Earlier this year, the UK’s Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) released the Senior Manager and Certification Regime, which seeks to increase individual accountability at regulated institutions for potential misconduct across a wider span of job functions. It has three primary requirements which are:
- Requiring pre-approval of individuals filling certain “Senior Management Functions” and “Certified Persons”;
- Requiring that firms have procedures in place to ensure these individuals’ “fitness and propriety”; and
- Requiring that these individuals follow a new set of Conduct Rules which the FCA and PRA created.
That’s the easy part. What many organizations dread is the next step: as of March 7, 2017, the rules will be substantially widened so that the third rule will apply to all employees (except for ancillary staff like catering, security, etc.). Firms will be required to report suspected or actual breaches to the FCA. This means that firms must notify all employees of the new conduct rules, train them on how the rules apply to them, and finally, track investigations of breaches so they can be reported to the FCA – all within the coming year.
With that in mind, we’ve put a short checklist together to help prepare for the 2017 date. Remember, these rules are already in effect for Senior Managers and Certified Persons – the requirement now is to scale to virtually your entire organization to meet these new rules by March 2017.
- Review your employees’ job titles and assignments for your workforce both within the UK and outside of its borders. Ensure you understand which of these functions are subject to the new Conduct Rules. Remember that organizations headquartered outside of the UK may also have affected employees. The FCA has a great graphic on which employees may be subject to new rules here.
- Know what the Conduct Rules are. There are two tiers of Conduct Rules – one tier for all employees and another for Senior Managers only. Law firm Norton Rose Fulbright goes into the details of the new regulation on its site, but at a high level, the new conduct rules that affect all employees are:
- You must act with Integrity.
- You must act with due skill, care and diligence.
- You must be open and cooperative with the FCA, the PRA and other Regulators.
- You must pay due regard to the interests of customers and treat them fairly.
- You must observe proper standards of market conduct.
- Determine what the Conduct Rules mean to the employees which are affected by them. This likely means collaboration between Human Resources, Legal, and Compliance teams to create internal policies and trainings to teach employees how the rules apply to them and assist them in understanding how to remain compliant.
- Determine how to distribute materials relating to the Conduct Rules and capture attestations from employees. This likely means investing in technology to disseminate the new rules, policies, and trainings to affected employees, and then capture their attestations. Remember, anything you use must be fully auditable in order to demonstrate compliance to the FCA. (NICE Actimize has a solution that can help with this).
- Create a team that will help enforce rules and investigate breaches. Law firm Allen Overy recommends creating a specific compliance unit that will investigate breaches and report them to the FCA as required. This group must be empowered to look across the enterprise for compliance gaps and address them as needed.
- Ensure the team charged with enforcement and investigations has the proper tools at their disposal to be effective. There must be a centralized and unified view of all breaches, and the compliance team must be able to easily report on suspected or actual breaches to the FCA, as per the new regulation.
Completing these steps is easier said than done – but that doesn’t mean you can cut any corners. The new Senior Manager and Certification Regime is widely considered to be a key factor in increasing individual accountability, and you can bet that the FCA will strictly enforce it. The value of technology here cannot be underestimated – the FCA puts a “statutory duty of responsibility” on Senior Managers in enforcing this rule. This means that in the event of a compliance breach, the FCA will seek to prove that an individual had not taken steps to ensure compliance.
Having the right technology in place – with full audit trails – will help mitigate the risks associated with this new, and will go further to ensure your team has a proactive approach to compliance risk and potential rule-breaking activities.