Scenario: Breach of KYC Requirements

In order to be considered in-scope for the purposes of the Conduct Rules, the conduct in question must relate to the regulated or unregulated “financial activities” of the firm.

Under COCON 3.1.3G, a person will only be in breach of a Conduct Rule where they are personally culpable.  In other words, the person’s conduct must have been:

1. Deliberate, or
2. Below the standard of conduct that would be reasonable in all of the circumstances.

Pursuant to COCON 3.1.2G, in assessing whether a breach of the Conduct Rules has occurred, the FCA will have regard to the context in which a course of conduct was undertaken, including:

1. The precise circumstances of the individual case,
2. The characteristics of the particular function performed by the individual in question, and
3. The behaviour expected of that function.

The FCA will also take into account whether the conduct in question (a) relates to activities that are subject to other provisions of the FCA Handbook, or (b) is consistent with the requirements and standards of the regulatory system (as far as it applies to the firm).

Pursuant to COCON 3.1.5G and 3.1.6G, in determining whether a breach of the Senior Manager Conduct Rules has occurred, the FCA will take into account:

1. Whether the Senior Manager exercised reasonable care when considering the information available to them,
2. Whether the Senior Manager reached a reasonable conclusion upon which to act,
3. The nature, scale and complexity of the firm’s business (the smaller and less complex the business, the less detailed and extensive the systems of control in place need to be – and vice versa),
4. The role and responsibility of the Senior Manager as determined by reference to his/her Statement of Responsibilities, and
5. The knowledge which the Senior Manager had, or should have had, of regulatory concerns (if any) relating to their role and responsibilities.

In terms of the territorial application of the Conduct Rules, in general the Conduct Rules only apply to ‘UK activity’.  More specifically, the Conduct Rules apply to:

1. Conduct performed from an establishment maintained in the UK by a firm which is subject to the SM&CR, or
2. Conduct which involves dealing with a UK-based client of a UK firm which is subject to the SM&CR from an establishment overseas.

However, the Conduct Rules apply to the conduct of the following individuals wherever it is performed:

1. A Senior Manager, or
2. An employee of an SM&CR firm who performs the function of a Senior Manager, or
3. A non-executive director, or
4. A Certification Employee who performs Certification Function (6) (“Material Risk Taker”).

Ultimately, the firm will have to notify the FCA of any breach of the Conduct Rules.  Normally, breaches of the Conduct Rules by non-Senior Managers must be notified to the FCA annually in October using Form H (also known as “REP008 – Notification of Disciplinary Action”).  However, the following types of breaches must be reported to the FCA “immediately”:

1. Any “significant” breach of a Conduct Rule (SUP 15.1.7G(1) and SUP 15.3.11R(1)(a)), or
2. Any matter that could have a significant adverse effect on the firm’s reputation (SUP 15.3.1R(3)), or
3. The occurrence of any fraud with respect to any member of staff (SUP 15.2.17R).

The FCA must be notified of any breach of the Conduct Rules by a Senior Manager within 7 days, pursuant to SUP 10C Annex 2G.

Adrian is not a Senior Manager or a Certification Employee.  However, neither is he “Ancillary Staff”.  On that basis, Adrian is still subject to the Conduct Rules.

Individual Conduct Rule 1 requires that individuals ‘act with integrity’.  The suggestion is that Adrian was not dishonest (at least not initially) in approving KYC checks on Premier Client Ltd.  Nonetheless, ‘integrity’ also requires individuals to have strong moral principles – something which Adrian seemed to lack in agreeing to Bill’s request to ‘pass’ KYC checks on Premier Client Ltd without the necessary documentation being in place.

The FCA provides a non-exhaustive list of examples of conduct that would constitute a breach of Individual Conduct Rule 1.  Among these are:

1. Falsifying documents,
2. Providing false or inaccurate documentation or information,
3. Failing to inform the firm for whom the person works of the fact that their understanding of a material issue is incorrect, despite being aware of their misunderstanding, and
4. Preparing inaccurate or inappropriate records or returns.

The suggestion is that Adrian did not inform Sarah of the fact that he approved the KYC checks on Premier Client Ltd.  This is indicative of a lack on honesty.  On this basis, it seems more likely than not that Adrian would be considered to have breached Individual Conduct Rule 1.

Individual Conduct Rule 2 requires individuals to ‘act with due skill, care and diligence’.  Among the list of examples provided by the FCA of conduct that would constitute a breach of Individual Conduct Rule 2 is ‘failing to inform the employer of material information in circumstances where the relevant individual was aware, or ought to be aware, of such information and of the fact that they should provide it’.

Adrian should not have approved KYC checks on Premier Client Ltd without all of the requisite documentation being in place.  It was not sufficient that Adrian simply tried to contact Sarah.  He should also have attempted to speak to other members of the KYC team or, alternatively, escalated the matter to another Senior Manager and to the Compliance Department.

Having approved Premier Client Ltd, Adrian made matters worse by not escalating the matter so that it could be resolved in a timely manner.  The fact that Adrian tried to get hold of Sarah suggests that he knew that Bill’s request went against policy.  On that basis, we can conclude that either he knew, or at the very least that he ought to have known, that Premier Client Ltd should not have been approved for KYC purposes.  In turn, we can conclude that Adrian has probably breached Individual Conduct Rule 2.

Individual Conduct Rule 5 requires individuals to ‘observe proper standards of market conduct’.  In this context, “market” is not restricted simply to standards in relation to “regulated markets”.  It is undeniable that ‘normal market standards’ require firms to complete proper KYC checks.  On this basis, it is arguable that Adrian has also breached Individual Conduct Rule 5.

Bill is not a Senior Manager.  However, he is a Certification Employee.  As such, he is subject to the same set of Conduct Rules as Adrian.

In essence, the analysis of Bill’s liability for breach of the Conduct Rules is the same as that for Adrian.  Whilst Bill did not actually approve the KYC checks for Premier Client Ltd in breach of relevant requirements, he put pressure on Adrian to do so.  In doing so, he displayed a disregard for relevant regulation.  This must call into question his integrity (Individual Conduct Rule 1), his appreciation of the need to act with due skill, care and diligence (Individual Conduct Rule 2) and his respect for proper standards of market conduct (Individual Conduct Rule 5).

The fact that Bill is a senior member of staff (and a Certification Employee) suggest a level of experience.  Put simply, Bill should have ‘known better’ and, if he did not, it must surely call into question his competence.  If anything, this is likely to be looked at as an aggravating factor.  In the circumstances, it would be difficult to reach any other conclusion except that Bill has breached the above Conduct Rules.

As a Senior Manager, Sarah is subject to the full set of Conduct Rules.

There is no suggestion that Sarah has shown a lack of integrity. As such, Individual Conduct Rule 1 should not be a consideration with respect to Sarah.

Individual Conduct Rule 2 does apply to Sarah in her capacity as a manager.  The FCA provides a non-exhaustive list of examples of conduct that would constitute a breach of Individual Conduct Rule 2.  These include:

1. Failing to take reasonable steps to ensure that he business of the firm for which the manager has responsibility is controlled effectively,
2. Failing to take reasonable steps to ensure that he business of the firm for which the manager has responsibility complies with regulatory requirements, and
3. Failing to take reasonable steps to ensure that the business of the firm for which the manager has responsibility is conducted in such a way to ensure that any delegation of responsibilities is to an appropriate person and is overseen effectively.

As we can see, in this context, there is a significant degree of overlap between Individual Conduct Rule 2 (insofar as it relates to managers) and:

1. Senior Manager Conduct Rule 1 – which requires Senior Managers to ‘take reasonable steps to ensure that the business of the firm for which they are responsible is controlled effectively’,
2. Senior Manager Conduct Rule 2 – which requires Senior Managers to ‘take reasonable steps to ensure that the business of the firm for which they are responsible complies with the relevant requirements and standards of the regulatory system’, and
3. Senior Manager Conduct Rule 3 – which requires Senior Managers to ‘take reasonable steps to ensure that any delegation of responsibilities is to an appropriate person and that the Senior Manager oversees the discharge of the delegated responsibility effectively’.

The overlap between these various Conduct Rules is such that we can consider all together.

There is some suggestion that Adrian may have had insufficient training and/or support to effectively manage the issue that arose with respect to Bill’s request to onboard Premier Client Ltd.  If this turns out to be the case, this is the area where liability is most likely to attach to Sarah.  However, bear in mind that Sarah is under an obligation to take “reasonable steps”.  She is not liable for all breaches, irrespective of the way in which they occur.  Either way, on the facts of the scenario provided, there is insufficient information to conclude definitively whether or not Sarah has breached any of these Conduct Rules.

We can conclude that, in the case of Adrian and Bill, it seems likely that their conduct was deliberate or (at least) fell below the standards that could reasonably be expected.  As such, they can be regarded as “personally culpable” – a requirement for liability under the Conduct Rules.

Under normal circumstances, Top Wealth Advisors Ltd would have to notify the FCA of any breach of the Conduct Rules by someone in Adrian or Bill’s position annually in October using Form H (also known as “REP008 – Notification of Disciplinary Action”).  However, the following types of breaches must be reported to the FCA “immediately”:

1. Any “significant” breach of a Conduct Rule (SUP 15.1.7G(1) and SUP 15.3.11R(1)(a)), or
2. Any matter that could have a significant adverse effect on the firm’s reputation (SUP 15.3.1R(3)), or
3. The occurrence of any fraud with respect to any member of staff (SUP 15.2.17R).

Given the nature of the breach (a failure to conduct proper KYC checks), the better view would be that the FCA should be notified about the matter immediately.

Consideration should also be given to whether Adrian, Bill and Sarah remain fit and proper to perform their role.  Whilst an in-depth discussion of fit and proper testing is beyond the scope of this document, fit and proper assessments rest on three ‘pillars’:

1. Honesty, integrity and reputation,
2. Competence and capability, and
3. Financial soundness.

In the case of Adrian, any fit and proper assessment is likely to focus on the first ‘pillar’ (honesty, integrity and reputation) and the second ‘pillar’ (competence and capability).  A mitigating factor in Adrian’s defence will be the fact that he is a junior member of the team.

Any fit and proper assessment relating to Bill would seem more likely to focus more on ‘pillar 1’ only (honesty, integrity and reputation).  It would likely look at Bill’s ‘disregard for the rules’.

Any fit and proper assessment relating to Sarah would likely focus on ‘pillar 2’ (competence and capability) – with focus on the controls that were in place to ensure that the business for which she is responsible continued to operate smoothly and in compliance with regulation, even in her absence.