COCON 4.2 1Specific guidance on senior manager conduct rules

SC1: You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively.

COCON 4.2.1G

An SMF manager's role and responsibilities are set out in the statement of responsibilities.

COCON 4.2.2G
  1. (1)

    Strategy and plans will often dictate the risk which the business is prepared to take on and high-level controls will dictate how the business is to be run. If the strategy of the business is to enter high-risk areas, then the degree of control and strength of monitoring reasonably required within the business will be high. In organising the business for which they are responsible, senior conduct rules staff members should bear this in mind.4

  2. (2)
    1. (a)

      Strategy and plans for the branch in the United Kingdom of an overseas firm will often be set by those parts of the firm which are based outside the United Kingdom.4

    2. (b)

      If an overseas firm proposes a significant strategy or change in strategy (‘the proposal’) for its branch in the United Kingdom, particularly to enter higher risk areas, the senior conduct rules staff member responsible for the matters likely to be affected by the strategy should assess its impact on the branch in the United Kingdom.4

    3. (c)

      The senior conduct rules staff member should ensure that they take reasonable steps to implement the proposal in a way that complies with the regulatory system.4

    4. (d)

      If the firm proposes to implement the proposal and the senior conduct rules staff member considers that it is likely to be non-compliant with the regulatory system, the senior conduct rules staff member should promptly inform the appropriate regulator.4

COCON 4.2.3G

To comply with the obligations of rule SC1 in COCON 2.2.1R, senior conduct rules staff members may find it helpful to review whether each area of the business for which they are responsible has been clearly assigned to a particular individual or individuals.

COCON 4.2.4G

The organisation of the business and the responsibilities of those within it should be clearly defined. Reporting lines should be clear to staff. Where staff have dual reporting lines there is a greater need to ensure that the responsibility and accountability of each individual line manager is clearly set out and understood.

COCON 4.2.5G

Where members of staff have particular levels of authorisation, these should be clearly set out and communicated to staff. It may be appropriate for each member of staff to have a job description of which they are aware.

COCON 4.2.6G

Senior conduct rules staff members should take reasonable steps to satisfy themselves, on reasonable grounds, that each area of the business for which they are responsible has appropriate policies and procedures for reviewing the competence, knowledge, skills and performance of each individual member of staff.

COCON 4.2.7G

If an individual's performance is unsatisfactory, the relevant senior conduct rules staff member should review carefully whether to allow that individual to continue in their position. In particular:

  1. (1)

    If the senior conduct rules staff member is aware of concerns relating to the compliance with requirements and standards of the regulatory system (or internal controls) of the individual concerned, or of staff reporting to that individual, the senior conduct rules staff member should take care not to give undue weight to the financial performance of the individual or group concerned when considering whether any action should be taken.

  2. (2)

    An adequate investigation of the concerns should be undertaken (including, where appropriate, adherence to internal controls). The senior conduct rules staff member should be satisfied, on reasonable grounds, that the investigation is appropriate, the results are accurate and that the concerns do not pose an unacceptable risk to compliance with the requirements and standards of the regulatory system.

COCON 4.2.8G

As part of organising the business, a senior conduct rules staff member should ensure that there is an orderly transition when another senior conduct rules staff member under their oversight or responsibility ceases to perform that function and someone else takes up that function. It would be appropriate for the individual vacating such a position to prepare a comprehensive set of handover notes for their successor. Those notes should, at a minimum, specify any matter that is ongoing which the successor would reasonably expect to be aware of to:

  1. (1)

    perform their function effectively;

  2. (2)

    ensure compliance with the requirements and standards of the regulatory system; and

  3. (3)

    ensure that the individual with overall responsibility for that part of the business of the firm maintains effective control.

COCON 4.2.9G

In organising the business, a senior conduct rules staff member should pay attention to any temporary vacancies which exist. They should take reasonable steps to ensure that suitable cover for responsibilities is arranged. This could include taking on temporary staff or external consultants. The senior conduct rules staff member should assess the risk to compliance with the requirements and standards of the regulatory system as a result of the vacancy, and the higher the risk the greater the steps they should take to fill the vacancy. It may be appropriate to limit or suspend the activity if adequate cover for responsibilities cannot be arranged. To the extent that those vacancies are for controlled functions, they may only be filled by persons approved for that function.

COCON 4.2.10G

The following is a non-exhaustive list of examples of conduct that would be in breach of rule SC1.

  1. (1)

    Failing to take reasonable steps to apportion responsibilities for all areas of the business under the approved person's control.

  2. (2)

    Failing to take reasonable steps to apportion responsibilities clearly among those to whom responsibilities have been delegated, which includes establishing confusing or uncertain:

    1. (a)

      reporting lines; or

    2. (b)

      authorisation levels; or

    3. (c)

      job descriptions and responsibilities.

  3. (3)

    In the case of a manager who is responsible for dealing with the apportionment of responsibilities, failing to take reasonable care to maintain a clear and appropriate apportionment of responsibilities including:

    1. (a)

      failing to review regularly the responsibilities which have been apportioned; and

    2. (b)

      failing to act where that review shows that those responsibilities have not been clearly apportioned.

  4. (4)

    Failing to take reasonable steps to ensure that suitable individuals are responsible for those aspects of the business under the control of senior conduct rules staff member, including the following:

    1. (a)

      failing to review the competence, knowledge, skills and performance of staff to assess their suitability to fulfil their duties, despite evidence that their performance is unacceptable;

    2. (b)

      giving undue weight to financial performance when considering the suitability or continuing suitability of an individual for a particular role; and

    3. (c)

      allowing managerial vacancies which put compliance with the requirements and standards of the regulatory system at risk to remain, without arranging suitable cover for the responsibilities.

SC2: You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system.

COCON 4.2.11G

A senior conduct rules staff member must take reasonable steps to ensure their firm's compliance with the relevant requirements and standards of the regulatory system and to ensure that all staff are aware of the need for compliance.

COCON 4.2.12G

Senior conduct rules staff members do not themselves need to put in place the systems of control for the business, unless it is within their role and responsibilities. However, they should take reasonable steps to ensure that the business for which they are responsible has operating procedures and systems with well-defined steps for complying with the detail of relevant requirements and standards of the regulatory system and for ensuring that the business is run prudently. The nature and extent of the systems of control that are required will depend upon the relevant requirements and standards of the regulatory system, and the nature, scale and complexity of the business.

COCON 4.2.13G

Where a senior conduct rules staff member becomes aware of actual or suspected problems that involve possible breaches of relevant requirements and standards of the regulatory system within their area of responsibility, they should take reasonable steps to ensure that they are dealt with in a timely and appropriate manner. This may involve an adequate investigation to find out whether any systems or procedures have failed and why. They may need to obtain expert opinion on the adequacy and efficacy of the systems and procedures.

COCON 4.2.14G

If an issue raises questions of law or interpretation, senior conduct rules staff members may need to take legal advice. If appropriate legal expertise is not available in-house, they may need to consider appointing an appropriate external adviser.

COCON 4.2.15G

Where independent reviews of systems and procedures have been undertaken and result in recommendations for improvement, the senior conduct rules staff member responsible for that business area should ensure that, unless there are good reasons not to, any reasonable recommendations are implemented in a timely manner. What is reasonable will depend on the nature of the issue to be addressed and the cost of the improvement. It will be reasonable for a senior conduct rules staff member to carry out a cost benefit analysis when assessing whether the recommendations are reasonable.

COCON 4.2.16G

The following is a non-exhaustive list of examples of conduct that would be in breach of rule SC2.

  1. (1)

    Failing to take reasonable steps to implement (either personally or through a compliance department or other departments) adequate and appropriate systems of control to comply with the relevant requirements and standards of the regulatory system for the activities of the firm.

  2. (2)

    Failing to take reasonable steps to monitor (either personally or through a compliance department or other departments) compliance with the relevant requirements and standards of the regulatory system for the activities of the firm in question.

  3. (3)

    Failing to take reasonable steps to inform themselves adequately about the reason why significant breaches (suspected or actual) of the relevant requirements and standards of the regulatory system for the activities of the firm may have arisen (taking account of the systems and procedures in place). This would include failing to investigate whether systems or procedures may have failed and failing to obtain expert opinion on the adequacy of the systems and procedures where appropriate.

  4. (4)

    Failing to take reasonable steps to ensure that procedures and systems of control are reviewed and, if appropriate, improved, following the identification of significant breaches (suspected or actual) of the relevant requirements and standards of the regulatory system relating to the activities of the firm, including:

    1. (a)

      unreasonably failing to implement recommendations for improvements in systems and procedures; and

    2. (b)

      unreasonably failing to implement recommendations for improvements to systems and procedures in a timely manner.

  5. (5)

    For a manager with responsibility for overseeing the establishment and maintenance of appropriate systems and controls or the apportionment of responsibilities, any failure to take reasonable care to ensure that those obligations are discharged effectively.

  6. (6)

    For a proprietary trader, failing to maintain and comply with appropriate systems and controls in relation to that activity.

  7. (7)

    For a money laundering reporting officer, failing to discharge the responsibilities imposed on them by the firm for oversight of its compliance with the FCA's rules on systems and controls against money laundering.

  8. (8)

    For a senior conduct rules staff member who is responsible for the compliance function, failing to ensure that:

    1. (a)

      the compliance function has the necessary authority, resources, expertise and access to all relevant information; or

    2. (b)

      a compliance officer is appointed and is responsible for the compliance function and for any reporting as to compliance; or

    3. (c)

      the persons involved in the compliance functions are not involved in the performance of services or activities they monitor; or

    4. (d)

      the method of determining the remuneration of the persons involved in the compliance function does not compromise their objectivity; or

    5. (e)

      the method of determining the remuneration complies, where applicable, with the Remuneration Code or, for a Solvency II firm or a small non-directive insurer3, other relevant requirements in relation to remuneration2.

SC3: You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively

COCON 4.2.17G

An SMF manager may delegate the investigation, resolution or management of an issue or authority for dealing with a part of the business to individuals who report to them or to others.

COCON 4.2.18G

A senior conduct rules staff member should have reasonable grounds for believing that the delegate has the competence, knowledge, skill and time to deal with the issue. For instance, if the compliance department only has sufficient resources to deal with day-to-day issues, it would be unreasonable to delegate to it the resolution of a complex or unusual issue without ensuring it had sufficient capacity to deal with the matter adequately.

COCON 4.2.19G

The FCA recognises that a senior conduct rules staff member will have to exercise their own judgement in deciding how issues are dealt with and sometimes that judgement will, with the benefit of hindsight, be shown to have been wrong. The senior conduct rules staff member will not be in breach of rule SC3 in COCON 2.2.3R unless they fail to exercise due and reasonable consideration before they delegate the resolution of an issue or authority for dealing with a part of the business and fail to reach a reasonable conclusion. If they are in doubt about how to deal with an issue or the seriousness of a particular compliance problem then, although they cannot delegate to the FCA the responsibility for dealing with the problem or issue, they can speak to the FCA to discuss his approach.

COCON 4.2.20G

Senior conduct rules staff members will not always manage the business on a day-to-day basis themselves. The extent to which they do so will depend on a number of factors, including the nature, scale and complexity of the business and their position within it. The larger and more complex the business, the greater the need for clear and effective delegation and reporting lines, which may involve documenting the scope of that delegation and the reporting lines in writing. The FCA will look to the senior conduct rules staff member to take reasonable steps to ensure that systems are in place to ensure that issues are being addressed at the appropriate level. When issues come to their attention, they should deal with them in an appropriate way.

COCON 4.2.21G

Delegating the authority for dealing with an issue or a part of the business to an individual or individuals (whether in-house or outside contractors) without reasonable grounds for believing that the delegate has the necessary capacity, competence, knowledge, seniority or skill to deal with the issue or to take authority for dealing with part of the business indicates a failure to comply with rule SC3 in COCON 2.2.3R.

COCON 4.2.22G

Although a senior conduct rules staff member may delegate the resolution of an issue, or authority for dealing with a part of the business, they cannot delegate responsibility for it. It is that person's responsibility to ensure that they receive reports on progress and question those reports where appropriate. For instance, if progress appears to be slow or if the issue is not being resolved satisfactorily, the senior conduct rules staff member may need to challenge the explanations they receive and, if necessary, take action personally to resolve the problem. This may include increasing the resource applied to it, reassigning the resolution internally or obtaining external advice or assistance. Where an issue raises significant concerns, senior conduct rules staff members should act clearly and decisively. If appropriate, this may be by suspending members of staff or relieving them of all or part of their responsibilities.

COCON 4.2.23G

The following is a non-exhaustive list of examples of conduct that would be in breach of rule SC3.

  1. (1)

    Failing to take reasonable steps to maintain an appropriate level of understanding about an issue or part of the business that the senior conduct rules staff member has delegated to an individual(s) (whether in-house or outside contractors) including:

    1. (a)

      disregarding an issue or part of the business once it has been delegated;

    2. (b)

      failing to require adequate reports once the resolution of an issue or management of part of the business has been delegated; and

    3. (c)

      accepting implausible or unsatisfactory explanations from delegates without testing their accuracy.

  2. (2)

    Failing to supervise and monitor adequately the individual(s) (whether in-house or outside contractors) to whom responsibility for dealing with an issue or authority for dealing with a part of the business has been delegated including any failure to:

    1. (a)

      take personal action where progress is unreasonably slow, or where implausible or unsatisfactory explanations are provided; or

    2. (b)

      review the performance of an outside contractor in connection with the delegated issue or business.

COCON 4.2.24G

In determining whether or not the conduct of a senior conduct rules staff member complies with rule SC3 in COCON 2.2.3R, the factors which the FCA would expect to take into account include:

  1. (1)

    the competence, knowledge or seniority of the delegate; and

  2. (2)

    the past performance and record of the delegate.

SC4: You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice

COCON 4.2.25G

For the purpose of rule SC4 in COCON 2.2.4R, regulators in addition to the FCA and the PRA are those which have recognised jurisdiction in relation to activities to which COCON applies and have a power to call for information from the relevant person in connection with their function or the business for which they are responsible. This may include an exchange or an overseas regulator.

COCON 4.2.26G

SC4 applies to senior conduct rules staff members in addition to rule 3 in COCON 2.1.3R. Although, the rules have some overlap, they are different. Rule 3 normally relates to responses from individuals to requests from the regulator, whereas rule SC4 imposes a duty on a senior conduct rules staff member to disclose appropriately any information of which the appropriate regulator would reasonably expect, including making a disclosure in the absence of any request or enquiry from the appropriate regulator. A senior conduct rules staff member2 is likely to have access to greater amounts of information of potential regulatory importance and to have the expertise to recognise when this may be something of which the appropriate regulator would reasonably expect notice.

COCON 4.2.27G

Where a senior conduct rules staff member is responsible within the firm (individually or with other senior conduct rules staff members) for reporting matters to the regulator, failing promptly to inform the regulator concerned of information of which they are aware and which it would be reasonable to assume would be of material significance to the regulator concerned, whether in response to questions or otherwise, constitutes a breach of rule SC4 in COCON 2.2.4R.

COCON 4.2.28G
  1. (1)

    If a senior conduct rules staff member comes across a piece of information that is something of3 which they think the FCA or PRA could reasonably expect notice, they should determine whether that information falls within the scope of their responsibilities:2

    1. (a)

      (for an SMF manager)2 by virtue of that person’s statement of responsibilities; or2

    2. (b)

      (for an approved person performing a significant influence function in a Solvency II firm or a small non-directive insurer3) including by reference to their scope of responsibilities document.2

  2. (2)

    If it does, then they should ensure that, if it is otherwise appropriate to do so, it is disclosed to the appropriate regulator.2

COCON 4.2.29G

In determining whether or not a person's conduct complies with rule SC4 in COCON 2.2.4R, the factors which the FCA would expect to take into account include:

  1. (1)

    whether it would be reasonable for the individual to assume that the information would be of material significance to the regulator concerned;

  2. (2)

    whether the information related to the individual themselves or to their firm; and

  3. (3)

    whether any decision not to report the matter was taken after reasonable enquiry and analysis of the situation.