Culture and conduct: the FCA enforcement agenda
By Adam Brown; Emma Sutcliffe; Stuart Doxford; Clare Allen; Mark Uttley, Simmons & Simmons
Published: 01 November 2021
Culture and conduct have been at the top of the FCA’s agenda for the past few years, with a particular focus on non-financial misconduct and the importance of senior management in setting the tone for culture throughout firms. This article provides an update on the current landscape, then considers three areas in relation to culture and conduct which we expect will be particular points of focus for the FCA in 2022:
- Culture, diversity and inclusion
- Culture and conduct in a hybrid working environment
- Culture and ESG
Whilst these issues are explored by reference to the FCA’s agenda in particular, many of the themes are likely to be prevalent across jurisdictions.
What is non-financial misconduct (and is the category evolving)?
The scope of what the FCA considers to constitute non-financial misconduct appears to have expanded. In the past, enforcement action relating to non-financial misconduct was mostly limited to examples of criminal conduct, including dishonesty-type offences such as fare dodging, and tended to invoke the requirements of fitness and propriety. However, the scope of interest of the FCA appears to have extended to cover a large variety of areas, from sexual misconduct to favouritism.
As a result, firms are grappling with some very tricky questions as to whether such conduct should be considered as a conduct rule breach as well as an F&P issue – and trying to work out where to draw the line as regards non-financial misconduct. The implementation of Senior Managers & Certification Regime (SMCR) for investment managers in December 2019 has also added an additional layer of complexity. For instance, would catching an employee with drugs in the office, sending confidential emails to a personal email address or sharing answers to mandatory compliance training using instant messaging amount to a breach of a conduct rule? Would a failure to have mechanisms in place to manage these risks also mean that a Senior Manager would be held accountable? Should we be holding Senior Managers to a different standard of behaviour given that they carry the reputation of the firm?
These are difficult questions that are necessarily fact-dependent, and firms need to ensure that a consistent approach is taken both from a regulatory and employment law perspective.
Non-financial conduct risks may also be more pronounced for investment managers – which often have fairly flat hierarchies and where business owners/partners play an active role in the business and interact with staff at all levels on a regular basis. In these cases, the tone from the top is particularly important. For instance, it is important for investment managers to correct any perception that employees may have that speaking-up and raising concerns about potential misconduct by business owners/partners will not be fruitful or even be detrimental to their careers. Whistleblowing policies and procedures should be looked at carefully with that risk in mind.
Culture, diversity and inclusion
The FCA’s most recent business plan makes plain the link between culture and diversity and inclusion (D&I). In particular, the FCA highlights that an inclusive culture in which all staff can speak up allows conduct risk to be managed and reduces the risks arising from 'groupthink'.
In March of this year, Nikhil Rathi, the FCA’s CEO, stated that improving D&I is both a matter of fairness and also a crucial way to strengthen consumer outcomes. In particular, Mr Rathi referred to the 5 Conduct Questions (5CQs) that the FCA has published to focus the minds of Senior Managers on conduct risk.
Mr Rathi said that he would like to add a sixth question: “is your management team diverse enough to provide adequate challenge and do you create the right environment in which people of all backgrounds can speak up?”.
The proposed inclusion of this question on D&I, alongside the existing 5CQs, which go to fundamental aspects of how firms operate, shows the FCA’s resolve to improve diversity and inclusion. The FCA, the PRA and the Bank of England have also recently published a joint Discussion Paper on D&I in the financial sector. The Regulators ultimately aim to produce minimum regulatory expectations, monitored through the introduction of regular reporting requirements.
As a result, we expect that there will be a significant increase in scrutiny from the FCA as regards diversity, both in senior leadership teams and more generally across the industry. Investment managers should therefore be considering the diversity of their teams and ensuring that plans are in place for making necessary improvements, before being prompted by questions from the FCA.
Culture and conduct in a hybrid working environment
The FCA’s focus on culture also comes at a time when the pandemic, through widespread working from home and the emergence of hybrid working arrangements, has been re-shaping culture and placing new stresses and strains on the control environment.
With an unprecedented shift to remote working, along with heightened stress and market pressures during the pandemic, it is inevitable that the culture and control environments of many investment managers has been stretched and tested to the limit, and perhaps beyond.
In recognition of this, in October 2021, the FCA set out its remote or hybrid working expectations for regulated firms. The FCA’s expectations include:
- That there is a plan in place, which has been reviewed before making any temporary arrangements permanent and is reviewed periodically to identify new risks.
- There is appropriate governance and oversight by Senior Managers under the SMCR, and committees such as the Board, and by non-executive directors where applicable, and this governance is capable of being maintained.
- An appropriate culture can be put in place and maintained in a remote working environment.
The challenge for firms in response to this is ensuring that a good culture can be maintained despite staff working in different places, as well as making sure that the control environment can effectively mitigate the different risks associated with hybrid working arrangements, so as to identify misconduct no less effectively than for office-based employees.
In particular, we expect that some of the most significant challenges arising out of changing behaviours during the pandemic will be the handling of confidential information (including inside information) when working from home and the use of encrypted communication applications such as WhatsApp. It is likely that mishandling of confidential information, and misuse of communication tools such as WhatsApp, linked to home-working, are likely to be a focus point for FCA enforcement actions in the year ahead.
In fact, the use of WhatsApp and other similar messaging platforms has already attracted the attention of the FCA in its Market Watch newsletter; particularly the misconduct risks associated with the use of these tools as a result of them being difficult to monitor for firms.
These new risks serve to highlight the importance of setting the tone from the very top of the organisation and making sure expectations are made clear to all staff, through policies and procedures, formal training and regular reminders. The frequency of compliance spot-checks should be considered, with resources focused on any high-risk business areas.
Overlap between culture and environmental, social and governance (ESG)
ESG is also a real area of focus for firms and regulators alike and is likely to be considered a key barometer of a firm’s culture. The question of who takes responsibility for ESG within a given organisation is a real issue for firms given its immense scope. For many firms this will necessarily involve collective responsibility at senior levels for embedding ESG into the firm’s culture, across its business.
Firms should put in place appropriate oversight, for example through an ESG-focused committee. This may help to lower the risk of ESG-related issues, such as greenwashing, when it comes to product development, marketing and distribution. Firms may also wish to consider ESG through the 5CQ’s to ensure that ESG-related issues are being factored into all areas and levels of the business. Such consideration needs to look beyond the “E” in ESG, and take adequate account of social impacts and governance considerations.
We are already starting to see global regulators open enforcement investigations into investment firms on ESG issues. A key focus is on whether firms have misrepresented the extent to which their investment management processes take account of ESG factors. There is ample scope for regulators to link this issue back to culture, and to conduct rules (or principles) when imposing enforcement outcomes on firms.
The expansion of what constitutes relevant non-financial misconduct, the implementation of the SMCR and the stresses and strains of the pandemic are a particularly potent combination for investment managers. The FCA will undoubtedly be looking to take on enforcement cases in this area in order to set expectations – and to demonstrate that the SMCR has teeth.
Whilst culture and non-financial misconduct can be difficult areas for firms to grapple with, the regulatory risks of failing to do so far outweigh these difficulties. Firms should look to develop their risk mitigation strategies, through policies, training, and compliance monitoring, with specialist help as needed to ensure effective implementation.