Most large organisations are given to a degree of boastfulness about how professional they are, how unique, how generous, how green, how even-handed between employees. FCA is no exception. Indeed, it is required by law to tell us how its rules avoid discrimination of any conceivable kind. It is the very model of political correctness. And yet, there are moments when FCA’s most important work is carefully buried in obscurity, under a vast pile of words, drawing the eye away from the nuggets.
Following the shower of FCA papers on SMCR published this month, it is now becoming clear that the headline elements have fully succeeded in their purpose of attention-grabbing, but that some of the most important features have passed almost without notice or comment.
Take the impact of the conduct rule. There can be few firms that are not now aware of COCON, the FCA’s nearly new Code of Conduct. It applies already to banks and it will apply to everybody else from late next year. So, what is new about a list of high level obligations that look remarkably like the Principles that have been in place for decades? Wherein does the big change lie?
It would be tempting to say that what was changing was a shift from duties on firms to duties on people. But, as soon as the words are uttered, we have to acknowledge that it is not so simple. For years we have lived with APER, the Statement of Principles and Code of Practice for Approved Persons. It too contains rules that apply to individuals and look remarkably like the long-standing Principles for Businesses. Even the responsibility element is not new, as any approved personperforming an ‘accountable higher management function’ could easily tell you. So, is it just re-arranging the deck-chairs to conform to Parliament’s intervention after the banking crisis? Well, yes and no.
For senior managers, the SMCR rule changes are not that substantial. The Statement of Responsibility may be new but it is little more than an evidential document designed to facilitate enforcement action, with the incidental advantage of improving the clarity of many management structures. The key for this group lies in the shift in regulatory intentions – holding senior managers personally responsible for failures on their watch. Watch this space. There will be tears before bed.
The material change lies elsewhere. In the old days – the era we live in that comes to an end on 9thDecember 2019 – those exposed to FCA sanctions had signed-up on the momentous occasion that they acknowledged formally that they were applying to take on a controlled function. That wet signature was unmistakable, a blank cheque to FCA. In the new world affected individuals may not know who they are. COCON applies to all employees of any FCA-regulated firm (with very few exceptions) unless their role is purely ancillary. They will not have signed an application to FCA, they may not have been forewarned, they may not know or understand what is required of them. The employing firm is obliged to inform and train them – and the good ones will do so. Has FCA gone out of its way to focus attention on this? Most would say, from what little has been said, that they have not.
While no one can accuse FCA of failing to articulate its plans for the new regime, the Regulator’s focus is on practicalities. Diligent as ever, FCA is laborious to a fault about the transitional process from old to new. All of that should be well-received by the managers charged with implementation. However, when it comes to the Regulator’s expectations of the conduct of individuals, much less is said, with the most valuable guidance given the least visibility.
In a short and obscure Policy Statement (PS18/16), FCA confirms that it has extended the application of key guidance to senior managers of firms not previous covered, through definitional changes mentioned in its previous Consultation Paper, but actually set out elsewhere. The guidance itself is, of course, not worthy of further mention. Not by FCA anyway. So let me dilate.
The guidance addresses the key question of what a senior manager is expected to do to discharge his duty of responsibility to prevent breaches of regulations within his domain. Managers may like to know what the Regulator is likely to consider and the FCA answers that question. Deep within the Decision Procedure and Penalties manual (DEPP), FCA sets out 18 questions, relating to the conduct of a manager, that it would expect to consider when looking at the manager’s culpability for breaches. Arch-cynics will say that this is then buried, as it undoubtedly is, in order to catch managers knapping. The truth is both simpler and duller. For legal and practical reasons, rules are published and then not repeated unless subject to change. The fact that this guidance becomes applicable to many thousands of newly appointed senior managers is apparently not reason enough. Nevertheless, many would say that no senior manager should leave this guidance unread.