How do I build a well-implemented fit and proper assessment framework?

We’ve talked a lot about the regulatory requirements underpinning fit and proper testing and the considerations that those performing fit and proper assessments need to bear in mind.  This is a critical element.  No approach to fit and proper testing can hope to meet its objectives without a proper understanding of what the law actually requires.  At the same time, however, effective and consistent fit and proper testing can only be achieved when an accurate theoretical understanding is implemented within a well-designed and implemented practical framework.

There are three basic elements which are required in order to deliver such a framework:

  1. A standardised approach,
  2. An open culture, and
  3. A commitment to continuous improvement.

We’ll say a bit more about each.

A standardised approach

The first element demands a standardised approach founded on a commitment to training.  Only then do assessors understand what is required of them and can consistent and justifiable results be delivered.

The types of questions firms should ask themselves when designing a standardised approach to fit and proper testing include:

  1. Who will oversee the entire process?
  2. How do we identify who is in-scope?
  3. Do specific roles create greater risks (for example, sales roles)?
  4. Who will perform fit and proper testing?
  5. What is the process for reporting Certification Risks and Certification Issues?
  6. What are the threshold for determining that fit and proper testing is required in any given circumstance?
  7. What are the pass (or fail) criteria for the fit and proper assessment?
  8. What evidence is to be gathered with respect to each type of fit and proper assessment?
  9. What kind of screening checks will be conducted in any given scenario?
  10. What kind of attestations or declarations are staff required to make (and at what intervals)?
  11. What happens if evidence is not available (or forthcoming) or can’t be verified?
  12. How will (or to what extent can) the firm verify each source of information?
  13. How is information to be assessed (particularly with respect to its relevance and ‘seriousness’)?
  14. How will the firm respond if an issue is identified with a member of staff?
  15. How will the firm ‘learn lessons’ from the issues that arise? Some firms maintain a ‘fit and proper’ issues log.
  16. How will ‘fit and proper’ decisions be appealed and reviewed?
  17. How will fit and proper testing dovetail with existing HR and performance management processes?
  18. Where will everything be stored and recorded?
    1. This is particularly important as we move towards the new normal of hybrid working. It won’t be enough simply to have staff saving fitness and propriety information down on their c: drives.

In terms of useful, practical, advice, the FCA has published, on a webpage[1], a table setting out positive and negative indicators to illustrate how firms should demonstrate that they are making regular, thorough and consistent assessments of the fitness and propriety of senior managers and certification staff.  It is helpful to bear these factors in mind when designing any firm-wide approach to fit and proper testing.  In summary these factors are:


Positive IndicatorsNegative Indicators
Fitness and propriety checks identify new issues with staff – some fail.Fitness and propriety checks identify nothing new; a ‘rubber stamp’ exercise.
Relevant Senior Managers actively oversee the fitness and propriety process and ensure appropriate reporting.Relevant Senior Managers have delegated the fitness and propriety process and cannot demonstrate adequate oversight and reporting.
Competence assessment demonstrates that thought has been given to each specific role (including managers).Competence assessment is perfunctory and/or cannot be evidenced as being objective.
Development plans are put in place as a result of fitness and propriety assessments.No development needs are identified.
Managers are adequately trained in the firm’s approach to fitness and propriety and understand what is expected of them.Managers are poorly trained and/or have inadequate guidance as to what is expected of them in terms of fitness and propriety.
A detailed fitness and propriety process has been introduced and integrated into existing HR/performance management processes (it covers what happens if someone fails fitness and propriety).Fitness and propriety is considered (without review) to already be covered by pre-existing HR/performance management processes and/or there is no process for dealing with someone who fails fitness and propriety.
Fitness and propriety – which include senior managers - are convened to consider marginal cases.Process for considering marginal fitness and propriety cases either does not exist or is rarely convened.
Firm has appropriate criteria and a robust process for identifying certification staff on an ongoing basis.Identification of certification population is ad hoc and/or a burdensome manual process.
Regulatory references disclose misconduct/relevant concerns and are produced in a timely manner.Regulatory references fail to provide the necessary information and/or are not available promptly.

A standardised approach requires all staff involved in the process to be provided with appropriate training.  Broadly, this should:

  1. Firstly, ensure that individuals who are actually performing fit and proper testing have the necessary training and ongoing support. This should extend beyond simply ‘how to conduct a fit and proper assessment’ to include ‘how to discuss the outcome of a fit and proper assessment’ with the person who has been assessed.
  2. Secondly, help all staff (and particularly line managers) understand how to identify Certification Risks and Certification Issues and what to do once either have been identified.
  3. Finally, ensure that all staff understand what is required of them when they are being assessed – particularly with respect to the different types of information they will be required to provide and the declarations they will have to make. It almost goes without saying, but it is nonetheless true to say that it is actually in a candidate’s best interest to help facilitate fit and proper due diligence by his/her employer.

An open culture

An open culture which accepts that failure can happen is another critical element in building a framework within which fit and proper testing can be successfully implemented.  Only when firms accept that failure can happen is there any real prospect that staff will feel comfortable reporting the failures the inevitably do occur.  Given that staff are, in reality, likely to be the primary source of information with respect to Certification Risks and Certification Issues impacting the firm – this is a critical line of communication to maintain.  To paraphrase Donald Rumsfeld, when it comes to understanding the Certification Risks and Certification Issues, it must surely better to have a “known known”, rather than an “known unknown”.

A commitment to continuous improvement

A commitment to continuous improvement based on ‘lessons learned’ is a third critical element in building a framework within which fit and proper testing can be successfully implemented.  Continuous improvement is often based around a four-step ‘closed loop’ methodology, involving:

  1. IDENTIFYING – opportunities for improvement.
  2. PLANNING – how current processes can be improved.
  3. EXECUTING – the planned changes.
  4. REVIEWING – the impact that planned changes have brought.

Everything you wanted to know about SM&CR - but were afraid to ask!

New to SMCR – or need a hand getting up to speed withj SMCR compliance? This guide will help you understand and implement every part of the SM&CR. You’ll learn, amongst other things:

  • How firms are classified.
  • How to identify Certification Staff.
  • The Responsibilities of a Senior Manager.
  • Conduct Rules & how they apply to your role.

Related posts