Conduct Rules for Non-Executive Directors (NEDs)
NEDs are an important part of a firm's governance and provide independence and oversight. In addition to complying with the statutory and fiduciary duties, NEDs in financial services have regulatory obligations.
The Conduct Rules set the standard of personal conduct for everyone in financial services. NEDs are subject to higher standards and a higher level of accountability than others in the firm.
Our Conduct Rules for Non-Executive Directors (NEDs) course outlines which conduct rules apply to NEDs.
- 30 Minutes
- Managers
- Based on UK legislation, but suitable for global audiences upon the removal of UK-specific references and translation as necessary.
- FCA Compliance Library, SMCR Library

Learning objectives
- Understand how the Senior Managers and Certification Regime (SM&CR) applies to NEDs
- Understand when a NED may become the holder of a Senior Manager Function
- Recall the Conduct Rules that apply to you as a NED
- Explain how the Conduct Rules apply in practice
- Describe how you will comply with the Conduct Rules in your role
- Describe when the Prudential Regulation Authority (PRA) or Financial Conduct Authority (FCA) might take action for non-compliance with the Conduct Rules
What can you expect your employees to learn?
Welcome
What are the Conduct Rules for NEDs?
- NEDs are treated differently under SMCR
The Senior Managers & Certification Regime
- What are the Conduct Rules?
Individual Conduct Rule 1: Integrity
- Examples of breaches
- You decide: Is it a breach?
- Individual Conduct Rule 1: Key takeaways
Individual Conduct Rule 2: Due skill, care & diligence
- Examples of breaches
- You decide: Is it a breach?
- Individual Conduct Rule 2: Key takeaways
Individual Conduct Rule 3: Cooperation with regulators
- Examples of breaches
- You decide: Is it a breach?
- Individual Conduct Rule 3: Key takeaways
Individual Conduct Rule 4: Customers' interests
- Examples of breaches
- You decide: Is it a breach?
- Individual Conduct Rule 4: Key takeaways
- Individual Conduct Rule 5: Market conduct
- Examples of breaches
- You decide: Is it a breach?
- Individual Conduct Rule 5: Key takeaways
Individual Conduct Rule 6: Consumer Duty
- Examples of breaches
- You decide: Is it a breach?
- Individual Conduct Rule 6: Key takeaways
Senior Manager Conduct Rule 4: Disclosures to regulators
- You decide: Is it a breach?
- Senior Manager Conduct Rule 4: Key takeaways
- Handling breaches
Serious consequences
- In the news: Regulatory repercussions
Summary
Affirmation
Assessment
Hear from our learners
Excellent easy-to-use LMS which Skillcast have specifically tailored to our needs to also host a Global Policy Portal and global staff surveys, alongside providing live MI reporting.
Being able to personalise our own training has been a game-changer! Excellent training was provided on how to use the CMS and the support team have been so helpful, patient and quick to reply when I've got stuck.
We have been enjoying e-learning with Skillcast for 10 years now. Their customer service is always at the highest level, always very attentive, responsive, and polite. Highly recommend to any company who is looking for a high quality e-learning and customer service (they have both in high standards).
We started using Skillcast for our employee's compliance training a few months ago and the experience has been excellent. Skillcast was very efficient in the set up process they then helped support us with rolling out our staff training in a seamless way. The course content is highly detailed and professionally delivered. Overall, I would highly recommend Skillcast as your LMS training provider.
Excellent courses with a brilliant support team
We've been using Skillcast for approx. 1.5 years and have been very happy with the service received and the courses offered. The customer service from the support team is excellent, they always respond quickly and are very helpful. The courses offered cover a broad range and the FCA courses were particularly useful to our business.
Incredibly helpful support team, who work with you to provide tailored advice and practical assistance. You are supported every step of the way. Would highly recommend.
I cannot overstate how happy with are with Skillcast. They are prompt, attentive, patient and always so good humoured. The teams work seamlessly, and there is always someone to cover in the absence of a team member. I am always impressed and very happy to work with the team.
A great LMS with a dedicated and knowledgeable team behind it. The LMS has a number of features that are gradually shared and which keeps on being developed.
Every member of the team I have had dealings with have been quick, efficient and very accommodating. No task or query is to big for them, and always a quick and prompt response. Pleasure to work with
We use Skillcast for our corporate training and it's a good LMS platform with a great variety of courses available. The platform is user-friendly and easy to navigate, and courses are up to date with legislation.
Skillcast is easy to set up and use. You can design the colours of the platform to fit you company branding. Support team are very helpful and nothing is too much trouble.
Excellent systems, user-friendly and easy to use.
Skillcast is a great platform to use for Compliance e-learning. The staff found the courses informative and engaging. There is a wide range of compliance related topics on the essentials library. The LMS is easy to use, and provides reports to track staff progress, which is a helpful feature.
The range of course libraries are comprehensive and the ability to select from multiple modules was important to us. The Global Library provides courses in multiple languages. We were also impressed with the microlearning modules. The platform is a great option for us and for our business requirements. We can also trust in Skillcast to review and update the modules so that they remain relevant and incorporate the latest developments in regulation.
Excellent services provided by the Skillcast team and the Skillcast system is simple to use.
The service provided for our company is excellent. The platform provides essential training for our business. When liaising with Skillcast in preparation for training delivery their customer service is excellent and we would definitely recommend.
Skillcast has truly transformed our approach to compliance training and tracking at Imagination. Not only does it seamlessly manage our global company's compliance requirements, but it also enhances employee engagement through its user-friendly interface and interactive content. What sets Skillcast apart is not just the platform itself, but also their exceptional customer service team. They are responsive, knowledgeable, and dedicated to providing tailored solutions to our unique needs. It's been instrumental in streamlining our compliance processes and fostering a culture of proactive risk management, growth & development."
They listened to our needs and helped tailor the existing course to our organisation with ease, ensuring accessibility requirements were maintained and the training was engaging and presentable. All their help was been very appreciated and I couldn't have asked them to do any more for us. I would recommend Skillcast to anyone looking to bring in new training modules to their organisation.
Skillcast provide an A-star product with excellent customer service support.
Start your compliance e-learning journey with a free trial
Our no-obligation free trial gives you access to our libraries and compliance platform.
Ready to start your free trial? Complete the form, and a member of the Skillcast team will be in touch with further details.
Your questions, answered
SMCR
Common FAQs
What is SMCR?
Senior Managers Regime
This enforces a detailed and clear allocation of responsibilities between senior managers at each firm, with particular emphasis placed on key documents - 'Statements of Responsibilities' and 'Responsibilities Maps'. These help to record the distribution of responsibility to individual Senior Managers and to demonstrate to the regulators that there are no gaps or excessive overlaps.
Always bear in mind that Senior Managers have a statutory duty of responsibility "to take reasonable steps to prevent regulatory breaches in the areas of the firm for which they are responsible".
Certification Regime
This requires firms to check and confirm that employees performing roles relating to the firm's regulated activities are fit and proper, based on their qualifications, competence and personal characteristics.
Once this has been confirmed, the firm needs to issue them with a certificate that must be renewed every year.
Conduct Rules
This consists of a set of rules provided in the FCA's Code of Conduct Handbook (COCON) that covers all individuals: Senior Managers, Certified Persons and other employees.
What is the scope of the SMCR?
SMCR rollout waves
The SMCR has been rolled out in three waves:
Wave 1: Banks, building societies, credit unions and large investment firms in March 2016 (updated July 2018)
Wave 2: Extended to insurance firms (those regulated by the FCA and PRA) in December 2018
Wave 3: The remaining financial services firms (otherwise known as 'solo-regulated firms' since they are regulated only by the FCA, not the FCA and PRA) came under the scope of this regime in December 2019.
SMCR categories
The range of firms in the third wave is very diverse. Consequently, the FCA has grouped them into three categories to ensure that the regulation is proportionate to their sizes and activities:
Core: Firms that have to comply with the baseline requirements for solo-regulated firms
Limited scope: Firms that already had exemptions under the Approved Persons Regime, and are exempt from some requirements and require fewer senior management functions
Enhanced: Firms that have extra requirements - these are large, complex firms with potential impact on consumers or markets which warrant more attention from the FCA
What's needed to comply with SMCR?
- Statement of Responsibilities - Set out the areas for which each Senior Manager is personally accountable
- Responsibilities Map - This knits together the Statement of Responsibilities
- Pre-approval for all Senior Managers - obtain this from the regulators before they carry out their roles
- Duty of Responsibility - Ensure that Senior Managers understand their responsibilities and take reasonable steps to prevent regulatory breaches in their areas of responsibility
- Identify all Certified Persons - These are all material risk takers
- Fit and Proper Assessment - Of all Certified Persons, then re-assess on an annual basis
- Training - Of all those who are subject to the Conduct Rules
SMCR Training
Such training must result in employees gaining awareness and a broad understanding of all of the conduct rules, as well as a deeper understanding of the practical application of the specific rules which are relevant to their work.
To help with SMCR implementation, we have created a 3-step training model.
We provide a comprehensive set of SMCR training courses for all financial firms, including banking, insurance and solo-regulated firms.
Duty of Responsibility
Senior Managers have a statutory duty of responsibility "to take reasonable steps to prevent regulatory breaches in the areas of the firm for which they are responsible".
The FCA can take action against a Senior Manager (SM) where it can show that:
There was misconduct by the SM's firm,
At the time of the misconduct or during any part of it, the SM was responsible for the management of any of the firm's activities in relation to which the misconduct occurred, and the SM did not take such steps as a person in their position could reasonably have been expected to take to avoid the misconduct occurring or continuing.
The burden of proof for all these elements lies on the FCA. The SM does not need to show that they took reasonable steps - rather, it is for the FCA to prove that they did not. The defence against such action is if the senior manager can show that they took "the steps that are reasonable for a person in that position to take to prevent a regulatory breach from occurring".
Fitness and Propriety
The FCA must approve all senior managers, which assess whether they are fit and proper to perform the given function or responsibility.
Three key factors determine whether you are Fit and Proper:
Honesty, integrity and reputation
Competence and capability
Financial soundness
When determining a person's financial soundness, the FCA will not normally require a statement of assets or liabilities of the person. Limited financial means does not in itself affect the suitability of a person to perform an SMF.
When appointing a Senior Manager or Certified Person, firms must obtain a regulatory reference from all their past employers going back six years. This requirement also applies when appointing NEDs who are not Senior Managers.
For this purpose, firms need to retain records of disciplinary and fit and proper findings going back six years and not enter into arrangements that conflict with their disclosure obligations.
What are the SMCR Conduct Rules?
SMCR incorporates new high-level standards of behaviour that apply to almost all employees who carry out financial services activities in a firm. Some Conduct Rules apply to all employees, while others apply only to Senior Managers.
The Conduct Rules are intended to drive up standards of individual behaviour in financial services. By applying them to a broad range of staff, the FCA aims to improve individual accountability and awareness of conduct issues across firms.
Individual Conduct Rules (ICRs)
These apply to all employees, with the exception of ancillary staff, such as facility managers, personal assistants, receptionists, medical staff, IT and HR, who perform a purely non-financial service's role. These ICRs also apply to Non-Executive Directors.
ICR 1: You must act with integrity
ICR 2: You must act with due skill, care and diligence
ICR 3: You must be open and cooperative with the FCA, the PRA and other regulators
ICR 4: You must pay due regard to the interests of customers and treat them fairly
ICR 5: You must observe proper standards of market conduct
Senior Manager Conduct Rules (SMCRs)
These apply only to Senior Managers, including NEDs (SC 4 even applies to out of scope NEDs)
SC 1: You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively
SC 2: You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system
SC 3: You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively
SC 4: You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice
What does SMCR Best Practice look like?
Stay up to date with SMCR best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech by subscribing to the Skillcast Compliance Bulletin.
3-Step SMCR Training Model
Whether you're new to the SMCR or benchmarking existing processes, our training model will help get your compliance training on track.
FCA Conduct Rules Training Aid
Our desk aid has ten tips on how to ensure your staff fully understand and adhere to conduct rules.
FCA COCON Breaches Desk Aid
Our desk aid reminds all of your staff fully of the ten easiest ways to breach the FCA Code of Conduct.
Operational Resilience Implementation Checklist
Ensure your firm follows the FCA guidelines for a compliant operational resilience programme.
Fit and Proper Training Presentation
Firms need to assess the Fitness and Propriety (F&P) of Senior Managers and Certified Persons when they are appointed and on an ongoing basis. Our F&P training presentation uses scenarios to help explain this further.
SMCR & Non-financial Misconduct
A lack of public confidence and some damaging press stories have renewed the FCA's focus on conduct, including non-financial misconduct. Find out more, including a free training module and a desk aid.
SMCR Solo-Regulated Firms Key Questions Answered
We answer the questions every solo-regulated firm has been asking.
SMCR Insurance Firms Key Questions Answered
We also answer the questions every insurance firm has been asking.
How to Evidence your SMCR Competence
If you cannot articulate what is adequate and competent within your firm, you simply won't be able to evidence SMCR compliance when the FCA comes knocking!
How to Prevent SMCR Training Damaging Staff Motivation
SMCR created a step-change in personal accountability, causing a headache, especially when dealing with those who've never been accountable before. That's why it's important to take steps to address any issues before they spiral out of control.
What are the SMCR Functions?
The Senior Managers Regime (SMR) applies to those who perform a Senior Management Function (SMF). The FCA has classified specific functions as SMFs, so that it knows who a firm's senior decision-makers are, and to make sure that firms clearly allocate specific responsibilities to those key individuals.
In certain circumstances, firms can have more than one individual performing a single SMF. However, the FCA expects that SMFs are only shared where it is justified and appropriate.
The list of SMFs that apply depends on the type of firm.
5.1 Governing Function SMFs
SMF1 | Chief Executive | Core and Enhanced firms |
SMF3 | Executive | Core and Enhanced firms |
SMF7 | Group Entity Senior Manager | Enhanced firms only |
SMF 9 | Chair (non-executive) | Core and Enhanced firms |
SMF10 | Chair of the Risk Committee | Enhanced firms only |
SMF11 | Chair of the Audit Committee | Enhanced firms only |
SMF12 | Chair of the Remuneration Committee | Enhanced firms only |
SMF13 | Chair of the Nominations Committee | Enhanced firms only |
SMF14 | Senior Independent Director | Enhanced firms only |
SMF27 | Partner | Core and Enhanced firms |
5.2 Required Function SMFs
SMF16 | Compliance oversight | Core and Enhanced firms (and sole traders, authorised professional firms and oil market participants) |
SMF17 | Money Laundering Reporting officer | Core and Enhanced firms and (and sole traders and oil market participants) |
SMF18 | Other Overall Responsibility | Enhanced firms only |
SMF29 | Limited Scope Function | Limited Scope firms (e.g. limited permission consumer credit firms, authorised professional firms, firms that intermediate insurance without this being principal business) |
The Overall Responsibility requirement means that an Enhanced firm will need to make sure that every activity, business area and management function has a Senior Manager with overall responsibility for it. This is to prevent an unclear allocation of responsibilities.
Overall Responsibility means that a Senior Manager:
- Has ultimate responsibility for managing or supervising a function
- Briefs and reports to the governing body about their area of responsibility
- Puts matters requiring decisions about their area of responsibility to the governing body
5.3 Systems and Control SMFs
SMF2 | Chief Finance Function | Enhanced firms only |
SMF4 | Chief Risk Function | Enhanced firms only |
SMF5 | Head of Internal Audit | Enhanced firms only |
SMF24 | Chief Operations Function | Enhanced firms only |
What are the required responsibilities under the SMCR Responsibilities
You need to be aware that there are more responsibilities for Senior Managers than just the ones found within each SMF's definition. The regulators have listed certain 'Prescribed Responsibilities' (PRs) that each firm is required to allocate between Senior Managers.
Each PR would generally be allocated to the Senior Manager who performs the SMF most closely linked to the given responsibility. PRs can be shared but not split between Senior Managers. Where responsibility is shared, it is recorded identically in each of the Senior Manager's Statements of Responsibilities.
If there is a breach, all Senior Managers sharing that responsibility may be required to demonstrate that they took reasonable steps to prevent or stop the breach.
The list of PRs that applies depends on the type of firm. Responsibilities (a), (b), (b-1), (d) below cannot be allocated to SMF 18 (Other Overall Responsibility) and responsibilities (j), (k), (l) below should be performed by a non-executive director if possible.
(a) | Performance by the firm of its obligations under the SMR, including implementation and oversight | All firms |
(b) | Performance by the firm of its obligations under the Certification Regime | All firms |
(b-1) | Performance by the firm of its obligations in respect of notifications and training of the Conduct Rules | All firms |
(d) | Responsibility for the firm's policies and procedures for countering the risk that the firm might be used to further financial crime | All firms |
(z) | Responsibility for the firm's compliance with CASS (if applicable) | All firms |
(c) | Compliance with the rules relating to the firm's Responsibilities Map | Enhanced firms only |
(j) | Safeguarding and overseeing the independence and performance of the internal audit function (in accordance with SYSC 6.2) | Enhanced firms only |
(k) | Safeguarding and overseeing the independence and performance of the compliance function (in accordance with SYSC 6.1) | Enhanced firms only |
(l) | Safeguarding and overseeing the independence and performance of the risk function (in accordance with SYSC 7.1.21R and SYSC 7.1.22R) | Enhanced firms only |
(j -3) | If the firm outsources its internal audit function, taking reasonable steps to ensure that every person involved in the performance of the service is independent from the persons who perform external audit, including supervision and management of the work of outsourced internal auditors, and management of potential conflicts of interest between the provision of external audit and internal audit services | Enhanced firms only |
(t) | Developing and maintaining the firm's business model | Enhanced firms only |
(s) | Managing the firm's internal stress tests and ensuring the accuracy and timeliness of information provided to the FCA for the purposes of stress-testing | Enhanced firms only |
(za) | Responsibility for an AFM's assessments of value, independent director representation and acting in investors' best interests | Authorised Fund Managers |
Who is responsible for assessing competence?
What types of evidence can demonstrate competence?
How often should competence be reviewed?
Are Skillcast courses SCORM-compliant?
What other tools are needed beyond training?
Is our training content still compliant with the latest legislation?
- You can check the latest course content updates in our library updates page: https://www.skillcast.com/compliance-course-library-updates
- For major legislative changes, we:
- Will send you email alerts to ensure you are notified
- Offer you a free trial of newly created or updated content
- Host webinars with compliance experts to explain the changes and how our training supports your ongoing compliance
Can you translate our content into other languages?
What file types are supported by the Skillcast system?
Features |
Supported file types and details |
File Exchange |
File types: PDF, Excel spreadsheets, Word documents, SCORM and xAPI files, and compressed zip files. Max file size: Default is 1GB, can be increased to a max of 2GB |
SCORM files |
Versions: SCORM 1.2, SCORM 1.2 for Moodle, SCORM 2004 2nd, 3rd and 4th Edition. Max file size: 1024MB |
xAPI file |
Max file size: 2GB |
Videos |
File types: MP4 or MOV. Videos must be optimised, with a max file size of 100MB. If the file is bigger, our Design Team can help |
Images |
File types: jpg, png and gif. The file size should ideally be 100KB, but it can be up to 250KB |
CPD evidence |
File types: Word, PDF, Excel and CSV. File size: the limit should be whatever the portal config option is set to. Servers are set to max 2GB |
Policy documents |
PDF or Word File size: the limit should be whatever the portal config option is set to. Servers are set to max 2GB |
Offline activities evidence |
File types: PDF, DOC, DOCX, XLS, XLSX, CSV, PNG, GIF, JPEG, JPG, PPTX and MSG. File size: the limit should be whatever the portal config option is set to. Servers are set to max 2GB |
Client logo files |
File types provided by client: EPS, PDF, AI and SVG |
Registers |
PDF, DOC, DOCX, XLS, XLSX, CSV, PPT, PPTX, POT, PPA, PPS, JPG, JPEG, PJEPG, PNG, BMP, GIF, MP4, MOV, WMV, CPTX, CP, TXT, ZIP and MSG files |
Declarations |
JPG, JPEG, PNG, GIF, XLS and XLSX files |
Related courses
Boost your compliance efforts with our range of courses. Varying in length and topic, our courses equip you with the tools to create an ethical and resilient workplace.
Anti-Money Laundering
To prevent the proceeds of crime from finding their way into the formal economy, most countries have extremely tough laws with severe penalties.
Phishing
It's essential for your employees to know what phishing is, how to spot the signs of an attempt and how to protect themselves and your Company.
Information Security
The loss or theft of commercially sensitive information may damage revenues, reputation and consumer trust.

Working Safely
Employees need to know how to protect their own health, safety and welfare as well as ensuring they don't cause harm to others.
Customer Due Diligence
Customer Due diligence is a legal requirement and plays a vital role in protecting your Company.
Anti-Competitive Agreements
Any agreement between companies that restricts market competition is a criminal offence.
Understanding Modern Slavery
Modern slavery remains a persistent, inhumane practice affecting millions through forced labour, trafficking and exploitation.
Gifts and Hospitality
Gifts and hospitality can create a risk of actual or perceived bribery if not handled correctly.
Spot a Phishing Attempt
Phishing emails are fraudulent attempts by cybercriminals to trick individuals into revealing sensitive information.
Abuse of Position
Fraud by abuse of position occurs when someone in a position of trust dishonestly exploits their role for personal gain or to cause loss to others.
Whistleblowing
Whistleblowing is the act of reporting wrongdoing such as fraud, bribery or safety breaches to protect an organisation and its stakeholders.
Money Laundering Red Flags
Detecting and reporting money laundering red flags is essential for maintaining anti-money laundering (AML) compliance.
Business Email Compromise
Business Email Compromise (BEC) is a targeted cyberattack where criminals impersonate executives or hack accounts to steal money or sensitive information.
Speak Up
Speaking up against misconduct or unethical behaviour can be challenging, but it is essential to maintaining integrity in the workplace.
Display Screen Equipment
Correctly setting up display screen equipment (DSE) is crucial for maintaining comfort and preventing strain or injury.
Identity Fraud
Identity fraud occurs when criminals steal personal information to commit fraud, often leading to financial loss and reputational damage.
Slips and Trips
Slips and trips are among the most common causes of workplace injuries, often resulting in serious harm such as fractures or concussions.
Manual Handling
Manual handling tasks, such as lifting, carrying, pushing or pulling objects, can lead to injuries if not done correctly.
Modern Slavery
Modern slavery is a serious crime with harsh penalties.
Records Management
Records management refers to employees' creation, storage, archiving, and disposal of business records.

Slips and Trips
Educate your staff on the controls that your Company has in place and what they should do to prevent slips and trips at work.

General Office Hygiene
Educate your staff on general office hygiene protocols to reduce common viruses and infections from spreading at the workplace.
Understanding Conflicts of Interest
A conflict of interest is where competing interests interfere with the exercising of judgement in a relationship.
Foreign Agent Bribery Risk
Operational risk in financial services arises from internal process failures, people, systems or external events.
Compliments vs Sexual Harassment
Genuine compliments can be part of a positive workplace, but inappropriate remarks can cross the line into sexual harassment.
Failing to Disclose Information
Fraud can occur when someone deliberately withholds information to gain an unfair advantage or cause loss to others.
Targets of Sexual Harassment
Sexual harassment can occur in various forms and affects everyone in the workplace.
Forced Labour Indicators
Forced labour is a serious violation of human rights, often hidden within workplaces and supply chains.
Interacting on Social Media
Social media offers great opportunities for communication, but it also presents risks to data protection, security and reputation.
Dealing With Stress at Work
Workplace stress can arise from tight deadlines, high-pressure environments and personal challenges.
Deepfake Awareness
Deepfakes use artificial intelligence to create fake images, audio or videos that can deceive individuals and organisations.
Horizontal Agreements
Competition drives innovation, fair pricing and better services for customers.
The Three Stages of Money Laundering
Money laundering is the process criminals use to disguise illicit funds as legitimate income through placement, layering and integration.
Common Cyber Threats
Cyber threats such as phishing, malware, ransomware and unsecured networks pose significant risks to businesses.
Preventing Tipping Off
Tipping off is a criminal offence that occurs when someone under investigation for financial crime is made aware of the suspicion against them.
Personal Data Breaches
Personal data breaches can occur through hacking, human error or unauthorised access, leading to serious legal and reputational consequences.
Understanding Sexual Harassment
Sexual harassment is unwanted behaviour of a sexual nature that violates a person’s dignity or creates an intimidating, hostile or offensive environment.
Understanding Facilitation Payments
Facilitation payments are small, unofficial payments made to speed up routine services, but they are considered bribes under anti-bribery and corruption laws.
Data Protection Impact Assessments
Data Protection Impact Assessments (DPIAs) are used to evaluate our data processing activities and mitigate risks to individuals.
Zero Trust Cybersecurity
The zero trust cybersecurity model ensures IT systems remain inaccessible by default, requiring strict verification before granting access.
Non-Financial Misconduct
Non-financial misconduct is behaviour that is unrelated to regulated activities, including serious offences such as harassment, bullying, sexual discrimination and sexual misconduct The FCA has indicated it is prepared to consider non-financial misconduct when assessing fitness and propriety.
Read more
Bring Your Own Device Security
Bring Your Own Device (BYOD) policies offer convenience and flexibility but also introduce cybersecurity risks.
Device Hygiene
Device hygiene is the practice of keeping digital devices secure and free from cyber threats to protect company data and networks.
Malware
Malware is malicious software designed to harm or exploit computer systems, ranging from viruses and ransomware to spyware and botnets.
Ransomware
Ransomware is a type of malware that encrypts files and demands payment for their release, often causing severe financial and operational damage.
Smishing
Smishing is a targeted phishing scam that uses deceptive text messages to gain sensitive information.
Spear Phishing
Spear phishing targets specific individuals with convincing emails designed to deceive them.
Video Conferencing
Video conferencing is a vital business tool, but it also presents security and privacy risks if not used correctly.
Vishing
Vishing is a social engineering attack where cybercriminals use phone calls to trick individuals into revealing sensitive information.
Creating Strong Passwords
Strong password protection is essential to safeguarding company systems from cyber threats such as brute force attacks and password guessing.
Multi-factor Authentication
Multi-factor authentication (MFA) enhances security by requiring users to verify their identity through multiple authentication methods.
Reacting to Password Breaches
Password breaches can lead to unauthorised access, fraud and data theft, often resulting from weak passwords, phishing or insecure networks.
Information Classification
This training helps employees understand different levels of information classification, their restrictions and how to handle data securely.
Information Security on the Move
Handling company information securely, especially when working remotely or traveling, is essential to prevent data breaches and security risks.
Tailgating and Piggybacking
Cybersecurity is not just about digital protection but also involves securing physical access to critical systems.
Secure Web Browsing
Practicing safe web browsing helps to reduce security risks and protect sensitive information.
Supply Chain Cybersecurity
A company’s cybersecurity is only as strong as its weakest link and supply chain vulnerabilities can expose businesses to major breaches.
Transferring Information Securely
Securely transferring information is essential to protect sensitive data from breaches, legal risks and business disruptions.
Using Wi-Fi safely
Wi-Fi connectivity offers convenience but also exposes devices and data to security risks if not properly managed.
Advising Customers on Cybersecurity
Cybersecurity is everyone's responsibility, including guiding customers to protect themselves from online threats.
CEO Fraud
CEO fraud is a type of Business Email Compromise where cybercriminals impersonate executives to trick employees into making payments or sharing confidential information.
Guide to Secure Remote Working
Remote work provides flexibility but also introduces cybersecurity risks that can compromise company data and systems.
Think Before You Click
Clicking on malicious links or attachments is one of the most common ways cybercriminals infect IT systems with malware.
Bribery Offences and Penalties
Bribery is a serious offence that carries severe consequences for individuals and companies.
Corrupt Hiring Practices
Bribery risks in hiring arise when jobs or internships are offered in exchange for business favours or political influence.
Controllers and Processors
The differences between data controllers and data processors are crucial to understanding data protection obligations.
Special Category Data
In many workplaces, sensitive data, including special category data, is collected and requires extra care.
GDPR Principle 1
The first principle of the GDPR requires that personal data must be processed lawfully, fairly and transparently.
GDPR Principle 2
The second principle of the GDPR, purpose limitation, requires that personal data be collected for specified, explicit and legitimate purposes.
GDPR Principle 3
The third principle of the GDPR, data minimisation, requires that personal data collected must be adequate, relevant and limited to what is necessary.
GDPR Principle 4
The fourth principle of the GDPR, accuracy, requires that personal data must be correct, up to date and not misleading.
GDPR Principle 5
The fifth principle of the GDPR, storage limitation, requires that personal data be retained only for as long as necessary for its intended purpose.
GDPR Principle 6
The sixth principle of the GDPR, integrity and confidentiality, requires that personal data be protected against unauthorised access, loss or damage.
GDPR Principle 7
The seventh principle of the GDPR, accountability, requires organisations to take responsibility for compliance and demonstrate good governance in data protection.
GDPR and Consent
Consent is one of the six lawful bases for processing personal data under the GDPR, requiring individuals to give clear, informed and voluntary agreement.
GDPR Lawful Bases for Processing
The General Data Protection Regulation (GDPR) requires organisations to have a lawful basis for processing personal data, chosen from six legal grounds.
GDPR Legitimate Interests
Legitimate interests is a flexible lawful basis for processing personal data, but it requires balancing business needs with individuals' rights.
GDPR International Transfers
The international transfer of personal data is restricted to ensure individuals' privacy rights are protected when data is sent abroad.
GDPR Individual Rights
The General Data Protection Regulation (GDPR) grants individuals eight specific rights over their personal data, ensuring transparency and control.
GDPR Subject Access Requests
Individuals have the right to access their personal data and organisations must respond to subject access requests (SARs) within legal timeframes.
Cartels
Competition in a free market encourages businesses to innovate, improve quality and reduce prices for consumers.
Trade Association Red Flags
Trade association meetings serve legitimate purposes but can pose competition risks if sensitive business information is exchanged.
Vertical Agreements
Vertical agreements between manufacturers, wholesalers and retailers can restrict competition and harm consumers.
Online Selling Restrictions
Competition law ensures fair sales practices and prohibits restrictions that limit competition.
Resale Price Maintenance
Resale price maintenance involves manufacturers controlling how retailers price their products.
Tying and Bundling
Tying and bundling involve selling a product or service with another commitment or package.
Dawn Raids
A dawn raid is an unannounced investigation by a regulator or law enforcement agency, often related to suspected financial crimes or anti-competitive practices.
Abuse of Dominant Position
Companies with significant market power must compete fairly without distorting competition.
Risks in the Use of AI
This training highlights how AI can be used effectively while identifying and addressing potential risks.
Stereotyping
Stereotypes are generalised beliefs about individuals or groups that can lead to prejudice and bias.
Understanding ESG
Companies are increasingly expected to integrate environmental, social and governance principles into their operations to attract investors.
Identifying Who is Vulnerable
Vulnerable individuals are those who face heightened risks of harm, abuse, neglect or exploitation due to various circumstances.
Screening Employees in Safeguarding Roles
The Safeguarding Vulnerable Groups Act protects children and vulnerable adults from harm by preventing unsuitable individuals from working with them.
Terrorist Financing Red Flags
Terrorist groups use legal and illegal methods to raise and move funds, often exploiting financial systems to conceal their activities.
Understanding Terrorist Financing
Terrorist groups rely on financial support from various sources, both intentional and unintentional.
Enhanced Customer Due Diligence
Bring "Enhanced Customer Due Diligence" training to life using animation characters and storylines.
Politically Exposed Persons
Politically exposed persons present a high risk of money laundering due to their influence and access to state resources.
Suspicious Activity Reporting
Employees must report any knowledge or suspicion of money laundering or terrorist financing to the Money Laundering Reporting Officer.
Unexplained Wealth Orders
Unexplained wealth orders allow law enforcement to seize assets if their owners cannot justify their wealth as coming from a legitimate source.
Supplier Fraud
Supplier fraud occurs when vendors engage in deceptive practices, such as false invoicing, overpricing or bribery.
Authorised Push Payment Fraud
Authorised push payment fraud occurs when scammers impersonate trusted figures to trick individuals into transferring money.
False Representation
Fraud by false representation happens when someone deliberately provides misleading or untrue information for personal or financial gain.
Employee Fraud and Insider Threats
Employee fraud can take many forms, from theft and false expense claims to data misuse and conflicts of interest.
Fraud Offences and Penalties
Fraud is any dishonest action or omission intended to gain or cause a loss, regardless of whether it is temporary or permanent.
Mandatory Leave
Mandatory leave is time off that certain organisations enforce to help prevent fraud, errors and other risk incidents.
The Fraud Triangle
Fraud is often committed by ordinary people who find themselves in difficult situations and make poor choices.
10 Essential Office Hygiene Practices
Hygiene is a key factor in maintaining a clean, safe and healthy workplace.
10 Steps to Healthy Working
A fast-paced work environment can take a toll on physical and mental health if risks are not managed.
Fire
Fires pose a serious threat in any workplace, making fire prevention and safety measures essential.
Personal Protective Equipment
Personal protective equipment is essential in minimising exposure to workplace hazards but should be the last line of defence.
Transport
Work-related driving poses significant risks, contributing to a large percentage of road accidents.
Work Equipment
Work equipment includes tools, machines and other devices used to perform tasks safely and efficiently.
Menopause Awareness
Menopause is a natural stage in life that can bring physical and emotional challenges and potentially affect work performance.
Mental Health at Work
Stress, anxiety and depression are major workplace health risks, accounting for over half of work-related ill-health cases.
New and Expectant Mothers at Work
When an employee is pregnant or returning from maternity leave, certain legal rights and health considerations apply.
Understanding Intellectual Property
Intellectual property rights are exclusive rights that protect creators and inventors, allowing them to benefit commercially from their work.
Don't Deal with Inside Information
Insider dealing occurs when someone uses non-public, price-sensitive information to gain an unfair advantage in financial markets.
Understanding Inside Information
Inside information is precise, non-public information about a financial instrument or issuer that could significantly impact market prices if disclosed.
Understanding Market Abuse
Market abuse distorts financial markets and disadvantages investors.
Unlawful Disclosure of Inside Information
Inside information is precise, non-public information about a financial instrument or issuer that could impact market prices if disclosed.
The Three Characteristics of Harassment
Harassment in the workplace occurs when unwanted behaviour violates a person's dignity or creates an intimidating or offensive environment.
Minimum Disclosure Rules
The Common Reporting Standard was introduced to prevent offshore tax evasion, but authorities continue to find ways in which it is being circumvented.
Unwanted Behaviour of a Sexual Nature
Sexual harassment is unwanted behaviour of a sexual nature that can create an intimidating, degrading or hostile work environment.
The 4D Bystander Intervention Model
Creating a safe and respectful workplace requires everyone to take action when witnessing bullying harassment or inappropriate behaviour.
Understanding Tax Evasion
Tax evasion is the illegal act of dishonestly reducing tax liability, while tax avoidance involves exploiting legal loopholes.
To Pay or Not To Pay?
Small facilitation payments made to officials for expediting a permit or approval might seem harmless, but they are illegal and could land your employees in prison.
CASS 10 - CASS Resolution Pack
A CASS Resolution Pack (RP) contains a specific set of documents that helps speed up client money and assets return if a firm fails.
CASS 6 - Custody Rules
The rules and guidance in CASS 6 apply to a firm when it is safeguarding and administering custody assets.
CASS 7 and 7A - Client Money Rules and Client Money Distribution and Transfer
The rules and guidance in CASS aim to achieve the FCA's objective of ensuring that consumers are adequately protected.
CASS 8 - Mandates
Under the requirements of CASS 8, you must understand what a mandate is and how to deal with them.
CASS 9 - Information to Clients
Under the requirements of CASS 9, you are required to pass on certain information to clients, particularly where prime brokers, custody assets and client money are concerned.
COBS - Appropriateness
The FCA's Conduct of Business Sourcebook (COBS) applies to financial firms that deal with customer investments on an execution-only basis.
COBS - Client Communications High Risk Investments
The Conduct of Business Sourcebook (COBS) rules that relate to client communication apply to all promotional communications that investment firms have with their clients and prospects.
COBS - Suitability
The FCA Conduct of Business Sourcebook (COBS) applies to finance and investment firms in the UK.

Control of Substances Hazardous to Health (COSHH)
Educate your staff on the risks of using hazardous substances as well as what they should do to prevent accidents and incidents when using them.

Electricity
Educate your staff on the controls your Company has in place and what they should do to stay safe and manage the risks associated with electricity and electrical devices.

Fire Warden Training
Gain a comprehensive understanding of your role as a fire warden, which encompasses not only how to respond effectively in the event of a fire but also proactive measures to prevent such incidents from occurring.

Lone Working
Lone working offers greater flexibility, autonomy and creates a broader talent pool for businesses.

New and Expectant Mothers at Work
Being a new or expectant mother is an exciting time.

Noise
Educate your staff on the controls that your Company has in place and what they should do to prevent exposure to noise at work.
Packaged Retail and Insurance-based Investment Products (PRIIPs) Regulation in Finance
The Packaged Retail and Insurance-based Investment Product (PRIIP) Regulation affects retail investors who need to understand the complexities of these products.
Sustainability Disclosure Requirements (SDR) and Investment Labels
The introduction of sustainability rules aims to enhance the transparency and credibility of financial products with sustainability objectives.
Swap Execution Facilities (SEFs) and Designated Contract Markets (DCMs)
Swap Execution Facilities (SEFs) and Designated Contract Markets (DCMs) exist as part of the US response to the financial crisis.