UK senior managers and certification regime: food for thought for in-house lawyers
23 March 2016
The new Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) senior managers and certification regime (the new regime) came into force on 7 March 2016. Following the implementation of the new regime, in-house lawyers at financial institutions will face a range of risks and challenges and will need to be prepared for how to manage them in practice.
The conduct rules
In-house lawyers will be in a unique position with regards to the new conduct rules which form the cornerstone of the new regime (the conduct rules) (see below “New FCA and PRA conduct rules”). In-house lawyers themselves will be subject to the conduct rules from either 7 March 2016 or 2017. However, they will also be responsible for applying the conduct rules to colleagues, especially in the context of litigation, internal investigations or employment matters.
The FCA and PRA expect firms to ensure that their employees understand how the conduct rules apply to them and their specific roles and responsibilities. As a result, in-house lawyers will need to understand how the conduct rules will apply to them; for example, they must conduct litigation, investigation and employment matters with due skill, care and diligence (conduct rule 2), and, to the extent that litigation, an investigation or a complaint involves their firms’ customers, they must pay due regard to the interests of those customers and treat them fairly (conduct rule 4).
Potential privilege issues
In-house lawyers who find their actions being scrutinised by the FCA or the PRA may encounter difficulties. Most, if not all, of their work is likely to be privileged and that privilege will belong to their employer, not to them. As a result, unless their employer is willing to waive privilege over relevant evidence, it may be difficult for in-house lawyers to defend themselves in the course of FCA and PRA investigations.
Privilege is also a topic that is likely to feature prominently in the FCA’s forthcoming consultation as to whether general counsel and heads of legal need to be senior managers. For example, the FCA has acknowledged concerns that senior manager conduct rule 4 on disclosure of information could be interpreted as requiring general counsel and heads of legal to disclose privileged information.
Applying the conduct rules to others
Consistency will be key when a firm applies the conduct rules to employees’ conduct. In-house lawyers, together with HR and compliance will play an important role in ensuring this consistency. There are three areas to focus on to ensure consistency:
Documents: In-house lawyers will want to ensure that their firm has:
− Appropriate and easy-to-follow guidelines that set out objective standards for employees to meet.
− A stringent HR framework that requires HR to confirm that the conduct rules have been considered.
− Adequately documented any decision.
Training: The individuals monitoring the consistency of treatment, who are likely to be in-house lawyers, together with personnel from HR and compliance, should be provided with bespoke training to ensure that the guidelines (and objective standards) are understood and can be applied. In addition to set training, the in-house legal team will play an important role in ensuring that information is kept up-to-date, for example, by notifying the appropriate personnel at the firm of any new data, such as new guidance from the regulators.
Oversight: In-house lawyers will need to consider how consistency will be monitored. Establishing an oversight committee is an obvious tool for this purpose.
A key point for in-house lawyers will be the increasing link up between the firm’s HR processes (for example, the disciplinary, grievance, performance improvement and whistleblowing processes) and the identification of potential regulatory breaches of the new rules. A framework will need to be created to ensure that the firm applies its mind to potential breaches.
Assessing fitness and propriety
The FCA and the PRA have made no significant changes to their definition of “fitness and propriety”. The three core elements remain:
− honesty and integrity;
− competence and capability; and
− financial soundness.
However, the vague concept of personal characteristics has also been added to the regulators’ criteria.
This new factor, along with the fact that firms will be responsible for assessing the fitness and propriety of their senior managers and certified persons (SMCPs), has led to many firms taking a more holistic view of what constitutes fitness and propriety. For example, firms may need to consider issues that would not historically have attracted the regulators’ interest:
Bullying and harassment: While it may be appropriate for a manager to be firm with giving directions, if the manager creates an intimidating environment, where nobody can speak up, this could become a personal characteristic that affects the manager’s fitness and propriety.
Illness: Physical and mental illnesses, depending on circumstance and severity, could affect a manager’s fitness and propriety. It goes without saying that these matters would need to be treated sensitively.
Fitness and propriety in investigations
If an employee is involved in an internal investigation, firms may not be comfortable with certifying that employee as fit and proper and allowing him to continue in his certified role. It may not always be possible to suspend an employee in this situation, or to move him to a new, temporary role. As a result, firms may wish to prioritise reaching a conclusion, even an interim one, in relation to certified persons, so that a decision as to their fitness and propriety may be taken. It will be important that in-house employment, legal and HR are involved, and, in light of the effect that this decision would have on an employee’s career, employment litigation and the employee’s rights should be factored into any decision.
In the event that a certified person is suspected or found to have engaged in misconduct, it is likely that the regulators will ask questions about why that individual was certified as fit and proper. In that situation, it will be important that a firm can provide evidence that a thorough and robust certification process was followed.
In January 2016, the FCA and the PRA announced that they had postponed their proposals for new and more detailed regulatory references. The regulators will revisit these proposals over summer 2016, but in the meantime, firms will be expected to request regulatory references using the regulators’ existing rules, which simply require an individual’s former employer to disclose all relevant information. In most instances, firms provide brief, factual references in response to requests of this kind.
From 7 March 2016, firms must satisfy themselves that their SMCPs remain fit and proper. The lack of enhanced regulatory references may make recruitment for firms more challenging, as firms may be able to obtain significantly less information about new employees, who, in the case of certified persons, will not be subject to regulatory approval. In the meantime, firms may wish to obtain self-attestations from their SMCPs as to the matters that would otherwise have been included in a new regulatory reference.
Whistleblowing is currently a hot topic for regulators. In 2014/15, the FCA received 1,340 whistleblowing disclosures. These disclosures covered a range of sectors and issues, including concerns about individuals’ fitness and propriety. Some 24% of these whistleblowing disclosures contributed to enforcement activity, consumer protection or were otherwise of significant value to the FCA.
As part of the new regime, the regulators are introducing new wide-ranging requirements relating to whistleblowing. It is important to note that, at present, these new requirements only apply to UK entities, although they represent best practice for branches. Broadly, the new requirements include:
Whistleblowers’ champion: While the new rules on whistleblowing come into effect on 7 September 2016, firms must have a whistleblowers’ champion in place by 7 March 2016. This individual should be a non-executive director senior manager and he will need to report to the board on whistleblowing statistics on, at least, an annual basis.
Definition of a reportable concern: Employees currently have protection under the Public Interest Disclosure Act 1998 (PIDA), which is mirrored in most firms’ current whistleblowing policies. The current legislation only relates to specific disclosures, such as a legal obligation not being met, and requires any disclosure to be in the public interest. The new requirements widen reportable concerns to include:
− regulatory breaches;
− breaches of the firm’s policies and procedures; and
− harm to the firm’s reputation or financial wellbeing.
In addition, the new guidelines provide that the firm’s handbook, or similar written material, should make whistleblowers aware that they are legally entitled to approach regulators directly if they choose to do so, whether or not they have first raised the concern internally. Employees will not be automatically protected under the Employment Rights Act 1996 for disclosures of wider reportable concerns which fall outside of PIDA.
The regulators are, therefore, seeking to create an environment where employees speak up more freely and firms will want to ensure that this environment is created. This is reinforced by senior manager conduct rule 4 which provides a specific duty of informing the regulator of anything of which they would reasonably expect notice.
For firms to adapt to these new requirements, policies including the grievance and whistleblowing policies will need to be updated and they may also want to provide training to their employees and contractors on the updated policies. This should include educating them on the regulators’ roles as a conduit for disclosures. In addition, where evidence is found of a whistleblower being treated detrimentally, firms should immediately raise questions about the fitness and propriety of the persons who are treating the whistleblower thus.
From 7 March 2016, there will be a shake-up in terms of the procedure that firms will be required to use to notify breaches of the new rules:
Senior managers and PRA-certified persons: Firms will need to complete a new, more detailed form (“form C” for senior managers, “form L” for PRA-certified persons). These forms will require firms to set out precisely which conduct rules a senior manager or PRA-certified person has breached, the basis for this conclusion, and the details of any disciplinary sanctions applied.
FCA-certified persons and others subject to the new rules: Firms will need to submit an annual return (new “form H”) listing details of each employee who has been found to have breached the conduct rules in the past 12 months, the basis for those conclusions, and the details of any disciplinary sanctions applied.
In addition to considering the specific notifications listed above, if an employee is found to have breached the conduct rules, firms will need to consider whether they are under a separate obligation to notify the FCA or the PRA or both of this under their respective self-disclosure and notification rule.
Many firms are engaged in stress testing exercises, designed to test their controls relating to the new regime in the event that some of the risks and challenges crystallise in practice. This sort of exercise may help to prepare firms and their in-house lawyers for how they will interact with the new regime in practice. We are also expecting some further guidance and publications from the FCA and the PRA in due course (see “Next steps” below).
New FCA and PRA conduct rules
Conduct rule 1: You must act with integrity.
Conduct rule 2: You must act with due skill, care and diligence.
Conduct rule 3: You must be open and co-operative with the Financial Conduct Authority (FCA), the
Prudential Regulation Authority and other regulators.
Conduct rule 4: You must pay due regard to the interests of customers and treat them fairly (FCA only).
Conduct rule 5: You must observe proper standards of market conduct (FCA only).
All employees of in-scope firms, except those performing ancillary functions, must comply with these rules. Four additional conduct rules will apply to senior managers only.
General counsel and heads of legal: The FCA is due to launch a further consultation over the next couple of months as to whether these individuals need to be senior managers.
Regulatory references: The FCA and the Prudential Regulation Authority are due to revisit their proposals for new regulatory references over the summer of 2016.
Other firms: The Treasury has stated that financial institutions that are not yet subject to the senior managers and certification regime (namely, asset managers, hedge funds and broker-dealers) will be subject to the senior managers and certification regime no sooner than 2018.
This article first appeared on Practical Law and is published with the permission of the publishers.
For information and commentary on the latest trends, risks and developments in financial services investigations, please see Allen & Overy’s Investigations Insight Blog.1