The UK Financial Services Regulators’ Recent Push on the ‘S’ in ESG

October 27, 2021

Click for PDF

Diversity and inclusion (“D&I”) in the workplace including at leadership levels of organisations is an ever prominent issue brought into sharp focus during the pandemic, intensified in the wake of the recent racially motivated crimes in the US and elsewhere,  which had brought this critical issue on the agenda of many regulators, globally including the UK’s financial services regulators, the Financial Conduct Authority (“FCA”)[1] and the Prudential Regulatory Authority (“PRA”)[2]

Earlier this year, in July, the UK’s financial services regulators published a discussion paper and a consultation paper setting out proposals to enhance diversity and inclusion in the financial services and the UK listed company sectors respectively. The feedback period on both papers recently came to an end. This alert looks at some of the detail behind the proposals and considers whether in some aspects the FCA has missed an opportunity to push forward the broader D&I agenda and whether in other ways it has gone too far with certain proposals which may have a real and direct impact on the privacy of individuals and the qualitative impact of the proposals.


Joint Discussion Paper Impacting the UK Financial Services Sector

What?: On 7 July, the FCA, the PRA and the Bank of England[3] (together, the “Regulators”) issued a joint discussion paper – “Diversity and inclusion in the financial sector – working together to drive change” (“DP 21/2“)[4]  expounding how meaningful change in respect of diversity and inclusion in the financial services sector can be accelerated and the paper should be viewed as the starting point for the implementation and formalisation of the related requirements. The Regulators’ make it clear that their primary focus is enhancing “diversity of thought” or “cognitive diversity” whilst recognising that diversity of thought can be influenced by many factors including demographic characteristics which are visible and measurable (e.g. gender, age, ethnicity) and invisible (e.g. disability, sexual orientation and education).

Which firms does it impact?: DP 21/2 affects the whole UK financial services sector including firms authorised and regulated jointly by the FCA and PRA (e.g. banks, building societies, designated investment firms, credit unions and insurance firms) or solely by the FCA. Payment services and e-money firms, credit rating agencies and recognised investment exchanges regulated by the FCA and FMIs regulated by the Bank of England fall within the broad reach of the paper.

Next steps: The proposals are only at a “discussion paper” stage but will be the foundations upon which further steps towards change in this area are built upon. Whilst the official deadline for feedback on the discussion paper passed on 30 September, the regulators propose to continue to engage with firms and other regulators on the topics presented in the paper and intend to gather further data to support their analysis and eventual recommendations with a view to issuing a formal consultation paper in Q1 2022 followed by a Policy Statement in Q3 2022.

Consultation Paper Impacting Listed Companies in the UK

What?: On 28 July 2021, the FCA has published a consultation paper – “Diversity and inclusion on company boards and executive committees” (CP 21/24)[5] which sets  a number of proposals to enhance diversity-related reporting by certain listed companies in  relation to gender and ethnic diversity at both board and executive management level.

Which types of companies does it impact?: The companies in the scope of the breath of the proposals are both UK and  overseas issuers with equity shares, or certificates representing equity shares, admitted to either the premium or standard section of the FCA’s Official List (“In-scope Companies”). In addition, the corporate governance related proposals will also capture UK issuers admitted to UK regulated markets and certain overseas listed companies (subject to exemptions for small and medium companies). The FCA is proposing to exclude open-ended investment companies and shell companies. The FCA is also proposing at this stage, to exclude issuers of debt securities, securities derivatives or miscellaneous securities. The FCA estimates that there are about 1,106 issuers who would be In-scope Companies (766 large issuers and 340 small and medium-sized issuers).

Next steps: The consultation closed on 20 October 2021 and, subject to consultation feedback and approval by the FCA Board, the FCA aims to  publish a policy statement along with the new Listing  Rules and the Disclosure and Transparency Rules (“DTR”) before the end of 2021. This would mean that any new rules would apply to accounting periods beginning on or after 1 January 2022.


Policy Options Under Consideration for the Financial Services Sector – DP 21/2

Which firms should be in scope? – The Regulators are seeking views on which of the entities identified as falling in the UK financial services sector above should be in scope and the extent that different categories of firms should fall in scope. For example, it is expected that firms which currently fall within the Senior Managers and Certification Regime (“SMCR”)[6] should fall in scope but potentially to different degrees depending on their classification for SMCR purposes (i.e. whether and ‘enhanced’, ‘core’ or ‘limited scope’ firm). The Regulators are keen also to include FMIs (even though they are not caught by the SMCR in the same way as other firms) given the important albeit unseen role they place in society and the UK financial markets. An alternative to utilising the SMCR regime as a foundation to introducing potentially new D&I rules would be to utilise existing size classifications under the UK Companies Act 2006 regime for accounting and reporting purposes (i.e. micro-entity, small, medium sized and large). The Regulators are also keen to gather views on the extent to which overseas firms operating in the UK (including through branches) should be caught – we consider that to the extent that these firms are providing financial services and products into the UK market, it would be appropriate that they fall in scope, albeit this should be in a proportionate manner.

Data Collection: One of the trickiest elements for the Regulators to navigate in putting together their proposals is in relation to data collation. The Regulators rightly see data collation (and related setting of targets or metrics) as key to driving impact and change D&I however recognise first that many firms are already collecting some data[7] (albeit not in a consistent manner) and that collection of meaningful D&I data (particularly in smaller firms) can run directly counter to data privacy rules and these will vary across different jurisdictions. In addition, the effectiveness of D&I data collation including data which requires individuals to self-identify for certain categories of diversity, is likely to be impacted by the culture of the individual firms and indeed the culture (and potentially laws and regulations e.g. rules which may prohibit certain sexual or romantic orientation) across different jurisdictions. Further, on the key diversity element of ethnicity, the appropriate ethnic categories for a firm may well be impacted by the jurisdictions in which those firms principally operate (albeit with UK operations or nexus), where they are incorporated or have their headquarters or key leadership teams. How should the regulations be structured to accommodate for this? This is also proving to be a key factor in the specific proposals for listed companies (see  below). Finally, on data collation, whilst for purposes of the discussion paper, the Regulators are gathering feedback on collection of data across the nine “protected characteristics” recognised under the UK’s Equality Act 2010[8]  plus socio-economic background, we do not expect this to result in proposals in the first instance which would cover all of these areas.

Key focus areas of the Discussion Paper:  The following areas are the focus of the discussion paper and where the Regulators are actively considering developing policy options (including potentially mandatory proposals):

  • Governance – The Regulators recognise that in order to drive effective change in D&I, the leadership and culture of a firm is critical and boards are ultimately responsible for setting strategy and culture and holding management to account for promoting D&I. The paper queries if targets for representation at board level should be set and clarification should be delivered around succession planning for boards and the specific role of nomination committees in driving D&I.
  • Accountability – The Regulators are in favour of making senior leaders directly accountable for D&I alongside collective responsibility of the board – this could be done for example through aligning this with the prescribed responsibilities under the senior management function (SMF) in firms for leading the development of firm culture and/or overseeing adoption of the firm’s culture[9].
  • Remuneration – As with other areas of environmental, social governance (ESG), the Regulators also see linking remuneration (in particular variable remuneration) with progress on D&I as a key tool for driving both accountability and to incentivise progress. The Regulators are also looking to introduce explicit rules about remuneration policies set by firms and the requirement to ensure that both fixed and variable remuneration do not give rise to discriminatory practices.
  • D&I Policies – The Regulators consider having clearly set out D&I policies are essential and wish to explore a requirement for all firms to publish their D&I policies on their website – and whilst not intending to be prescriptive about the content of such policies the expectation is that at a minimum the policies include clear objectives and goals and the Regulators note that for smaller firms a proportionate and simpler approach would be appropriate.
  • Progression, Development & Targets – The Regulators are keen to facilitate early consideration by firms about the progression of their talent from the time of entry to the top of the organisation. This should include consideration being given to recruitment practices and beyond. Linked to this, the Regulators are keen to get views on the merits of setting targets for under-represented groups for entry into management (whether senior-management or customer-facing roles)
  • Training – The Regulators believe that all employees in firms should understand D&I and its importance and that accordingly firms should institute training for employees which is focussed on real business outcomes. The Regulators are cognisant of the mixed views on D&I training and the pros and cons of mandatory (potentially tick the box training) and voluntary training (which may run the risk of poor take up) and is seeking further insights in this area.
  • Products and Services – Importantly, the Regulators want firms to focus on consumer outcomes and to take care to ensure that a firm’s target market is not defined in a way that can result in unlawful discrimination. Rules already require firms to ensure fair treatment of vulnerable customers – the Regulators however are seeking views on whether their rules should go further such that product governance requirements should specifically take into account consumers’ protected characteristics or other diversity characteristics.
  • Disclosure – Research cited by the Regulators shows that greater disclosure is linked to increased diversity and accordingly they wish to consult on requirements for firms to publicly disclose a selection of aggregated diversity data about the firm’s senior management and employee population as a whole. Disclosure could potentially include pay gap information and the Regulators are also seeking views on whether a template form of disclosure would be beneficial for firms. Again the Regulators are cognisant of not imposing excessively burdensome disclosure requirements and ensuring a proportionate approach.
  • D&I Audits – The Regulators consider that diversity audits should be considered to assist firms to measure and monitor D&I and in particular help boards judge whether measures put in place to change culture and thus behaviour are actually working.
  • Regulatory Measures – The Regulators consider that non-financial misconduct (which could for example include evidence of sexual harassment, bullying and discrimination) should be embedded into fitness and propriety assessments of senior managers. The Regulators are also keen to understand further how a firm’s appointments at board and senior management level have considered and taken into account how such appointments will contribute to diversity (e.g. in a way that addresses risks arising as a result of lack of diversity and group think).
  • Authorisation – Threshold Conditions – Finally, the Regulators are seeking views on whether and to what extent D&I should be embedded into the minimum conditions that a firm must meet to carry on regulated activities (both initially at authorisation stage and on an ongoing basis)

New Specific Proposals for Listed Companies – CP 21/24

Key new annual reporting requirements:

Unlike DP 21/2 which is looking at a broad range of D&I characteristics potentially across the whole population of a firm, the initial focus of the FCA in  CP 21/24 is on gender and ethnicity at board and executive management level. Specifically, if the proposals are to be adopted, they will  require In-scope Companies to make the following public annual disclosures:

  • Targets – A “comply or explain statement” on whether they have achieved certain proposed targets for gender and ethnicity representation on their boards:
    • At least 40% of the board are women (including individuals self-identifying as women);
    • At least one of the senior board positions[10] is held by a woman (including individuals self-identifying as women); and
    • At least one member of the board is from a non-White ethnic minority background.

Ethnic categories – The non-White ethnicity categories are to be based on the UK’s Official National Statistics (ONS) categories – which as readers will immediately appreciate would not appropriately reflect ethnic categories which may be more appropriate for companies either incorporated or based in overseas jurisdictions and where board or senior management teams are composed of persons and/or might more fairly reflect the demographics in such jurisdictions.

Where – The annual disclosure must be set out in the annual report and accounts of the issuer.

Failure to meet the targets – Where In-scope Companies have not met all of the targets, they will need to indicate which targets have not been met and explain the reasons for not meeting the targets.

  • Numerical Disclosure – A standardised[11] numerical disclosure across five categories covering the gender and ethnic diversity of a company’s board, key board positions and “executive management team”[12].
  • Optional Additional Disclosures – The FCA is also proposing to include guidance that In-scope Companies may in addition to the mandatory disclosures above, wish to include the following in their annual financial reports to provide potentially relevant context:
    • Summary of existing key policies, procedures and processes;
    • Mitigating factors or circumstances which make achieving diversity on its board more challenging (e.g. size of board or country where main operations are located); and
    • Any risks foreseen in continuing to meet the board diversity targets in the next accounting period and/or plans to improve the diversity of its board.

We would recommend that issuers consider taking up the opportunity to provide further disclosure and context (whether or not they have failed to meet targets and/or perceive a risk in so doing) as this additional narrative can also serve to provide a helpful platform for setting out narratives which can support and distinguish an issuer’s efforts to enhance diversity in its board and leadership teams.

Enhancing existing corporate governance disclosure requirements:

In addition to amending the Listing Rules to reflect the above new annual reporting requirements, the FCA is proposing additional specificity and more information to be disclosed  by certain issuers[13] who currently are required to publish a corporate governance statement which includes a description of diversity policies which apply to the their administrative, management and supervisory bodies (or, if they do not have one, explain not). The FCA is proposing to expand the disclosure of the diversity policy to cover the following elements:

  • Scope – The diversity policy should also apply to a company’s remuneration, audit and nominations committees; and
  • D&I Categories – The policy should also cover the following additional diversity elements ethnicity, sexual orientation, disability and socio-economic background.


  1. Too much data and the increasing regulatory burden – Following the publication of the Discussion Paper, concern has been expressed and feedback provided to the Regulators on the scope of the D&I factors covered by the paper – the prospect of having to comply with new disclosure requirements across the nine protected characteristics and socio-economic factors would be overwhelming for the financial services sector industry. In addition, there is concern amongst both the financial services and listed company sectors regarding the already significant and growing data sets required and to the extent there is an opportunity to merge data collation requirements and/or to use existing frameworks (e.g. the senior managers or SCMR) as a foundation to develop for example new specific rules on individual accountability for D&I matters, the Regulators should try to do so.
  1. Overlap between the Proposals – There are overlaps between the proposals in DP 21/2 and CP 21/24 of course to the extent that any of the financial services firms are also In-scope (listed) Companies – the FCA recognises this and the Regulators will need to be cognisant of this when developing proposals for the financial services sector.
  1. Existing Reporting by In-Scope Companies – On the subject of overlap, there are some In-scope Companies which are already voluntarily reporting D&I data against other voluntary frameworks and will need to start to give consideration now as to whether these should continue and/or how reporting can be most efficiently aligned or integrated with the proposed new reporting requirements.
  1. Preparatory considerations & data collection challenges – On timing, the FCA’s proposals would as noted above, apply to accounting periods starting on or after 1 January 2022 so that reporting will start to emerge in annual reports published for 2022 on and from Spring 2023. The FCA is even encouraging companies to consider voluntary early disclosures in annual financial reports published before that time! This would potentially be a challenge for companies unless and to the extent that they are already collating the relevant data in the way prescribed by the FCA (including having given appropriate consideration as to who would fall within their “executive management” for these reporting purposes). To meet the official reporting timing, companies should already start actively considering how to collate the relevant information envisaged by the FCA. There are a number of “tricky” (potentially newer) elements in the proposals including gender data which covers persons self-identifying as women.
  1. Data Privacy – We understood the Regulators’ general stance on the importance of data collation in driving efforts on D&I. including allowing for comparisons to be made across companies and sectors (and monitoring progress against targets). However, the key crucial issue which has been flagged by market participants and advisers providing feedback on both sets of proposals is the issue of data privacy. Whilst the Proposals make touching reference to compliance with data privacy requirements, there does not appear to have been an adequate assessment or analysis of how the Proposals (in particular in CP 21/24) potentially cut across data privacy requirements (including but not limited to General Data Protection Regulations (“GDPR”). As we have seen, the Proposals place or consider placing obligations on companies to collect data and personal data revealing race, ethnicity, sexuality or disabilities background or concerning ”special categories of personal data” under the GDPR (which are subject to additional restrictions). We note there are provisions within the GDPR that allow processing of special category personal data for equality of opportunity monitoring purposes, however, this is something that will need to be carefully managed to ensure no data remains personally identifiable. Further, for the proposals to work in practice companies will need the support of employees themselves who will need to be willing to provide their personal information, which to some may be deemed sensitive.
  1. Modest targets … not quotas – We note that the proposed board diversity targets referred to in CP 21/24 reflect what is currently expected of FTSE 350 companies, on a voluntary basis, by virtue of the Hampton- Alexander and Parker[14] review reports, save that the FCA has increased the women on boards target from 33% to 40% and some consider that a more stretching target could have been imposed. Additionally, it is worth noting,  that it is not envisaged by the consultation paper that the proposed Listing Rule targets become mandatory quotas, but instead the FCA makes it clear (assuaging any concerns that some issuers may have) that is seeking to provide a positive benchmark for firms to aim towards.


We note that DP 21/2 is broad and sweeping in nature and makes reference to all protected characteristics under the Equality Act as an attempt to consider diversity & inclusion as a whole rather than focusing on any specific area of underrepresentation. Whilst the ambition is noteworthy, If the intention is to address a broad range of D&I, some market participants would be in favour of a qualitative, in-depth approach over a more modest range of criteria, mindful of overlaps and multiple data requests that firms are facing.

Conversely, CP 21/24, whilst making positive steps in its focus on gender and ethnicity does not cover all aspects of diversity & inclusion including some other key areas including disability and socio-economic background which some market participants view as a missed opportunity.   A more ambitious set of proposals giving companies a longer lead time to start to consider, embed and eventually report on a slightly broader data set merited consideration by the FCA.

Finally, we note that neither of the papers have  tackled the question of intersectionality[15] nor how the Proposals or development of new rules pursuant to the discussion paper would adequately address this.  For example, the new and/or enhanced corporate governance disclosures could have specifically required companies to include disclosures on the extent to which they have identified and are addressing issues of intersectionality.


The publication of papers with a focus on D&I is not unique to the UK or the UK Regulators, this is a current hot topic with regulators around the globe keen to ensure representation across companies to reflect all elements of diversity & inclusion. For example:

  • In Hong Kong, the Stock Exchange of Hong Kong Limited published a consultation paper on its Corporate Governance Code and Listing Rules in April 2021 which considered gender diversity on boards;
  • In April 2021, the Financial Services Agency in Japan published a consultation on proposals to revise its Corporate Governance Code to require companies to disclose a policy and voluntary measurable targets in respect of promoting diversity in senior management by appointing females, non-Japanese and mid-career professionals;
  • In Australia, diversity and inclusion on boards’ obligations are set through the Corporate Governance Principles applicable to companies listed on the Australian Securities Exchange. Principle One, which applies to listed entities from financial years commencing on or after 1 January 2020, requires the entity to “lay solid foundations for management and oversight”. It includes the recommendation that the board sets “measurable objectives for achieving gender diversity in the composition of the board, senior executives and workforce generally”; and
  • In Singapore, the Ministry of Social and Family Development has established the Council for Board Diversity to promote a sustained increase in the number of women on boards of listed companies, statutory boards and non-profit organisations. The Council has set a target for the 100 largest listed companies of 20% women on boards.


Whilst no formal changes have yet to be put into effect in the UK, it is clear to see through the publication of both CP 21/24 and DP 21/2, that the Regulators and the FCA are determined to follow and, potentially in a number of respects, lead the global momentum to drive enhancement of  diversity & inclusion in business and this is welcome. As the detailed proposals are crystallised and finalised, we will continue to review whether some of the possible unintended consequences (particularly around possible compromises on data privacy) are identified and addressed and if a proportionate set of measures are rolled out across the financial services and listed company sectors.


   [1]   The FCA regulates part of the financial services industry in the UK. Its role includes protecting consumers, keeping the industry stable, and promoting healthy competition between financial service providers. The FCA the conduct regulator for around 51,000 financial services firms and financial markets and the prudential supervisor for 49,000 firms, setting specific regulatory standards for around 18,000 firms.

   [2]   The PRA is the prudential regulator of around 1,500 financial institutions in the UK comprising banks, building societies, credit unions, insurance companies and major investment firms.

   [3]   The Bank of England’s input to the discussion paper is in its capacity of supervising financial market infrastructure firms (FMI).

   [4]   DP 21/2

   [5]   CP 21/24

   [6]   A new set of compliance regulations introduced in the UK to reduce harm to consumers and strengthen financial market integrity by making firms and individuals at those firms more accountable for their conduct and competence. The rules were rolled out across different parts of the UK financial services sector from 2016 and apply to a range of firms in a proportionate manner depending on size and business type, including banks, insurers, FCA-solo regulated firms, PRA-designated investment firms and deposit takers.

   [7]   Research quoted DP 21/2 notes that gender is the most commonly collected data with some firms now also collecting and mapping data across the lifecycle of employees. More sophisticated firms are also now starting to collect data on ethnicity.

   [8]   These are age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion or belief, sex and sexual orientation.

   [9]   Prescribed Responsibilities (PR) (I) and (H).

  [10]   i.e. Chair, Chief Executive Officer (CEO), Senior Independent Director (SID) or Chief Financial Officer (CFO).

  [11]   A reporting template (in tabular form) has been proposed and is laid out in the discussion paper.

  [12]   The Listing Rules would be amended to include a new definition of executive management – “executive committee or most senior executive or managerial body below the board (or where there is no such formal committee or body, the most senior level of managers reporting to the chief executive) including the company secretary but excluding administrative and support staff”. We note that whilst there is merit in including the company secretary, this role would not normally carry executive responsibilities, hence different terminology e.g. “management” may be a more accurate and representative definition.

  [13]   This obligation is set out in the Disclosure and Transparency Rules (DTR) of the FCA’s Handbook and the relevant DTR applies to certain UK and overseas issuers admitted to UK regulated markets but exempts small and medium issuers.

  [14] Hampton-Alexander Review: FTSE women leaders – initial report and Hampton-Alexander Review: FTSE women leaders –  Improving gender balance – 5 year summary report – February 2021.

  [15]   The concept of intersectionalism is credited to Kimberlé Crenshaw, a legal scholar at Columbia University. The term is used today more broadly to refer to any individuals with multiple self-identities. Specifically, intersectionalism in the workplace does not refer only to the factors of a person’s identity. It is a concept that recognizes the multiple identity factors and how they influence privilege and marginalization, power and influence, emotional impact, and individual and intersecting behaviour (Source: DiversityCan).

This alert has been prepared by Selina Sagayam and Shannon Pepper.

Ms. Sagayam, a corporate partner in the London office of Gibson Dunn, co-chairs Gibson Dunn’s global ESG Practice, is a member of its Global Diversity Committee and chairs its London Diversity Talent & Inclusion Committee.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Environmental, Social and Governance (ESG) practice, or the following in London:

Selina S. Sagayam – International Corporate Group (+44 (0) 20 7071 4263, [email protected])
James A. Cox – Labour & Employment Group (+44 (0) 20 7071 4250, [email protected])
Michelle M. Kirschner – Global Financial Regulatory Group (+44 (0) 20 7071 4212, [email protected])

Please also feel free to contact the following practice leaders:

Environmental, Social and Governance (ESG) Practice:
Susy Bullock – London (+44 (0) 20 7071 4283, [email protected])
Elizabeth Ising – Washington, D.C. (+1 202-955-8287, [email protected])
Perlette M. Jura – Los Angeles (+1 213-229-7121, [email protected])
Ronald Kirk – Dallas (+1 214-698-3295, [email protected])
Michael K. Murphy – Washington, D.C. (+1 202-955-8238, [email protected])
Selina S. Sagayam – London (+44 (0) 20 7071 4263, [email protected])

© 2021 Gibson, Dunn & Crutcher LLP

Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.