FCA attestations: Five practical tips for firms (and individuals)
13 October 2015
Over the summer we shared the latest figures published by the FCA showing how many attestations have been requested in Q1 2015/16. Although these figures showed a sharp decline in the number of attestations requested by the FCA, this is unlikely to be a sign that the FCA’s appetite for using attestations is waning.
Attestations are closely scrutinised by the FCA and can expose the senior individuals providing them to considerable personal risk. However, this risk can be mitigated provided that the process leading up to an attestation being provided to the FCA is managed carefully. For example, the following five points may help to provide senior individuals who are asked to provide attestations (as well as those assisting them) with some degree of comfort and protection:
#1: The terms of an attestation may not be fixed
We understand that the FCA uses a small number of ‘template’ attestations, upon which the vast majority of their attestations are based. However, sometimes there is leeway for firms to negotiate or clarify with the FCA the precise terms of an attestation. To the extent that such opportunities are available, it is important that firms take them up so as to ensure that both the firm and the individual who will be giving the attestation are in no doubt in terms of precisely what the attestation will cover.
As many readers who have been involved in an attestation process will know, the actual signing of an attestation is the tip of the iceberg. A considerable amount of due diligence should be undertaken prior to a senior individual signing an attestation in order to give that senior individual comfort that the attestation they are signing is accurate. This due diligence should be methodical, planned and thorough. Firms should keep in mind that the process undertaken leading up to the signing of an attestation may one day be scrutinised by the FCA.
#3: Pick the ‘right’ people to undertake this due diligence exercise
It is important to ensure that those who undertake the due diligence referred to at #2 above are the ‘right’ people for the job. For example, they should have sufficient experience and knowledge in relation to the area which is the subject of the attestation.
#4: The person signing the attestation should be involved in the due diligence process
The senior individual concerned will have a vested interest in being involved in the due diligence process leading up to them signing an attestation. For example, the senior individual should be aware of what due diligence has been undertaken and review the results of this exercise. They should also consider verifying and, if necessary, challenging the due diligence that has been undertaken. Taking these steps will help the senior individual prove to the FCA at a later date (if necessary) that they took reasonable steps to ensure that the attestation they signed was accurate.
#5: Ensure an audit trail is maintained
It is important that the process leading up to an attestation being signed is documented in case a firm or a senior individual is later required by the FCA to explain or prove what was done. The significance of maintaining robust audit trails relating to attestations is only going to get more important once the new Senior Managers Regime comes into force from March 2016. This is because Senior Managers who are subject to the Presumption of Responsibility may be called upon to proactively evidence to the FCA that they have discharged their regulatory responsibilities in the event that a breach occurs within their area(s) of responsibility.