SM&CR: The conduct rules

Learn how the conduct rules govern employees in your business.
Table of Contents

The “Conduct Rules” are a set of high-level standards which apply directly to almost all members of staff within the financial services industry.  They are designed to drive cultural change within firms which are subject to the SM&CR.  There is an entire section of the FCA Handbook dedicated to the Conduct Rules which provides a lot of useful information on the topic.  This is called the “Code of Conduct (COCON)”.

Application of the Conduct Rules

The Conduct Rules apply to the regulated and unregulated financial services activity of a firm.  However, broadly, for FCA solo-regulated firms, the Conduct Rules only apply to:

  1. the “financial activities” of the firm; or
  2. any activities of the firm that might have (or might reasonably be regarded as likely to have) a negative effect on:
    1. the integrity of the UK financial system; or
    2. the ability of the firm to meet threshold conditions related to it being “fit and proper” ; or
    3. the ability of the firm to meet regulatory requirements regarding financial resources.

As far as individuals within firm are concerned, the Conduct Rules apply to:

  1. Senior Managers;
  2. Individuals who would be considered Senior Managers except for the fact that they are operating under the ‘emergency 12-week rule’;
  3. Non-executive directors who are not Senior Managers;
  4. Certification Employees;
  5. Individuals who would be Certification Employees except for the fact that they are operating under the ‘emergency 4-week rule’;
  6. Individuals who would be Certification Employees except for the fact that they are operating under the ‘temporary UK role’ exemption (in other words, the rule which states that the Certification Regime does not apply to any individual who is based outside of the UK and spends no more than 30 days per annum performing an activity that would otherwise be subject to the Certification Regime); and
  7. All other employees of the firm (other than “ancillary staff”).
Exclusions from the Conduct Rules

The Conduct Rules do not apply to the following groups of individuals:

  1. Ancillary staff.
  2. Sole traders (unless the sole trader is also a Senior Manager);
    1. Note, however, that the Conduct Rules do apply to employees of sole traders (unless those employee qualify as “ancillary staff”); and
  3. Appointed representatives.
Territorial limitations of the Conduct Rules

The Conduct Rules applies to Senior Managers, non-approved NEDs and Certification Employees who are “material risk takers” irrespective of where they perform activities. However, beyond that, the Conduct Rules only apply to conduct:

  1. Performed from the UK. 
  2. Which involves “dealing with” UK clients of the firm from an overseas “establishment” of a UK firm.
    1. The phrase “dealing with” is interpreted quite widely by the FCA and includes ‘having contact with customers’. In other words, it is not restricted to dealings with clients of the firm.
Ancillary staff

The FCA has provided an exhaustive list of the job roles that qualify as “ancillary staff” (and so are not be subject to the Conduct Rules):

  • Receptionists
  • Switchboard operators
  • Postroom staff
  • Reprographics/print room staff
  • Property/facilities management
  • Events management
  • Security guards
  • Invoice processing
  • Audio-visual technicians
  • Vending machine staff
  • Medical staff
  • Archive records management
  • Drivers
  • Corporate & social responsibility staff
  • Data controllers and data processors*
  • Cleaners
  • Catering staff
  • Invoice processing
  • IT support
  • Human resources administrators/processors

*Note, however, that if the employee would have to exercise a “significant degree of discretion or judgment” they would NOT be regarded as “ancillary staff” under this heading and so WOULD be subject to the Conduct Rules.

Ancillary staff

There are two sets of Conduct Rules.  The first set applies to all staff (including Senior Managers).  The second set only applies to Senior Managers.

  1. You must act with integrity;
  2. You must act with due skill, care and diligence;
  3. You must be open and co-operative with the FCA, the PRA and other regulators;
  4. You must pay due regard to the interests of customers and treat them fairly;
  5. You must observe proper standards of market conduct.
  1. SC1: You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively;
  2. SC2: You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system;
  3. SC3: You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively*;
  4. SC4: You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice**.

* Does not apply to non-approved Non-Executive Directors (NEDs).

** Applies to non-approved NEDs in limited scope firms.

When do the Conduct Rules come into force?

The Conduct Rules entered into force on 9 December 2019 for Senior Managers and Certification Employees.  The Conduct Rules come into force from 9 December 2020 for all staff members who are not either Senior Managers of Certification Employees.

Notification of breach of the Conduct Rules

Firms must notify the FCA of any breach of the Conduct Rules which leads to disciplinary action being taken against the individual.  This remains the case even if the individual has appealed, or plans to appeal, against the disciplinary action (although in these circumstances, the firm should note the existence of the appeal and update the FCA on the outcome of the appeal).  The FCA regards “disciplinary action” as being (a) the issuing of a formal written warning, (b) the suspension or dismissal of the individual, or (c) the reduction or recover of any of the individual’s remuneration.

Breaches of the Conduct Rules by Senior Managers must be notified to the FCA within 7 days. Breaches of the Conduct Rules by Certification Employees or Conduct Rules staff must be notified to the FCA annually in October using Form H (also known as “REP008 – Notification of Disciplinary Action”).  However, if the breach is “serious”, it must be reported immediately.  If a firm has no notifications to be made to the FCA, it should lodge a ‘nil return’ with the FCA.

Of course, firms are also subject to more general notification requirements.  Principle 11 requires a firm to deal with its regulators in an open and cooperative way and to disclose to the FCA appropriately anything relating to the firm of which the FCA would reasonably expect notice. Principle 11 applies to unregulated activities as well as regulated activities and takes into account the activities of other members of a group. In addition, firms are required to notify the FCA of anything that has occurred, or may occur in the foreseeable future that could (a) have a significant adverse effect on the firm’s reputation or (b) result in “serious detriment” to a customer of the firm, or (c) result in serious financial consequences to the UK financial system or to other firms.

Firms are also under a general requirement to notify the FCA of “significant” breaches of the Conduct Rules under SUP 15.3.11R “immediately it becomes aware or has information which reasonably suggests” that a breach has (or may have) occurred. What is ‘significant’ will depend on (a) potential financial losses to customers or to the firm, (b) frequency of the breach, (c) implications for the firm’s systems and controls and (d) if there were delays in identifying or rectifying the breach.  The notification obligations under SUP 15.3 also cover other circumstances which could overlap conduct rule breach, such as employee fraud.

What constitutes a “breach” of the Conduct Rules?

An individual will only be in breach of the Conduct Rules where they are personally culpable. In other words, the conduct of that individual must:

  1. have been deliberate;
  2. have fallen below the standard which would be reasonable in all of the circumstances.

In addition, in considering whether a Senior Manager has breached the Senior Manager Conduct Rules, the FCA will take into account:

  1. whether the Senior Manager exercised reasonable care when considering the information available to them;
  2. whether the Senior Manager reached a reasonable conclusion upon which to act;
  3. the role and responsibility of the Senior Manager (by reference to his/her statement of responsibilities); and
  4. the knowledge that the Senior Manager had, or should have had, of regulatory concerns (if any) related to their role and responsibilities.

The nature, scale and complexity of the business is also a relevant factor in determining whether a Senior Manager has breached a Senior Manager Conduct Rule.  The larger and more complex the business, the greater the expectations of the FCA in assessing whether the Senior Manager’s conduct was “reasonable” (and vice versa).

Specific guidance on individual conduct rules

The FCA has provided a non-exhaustive list of example of conduct that would be regarded as a breach of the Conduct Rules.  These are set out below by reference to each Conduct Rule.

You must act with integrity
  1. Misleading (or attempting to mislead) by act or omission:
    1. a client; or
    2. the firm for whom the person works (or its auditors); or
    3. the FCA; or
    4. the PRA.
  2. Falsifying documents.
  3. Misleading a client about:
    1. the risks of an investment;
    2. the charges or surrender penalties of products;
    3. the likely performance of products by providing inappropriate projections of future returns.
  4. Misleading a client by informing the client that products, require only a single payment when that is not the case.
  5. Mismarking the value of investments or trading positions.
  6. Procuring the unjustified alteration of prices on illiquid or off-exchange contracts, or both.
  7. Misleading others within the firm about the credit-worthiness of a borrower.
  8. Providing false or inaccurate documentation or information, including details of training, qualifications, past employment record or experience.
  9. Providing false or inaccurate information to:
    1. the firm (or to the firm’s auditors); or
    2. the FCA or the PRA.
  10. Destroying, or causing the destruction of, documents (including falsified documentation), or tapes or their contents, relevant to misleading (or attempting to mislead) a client, the firm for whom the person works, or the FCA or the PRA.
  11. Failing to disclose dealings where disclosure is required by the firm’s personal account dealing rules.
  12. Misleading others in the firm about the nature of risks being accepted.
  13. Recommending an investment to a customer, or carrying out a discretionary transaction for a customer where the person knows that they are unable to justify its suitability for that customer.
  14. Failing to inform, without reasonable cause:
    1. a customer; or
    2. the firm for whom the person works (or its auditors); or
    3. the FCA; or
    4. the PRA.

 

of the fact that their understanding of a material issue is incorrect, despite being aware of their misunderstanding, including, but not limited to, deliberately failing to:

  • disclose the existence of falsified documents;
  • and rectify mismarked positions immediately.
  1. Preparing inaccurate or inappropriate records or returns, including, but not limited to preparing:
    1. performance reports for transmission to customers which are inaccurate or inappropriate (for example, by relying on past performance without appropriate warnings);
    2. inaccurate training records or inaccurate details of qualifications, past employment record or experience; and
    3. inaccurate trading confirmations, contract notes or other records of transactions or holdings of securities for a customer, whether or not the customer is aware of these inaccuracies or has requested such records.
  2. Misusing the assets or confidential information of a client or of their firm including, but not limited to, deliberately:
    1. front running client orders;
    2. carrying out unjustified trading on client accounts to generate a benefit (whether direct or indirect) to the person (that is, churning);
    3. misappropriating a client’s assets, including wrongly transferring to personal accounts cash or securities belonging to clients;
    4. wrongly using one client’s funds to settle margin calls or to cover trading losses on another client’s account or on firm accounts;
    5. using a client’s funds for purposes other than those for which they were provided;
    6. retaining a client’s funds wrongly; and
    7. pledging the assets of a client as security or margin in circumstances where the firm is not permitted to do so.
  3. Designing transactions to disguise breaches of requirements and standards of the regulatory system.
  4. Not paying due regard to the interests of a customer.
  5. Acts, omissions or business practices that could be reasonably expected to cause customer detriment.
You must act with due skill, care and diligence

The FCA provides a number of example of the type of conduct that would be in breach of the Conduct Rule that requires an individual to act with “due skill, care and diligence”.  The examples are:

  1. General; and
  2. When acting as a manager.
  1. Failing to inform a customer, their firm or its auditors of material information in circumstances where the member of conduct rules staff was aware, or ought to have been aware, of such information, and of the fact that they should provide it, including the following:
    1. failing to explain the risks of an investment to a customer;
    2. failing to disclose to a customer details of the charges or surrender penalties of investment products;
    3. mismarking trading positions;
    4. providing inaccurate or inadequate information to a firm or its auditors;
    5. failing to disclose dealings where disclosure is required by the firm’s personal account dealing rules.
  2. Recommending an investment to a customer, or carrying out a discretionary transaction for a customer, where they do not have reasonable grounds to believe that it is suitable for that customer.
  3. Undertaking, recommending or providing advice on transactions without a reasonable understanding of the risk exposure of the transaction to a customer, including recommending transactions in investments to a customer without a reasonable understanding of the liability (either potential or actual) of that transaction.
  4. Undertaking transactions without a reasonable understanding of the risk exposure of the transaction to the firm, including trading on the firm’s own account without a reasonable understanding of the liability (either potential or actual) of the transaction.
  5. Failing to provide adequate control over a client’s assets, including:
    1. failing to segregate a client’s assets; and
    2. failing to process a client’s payments in a timely manner.
  6. Continuing to perform a function having failed to meet the standards of knowledge and skill in the Training and Competence sourcebook (TC) for that function.
  1. Failing to take reasonable steps to ensure that the business of the firm for which the manager has responsibility:
    1. is controlled effectively;
    2. complies with the relevant requirements and standards of the regulatory system applicable to that area of the business; and
    3. is conducted in such a way to ensure that any delegation of responsibilities is to an appropriate person and is overseen effectively.
  2. Failing to take reasonable steps to adequately inform themselves about the affairs of the business for which they are responsible, including:
    1. permitting transactions without a sufficient understanding of the risks involved;
    2. permitting expansion of the business without reasonably assessing the potential risks of that expansion;
    3. inadequately monitoring highly profitable transactions or business practices, or unusual transactions or business practices;
    4. accepting implausible or unsatisfactory explanations from subordinates without testing the veracity of those explanations; and
    5. failing to obtain independent, expert opinion where appropriate.
  3. Failing to take reasonable steps to maintain an appropriate level of understanding about an issue or part of the business that the manager has delegated to an individual or individuals (whether in-house or outside contractors).
You must be open and cooperative with the FCA, the PRA and other regulators
  1. Failing to report promptly in accordance with their firm’s internal procedures (or, if none exist, direct to the regulator concerned), information in response to questions from the FCA, the PRA, or both the PRA and the FCA.
  2. Failing without good reason to:
    1. inform a regulator of information of which the approved person was aware in response to questions from that regulator;
    2. attend an interview or answer questions put by a regulator, despite a request or demand having been made; and
    3. supply a regulator with appropriate documents or information when requested or required to do so and within the time limits attaching to that request or requirement.
You must pay due regard to the interests of customers and treat them fairly
  1. Failing to inform a customer of material information in circumstances where they were aware, or ought to have been aware, of such information and of the fact that they should provide it, including the following:
    1. failing to explain the risks of an investment to a customer;
    2. failing to disclose to a customer details of the charges or surrender penalties of investment products; and
    3. providing inaccurate or inadequate information to a customer about a product or service.
  2. Recommending an investment to a customer, or carrying out a discretionary transaction for a customer, where they do not have reasonable grounds to believe that it is suitable for that customer.
  3. Undertaking, recommending or providing advice on transactions without a reasonable understanding of the risk exposure of the transaction to a customer, including recommending transactions in investments to a customer without a reasonable understanding of the liability (either potential or actual) of that transaction.
  4. Failing to provide adequate control over a client’s assets, including:
    1. failing to segregate a client’s assets; and
    2. failing to process a client’s payments in a timely manner.
  5. Providing a customer with a product which is different to the one applied for by that customer, unless the customer understands the differences and understands the product they have purchased.
  6. Failing to acknowledge, or seek to resolve, mistakes in dealing with customers.
  7. Failing to provide terms and conditions to which a product or service is subject in a way which is clear and easy for the customer to understand.
You must pay due regard to the interests of customers and treat them fairly
  1. Manipulating or attempting to manipulate a benchmark or a market, such as a foreign exchange market.
Specific guidance on individual conduct rules
SC1: You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively.
  1. Failing to take reasonable steps to apportion responsibilities for all areas of the business under the approved person’s control.
  2. Failing to take reasonable steps to apportion responsibilities clearly among those to whom responsibilities have been delegated, which includes establishing confusing or uncertain:
    1. reporting lines; or
    2. authorisation levels; or
    3. job descriptions and responsibilities.
  3. In the case of a manager who is responsible for dealing with the apportionment of responsibilities, failing to take reasonable care to maintain a clear and appropriate apportionment of responsibilities including:
    1. failing to review regularly the responsibilities which have been apportioned; and
    2. failing to act where that review shows that those responsibilities have not been clearly apportioned.
  4. Failing to take reasonable steps to ensure that suitable individuals are responsible for those aspects of the business under the control of senior conduct rules staff member, including the following:
    1. failing to review the competence, knowledge, skills and performance of staff to assess their suitability to fulfil their duties, despite evidence that their performance is unacceptable;
    2. giving undue weight to financial performance when considering the suitability or continuing suitability of an individual for a particular role; and
    3. allowing managerial vacancies which put compliance with the requirements and standards of the regulatory system at risk to remain, without arranging suitable cover for the responsibilities.
SC2: You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system
  1. Failing to take reasonable steps to implement (either personally or through a compliance department or other departments) adequate and appropriate systems of control to comply with the relevant requirements and standards of the regulatory system for the activities of the firm.
  2. Failing to take reasonable steps to monitor (either personally or through a compliance department or other departments) compliance with the relevant requirements and standards of the regulatory system for the activities of the firm in question.
  3. Failing to take reasonable steps to inform themselves adequately about the reason why significant breaches (suspected or actual) of the relevant requirements and standards of the regulatory system for the activities of the firm may have arisen (taking account of the systems and procedures in place). This would include failing to investigate whether systems or procedures may have failed and failing to obtain expert opinion on the adequacy of the systems and procedures where appropriate.
  4. Failing to take reasonable steps to ensure that procedures and systems of control are reviewed and, if appropriate, improved, following the identification of significant breaches (suspected or actual) of the relevant requirements and standards of the regulatory system relating to the activities of the firm, including:
    1. unreasonably failing to implement recommendations for improvements in systems and procedures; and
    2. unreasonably failing to implement recommendations for improvements to systems and procedures in a timely manner.
  5. For a manager with responsibility for overseeing the establishment and maintenance of appropriate systems and controls or the apportionment of responsibilities, any failure to take reasonable care to ensure that those obligations are discharged effectively.
  6. For a proprietary trader, failing to maintain and comply with appropriate systems and controls in relation to that activity.
  7. For a money laundering reporting officer, failing to discharge the responsibilities imposed on them by the firm for oversight of its compliance with the FCA’s rules on systems and controls against money laundering.
  8. For a senior conduct rules staff member who is responsible for the compliance function, failing to ensure that:
    1. the compliance function has the necessary authority, resources, expertise and access to all relevant information; or
    2. a compliance officer is appointed and is responsible for the compliance function and for any reporting as to compliance; or
    3. the persons involved in the compliance functions are not involved in the performance of services or activities they monitor; or
    4. the method of determining the remuneration of the persons involved in the compliance function does not compromise their objectivity; or
    5. the method of determining the remuneration complies, where applicable, with the Remuneration Code or, for a Solvency II firm or a small non-directive insurer, other relevant requirements in relation to remuneration, as well as those remuneration codes applicable to firms as set out in SYSC 19B – 19E.
SC3: You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively
  1. Failing to take reasonable steps to maintain an appropriate level of understanding about an issue or part of the business that the senior conduct rules staff member has delegated to an individual(s) (whether in-house or outside contractors) including:
    1. disregarding an issue or part of the business once it has been delegated;
    2. failing to require adequate reports once the resolution of an issue or management of part of the business has been delegated; and
    3. accepting implausible or unsatisfactory explanations from delegates without testing their accuracy.
  2. Failing to supervise and monitor adequately the individual(s) (whether in-house or outside contractors) to whom responsibility for dealing with an issue or authority for dealing with a part of the business has been delegated including any failure to:
    1. take personal action where progress is unreasonably slow, or where implausible or unsatisfactory explanations are provided; or
    2. review the performance of an outside contractor in connection with the delegated issue or business.
SC4: You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice
  1. Where a senior conduct rules staff member is responsible within the firm (individually or with other senior conduct rules staff members) for reporting matters to the regulator, failing promptly to inform the regulator concerned of information of which they are aware and which it would be reasonable to assume would be of material significance to the regulator concerned, whether in response to questions or otherwise.
Provision of Conduct Rules training

Firms must inform staff that they are subject to the Conduct Rules and take “all reasonable steps” to ensure that staff understand how the Conduct Rules apply to them.  Each firm should provide “suitable training” in order to ensure that staff understand how the Conduct Rules apply to them generally, but also the way in which specific Conduct Rules are relevant to the work individual members of staff perform.  In other words, Conduct Rules training must be tailored to an individual’s role.

For example, individuals who trade in markets should receive training on the specific application of Conduct Rule 5 (“You must observe proper standards of market conduct”).  Similarly, individuals who deal with clients should understand how Conduct Rule 4 (“You must pay due regard to the interests of customers and treat them fairly”) applies to their role.