It's probably fair to say that most advice firms wouldn't choose to dance with the FCA.
Most would probably prefer to take their own careful steps, alone.
But when it comes to complying with regulation, what sort of steps should you take? Tip toes or great strides? What about ‘reasonable steps’?
For those looking ahead to the introduction of the senior managers and certification regime (SM&CR) from 9 December 2019, you may have noticed the repeated emphasis on 'reasonable steps' within the conduct rules.
There are two tiers of conduct rules under the SM&CR:
Tier one applies to business owners, certified staff and most employees. This states:
1. You must act with integrity
2. You must act with due skill, care and diligence
3. You must be open and co-operate with the FCA, the Prudential Regulation Authority (PRA) and other regulators
4. You must pay due regard to the interests of customers and treat them fairly
5. You must observe proper standards of market conduct.
Tier two applies to senior managers only. This requires that:
1. You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively
2. You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system
3. You must take reasonable steps to ensure that any delegation of your responsibility is to an appropriate person, and that you oversee the discharge of the delegated responsibility effectively
4. You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice.
So what are reasonable steps?
Unfortunately, there is no easy answer here.
But the FCA has provided some heavy clues in its policy statement on the duty of responsibility for insurers and FCA solo-regulated firms.
Some extracts worth noting include:
“The duty of responsibility specifies that we (the regulator) can take action against a senior manager where we can show that:
"The senior manager did not take such steps as a person in their position could reasonably have been expected to take to avoid the misconduct occurring or continuing.”
The regulator then goes on to make two very telling statements:
“The burden of proof for all these elements lies on the FCA. The senior manager does not need to show that they took reasonable steps, rather it is for the FCA to prove that they did not.”
You may think this provides an element of comfort, but the paper then points out:
“It may be in the interests of a senior manager to keep records of relevant steps they took in case questions are raised."
In summary then:
- The senior manager is responsible for taking reasonable steps in order to comply fully
- It is for the FCA to prove that reasonable steps were not taken
- It would be advisable for the senior manager to keep records of any relevant steps they took.
In other words, if the regulator is calling the tune, then a firm's systems and controls will be driving the steps being taken.
Dancing to the right tune
All business owners want to comply with the rules at all times. While you may be taking all the right steps already, a review of record keeping, that is, the steps taken to comply, ahead of the SM&CR is certainly worth carrying out.
It's worth considering these areas of your business:
On systems and controls, are they relevant to specific risks within your firm? Are all staff aware of them? Are all staff competent to apply and follow them?
On management information (MI), is the MI within your business accurate and produced in a timely manner? Is your MI relevant to the risks of your business and being consistently measured?
Consider who in the business is seeing this information, and who is challenging it. Who is responsible for analysing and monitoring this MI, and who is acting on it?
If the FCA does ever ask you for a dance, you will want to be assured that compliance with the SM&CR has not only been considered, but is also appropriately recorded and documented.