D&I disclosures: what D&I information will the UK regulators expect financial services firms to disclose?

Requirement to report D&I data

The Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) want firms to collect and report data across a range of D&I metrics in order to increase transparency and scrutiny of firms’ D&I performance. 

The proposals, if implemented, will require in-scope firms to disclose annually the percentages of employees that are representative of different demographic characteristics, as well as diversity targets and various inclusion metrics (including, for example, whether employees feel safe to speak up if they observe inappropriate behaviour or misconduct and whether they feel their contributions are valued and meaningfully considered). 

In-scope firms will also need to report this data (on a numbers basis) to the regulators. 

How the data will be used

In addition to requiring firms to make certain data publicly available, the FCA would like to make some of the data reported to it available, on an aggregated basis, to allow firms and their stakeholders to scrutinise firm progress and compare against industry benchmarks.  It is not clear, at this stage, whether this data will be publicly available or whether it might only be provided to, for example, reporting firms. 

In keeping with its aspiration to be a data-led regulator, the FCA also plans to integrate reported data into the framework it uses to understand firms’ culture.  This will inform supervisory scrutiny of firms, including when and how the FCA considers it necessary to exercise its early intervention powers.

Who must report

These proposals would apply to all large firms:

• all CRR and Solvency II firms, including third country branches, that have 251 or more employees in the UK; and
• all FSMA firms with Part 4A permission with 251 or more employees (excluding Limited Scope SMCR firms).

Mandatory disclosures

Firms will be required to disclose data in respect of the following demographic characteristics (each of which, with the exception of “long-term health conditions”, is also a protected characteristic under the Equality Act 2010):

1. Sex or gender
2. Ethnicity
3. Age
4. Disability or long-term health condition(s)
5. Religion
6. Sexual orientation 

Firms will also be required to disclose data in respect of their D&I targets, and inclusion metrics .

Voluntary disclosures

In addition to the above mandatory categories of data, firms are encouraged to disclose against the following voluntary demographic characteristics:

1. Gender identity
2. Socio-economic background
3. Parental responsibilities (i.e. having a child or children under 18)
4. Carer responsibilities (relating to a health condition or old age)

Breakdown by population

Firms would be required to make different levels of disclosure depending on the protected characteristics being disclosed. 

For sex or gender, ethnicity, D&I targets and inclusion metrics, firms would be expected to make disclosures covering three separate populations: (i) board; (ii) senior leadership; and (iii) employees.

For the remaining demographic characteristics (including age, disability, religion, sexual orientation, and the voluntary demographic characteristics), firms can limit their disclosures to two categories: (i) board and senior leadership; and (ii) employees. This distinction is to limit the risk of individuals being identifiable. If a firm is concerned that publishing any data might lead to the disclosure of information about an individual, they can combine further, and could even just disclose for ‘all employees’ in one group, if necessary.

Timing

The regulators recognise that firms may need time to collect and report the relevant data so the timeline for reporting D&I data is more generous than the timing proposed for some of the other proposals in the consultations. The first annual reporting window will open after the final rules are published, during which firms will need to report on a ‘comply or explain’ basis.  All subsequent reports will need to accurately report against all of the mandatory categories. 

Challenges for firms

Although improving D&I has been a focus for the regulators for while, these proposals are new and – if implemented – are likely to pose a number of challenges for in-scope firms.

• Enhancing existing data collection: current processes for collecting and aggregating data may not provide firms with the clarity or information they need in order to make the required disclosures. Where a firm only has limited demographic data in respect of its workforce, it will need to take steps to improve the quality of the data it holds. Firms may need to proactively build trust with employees to encourage higher rates of data disclosure against the full range of characteristics.
• Special category data: some of the categories of data that firms would be required to disclose constitute special category data under data protection laws. Firms will need to take particular care to ensure that the collection and processing of such data is lawful and will need to consider whether updates are required to data protection policies and privacy statements. We consider this in more detail later in this series of blog posts.
• Counter-productive impact: With firms having their diversity statistics put under a microscope, there is a risk that firms will seek to hire generally, or promote to the Board or senior leadership positions, individuals because they possess certain characteristics in order to bolster their disclosure figures and to progress towards any targets they have set. Firms must be careful not to promote or hire individuals because they have a certain characteristic, as this could constitute unlawful positive discrimination, potentially leading to legal claims, reputational damage, and increased regulatory scrutiny. 

The consultation suggests that most firms are supportive of initiatives seeking to improve transparency around diversity and inclusion within financial services. However, for many firms, the proposed disclosure obligations would extend far beyond the data they currently disclose, or, in some cases, even collect. Given the breadth of the disclosures and current regulatory focus on accurate and timely reporting, firms would be wise to review their data collection and aggregation procedures prior to this deadline to allow time to making adjustments or enhancements.