If there has been a breach under the Conduct Rules, the FCA has set out specific expectations under SMCR and more broadly in its Code of Conduct, on what it expects to happen next. This varies depending on the role of the person involved in the brach, and its severity.
Notifying the FCA
Firms must notify the FCA of any breach of the Conduct Rules which leads to disciplinary action being taken against the individual[1]. This remains the case even if the individual has appealed, or plans to appeal, against the disciplinary action (although in these circumstances, the firm should note the existence of the appeal and update the FCA on the outcome of the appeal)[2]. The FCA regards “disciplinary action” as being:
- the issuing of a formal written warning,
- the suspension or dismissal of the individual, or
- the reduction or recovery of any of the individual’s remuneration.[3]
Breaches of the Conduct Rules by Senior Managers must be notified to the FCA within 7 days.[4] Breaches of the Conduct Rules by certification staff or conduct rules staff must be notified to the FCA annually in October using Form H (also known as “REP008 – Notification of Disciplinary Action”). However, if the breach is “serious”, it must be reported immediately[5]. If a firm has no notifications to be made to the FCA, it should lodge a ‘nil return’.[6]
[1] FSMA 2000 S64C, SUP 15.3.11R and SUP 15.11.6R
[2] SUP 15.11.9G
[3] SUP 15.11.5G
[4] SUP 10C, Annex 2G
[5] SUP 15.11.13R to SUP 15.11.15R
[6] SUP 15.11.13R(5)
Other notification requirements
Principle 11
Of course, firms are also subject to more general notification requirements. Principle 11 requires a firm to deal with its regulators in an open and cooperative way and to disclose to the FCA appropriately anything relating to the firm of which the FCA would reasonably expect notice. Principle 11 applies to unregulated activities as well as regulated activities and takes into account the activities of other members of a group.
In addition, firms are required to notify the FCA of anything that has occurred, or may occur in the foreseeable future that could:
- have a significant adverse effect on the firm’s reputation, or
- result in “serious detriment” to a customer of the firm, or
- result in serious financial consequences to the UK financial system or to other firms.[1]
[1] SUP 15.2.1R
Significant breaches
Firms are also under a general obligation to notify the FCA of “significant” breaches of the Conduct Rules under SUP 15.3.11R[1] “immediately it becomes aware or has information which reasonably suggests” that a breach has (or may have) occurred.[2]
What is ‘significant’ will depend on:
- potential financial losses to customers or to the firm;
- frequency of the breach,
- implications for the firm’s systems and controls; and
- if there were delays in identifying or rectifying the breach.
The notification obligations under SUP 15.3 also cover other circumstances which could overlap Conduct Rule breaches, such as employee fraud.[3]
[1] SUP 15.3.11R(1)(a)
[2] SUP 15.2.11R(2)
[3] SUP 15.3.17