The FCA purposefully wrote existing guidance so that it is flexible and non-prescriptive, takes account of all relevant circumstances and recognises that what is reasonable is context-specific and will vary according to the facts of each individual case.
The guidance already provides, in DEPP 6.2.9-E(8) to (12), (14),(15) & (18), a lengthy and expressly non-exhaustive list of considerations the FCA will take into account in assessing whether a Senior Manager’s actions were reasonable in all the circumstances.
In addition to the points already noted above, that list includes factors the FCA believe relevant to, for example, delegation, the establishment of reporting lines, staff appraisal processes, role transition handovers, risk identification, expansions and restructurings, external professional advice, transaction monitoring and collective decision-making.
The Duty of Responsibility will apply to a wide variety of situations, firms and Senior Manager roles within those firms. The FCA do not believe that they can go further and specify the detail of reasonable steps by Senior Managers in different roles in each of those situations within different types of firms.
Evidencing compliance and administrative burden
The Duty of Responsibility imposes no additional obligation on a Senior Manager to explain or justify to us relevant steps they took and/or did not take, nor to keep records supporting such an explanation or justification.
As The FCA explained in CP17/42, as noted above and as The FCA’s existing relevant guidance in DEPP states, the burden of proof, in enforcing the Duty of Responsibility, lies on the FCA. The FCA will need to show that the relevant Senior Manager did not take the steps a person in their position could reasonably have been expected to take to avoid their firm’s relevant misconduct occurring or continuing.
“It may, however, be in the interests of a Senior Manager to keep records of relevant steps they take, in case questions are raised, whether by their firm, its lawyers, auditors, insurers or customers, the FCA or another regulator. The FCA do not believe it is necessary to make that general point in The FCA’s DEPP guidance on the Duty of Responsibility.” – FCA PS18/16 P9
Such records might be relevant not only to compliance with the Duty of Responsibility but also with The FCA’s Code of Conduct for Staff Sourcebook (COCON). COCON is part of the SM&CR and requires all Senior Managers, and many other staff of firms subject to the SM&CR, to act with due skill, care and diligence.
Further, any relevant FCA investigation is likely to take into account that each Senior Manager is also under a COCON obligation to take reasonable steps to make sure that the business of the firm for which they are responsible complies with the firm’s record-keeping obligations imposed by the FCA’s Handbook.
The FCA’s Handbook requires each firm to keep records allowing the FCA to monitor the firm’s compliance. This includes compliance with its obligations under the FCA’s Principles for Businesses to conduct its business with due skill, care and diligence and take reasonable care to organise and control its affairs responsibly and effectively.
For the avoidance of doubt, those COCON obligations will not, when the SM&CR is extended, be new to those individuals currently carrying out roles, at insurers and FCA solo-regulated firms, that will need, under the SM&CR, to be filled by Senior Managers.
All of those individuals are currently holders of Significant Influence Functions (SIFs) under The FCA’s Statements of Principle and Code of Practice for Approved Persons, which already require SIF holders to take such reasonable steps and act with due skill, care and diligence.
A Senior Manager’s or SIF holder’s failure to take reasonable steps in relation to that record-keeping by their business, which includes record keeping in relation to their management of that business, may, quite apart from the Duty of Responsibility, amount to misconduct for which the FCA will take disciplinary action.