier document and with any report to the FSA.
Authorised firm's duties
Senior management must be careful in the way they delegate and manage risk to ensure that all matters relating to employees who are approved persons comply with the principle of openness to the FSA (Principle 11 of the Principles for Businesses). The firm should also make clear to its employees that it will be applying this principle and make clear the nature of its obligation to the FSA.
Settlement and without prejudice discussions
In any settlement discussions and without prejudice communications, it should be remembered that without prejudice communications may not be privileged from disclosure to the FSA. In general, however, if the firm is acting responsibly in settling with the individual the FSA is unlikely to be particularly concerned.
In agreeing compromise agreements for employees it will be important to limit the scope of any agreed references or announcements so that the requirements of the FSA’s Supervision Manual are complied with.
Forthcoming changes to the approved persons regime
The FSA has set out the changes it will make to its rules once the Markets in Financial Instruments Directive (MiFID) takes effect on 1 November 200717. These changes are intended both to simplify the approved persons regime and to implement MiFID.
There will be two merged significant influence functions with effect from 1 November 2007. The functions of finance, risk assessment and internal audit will merge into a single systems and controls function. The designated investment business, other business operations, insurance underwriting, financial resources and settlement significant management functions will merge into a single significant management function. This is not intended to reduce the scope of the significant influence functions and individual job roles will remain. The new merged functions will take effect automatically and the register will be updated; therefore, there will be no need for new applications.
Despite a previous proposal to abolish the customer functions for persons dealing only with non-retail customers, customer functions are to be retained for the time being. However, all customer functions will be merged into a new single generic customer function. This applies to all firms who fall within the approved persons regime, other than mortgage and general insurance firms that do not have customer functions. This will not entail any reduction in the scope of the activities covered but will result in a reduction of the number of forms that firms need to submit per employee. FSA guidance emphasises the responsibility of firms and senior managers to ensure their approved persons provide advice only on the areas and activities in which they are competent. An FSA Policy Statement on this area is expected in February 2007.
Scope of the compliance, risk assessment and internal audit functions
At present, a person who undertakes the compliance oversight, risk assessment or internal audit functions must be a director or a senior manager – that is, a person who reports directly to the board, the chief executive or the head of a significant business unit. That requirement will no longer apply. However, FSA guidance will indicate that these persons must have appropriate seniority and experience.
MiFID imposes various requirements regarding the compliance, risk control and internal audit functions that go beyond those in the current FSA rules, and the FSA is copying these out in the new SYSC. The FSA is also adding these responsibilities to the relevant controlled function.
European economic area (EEA) incoming branches
MiFID provides that matters covered by the EEA business oversight function and the compliance oversight function are the responsibility of the firm’s home state regulator. These functions will therefore not apply in relation to MiFID business, although they will remain applicable to business done in reliance on a non-MiFID passport or under a top-up permission. MiFID also provides that the assessment of an employee’s skills, knowledge and expertise are a matter for the firm’s home state regulator. The FSA will therefore no longer assess these matters for any approved persons, although it will continue to assess their probity and financial soundness. This will mean that the FSA’s assessment will be different depending on whether the relevant person is to carry on MiFID or non-MiFID business. If a person carrying on MiFID business is to begin non-MiFID business, the assessment would need to be extended to cover competence. The FSA is considering how best to do this with minimum bureaucracy.
Appointment and oversight function
The FSA requires firms to allocate responsibility for the internal apportionment of functions and for oversight of the firm’s systems and controls to one or more individual directors or senior managers. Under MiFID, the responsibility for apportionment of functions lies with the firm’s board of directors (or other governing body). The FSA is reviewing its requirements in this area to ensure they reflect MiFID.
Energy market participants and service companies
Persons performing governing functions at firms that are energy market participants, oil market participants or service companies do not at present need to be approved persons to carry out these functions. However, some of these firms will fall within the scope of MiFID, in which case the governing functions will apply to them.