FCA investigations on the rise- what are the implications?
The Financial Conduct Authority (FCA) is undertaking more investigations under the Senior Managers & Certification Regime, says Professor Suzanne Rab, a barrister at Serle Court Chambers.
The Financial Conduct Authority (FCA) is undertaking more investigations under the Senior Managers & Certification Regime, says Professor Suzanne Rab, a barrister at Serle Court Chambers.
Recent data derived from the Financial Conduct Authority (FCA) shows that it is investigating 58 directors as of December 2018. This represents more than double the 24 identifiable targets in 2016 when the new Senior Managers & Certification Regime (SM&CR) came into force.
The SM&CR aims to enhance accountability and culture within financial services firms against a background of governance concerns ranging from the mis-selling of payment protection insurance to rate rigging. The FCA is extending the SM&CR to solo-regulated firms from 9 December 2019 with the aim of strengthening market integrity. This broadens the net of individual exposure and heightens the continued corporate exposure for regulatory failings.
Holding individuals accountable has always been a priority for the FCA, even before the SM&CR. However, to date the FCA’s record in terms of the number of enforcement investigations it has started in relation to individuals has been relatively modest. An FCA response to a request under the Freedom of information Act 2000 (FOI5805) indicates that as at June 2018 the FCA had five open enforcement investigations into Senior Managers and ten open investigations into Certified Persons.
The recent data collected by external law firm RPC indicates a ramping up of enforcement action. This suggests that claims of a paradigm shift towards greater accountability are real and must be managed across the organisation.
The SM&CR comprises two complementary frameworks for employees of financial services firms. First, the Senior Managers Regime covers the most senior personnel (Senior Managers) who perform key roles (Senior Management Functions). These people will need to be approved by the FCA before they start their roles and they will need to have a statement of responsibilities that explains their duties.
Second, the Certification Regime applies to employees who are not senior managers but who can have a significant impact on the firm or its customers (Certified Persons). These people do not need to be approved by the FCA but firms will need to confirm or ‘certify’ that these persons are fit and proper to perform their roles at least once a year.
The impact of the SM&CR will differ depending on the type of firm: Core (where baseline requirements will apply); Enhanced (additional requirements for the largest and most complex firms); and Limited Scope (firms that currently are subject to limited application of the Approved Persons Regime).
There are two sets of Conduct Rules. The first is a general set of rules that applies to most employees (First Tier). The second set applies only to Senior Managers (Second Tier).
The SMC&R puts personal accountability on senior directors/managers in respect of their negligence or lack of diligence in managing controls, compliance, risk and conduct. These individuals risk sanctions or personal fines, which cannot be reimbursed by their organisations.
The way in which the SM&CR has been implemented by firms could also engage other of the regulators’ broader rulebook requirements. For example, FCA Principle 3 and PRA Fundamental Principle 6 both require a firm to organise and control its affairs responsibly and effectively.
Effective compliance requires coordination between compliance, HR and senior management. These people will need to work together to identify, assess and map responsibilities in a manner that properly reflects how the business operates and the risks it faces. A gap assessment can be a useful first step in identifying what remediation work needs to be done. The following are among the key steps that should be considered and regularly reviewed:
The SM&CR is symptomatic of a global trend towards greater personal accountability of senior executives in financial services firms. Similar regulation is developing in Hong Kong, Japan, Singapore and Spain, among others. The Australian Banking Executive Accountability Regulation (BEAR) is modelled on the SM&CR. Multinational financial services firms can derive synergies and efficiencies through an integrated compliance effort and there is much inspiration on which to draw for others.
The FCA’s Policy Statement PS18/14 summarises the feedback that the FCA received to its consultation on extending SM&CR and includes the FCA’s response. This emphasises that individual and corporate accountability is here and it is not going to go away. While this may seem daunting for solo-regulated firms, the FCA’s SM&CR guide contains a useful ‘SM&CR readiness checklist’ to help a firm move forward.
The regulation goes beyond an HR function, emails and procedures documents and is not a box-ticking exercise. It is a governance framework which requires all financial services firms to accept that personal accountability should be embedded in the culture of compliance from the top down and bottom up.