Article
Moving the dial in financial services
In September 2023, the Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) published their long-awaited consultation papers on diversity and inclusion (D&I) for FCA-regulated and PRA-regulated firms, respectively[1].
While there are some differences in approach between the FCA and PRA – with the PRA's proposals setting higher standards for PRA-regulated firms due to the systemic risks they pose – both the PRA and FCA recognise that greater D&I can create better outcomes for consumers and markets. In their view, it adds value through supporting healthy work cultures, reducing 'groupthink'[2], unlocking talent, and improving understanding of diverse consumer needs and risks that could threaten firm safety and soundness (Regulatory Aims).
In this article, we set out the background to the consultations, summarise the key proposals for the FCA and PRA, respectively, and outline next steps for firms.
Background
Over the last few years, lack of diversity has been highlighted as a contributing factor to the 2008 financial crisis. According to the FCA, looking at risk management outcomes, and studies that compared the outcomes between diverse and non-diverse boards following the crisis, those businesses with more diverse and risk averse boards achieved better overall outcomes. There is also evidence that firm cultures that are inclusive and receptive to employees are likely to generate better judgements and decision-making, and reduce the risk of groupthink[3]. As such, the FCA has been taking an increasingly rigorous approach in this area in the last few years, questioning the approaches of firms to D&I.
In July 2021, the FCA, PRA and the Bank of England (BoE) (together, the Regulators) published a joint discussion paper on the topic of D&I in the financial sector (the DP).[4] In it, the Regulators recognised that despite years of discussion, the conversation around D&I was still in its infancy and that, as a sector, there was still a long way to go. Here, they highlighted the large gender and ethnicity pay gaps that existed at the time, there being large parts of the industry with a complete lack of diversity at senior levels and products offered to consumers that did not meet the diverse needs of those who they were intended to serve.
The aim of the DP was to accelerate meaningful progress across the financial sector and the Regulators proposed a number of potential policy options which they considered could accelerate change. Proposals included: requiring firms to have regard to diverse representation when succession planning at board level; making senior leaders directly accountable for D&I through the Senior Managers Regime; linking progress on D&I to remuneration as a key tool for driving accountability in firms and incentivising progress; and requiring firms to publicly disclose a selection of aggregated diversity data on firms' senior management populations and the employee populations as a whole, as well as their D&I policies.
In the DP, the Regulators committed to taking account of feedback received, with a view to consulting on more detailed proposals. These proposals have now been published and are summarised below.
Key FCA proposals
The FCA's proposals are intended to apply proportionately, based on the size and nature of firms' activities.
Baseline standards will apply to all authorised firms with a Part 4A permission under the Financial Services and Markets Act 2000 (FSMA), with the aim of reducing discrimination and misconduct.
Additional requirements are proposed to apply to 'large firms' (being those with 251 or more employees[5]) and, to align with the PRA, all dual-regulated UK Capital Requirement Regulation (CRR) firms (which include banks, building societies and the largest investment firms) and Solvency II firms (comprising insurance and reinsurance undertakings). These additional requirements would not apply to Limited Scope firms under the Senior Managers and Certification Regime (SMCR), regardless of their size.
So that firms cannot circumvent the rules, all FSMA firms with a part 4A permission, excluding Limited Scope SMCR firms, would be required to report employee numbers to the FCA annually on RegData. This is intended to allow the FCA to determine who is in scope of the additional requirements.
We summarise in the sections below the key policy proposals and their application to firms.
Policy proposals on non-financial misconduct
Application – All authorised firms with a Part 4A permission under the FSMA and where relevant threshold conditions and existing chapters of the FCA apply.
Non-financial misconduct will be explicitly included within:
- the Conduct Rules – currently, the scope of the Code of Conduct chapter within the FCA Handbook (COCON[6]) is restricted (except in the case of banks) to regulated activities, other SMCR financial activities and certain kinds of misconduct that could have serious effects. The FCA is proposing to extend the scope of COCON to make clear that it covers serious instances of bullying, harassment and similar behaviour towards fellow employees and employees of group companies and contractors. To that end, the FCA is proposing to add guidance on:
- the types of behaviour that would fall within the expanded scope of COCON and that may breach the Conduct Rules; and
- what conduct is out of scope because it relates to an employee's personal or private life.
- Fit and Proper assessments – currently, firms must be satisfied, on an ongoing basis, that individuals performing a Senior Management Function (SMF) or a Certification function are 'fit and proper' to carry out their role. The Fit and Proper Test within the FCA Handbook (FIT[7]) provides guidance on how firms should assess honesty, integrity and reputation, and outlines how misconduct both within and outside the workplace can be relevant for FIT. The FCA proposes to add guidance that bullying and similar misconduct in the workplace is relevant to fitness and propriety, and that similarly serious behaviour in a person's personal or private life is also relevant. Examples of non-financial misconduct will include sexual or racially motivated offences. The FCA is intending to draw a direct link between one of FIT's purposes, of maintaining confidence in the financial system in the UK, with serious non-financial misconduct – whether inside or outside the workplace. The proposed changes clarify that conduct that could damage public confidence in the financial system is likely to mean that the person is not fit and proper. This is likely in response to the Upper Tribunal's judgment in the case of Jon Frensham v FCA, which found that there needed to be a link between an individual's criminal behaviour and their professional work, with a distinction being drawn between an individual's personal and professional integrity. Mr Frensham had been convicted of attempting to meet a child following sexual grooming. Although the Upper Tribunal upheld the FCA's decision to issue a Prohibition Order against Mr Frensham, this was on the basis that Mr Frensham was already on bail for another suspected offence when he committed this offence, and his failure to notify the FCA in accordance with his notification obligations to the FCA; and
- Suitability guidance in the Threshold Conditions – the FCA is proposing to extend guidance on the Suitability Threshold Conditions in COND[8], including, for example, offences relating to a person or group's demographic characteristics (such as sexual or racially motivated offences) and tribunal or court findings that a firm, or someone connected with the firm (e.g. a director) has engaged in discriminatory practices.
Guidance on how non-financial misconduct should be incorporated into regulatory references will also be added.
Policy proposals on data reporting
Policy proposals on D&I strategies
Policy proposals on data disclosure
Policy proposals on setting targets
Policy proposals on risk and governance
Key PRA proposals
The PRA consultation paper places emphasis on improving D&I within PRA-regulated firms as a means of reducing groupthink while also promoting both its primary and secondary objectives.[9] The proposals contained in the PRA's consultation paper have largely been shaped by the responses received in relation to the DP, with the PRA factoring in the current practices of regulated firms into its proposed policymaking.
Given the broad range of firms regulated by the PRA, it has carefully considered how to tailor the proposed policy package to apply in a proportionate manner, thereby allowing firms to tailor various policies to their business model, size, and location. While the majority of new rules and expectations would come into effect one year after publication of the final policy, a number of the below proposals will have extended timescales.
Below is a summary of the key proposals made by the PRA.
Policy proposals on D&I strategies
Application – All CRR and Solvency II firms with respect to their establishment in the UK, including third country branches.
(i) Firm & board strategies
Proposals will require firms to have and publish on their websites: (i) a firmwide strategy; and (ii) a board strategy, each promoting D&I.
Firms can develop their own strategies, however, the PRA expects a strategy to include:
- the firm's core values, the culture that it is trying to create, and its commitment to D&I;
- D&I objectives and goals, and a plan for achieving these;
- methods to measure progress; and
- the role to be played by the firm and staff in creating an inclusive environment.
Firms can choose to combine or keep separate their board and firmwide strategies, but they must both be accessible on their website.
Firms will be required to regularly review and update their strategies.
All firms will have the flexibility to tailor their strategy to meet their circumstances. Smaller firms' strategies are expected to be less comprehensive than those of larger firms, and third country branches covered by a D&I strategy at international group level would have to consider relevant aspects.
Senior leadership and the board are to be responsible for the strategy, and are to support and disseminate information about the strategy within the firm, including, for example, via formal training.
(ii) Risk and controls
The PRA proposes to clarify in the new supervisory statement that not only internal audit, but also risk management and compliance functions have a role to play in assessing the firm's risk management and controls framework around D&I. Therefore, the PRA expects firms to adopt appropriate risk and control functions to support the development and review of each firm's D&I strategy. The PRA will not be prescriptive as to risk and control functions.
Policy proposals on setting D&I targets
Policy proposals on board governance
Policy proposals on individual accountability
Policy proposals on monitoring D&I
Policy proposals on regulatory reporting
Policy proposals on disclosure
Timing and process for the reporting of regulatory data
12 months after publication of final rules
- Rules on reporting will come into force 12 months from the publication of final rules.
- Firms will then have a three-month window to report this data.
- For example, if the final rules were published on 1 March 2024, the first reporting reference date would be 1 March 2025 and firms would have until 2 June 2025 to submit their data.
- Reporting must be made via the FCA RegData platform:
- A complete report covers all mandatory metrics. Firms will be required to report on either sex or gender, but can choose to report on both characteristics.
- Reporting on parental responsibilities, carer responsibilities, gender identity and socio-economic background is voluntary but encouraged.
- The first reporting cycle would be on a 'comply or explain' basis. Where firms are unable to submit all the required data in the first reporting period, they would need to explain why this is not possible and set out the steps they are taking to ensure they will be able to submit a complete report when required.
12 months after first report
- Second regulatory reporting window will open.
- Complete reports will be mandatory.
If the report is not completed on time, firms will be subjected to the FCA's standard £250 administrative fee, as per other FCA reporting requirements. This would be supported by supervisory and enforcement powers in the event of continued non-compliance.
Conclusion and next steps
The proposals in the FCA and PRA consultation papers differ somewhat to those set out in the DP, with many of the original proposals not featuring at all in the FCA's consultation, including, for example, mandatory training, linking remuneration to D&I metrics, board recruitment and succession planning etc. The FCA and the PRA appear to have listened to feedback to the DP and have attempted to adopt a proportionate approach, depending on the size and nature of authorised firms.
The final policy statements are expected in 2024 and firms have until 18 December 2023 to respond to the FCA and PRA consultation papers.
If your business is impacted and you have any questions, feel free to get in touch with Sushil Kuner from our Financial Services Regulatory team.
Footnotes
[1] See FCA Consultation Paper (CP23/20) dated September 2023 on Diversity and Inclusion in the Financial Sector – working together to drive change and PRA Consultation Paper (CP18/23) dated 25 September 2023 on Diversity and Inclusion in PRA-regulated firms
[2] The practice of making decisions as a small group which are perceived to represent a consensus.
[3] See FCA Discussion Paper (DP21/2) dated July 2021 on Diversity and Inclusion in the Financial Sector – Working Together to Drive Change
[4] See FCA Discussion Paper (DP21/2) dated July 2021 on Diversity and Inclusion in the Financial Sector – Working Together to Drive Change
[5] To reduce the regulatory burden of firms moving in and out of scope of the additional requirements, the FCA is proposing to rely on the average number of employees over a rolling three year period as at a specified annual reference date.
[6] The Code of Conduct chapter within the FCA Handbook.
[7] The Fit and Proper Test for Employees and Senior Personnel, contained within the FCA Handbook.
[8] The Threshold Conditions chapter in the FCA Handbook
[9] The PRA's primary objectives are the promotion of the safety and soundness of the firms it regulates and securing appropriate protection for policyholders, while its secondary objectives are the facilitation of competition, competitiveness and growth.
[10] The method of calculation of this threshold will be set out in the Glossary of the PRA Rulebook.
[11] See SS5/16 here: Corporate governance: Board responsibilities
[12] CRR firms with assets greater than £250 million and Solvency II firms, but not third country branches
NOT LEGAL ADVICE. Information made available on this website in any form is for information purposes only. It is not, and should not be taken as, legal advice. You should not rely on, or take or fail to take any action based upon this information. Never disregard professional legal advice or delay in seeking legal advice because of something you have read on this website. Gowling WLG professionals will be pleased to discuss resolutions to specific legal concerns you may have.