This Duty of Responsibility enables the regulators (the PRA and FCA) to take action directly against a Senior Manager regarding a breach at a regulated firm if they can show that the Senior Manager failed to take 'reasonable steps' to prevent or stop the breach.
When can regulators can take enforcement action?
The Duty of Responsibility is contained in section 66A(5) of the Financial Services and Markets Act 2000 (FSMA). The statutory Duty of Responsibility has applied to Senior Managers of banking firms since May 2016. It applied to Senior Managers of dual regulated insurers with effect from 10 December 2018 and the majority of FCA solo-regulated firms from 9 December 2019.
As detailed in the FSMA, to take enforcement action, the regulators must be able to show that a Senior Manager "did not take such steps as a person in the senior manager's position could reasonably be expected to take to avoid the contravention occurring (or continuing)".
The burden of proof lies with the regulators. The Senior Manager does not need to show that they took reasonable steps. It is for the regulator(s) to prove that they did not. However, while this may be the case, Senior Managers will want to understand what action they can take to demonstrate that reasonable steps have been taken.
What are reasonable steps?
The FCA has issued guidance that includes a non-exhaustive list of considerations that it will consider when determining whether or not a Senior Manager has taken ‘reasonable steps’.
The guidance is contained in the FCA Handbook, in DEPP 6.2.9E.
Factors considered when assessing reasonable steps:
- The Senior Manager’s role and responsibilities
- How long the Senior Manager has been in their role
- Whether there was an orderly handover when they took up the role
- Whether they have implemented adequate and appropriate systems and controls
- The information available to them
- What they did with that information
- How tasks had been delegated and managed.
How to demonstrate reasonable steps
The FCA’s Policy Statement, PS 18/16, sets out how the FCA will apply the Duty of Responsibility to insurers and FCA solo-regulated firms.
The PRA, in its Consultation CP14/17, proposed that its guidance for the application of the Duty of Responsibility to insurers would mirror its existing guidance for the application of the Duty of Responsibility to deposit-takers and PRA-designated investment firms. The PRA confirmed this approach in Supervisory Statement 28/15, which was issued alongside the FCA’s PS 18/16.
In PS18/16, the FCA comments that it may be in the interest of a Senior Manager (SM) to keep records of relevant steps they take in case questions are raised whether by their firm, its lawyers, auditors, insurers or customers, the FCA or another regulator.
How Senior Managers can protect themselves
The FCA Handbook Guidance is a useful starting point for Senior Managers when considering how to protect themselves.
1. Stay up-to-date with regulations
Keeping abreast of regulatory concerns and developments, particularly those that will impact their role and responsibilities.
2. Understand the impact of regulations
Understanding the impact of all relevant statutory, common law and other legal obligations relevant to their role and responsibilities.
3. Delegate appropriately
Ensuring that any delegation of their responsibilities is only made to an appropriate person with the necessary capacity, competence, knowledge, seniority, skill, and steps are undertaken to oversee any delegated responsibility.
4. Create clear & effective reporting lines
Ensuring that the reporting lines concerning the firm’s activities for which they are responsible are made clear to staff and operate effectively.
5. Implement knowledge & performance reviews
Implementing appropriate policies and procedures to review the competence, knowledge, skills and performance of staff members to assess their suitability to fulfil their duties.
6. Implement governance & risk reviews
Reviewing the governance, operational and risk management arrangements for the firm’s activities for which they were responsible, including, where appropriate, corroborating and challenging the information available to them.
7. Stay informed about activities you are responsible for
Understanding and informing themselves about the firm’s activities for which they are responsible, including:
- Seeking an adequate explanation of issues within a business area, if they are not an expert in that area;
- Maintaining an appropriate level of understanding about an issue or a responsibility that they have delegated to another individual(s);
- Obtaining independent, expert opinion where appropriate;
- Only permitting the expansion or restructuring of the business after having reasonably assessed the potential risks;
- Monitoring highly profitable transactions, business practices, unusual transactions, or individuals who contribute significantly to the profitability of a business area or who have significant influence over the operation of a business area.
Interestingly the FCA says that where SMs are involved in a collective decision affecting the firm’s activities for which they were responsible, and it was reasonable for the decision to be taken collectively:
The FCA will review whether the SM took reasonable steps to ensure:
- That they informed themselves of the relevant matters before taking part in the decision; and
- Exercised reasonable care, skill and diligence in contributing to it.
This point may make SMs more cautious when asked for their input or conclusions on issues that appear to depart from their allocated role and responsibilities.
It is also important that SMs and firms ensure their Statements of Responsibilities (SoR) are accurate and kept up to date. And where applicable, firms’ Management Responsibilities Maps should reflect the responsibilities set out in Senior Managers’ SoRs. The regulators will consider these documents when determining the extent of the SM’s responsibilities in a firm.
In March 2019, the FCA published Final Guidance FG19/2 to assist solo-regulated firms when preparing their SoRs and Responsibilities Maps.
Want to learn more about SMCR?
If you'd like to stay up to date with SMCR best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech news, subscribe to the Skillcast Compliance Bulletin.
To help you navigate the compliance landscape, we have collated searchable glossaries of key terms and definitions across complex topics, including GDPR, Equality, Financial Crime and SMCR. We also regularly report key learnings from recent compliance fines.
You can follow our ongoing YouGov research into compliance issues, attitudes and risk perceptions in the UK workplace through our Compliance Insights blogs.
And if you're looking for a compliance training solution, why not visit our Compliance Essentials Course Library.
Last but not least, we have 70+ free compliance training aids, including assessments, best practice guides, checklists, desk-aids, eBooks, games, handouts, posters, training presentations and even e-learning modules!
If you've any questions or concerns about compliance or e-learning, please get in touch.
We are happy to help!