‘Reasonable Steps’ in the Regulated World

Lucy McClements

There is no doubt that being a Senior Manager Function holder (SMF) in today’s regulatory environment comes with increased risks. Regulatory expectations have been enhanced thus creating additional pressure on Boards and individuals to evidence their competence on an ongoing basis, particularly when handling regulatory issues and breaches.  

Under the Senior Managers & Certification Regime (SM&CR) the PRA and FCA expect all SMFs to take ‘reasonable steps’ to manage, operate and control the areas of business under their responsibility.   ‘Reasonable steps’ are defined as “such steps as a person in their position could reasonably have been expected to take to avoid a misconduct/ breach/ error occurring or continuing”.

Therefore, the taking and documenting of ‘reasonable steps’ form an important line of defence for a SMF against any personal liability in relation to regulatory enquiries and investigations if issues arise in their areas of responsibility. However, ‘reasonable steps’ are not prescribed by the regulators, rather it is for each SMF to interpret and evidence how they have fulfilled their duty of responsibility within their own context and that of the firm in which they operate. 

In a nutshell, ‘reasonable steps’ include making sound decisions and actions based on the information at hand and most importantly being able to demonstrate, usually via documentation, the steps taken when addressing issues.  Indeed, the concept is referred to in several places in the rules and related commentaries; most notably the Senior Manager Conduct Rules (COCON 2.2) expect a SMF to ensure that the areas of the business for which they are responsible are:

•           effectively controlled;

•           in compliance with regulatory requirements at all times; and

•           where tasks are delegated, that they are delegated to a suitable person and that the performance of those tasks is overseen appropriately. 

When reaching its conclusions, the regulators will compare their findings from any investigation with those decisions and actions which it considers would have been taken by a competent SMF in the same position, with the same role and responsibilities, at that time, and in the same circumstances.

So, what might ‘reasonable steps’ entail in the context of a SMF of a regulated firm?

We could consider two different angles of approach:

  1. Potential ‘reasonable steps’ in a “Business as Usual” environment e.g.:
    1. Core operational and risk management processes in place;
    1. Governance arrangements (three lines of defence); and
    1. Regular reports received and provided.
  • Reviewing the list of points regulators have stated they will consider in the context of ‘reasonable steps’ (see DEPP 6.2.9-E) e.g.:
    • Exercising due skill, care, and diligence when considering the information available to them;
    • The knowledge the SMF had, or should have had, of any regulatory concerns relating to their role and responsibilities;
    • Reasonableness of any delegation of their responsibilities (to an appropriate person with the necessary capacity, competence, knowledge, seniority and skill);
    • The extent of an orderly transition to another SMF when they were replaced; and
    • How long the SMF had been in role and the extent of any handover they received.

Taking ’reasonable steps’ is not limited to diligently recording information ‘just in case’ something goes wrong in the future. It also means:

• Maintaining an up-to-date knowledge and understanding of the relevant regulatory requirements, technical elements associated with your role, as well as the wider operating environment.

• Being alive to the potential risks and issues that arise when running any business AND responding in a timely fashion to any crystallised issues that emerge. Regulators know that things go wrong.  It is how the relevant SMF and the firm respond that makes all the difference, for example, creating and following through a well-defined action plan, or seeking third party expert advice on how best to proceed.

• Organising and allocating enough resources via clear reporting lines and delegations that are well communicated and understood by staff.

• Continuously reviewing, assessing, and improving. The job is never done….

Five years on from the implementation of SM&CR and there have been very few Enforcement cases concluded against individuals under the new framework.  Whilst these types of cases are likely to be challenged intensively by the individual in question (and therefore take several years of legal debate), one might hypothesise that where serious regulatory breaches have occurred the accountable individual has been well able to demonstrate ‘reasonable steps’.  Only time will tell.

May 2021

Lucy McClements is a member of the FS Expert Group. Her career has included responsibility as a regulator for determining senior managers’ applications to FCA for regulatory approval and, in her later capacity as a regulatory consultant, assessing and coaching senior managers seeking approval. For full details see

The FS Expert Group provides, through dedicated Experts with exceptional track records, relevant expertise and expert evidence in a wide variety of financial services cases, mindful of clarity and impartiality, whether in Court as expert witness, in tribunal as adjudicator or in the Board Room to instruct and advise.

Posted in: FCA, Miscellaneous, Senior Managers Regime
Tagged in: , , , , , , , ,

Hardly Diverging

Almost at the very end of the fourth month after our final separation from EU legislation, the FCA published its first proposals for going it alone. CP21/9 sets out its grandly entitled Changes to MiFID’s Conduct and Organisational Requirements. But be ready for disappointment. If this is what Brexit is all about, we could have saved ourselves a lot of bother.

Over the years, MiFID has caused much grief and MiFID II did nothing to alleviate that. So there is much that could be done to improve the unhappy lot of MiFID firms. Now with a free hand, the regulator can swing the axe and fell the monstrous beanstalk that the giant has so often used to clamber down to frustrate British efforts to build the biggest and best financial services industry in the world. So here we go – the EU has proposed some modest trimming of the research acquisition requirements, so the FCA proposes to do much the same. 

All right, maybe it is not as daft as all that. After all, if the EU is going to get of rid of some of MiFID, why wouldn’t we? Indeed, if we didn’t, we would be left clinging to the wreckage of their failed measures while they swam away. So it’s not just an easy start, undemanding of major justification for divergence which might ultimately destroy all prospect of equivalence. It is in fact a catchup measure motivated partly by a wish to pick the low hangers and partly by FOMO. Lurking there in the Consultation’s Summary is a ref to competitiveness, that banished concept, fingered as the race-to-the-bottom culprit for the banking crisis of a dozen years ago. We do not wish to be left behind.

Betting men will say that a couple of these changes will have no objectors at all – none, anywhere. The FCA reveals what we already knew, that the intended audience for the best execution reports now to be dropped have never read them. And some firms even ventured that they had never once received an enquiry about any of the data so lovingly – and expensively – collected and published. In fact, as failed regulations go, they are right up there. If this had been a private sector project, heads would be rolling – but euro-heads seldom role, they just slide quietly into new programmes in quite different sectors, trying their hands at health-care procurement and that sort of thing. So, no mourners for RTS 27 or 28. Not one.

But research acquisition is more interesting territory. For a start, it was FCA that pressed for its control in MiFID II. The concept of removing the scope for extravagant use of clients’ money to buy excessive amounts of research has its sympathisers. And the FCA provides some decently convincing research that shows it actually has not done much harm either. The famously predicted annihilation of SME research coverage really has not happened – there just wasn’t a lot of it about in the first place. But why the divergence from the EU plan to remove the requirements for research on any company under €1bn market capitalisation.? Because the problem lies right at the bottom, with 98% of the companies with no research coverage having a market cap of less than £250m. Add to that a few related stats and you quickly get to the FCA position of capping the concession at £200m. And why did the EU go higher? Perhaps because they did not do the analysis, possibly because they perceive a race-to-the-bottom advantage, but probably because they view the whole measure as an ill-conceived British concept that they are now free to dismantle in stages. So who is the greater diverger?

Fortunately FCA has also identified another sector where there has been no discernible advantage from the research regime. As there has been no change detected in FICC (fixed income, currencies and commodities) spreads since the application of the MiFID II requirements, there really does not seem to be a benefit in forcing the research producers to charge extra for their output. So, apparently, no loss there. And it is fair to assume that there will not be much controversy about disapplication of controls over research that is available free to the general public – rather, perhaps, that it is difficult to see how you persuade anyone to pay for it in the first place. But the proposed disapplication to research provided by independents is a bit more puzzling. Given that the definition of ‘independent’ in this area is a firm with no link to trade execution, it is difficult to put one’s finger on the benefit derived from lifting the ban on using research as an inducement to use the firm’s, er, trade execution services. That might explain why the FCA gave up the unequal task of providing its own explanation. The best argument, that the requirements are redundant in this area and therefore pass no CBA, fails to feature.

But, for the true connoisseur, the real pleasure lies in the chosen mechanism for disapplication. No elaborate narrowing of the application rules here; just an adjustment to the definition of a minor non-monetary benefit, now to include the four areas of concession. Tempting as it might be to suggest that this was driven by neatness of drafting, despite the distortion of the concept of a MNMB, it seems the cunning plan is to avert the need for firms to plead with clients to sign new agreements that allows the benefits to be rebundled. 

Posted in: Best Execution, Brexit, Competition, EU, FCA, MiFID
Tagged in: , , , , , , , ,

Treating EU customers fairly

While we have been known to suggest that the EU does not always act as it should, in some areas, whether right or wrong, it has at least the merit of consistency. One such area is its approach to determining where a financial service is being carried out. Take the example of the investment manager sitting in his office in the City (lovely old concept, for those that can still remember it) looking after the investments of his favourite Italian client, who is sitting comfortably somewhere near Milan. We would say, rather obviously, that the investment manager was managing investments in the United Kingdom. That is where he is, that is where his regulator is, that is where the Compensation Scheme is based, that is where his counterparties know him to be and that is where complainants will find him. But ask the EU exactly the same question and they will tell you that he is managing investments in Italy. They have produced the same answer for years and they will go on doing so, quite consistently. 

For all those years this difference of view has not really mattered very much. Indeed, within the Single Market, the EU would prefer you not to know where you are – everything should be the same and everyone should work together, which does have a vestige of truth, at least when it comes down to standardised regulation. Moreover, we, in this country, have not troubled to challenge this quaint EU belief because we have always been able to live with it by routinely applying for directive-based passports which we didn’t really believe we needed, except for the purpose of keeping the peace with difficult European regulators. But now reality is breaking through and we have to confront the issues arising from years of wading in fudge.

While it would be nice to think that the EU was taking its position entirely from a dutiful desire to protect its consumers, that is really quite hard to believe. As with its reluctance to recognise equivalence in others, the EU motivation is the prevalent, predictable protectionism that pervades its practice – the self-same driver that leads it to go to extraordinary lengths to stifle reverse solicitation. The time may eventually come, and Brexit may be the catalyst, when EU consumers show their resentment at obstacles created by their politicians to prevent them from buying goods and services from wherever they choose.

Meanwhile there are decisions to take. While this country has worked hard to ensure that UK consumers can continue to receive financial services from EU entities, surprisingly enough no equivalent arrangements have been made by the EU or even by most EU countries. They, like us, could have established a temporary permissions regime, but no. In order to try to unnerve UK providers, cajoling them into relocation, they prefer to run the risk of disrupting the services delivered reliably for many years to their own consumers. And they will of course seek to place the blame on the providers and the UK authorities. 

So why might it be that FCA is so coy on this question? They, like the rest of us, are well aware of the game that is being played. But they have no intention of playing into EU hands and have hinted strongly that acting in the best interests of consumers matters at least as much as observing the irrational restriction of foreign governments and regulators. After all, providing services to EU residents does not, either this year or next, become a breach of UK law or regulation, so FCA will have no role in terminating that business. So, for those who have not already jumped, the prospect of no deal poses a significant question over how to manage the situation. We believe that the key is transparency. This is a combination of a blame-game and a tussle for hearts and minds. Consumers need to understand who is doing what and why. A pre-emptive move by providers will be seen by consumers as the simple exercise of their own initiative; the provider will be blamed. But if it is crystal clear that the provider is moving only after a direct and credible threat from EU based authorities, and if evidence of that anti-competitive behaviour is all around, the penny will drop. Is there a risk that firms will be penalised? Yes, some. But does that risk outweigh the prospect that this battle might yet be won, whether in substance or in PR terms – probably not

Posted in: Brexit, ESMA, EU, FCA, MiFID, Miscellaneous, UCITS
Tagged in: , , , , , , , ,