Fit and Proper: Greater Accountability for Financial Services in the U.K.
Guest Blogger Virginie O’Shea is a research director with Aite Group, heading up the Institutional Securities & Investments practice and covering data management, collateral management, legal entity onboarding, and post-trade technology. She brings to the firm more than 13 years of experience in tracking financial technology developments in the capital markets sector, with a particular focus on regulatory developments and standards.
The U.K.’s Financial Conduct Authority’s Senior Manager and Certification Regime’s most onerous phase is due to come into force for the banking community in March 2017 and it extends the requirements to register and certify individuals beyond senior managers to all employees. The regime seeks to address the accountability of senior managers and individuals employed within financial institutions operating in the United Kingdom. It currently applies to U.K.-based banks, building societies, credit unions, large investment banks under the purview of the Prudential Regulation Authority, branches of foreign banks operating in the U.K. and those dealing with U.K-based clients, but is also to be extended to apply to all U.K.-based investment firms and asset managers dealing with U.K clients by 2018.
Where Are We Now?
The first phase came into force on 7 March 2016 and aims at ensuring senior managers have a statutory duty of responsibility to take reasonable steps to prevent regulatory breaches in their area of responsibility. Firms were also required to identify individuals engaged in certain functions that should be certified; March 2017 will see the mandatory implementation of the certification regime for these individuals. High level conduct rules for staff will be introduced in September 2016.
Those in scope for certification comprise:
- Material risk takers (these individuals can be based outside of the U.K. if they deal with U.K. accounts and work for U.K. firms)
- Individuals dealing with client money and assets
- Individuals engaged in benchmark submission and administration
- Those considered to be engaged in significant management
- Those in customer-facing roles with a required qualification
- Proprietary traders
- Line managers of certified individuals
- Client-dealing function (with respect to wholesale activities)
- Algorithmic traders
The conduct rules have much broader scope and apply to all individuals except ancillary staff. These five rules must be communicated to staff and this education process must be audited:
- You must act with integrity
- You must act with due skill, care and diligence
- You must be open and cooperative with the FCA, the PRA and other regulators.
- You must pay due regard to the interests of customers and treat them fairly.
- You must observe proper standards of market conduct.
The Practicalities of Implementation
Under the incoming certification regime, banks, building societies, and investment firms will be required to regularly submit robust documentation to the FCA, including an audit trail of the checks that have been completed. To this end, any individual who fits into the prescribed functions must be certified as “fit and proper”, both on their recruitment and annually thereafter, though some firms may opt to allow these individuals to self-certify. Legal, compliance, and HR teams must cooperate to ensure that any individual subject to conduct rules is aware of the rules, trained on what they mean to them, and, of course, complies. The regime therefore encompasses the introduction of governance rules, staffing, policy, and process changes, and data gathering aspects for reporting.
In line with the FCA’s focus on encouraging whistleblowing, firms under the remit of the conduct rules must report any suspected breaches, thoroughly investigate these breaches (which necessitates an audit trail of these activities), and report the outcome to the regulator.
Employee onboarding processes must be duly altered to incorporate the new checks to prove candidate suitability, certification processes, and training to establish key roles and responsibilities at the outset. Hiring managers must ensure that candidates understand why they are being screened, the processes involved, and documentation required, including specific data for appropriateness assessment. Annual employee screening or, at the very least, annual employee self-certification must be conducted for firms to remain in compliance with the rules.
As well as the practical challenge of implementing new processes and gathering and reporting new data sets to the FCA, firms will also be tasked with fostering a cultural change around adoption of high level conduct rules. Internal auditing and enforcement to address employee noncompliance will be an integral part of the new regime and will likely require the establishment of a dedicated team and implementation of technology to track all of these new data points.
Though the burden of proof is on the regulator, the FCA has stressed that it is keen to see “genuine accountability” rather than a box ticking approach on the part of the firms in scope; hence noncompliance is likely to be aggressively pursued. As well as incurring financial penalties and bans for individuals, firms will face punitive measures and reputational damage for infractions.