At a conference held by the FCA at the end of last year, director of investigations Jamie Symington made it clear the regulator is comfortable making purposeful examples of people and firms in their enforcement work.
In particular he referred to the personal fine on three directors of Swinton Group in relation to sales tactics. He mentioned repeat offences and non-cooperation as issues being considered in other cases. Will this approach give rise to an increase in attestations?
Attestations have become a popular supervisory tool employed by the regulator in recent years, despite the fact they do not form part of the FCA handbook. Nor do they appear in any financial services legislation. As a result, the use and parameter of these attestations has been a cause for concern among firms.
Chairman of the FCA Practitioner Panel Graham Beale wrote to director of supervision Clive Adamson expressing some of the panel's concerns. The main one was that FCA supervisors were not applying them consistently. It also feared too much time was being spent on the terms of the attestations as opposed to rectifying the issue.
Adamson confirmed attestations are a formal supervisory tool and will continue to be utilised by the FCA. Their use is to ensure accountability and guarantee sufficient senior management focus on issues needing to be resolved. Indeed, the FCA has promised to ensure future attestations are signed off at head of department level. Their aim is not to discover further issues and they do not have a disciplinary function. Their aim is simply to ensure existing issues are resolved.
Adamson provided scenarios of when attestations are likely to be used:
Notification: Where there is an emerging risk unlikely to have a major impact on the firm, someone within the firm will be given the responsibility of monitoring and notifying the FCA of any changes to it.
Undertaking: Where there is a risk unlikely to have a major impact on the firm but the FCA want the firm to take a particular action to manage it within a specified timescale.
Self-certification: Where there is a significant issue but it is considered the firm can handle it themselves, the FCA will ask for certification that the risks have been mitigated or resolved.
Verification: Where the FCA requires verification that the matter has been dealt with.
So, how should you deal with an attestation request? The FCA will request the attestation from the senior significant influence function holder in the part of the business that has the problem. In this way the "personal accountability" (and liability) element is emphasised. It will not always be the chief executive asked to sign an attestation.
The most important thing is that the attestation is clear, realistic and limited in scope. It is vital you have an open dialogue with the FCA about what it expects and you make sure the attestation corresponds with the outcome of that discussion. Following this dialogue you should be in a better position to record the attestation accurately and it should give you the confidence to sign it knowing fully what you have agreed to do. Provision should be made for unexpected events or discoveries during the process.
What if it all goes wrong and you cannot comply? The extent to which there is "breach" will depend on each circumstance. An attestation may contain tasks and responsibilities that you, the signatory, are unable to carry out single-handedly. It may require the assistance of a number of employees. As a result, before signing, you should check you have a team in place to help you carry out the task or responsibility. After signing you should communicate what needs to be done and have a system in place to monitor progress.
Be aware that by signing an attestation you are becoming personally responsible and liable for carrying it out. You may wish to consider obtaining professional advice before you commit yourself.
There are some essential steps. Keep written evidence of the whole process, including (but not limited to):
- The open dialogue with the FCA and your senior colleagues, particularly where the objectives of the attestation were considered
- The attestation itself
- Communication in a clear plan with the employees assisting you to carry out your responsibilities under the attestation
- The steps, both up and down the chain, you have undertaken to fulfil those responsibilities
It is only through taking those minimum steps you can demonstrate you have done all in your power to fulfil the attestation despite unforeseen issues.
Despite not being disciplinary in nature, an attestation and its outcome is likely to appear on your FCA approved person file, which is a record that will survive changes of employer. It is not clear the length of time attestations may stay on a file or indeed what and how much information will be published in the quarterly reports. We calculate the first quarterly report is due out at the turn of the year.
We foresee difficulties arising after signature of attestations as putting a firm on the radar of enforcement. For that reason attestations must be dealt with very smoothly.