The UK Financial Conduct Authority's (FCA's) Code of Conduct is a step-change in how firms need to engage with culture in their organisations and the behaviour of employees.
- What is the FCA's Code of Conduct?
- Does the Code of Conduct apply to me?
- What are the Individual Conduct Rules?
- What are the Senior Manager Conduct Rules?
- Complying with the Code of Conduct obligations
- How to approach Code of Conduct training
The regulator now wants to see certain standards of behaviour embedded within firms' culture and wants that backed up with robust training and documentation. Let's look at the Code of Conduct and what it asks of firms today.
What is the FCA's Code of Conduct?
The UK regulator created the Code of Conduct (COCON) in 2016. For the first time in the UK's financial services regulatory regime, there is a base level of conduct or behaviour expected of everyone involved in financial services work.
The Code of Conduct is part of an overall conduct obligations package that includes the Senior Managers & Certification Regime (SMCR) requirements.
One set of five rules is called "Individual Conduct Rules", and the second set of four rules is called the "Senior Manager Conduct Rules." By creating the Code, the FCA aims to:
- Support the development of the right corporate culture within firms
- Focus employee attention on acting with integrity and due skill, care and diligence
- Emphasise the need for employees to pay due regard to the interest of customers and treat customers fairly
- Enable firms to nurture the right compliance culture by supporting the need for employees to meet standards of market conduct
- Ensure employees know of the need to tell the FCA things that the regulator ought to be made aware of
Does the Code of Conduct apply to me?
The Conduct Rules apply to almost all employees who carry out financial services or linked activities in a firm. The Individual Conduct Rules apply to nearly all employees in a financial firm, with a few exceptions, such as:
- Switchboard operators
- Post room staff
- Print room staff
- Property/facilities management
- Securities guards
Overall, there are some 20 exceptions within the FCA's Code of Conduct document that firms need to identify to ensure they are applying the Code of Conduct in the right way. Firms should carefully review the FCA's text to identify which roles are exempt from the Code of Conduct. Failure to comply with COCON constitutes a breach which will be penalised.
The Senior Managers Conduct Rules apply to those individuals and roles identified as "senior managers" under the SMCR regime.
What are the Individual Conduct Rules?
In its documentation, the FCA provides the rules and extensive guidance. Furthermore, the FCA guides what a breach might look like for the Individual Conduct Rules. The five rules – coupled with a selection of sample breaches – for most financial services employees are:
Rule 1: You must act with integrity.
Breaches: Misleading a client, falsifying documents, and mismarking a trading position's value.
Rule 2: You must act with due skill, care and diligence.
Breaches: Failing to explain investment risks to customers or undertaking transactions without a reasonable understanding of the risks involved.
Rule 3: You must be open and cooperative with the FCA, the UK Prudential Regulation Authority (PRA) and other regulators.
Breaches: Failing to promptly answer questions posed by the regulators, failing to acknowledge or seek to resolve mistakes in dealing with customers.
Rule 4: You must pay due regard to customer interests & treat them fairly.
Breaches: Failing to provide adequate control over a client's assets, failing to disclose details of the charges or surrender penalties of investment products to a customer.
Rule 5: You must observe proper standards of market conduct.
Breaches: Manipulating or attempting to manipulate a benchmark or a market, failing to comply with market codes or exchange rules.
What are the Senior Manager Conduct Rules?
For the Senior Manager Conduct Rules, the FCA outlines four rules with additional guidance about how senior managers can fulfil their obligations. These rules, with examples of breaches, are as follows:
Rule 1: You must take reasonable steps to ensure that the firm's business for which you are responsible is controlled effectively.
Breaches: Failing to take reasonable steps to apportion responsibilities clearly; failing to take reasonable care to maintain a clear and appropriate apportionment of responsibilities.
Rule 2: You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system.
Breaches: Failing to take reasonable steps to implement adequate and appropriate controls to comply with regulatory requirements and standards, failing to take reasonable steps to ensure processes and controls are reviewed when there is a significant breach of regulatory requirements.
Rule 3: You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively.
Breaches: Failing to take reasonable steps to maintain an appropriate level of understanding about an issue or part of the business that the senior manager has delegated to an individual or individuals.
Rule 4: You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice.
Breach: If a senior manager is responsible within the firm for reporting matters to the regulator and fails to promptly inform the regulator concerned of information of which they are aware and which it would be reasonable to assume would be of material significance to the regulator.
Complying with the Code of Conduct obligations
Although the Code of Conduct looks very straightforward, as it is nine simple statements, implementing them across the organisation is substantial work.
Firms should already be complying (the deadline was March 2021), but many firms still need to do a considerable amount of work because of interruptions caused by the Covid-19 pandemic. Key steps that firms should take include:
- Identifying all of the individuals and roles that the Code of Conduct applies to
- Notifying those individuals of the rules that apply to them personally
- Training individuals about the rules. The training includes a broad understanding of all the Code of Conduct rules and a deeper understanding of the practical application of the specific rules relevant to their work.
- Putting a process in place that employees can use to notify the firm or the regulator of a breach.
- Documenting all the firm does to implement the Code of Conduct and its ongoing compliance in a way that is readily accessible if the regulator wants to review the materials.
- Creating a regular governance rhythm for the board of directors. For example, provide reports on training, code breaches, and culture survey results.
How to approach Code of Conduct training
Training is a requirement. Firms must make sure that employees know what the conduct rules are and how they apply to the roles that they're in.
The FCA wants to see that the firm has successfully embedded the Code of Conduct – and the common standards of good behaviour that it is trying to capture – across all employees. Training needs to be general so that employees understand the Code of Conduct and its requirements. It also needs to be specific so that employees understand how the Code of Conduct applies to the roles they perform.
The FCA has published a list of the elements it looks for when it reviews the Code of Conduct training that firms deploy. They are grouped here across the training journey:
- Put training in the context of the overall regime.
- Present SMCR/Conduct Rules as a step-change in regulatory expectations.
- Relevant senior managers can demonstrate appropriate involvement/oversight of training.
- Training is interactive and uses realistic scenarios.
- Examples/scenarios draw out nuances of how the rules apply to each type of role.
- Line managers are involved in training delivery, not just HR or the project team.
- Training is reinforced regularly and built into onboarding.
- Assess the effectiveness of Conduct Rules training.
- Conduct is linked to Fit & Proper and performance assessments.
In short, the regulator is looking for informative, high-quality training capable of helping evolve the culture within firms.
Want to learn more about FCA Compliance?
To help you plan and execute compliance in your organisation, we have created a comprehensive SMCR roadmap.
We also have 80+ free compliance training aids, including assessments, best practice guides, checklists, desk aids, eBooks, games, posters, training presentations and even e-learning modules!
If you'd like to stay up to date with FCA best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech news, subscribe to the Skillcast FCA Compliance Bulletin.
Last but not least, you can interact in person with thought leaders and your peers at one of our popular live webinars and face-to-face events.
If you've any questions or concerns about compliance or e-learning, please get in touch.
We're happy to help!