December 2, 2020
The Financial Conduct Authority (“FCA”) continues to show a desire to take action in sectors of the financial services industry where there has been traditionally less supervisory oversight and to push the importance of firm’s internal governance and oversight structures. Enforcement cases are often used as a way to convey key messages to such sectors and an important Final Notice was published on Monday 23 November 2020 when the FCA imposed a fine of nearly £3.5m on TFS-ICAP Limited for breaches of Principle 2 (due skill, care and diligence), Principle 3 (reasonable care in organising and controlling its affairs responsibly and effectively) and Principle 5 (proper standards of market conduct) of the Authority’s Principles for Businesses.
Although many of the issues in the Notice are specific to the facts in question, there are a number of themes underlying them which are of more general application to regulated firms. With today’s very broad application of the Senior Managers and Certification Regime (“SMCR”) and accompanying conduct rules it is important that firms and Senior Managers are aware of the messages in the Notice and consider whether their control frameworks meet the regulatory expectations in this area.
The key themes are set out below, together with some suggestions on practical steps firms can take to address the issues raised.
1. Risk identification should drive control design
The FCA expects firms to consider the specific risks within their business, given the sector of the market in which they operate, execution methods and any firm-specific issues which have arisen.
The obligation to assess risk lies not only with Risk and Compliance Departments but also with the business units.
For firms who outsource compliance or rely on off-the-shelf policies or training programmes, a key message is that the FCA is likely to expect a firm to go beyond simply adopting generic material or processes.
Where allegations of misconduct arise the efficacy of controls should be revisited and where necessary, enhanced.
Managers may wish to ensure that any common industry practices are carefully considered, recognising that although rules may not have drastically changed, standards and regulatory expectations have, especially post-financial crisis.
2. Governance structures and documentation of key decisions are crucial parts of reasonable oversight processes
Governance and oversight must be about more than just delivering financial performance and results. Structures and processes are required to ensure risk is properly managed, conduct is appropriate, delegation and oversight mechanisms work and culture meets expectations.
Any governance structure which cannot produce evidence of its consideration of risk will struggle in the face of the regulatory scrutiny that follows any kind of incident.
3. Conduct Risk management and robust internal reviews are also key in meeting Senior Manager responsibilities
Firms and Senior Managers must ensure that they have in place all the steps they need to tackle allegations of misconduct. A failure to have a process to manage the risk of misconduct – often called conduct risk – has been deemed by the FCA to be a breach of Principle 3, and therefore could in post-SMCR terms be a breach of a Senior Managers Conduct Rule.
Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. If you wish to discuss any of the matters set out above – whether issues raised or potential solutions – please contact the Gibson Dunn UK Financial Services Regulation team:
© 2020 Gibson, Dunn & Crutcher LLP
Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.