Getting to grips with the changes that have been brought in as a result of the Senior Managers and Certification Regime (SMCR) for all FCA regulated businesses is not easy.
In a series of six podcasts, we've brought together our employment and financial regulation experts to simplify this area and explain clearly what those working within legal, risk, compliance, HR and operations need to think about at each stage of the employment cycle when it comes to complying with the SMCR.
In this second episode, we shine a light on the issues that can arise during the employment relationship:
Ian Mason: Hello everyone. I'm Ian Mason, I'm a partner at Gowling WLG and I head up the UK Financial Services Regulatory team and this is the second in a series of six podcasts that we are bringing to you in which members from our Employment and Financial Services Regulation teams will be discussing the issues that arise from an SMCR perspective at each stage in the employment cycle.
Our first podcast focussed on recruitment and today we are moving on from recruitment to the next stage, looking at issues that might arise during the employment life cycle in the context of SMCR. To discuss this I'm joined by Simon Stephen, a legal director in the Employment, Labour and Equalities team and my colleague Sushil Kuner, a principal associate in our Financial Services Regulation team.
Welcome to the podcast both of you and to our listeners.
Let's start off this morning with the conduct rules. Now, the new conduct rules will apply to nearly all employees in the financial services sector, including Non-Executive Directors. Simon, can you start us off by summarising what those conduct rules will require of employees, in broad brush terms?
Simon Stephen: Yes, thank you Ian. I don't want to start the podcast by being alarmist but it's important for the context that investigating firms and individuals for misconduct, and that's financial or otherwise, is very high on the regulator's agenda. For example, in 2019 the total amount of fines issued to firms and individuals was around £400 million so it just shows how important it is to take these rules and these changes seriously.
But before I do answer your question as well, on face value the conduct rules themselves seem pretty much common sense and what you'd expect in a professional firm, and it's worth remembering that overall the SMCR and the conduct rules are all designed to be part of a cultural shift and the spirit of the rules is almost as important as the actual wording of the rules themselves. And I should also add that when looking at conduct and breaches of these rules the FCA has made it absolutely crystal clear that it is not just financial or market misconduct that they will clamp down on. Non-financial misconduct and non-financial risk are incredibly high on the agenda. This means that sexual harassment, bullying, discrimination, these kinds of maybe traditionally HR issues, can also amount to a breach of the conduct rules.
So to finally answer your question Ian, broadly these rules are a set of enforceable rules that set out basic standards of good personal conduct, against which the regulator can hold individuals and the firm to account. They can be found in the FCA's Handbook and they are split into two tiers - there are those that apply to all employees, which we call "conduct staff", and that's all employees save for what are termed "ancillary staff", in effect your cleaners, security guards, receptionists, caterers, and then there are the rules that apply to Senior Managers only. So for all employees, save for the ancillary staff, who are conduct staff, the obligations are to act with integrity, to act with due care, skill and diligence, to be open and cooperative with the regulator, to pay due regard to the interests of customers and to treat them fairly and of course to observe the proper standards of market conduct. So as I said, nothing particularly surprising in there, these are kind of good base standards of professional conduct in financial services.
For Senior Managers, in addition to those rules Senior Managers themselves must ensure that they personally take reasonable steps to ensure that the business for which they are responsible, for which their responsibilities cover, complies with the relevant requirements and standards of the regulatory system and, really importantly, is controlled effectively, they have that responsibility there. As part of this they must take reasonable steps to ensure that when they delegate their responsibilities it is to an appropriate person and they also maintain appropriate oversight that those delegated responsibilities are being discharged effectively. So even if you pass some of your tasks onto someone else you are still effectively responsible for how that happens. They also have a duty to disclose appropriately any information which the FCA or the PRA would reasonably expect notice of. This requirement also applies to Non-Executive Directors who may not hold senior management functions, but it's a really important one to remember, it's something that the regulator would reasonably expect notice of. So you almost have to put yourself in the regulator's shoes and think what I would want to know if I were them, which is, as you can imagine, a pretty wide area.
Ian: Thanks for that Simon. So, what's the employer's role in making sure that their employees who are subject to the conduct rules do comply, particularly given the sizeable fines involved?
Simon: Yeah so, as with all of these things, it isn't just a paper exercise. Conduct rules should be built into the company's ethics, communications, any kind of cultural values etc. and embedded into the overall way of doing business and interacting with each other. So you have the usual examples of posters, town halls and tone from the top all playing a part, as of course does disciplinary action where appropriate. But there is of course now an obligation on employers to train staff on the conduct rules and this should be fed into the training programmes which employees should go through when they join, so the induction process. It should be very clear from the outset what the expectations are, and of course existing employees who are subject to the conduct rules should already have been trained on these by now, but that training must be regularly maintained throughout the lifecycle of the employment and throughout the years really.
Senior Managers should receive more tailored and comprehensive training on the rules, not least because of their actual responsibilities as Senior Managers but because responsibility for training employees is included in the prescribed responsibilities under the regime, which means the Senior Manager is designated as accountable for ensuring that training is carried out effectively. Of course in normal times we would say that the best way to do the training is face to face because you get much better interaction, but of course for many financial service employees, given the global nature, given the nature of the work, that wouldn't be possible anyway, but particularly given the current pandemic, it is going to be pretty difficult. So these can be run online, but it's really important to make sure that when you're doing things like this you have methods of making sure that people are engaging, so having things like quizzes, tests at the end, having their pass rates etc. and also making sure that you're keeping records of who has attended training and when. Now that's important to demonstrate they have done it, but also important to remind yourself when that person will need training reminders, so you kind of build into all that process.
Ian: So training is going to be key here and I would have thought this is also important in terms of helping the firm to assess the fitness and propriety of its certified staff and Senior Managers. Sushil, perhaps you'd like to comment on this?
Sushil Kuner: Sure, so under the SMCR, firms are required to make sure that anyone performing a Senior Manager function or a certified function is fit and proper for their role. The requirement also applies to Non-Executive Directors who are not Senior Managers, unless they are NEDs of limited scope firms. Now once in role, firms must assess both Senior Managers and certified functions on an ongoing basis, and at least once a year.
So what do you need to assess when considering fitness and propriety? Well the SMCR extended the application of the fit and proper guidance in the FCA's FIT manual to cover Certification Staff, as well as Senior Managers and non-approved NEDs. FIT sets out detailed guidance about the types of things firms should consider as part of assessing a firm's fitness and propriety, including the individual's honesty, integrity and reputation. In determining this, firms should have regard to a wide range of factors, including whether the person has been convicted of a criminal offence; whether the person has been the subject of any adverse finding or settlement in civil proceedings, and particularly when that is in connection with financial business or fraud; also whether the person has been the subject of, or interviewed in the course of, any existing or previous investigations or disciplinary proceedings by regulators or professional or governmental bodies; whether the person has contravened any requirements and standards of the regulatory system; and whether the person has been the subject of any justified complaint relating to regulated activities.
However, it's important to note that firms should consider the circumstances where they are relevant to the requirements and standards of the regulatory system. So, for example, a criminal conviction for being drunk and disorderly once or for driving offences may not mean that an individual is not fit and proper to carry out their role. A conviction for burglary or fraud though, will likely call into question a person's integrity for a role in financial services. Therefore judgment calls will need to be made.
Firms should also consider the individual's competence and capability, including whether the person satisfies any relevant FCA training and competence requirements. Notably, when it comes to assessing competence and capability, firms should consider the nature, scale and complexity of its business, the nature and range of financial services and activities undertaken in the course of that business and whether the person in question has the knowledge, skills and experience to perform the specific role that he or she is intended to perform. They should also consider whether the person has adequate time to perform the role and meet the responsibilities associated with that function. Increasingly the FCA is concerned about individuals being too thinly stretched to properly oversee the areas that they are responsible for.
The final strand of the FIT guidance is in relation to the individual's financial soundness. Firms should consider a range of factors including whether the person has been the subject of any judgment debt that remains outstanding and whether the person has filed for bankruptcy. However it is worth remembering that the mere fact a person may be of limited financial means will not, in itself, affect their suitability to perform a controlled function.
Finally, I should also mention that under the SMCR, firms must collect evidence when assessing whether individuals are fit and proper to conduct their roles. For both Senior Managers and Certified Functions, firms must obtain regulatory references from all previous employers in the past six years before they are on-boarded and retain records of disciplinary and fit and proper findings going back at least six years. They must also carry out a formal fit and proper assessment on an annual basis and, for Senior Managers, firms should be conducting criminal records checks.
Ian: Thank you Sushil. So we've talked about the conduct rules and training requirements that the regime imposes and the fitness and propriety obligations but what about the implications the changes will have for employment contracts and policies? Simon perhaps you can comment on this with your employment law hat on and then perhaps we could hear from Sushil as to whether there are any regulatory aspects worth flagging too.
Simon: So putting my employment law hat on at a slightly different angle, the starting point I'd flag is that it is important to do what you can to incorporate any policy changes, any contracts into the overall culture and ensure that all the pieces of the jigsaw that Sushil and I have been talking about kind of all fit together.
So as part of the senior management responsibility then from an employment aspect, issues all need to be tracked and dealt with, the underlying risks remedied and fed into the wider risk management framework to ensure controls etc. are all put in place and also I would mention this includes the non-financial risk I have mentioned above as well.
So practically a first step of doing this is to ensure that the employment contracts for all employees, perhaps save for those ancillary staff mentioned earlier, will need to be updated. You may however want to ensure that arrangements with contractors who may provide ancillary staff ensure that they are still obliged to comply with your basic rules and also your ethics values and kind of base standards.
For employees who are not senior managers or certified persons but who are still subject to the conduct rules, these conduct rule employees we mentioned, their contracts I think we should have a provision expressly requiring them to comply with the rules and also having a contractual expectation that any breaches will be reported to the regulator and also making it clear what will happen on any particular references that are given.
It is also a good idea to have an obligation on employees to cooperate in the contractual basis with any regulators or any firm investigations that are going on.
Moving on to certified persons, so these are people who aren't Senior Managers but whose role means it is possible for them to cause significant harm to the business or its customers or clients, they of course should include the same provisions we have mentioned above for conduct rule employees but there should also be contractual or clear obligations requiring them to comply with any fitness and propriety assessments which Sushil has just outlined.
I think there should also be a need for provisions requiring them to notify the employer of any changes to their personal circumstances, any financial etc. but also a requirement perhaps to proactively raise issues and kind of speak up if you like. That does tempt me to go on about speaking up or whistleblowing but that we'll save for a later podcast.
And finally for Senior Managers they will have the same contractual provisions as for certified persons but I think in addition they shall have an obligation to ensure that they delegate their responsibilities or any delegation is done properly and also something requiring them to give a proper handover to any replacement if they cease their senior management function, whether on leaving, changing role or even a temporary cessation and also further an obligation that they maintain their statements of responsibility and will comply with them.
I think it is also important to make sure that this is also a mechanism for enabling the employer to have rights, for example to change or handover responsibilities as they require so it gives you the contractual right to do these and you don't end up in a situation where you are trying to do something to comply with your regulatory obligations but the employee is saying you don't have a contractual right to do so.
It should be possible in terms of making these changes, to do so unilaterally without consulting with employees or unions or workplace representatives if you are just making these changes to comply with the senior management regime, as they are regulatory requirements. That said, we would say it is prudent to get employees to sign and agree the changes if possible and indeed in making the changes that former consultation will go a long way to embedding the purpose of them as well and making sure people understand why we are doing it.
I think one final point of contracts I wanted to mention is that in the offer letters for new certified staff or indeed all staff, just make sure that they are clear that the appointment is conditional on things like satisfactory regulatory references and being assessed as fit and proper. This of course can then feed into contracts which would be conditional on this too, so for example you might want to build in a process which makes it clear what will happen if you get an updated regulatory reference which reveals that some historic wrongdoing at the previous employer has been discovered.
Sushil: Thanks Simon, just to add to Simon's points there that firms should also build into their employment contracts the requirement for Senior Managers and certified staff to promptly provide the firm with the details of any changes to their personal circumstances which need to be reflected on public records. When the SMCR was rolled out all solo regulated firms, the FCA received substantial feedback on the public value of the FCA maintaining a central public directory of certified staff and certain other individuals given that only details of Senior Managers would appear on the financial services register. As such in March 2019 the FCA introduced new rules for all firms to report information about directory persons which comprise of all certified staff, directors who are not performing senior manager functions, whether they are executive or non-executive, and other individuals who are sole traders or appointed representatives where they are undertaking business with clients and require a qualification to do so.
The deadline for solo regulated firms for submitting information on the FCA's Connect portal was originally 9 December this year but due to the impact of COVID-19 the FCA has granted an extension to 31 March 2021. In order for firms to comply with their obligations to keep standing data up to date on the directory they should check their contracts of employment to ensure there are requirements on staff to keep these details up to date.
Ian: Thanks Sushil. Simon, you've mentioned the changes that will need to be made to employment contracts, but what about policies, will any changes be needed there and will firms need to have any new policies in place?
Simon: So as I mentioned before it is important to make sure that everything kind of builds in that jigsaw I mentioned and that this isn't in isolation, it is built into all the other compliance and regulatory frameworks in place, but the SMCR will have a knock on impact to a number of existing policies and procedures. And I do use the words policies and procedure here but I will confess that does make me wince a little, it isn't a question of putting documents in place for the sake of it, what I mean is that there should be clarity in how things are done in compliance and under the regime and documented in the appropriate way to do so. This is important for clarity to staff, for clarity to managers, clarity to the employer and also to demonstrate to the regulators what is being done. Of course whatever is in place needs to be actually followed and it needs to be properly audited and properly maintained and as I said these should be looked at holistically across the whole compliance framework and not just in isolation with HR.
So in essence what you are looking at is a Consequence Management framework, but under that for the employment prospect the main policies you are looking to be affected are a disciplinary policy and process as a starting point.
Now this should make it very clear, whether that is in the policy itself or part of the procedural documents such as letters to employees and outcome letters, but it should make it very clear that steps taken under the policy in relation to misconduct may result in a reconsideration of whether or not the employee is fit and proper. It should also state that the outcome of a disciplinary process may need to be disclosed in a regulatory reference. I have seen many issues where individuals are not aware of this and this causes them, quite obvious and perhaps understandable, consternation, particularly where this is going to impact on their fitness and propriety. It is also, where misconduct may impact on someone's compensation, it is also important to make sure that that is clear and spelled out so people understand, not just for those who are in the process but just in general so people understand what the consequences are of disciplinary action, and it's worth including, and any examples of misconduct may be given, that a clear breach of the conduct rules is, of course, a specific example of misconduct.
We talked about training a lot and there should obviously be a clarity on the policy in regards to training and particularly completion on training of the conduct rules. This training should be mandatory and it should be obvious and evident to everybody that timely completion of all mandatory compliance training, conduct rules, bribery, corruption, market conduct, all these important and mandatory training will be a firm component of the fitness and propriety assessment and I think it is also worth adding in there clarity for individuals that failure to do the training properly, failure to complete it on time and even issues like getting other people to do the training for you will be misconduct and could have an impact on compensation. So you've kind of got the stick which is the disciplinary aspects, but you have the carrot which is part of the training to ensure that people understand the purpose of this.
I know Emma Bufton touched on recruitment and screening and verification in our first podcast so I won't go into too much detail on that here, other than to say that any relevant policies on recruitment may need to be updated where you make changes to what you are doing about the checking of criminal records but it is also important to make sure that these policies link up with other policies as well, so anything on recruitment, anything on references, links up with disciplinary as well for example.
And I think finally it is important to review any remuneration policies as well. These need to be reviewed to consider if any changes are necessary in relation to clawback, of a deferred compensation for example but there is also a point about making sure that the jigsaw fits so if somebody gets a sanction then this will need to be fed back into the relevant process in relation to compensation to make sure that compensation is appropriate where somebody has a misconduct sanction.
And this is kind of another point about making sure that that jigsaw fits, if somebody gets that sanction it needs to be fed back into the relevant compliance process regarding fitness and propriety that Sushil talked about and reporting, which I know Sushil will cover shortly, compensation considerations and also making sure that any conduct rule breaches are indeed reported to the FCA.
So as well as these policies there are some specific policies that should be introduced if not already. We have already mentioned the fitness and propriety assessment but I think having a policy on breach reporting and including that in compliance policies and also making sure there is a clear handover policy for Senior Managers are also very key to be implemented.
Ian: Thanks Simon. I'm interested in what you said about the disciplinary policy and the changes that will need to be made to that and the new breach reporting policy. One point that strikes me is how is the firm going to combine reporting any breaches to the FCA with any disciplinary process? There is always a balance there because on the one hand you have to be open and transparent with the regulator under Principle 11, on the other hand you obviously have to be very fair in your dealings with the employee. Sushil do you want to pick this up?
Sushil: Yes, thanks Ian. So the SMCR introduced a new requirement for firms to notify the FCA of disciplinary action which has been taken against a person for a conduct rules breach. Disciplinary action in this context means the issuance of a formal written warning, suspension or dismissal of a person or the reduction or recovery of remuneration otherwise known as clawback. Upon the occurrence of any of these events in respect of Senior Managers a notification of the conduct rule breach should be notified to the FCA within seven business days of concluding the disciplinary action using a Form D, or whether the individual is no longer approved a Form C. I emphasise that the clock starts ticking for the notification requirement only once the disciplinary action has been concluded, therefore firms should await the outcome of any disciplinary process or investigation before making a notification unless of course there is a risk that serious misconduct may have been committed which warrants a notification under Principle 11. For other individuals notification needs to be made once a year using the form REP0008 on the FCA's electronic reporting system GABRIEL. Firms should note that they need to make an annual notification about conduct rules even if there haven't been any breaches, this was intentional on the part of the regulator to make sure firms correctly monitor and identify conduct rules breaches.
Again outside of this notification firms should be notifying the FCA of any serious misconduct under their Principle 11 obligations.
Ian: Well Simon and Sushil thank you both very much, that's been very interesting but I think it is all we've got time for on this podcast. Do keep a look out for our further podcast in this series and our next podcast in the series will be on whistleblowing and investigations. If you have any questions arising from this podcast do feel free to contact Simon, Sushil or me.
Have a good day.
Missed the first episode? Listen to 'The employment lifecycle through a SMCR lens: recruitment', in which we start at the beginning of the SMCR cycle, exploring all things recruitment.
Read the original article on GowlingWLG.com
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.