Now It's Getting Personal: The FCA and Personal Conduct Authority Compliance Evidence Requirements

In UK Financial Services regulatory tumult, 2013 was obviously a tipping point with the UK regulator the Financial Conduct Authority (FCA), because the first time it pursued more civil and criminal enforcement action against individuals than firms. A vital change, that lots of senior managers and directors still appear ought to grasp produced by this emerging regime, which is actually being built worldwide post-crisis, is definitely the growing requirement of these people to have the capacity to manage their own individual regulatory risk. Although it might appear like an additional and unnecessary burden which adds a further worry bead for already stretched senior executives nevertheless the growing practical truth is that the active acknowledgement and control over personal regulatory risks is the most suitable possible insurance policy for an individual as and when regulatory issues arise.

Obviously senior managers have got a duty to contribute to their firm being compliant and similarly must be expected to demonstrate discharge of their personal regulatory obligations and accountabilities. Included in the new individual's core competency having the ability to manage their own individual regulatory risk brings into play several elements for consideration:
Clear illustration showing effective performance of responsibilities is definitely a unique and different angle to the use of job descriptions within the internal environment. It is clear the fact that the companies producing the job description of the future will have to get them to be much more detailed in contrast to those currently used, and also for the protection of both the individual plus the firm it is critical that all regulatory criteria, levels of and matrix of responsibilities, including company expectations are included. At some point, as being a daily part in the management of the firm, senior managers will routinely have to gather and store evidence to show that they individually discharged all of their obligations and responsibilities. When their role changes they will need to perform an intensive documented hand-over and acceptance by the incoming manager to make certain that all concerned have managed their personal regulatory risk adequately. It could actually easily be regarded as a cottage industry however the increased level of documentation regarding job descriptions will become a crucial part of enabling senior managers to exhibit the appropriate performance of their total responsibilities.
Increasing and developing knowledge and awareness not just of the changing regulatory environment but also in the implications of the changes. Participating in a continuously evolving and rolling regulatory training programme or undertaking a prearranged institute led CPD course may very well be another. Failure to remain "on the ball" may lead to a significantly increased chance of enforcement action for any unprepared or unaware individual and are generally more likely to feel the full brunt of supervisory enforcement. If this occurs and a senior manager finally ends up not being banned as part of any enforcement action, it is highly likely that this individual who has “only” been fined is ever going to work again in any senior capacity in any financial services firm.
In establishing and developing any individual personal vault or store of evidence brings with it IT security, access and usage issues, that firms will need to identify and form policy. All senior managers will need to build and keep their very own personal evidence to demonstrate the full and complete discharge of their regulatory obligations, and this really should be portable so that they can be able to call upon the details at any stage of litigation in the coming years. For the quantitative elements this really is going to be a comparatively simple process but there can be often challenges when culture is added directly into the mix. One quick win could possibly be to accumulate all board and various meeting minutes which give evidence of the problem and engagement with the individual. To have an appreciation of the scope of the evidence that should be gathered, senior managers could check out the Financial Stability Board's consultation paper "Increasing the Intensity and Effectiveness of Supervision", which constructed a summary of “indicators” for senior managers to which they are able to demonstrate compliance in addition to a good culture throughout the firm.

There are many indicators of a sound risk culture that ought to be considered collectively as well as mutually reinforcing; thinking about each indicator in isolation will overlook the multi-faceted nature of risk culture. These indicators include:
Tone from the top: The board of directors and senior management would be the starting position for setting the financial institution’s core values and risk culture, and also their behaviour must reflect the values being espoused. This tends to need the leadership systematically developing, monitoring, analysing and assessing the culture inside the financial institution through effective governance measures including policies, procedures, internal attestations and under-managers performing their own individual assessments.
Accountability: Successful risk management requires employees at all levels to comprehend the core values of the institutions’ risk culture together with its approach to risk, be capable of performing their prescribed roles, and become conscious that they are held accountable with regard to their actions in relation to the institution’s risk-taking behaviour. Staff acceptance of risk-related goals and related values is essential.
Effective challenge: A sound risk culture promotes a place of effective challenge in which decision-making processes promote many different views, enable testing of current practices, and stimulate a positive, critical attitude among employees along with an environment of open and constructive engagement.
Incentives: Performance and talent management should encourage and reinforce repair of the financial institution’s desired risk management behaviour. Financial and non-financial incentives should secure the core values and risk culture at all levels of the financial institution.

These are generally further enhanced by other messages for senior management conduct including;
being dedicated to establishing, monitoring and implementing an effective risk appetite statement that underpins the financial institution’s risk management strategy and it is integrated with the overall business strategy.
Developing a clear view of the risk culture in which they aspire for the financial institution, systematically monitor and evaluate the prevailing risk culture and proactively address any identified elements of weakness or concern.
Promote through actions and words a risk culture that expects integrity and a sound strategy for risk. The board and senior management promote an open exchange of views, challenge and debate, including guaranteeing all directors have the tools, resources and data to carry out their roles effectively, particularly their challenge function.
Engage mechanisms including talent development and succession planning, that will help to reduce the influence of dominant personalities and behaviours.
Systematically assess whether the espoused values are communicated and followed by management and staff at all levels to make certain that the “tone at the middle” and through the entire institution matches the “tone at the top”.
Employing adequate mechanisms in place to evaluate whether or not the risk appetite statement, risk management strategy and overall business strategy are clearly understood and embraced by management and staff at all levels, and effectively a part of the decision-making and processes within the business.
established a compensation structure that supports the institution’s espoused core values and promotes prudent risk-taking behaviour.
Generate a clear knowledge of the standard and consistency of decision-making throughout the business, including how decision-making is consistent with the financial institution’s risk appetite as well as the business strategy.
Provide and analyse clear views on the business lines believed to pose the greatest challenges to risk management, for instance unusually profitable aspects of the company, that are subjected to constructive and credible challenge in regards to the risk-return balance.
Monitor how fast issues raised by the board, supervisors, internal audit along with other control functions are addressed by management.
Implement and embed clear methods to be sure that any failures or near-failures in risk culture, (internally or externally), are reviewed regularly (at the very least annually) at all levels of the organisation and therefore are seen as an possibility to strengthen the financial institution’s risk culture making it more efficient.
Analyse and articulate lessons learned from recent along with past errors which are described as an possible opportunity to strengthen the firm’s risk culture and to produce a catalyst for certain changes for the future.

One final point around the upkeep of personal evidence to demonstrate the compliant execution of regulatory obligations concerns intellectual property. When a senior manager changes firms it really is entirely reasonable that they are able to retain the suite of documents to allow for their compliant behaviour, but considering that at least several of the documents might be business-sensitive, and also be the intellectual property of the firm, sensible arrangements needs to be created to allow the senior manager gain access to the documents under specific situations as and when they are no longer working for the firm.

Governance packs can be seen at

Author's Bio: 

Compliance Consultant is regarded as the flexible of UK Regulatory Consultancies, providing fast responsive solutions for the financial services industry. With qualified and experienced staff from complaints handlers to Chartered Fellows of city of London institutions, we have the specialist knowledge and experience to eliminate your challenges today!

Compliance Consultant is skilled in implementing new banks from the Governance, Risk and Compliance aspects and would welcome early discussions with new start-up banks. Make contact on +44 (0)20 7097 1434 or email

For detailed information see