Conduct Rules 4

Your guide to the conduct rules – Part 4

Individual Conduct Rule 2 (“You must act with due skill, care and diligence”)

In contrast to individual conduct rule 1 (“You must act with integrity”), the scope of individual conduct rule 2 (“You must act with due skill, care and diligence”) extends beyond conduct that is just (essentially) dishonest.  It includes conduct what would commonly be regarded as being “negligent” (in other words, involving a failure to take reasonable care).  In this sense, it is wider in scope than individual conduct rule 1.

What does it mean to act (or fail to act) with “due skill, care and diligence”?

Underpinning the rule is the expectation that all conduct rules staff will comply with a standard that is objectively reasonable in the circumstances.  However, in its practical application, the phrase means different things in different situations.  In particular, it will depend on the seniority of the staff member involved – the expectation being higher the more senior the individual is.

All staff members

All conduct rules staff – irrespective of their seniority – would potentially be in breach of individual conduct rule 2 if they:

  1. failed to provide information (particularly in circumstances where the individual was aware, or ought to have been aware, of such information, and of the fact that they should provide it),[1]
  2. recommended transactions without a reasonable understanding of the risks to the customer (or the firm) or without having reasonable grounds as to suitability,[2]
  3. failed to exercise adequate control over client assets, or
  4. continued to perform a function have failed to meet relevant standards of knowledge and skill.[3]


Unsurprisingly, the bar is set higher for managers than it is for ‘normal’ conduct rules staff.  Managers must understand the risks faced by the areas of the business for which they have responsibility (particularly where profits are unusually large or volatile).[4] By logical extension, new potential risks facing a business must be understood BEFORE any approval is taken to expand into new areas.[5] Of course, a manager is entitled to rely on their team in discharging their regulatory responsibilities.  However, they must be satisfied that the team have the requisite expertise.  If not, the manager should consider bringing in outside help.[6]

With this background in mind, examples of the type of conduct that might result in a manager being in breach of individual conduct rule 2 include:

  1. failing to take reasonable steps to ensure that the business of the firm for which the manager has responsibility (a) is controlled effectively, (b) complies with the relevant requirements and standards of the regulatory system, and (c) is conducted in such a way to ensure that any delegation of responsibilities is to an appropriate person and is overseen effectively;[7]
  2. failing to take reasonable steps to adequately inform themselves about the affairs of the business for which they are responsible, or
  3. failing to take reasonable steps to maintain an appropriate level of understanding about an issue or part of the business for which the manager has delegated responsibility (whether inhouse or to outside contractors).[8]

Board members

Board members obviously perform a different function to other members of staff.  Examples of the type of conduct that might result in a board member being in breach of individual conduct rule 2 include:

  1. failing to participate in meetings,
  2. failing to prepare or read papers or other submissions, and
  3. failing to report to the board.[9]

As the most senior executive director on the board – responsible for setting an example to the firm’s employees – it is worth touching upon the role of the CEO.  As we will see below, given the crucial role of the CEO, the standard required of a CEO under individual conduct rule 2 is MORE EXACTING than for other employees.

Individual conduct rule 2 in action

A recent example of a breach of individual conduct rule 2 relates to Jes Staley, who was Chief Executive Officer (and SMF 1) of Barclays Bank PLC.  On 11 May 2018, Mr Stalely was fined £321,200 (inclusive of 30% discount) on account of the way in which he acted in response to an anonymous letter that had Barclays received in June 2016 from a shareholder raising concerns about a particular employee (“Employee A”), his hiring process and Mr Staley’s role in dealing with those concerns at a previous employer.[10]

Mr Staley considered that the letter fell outside of the firm’s Whistleblowing Policy as its author did not purport to be a group employee.  He disclosed the letter to two individuals outside of the Barclays group.  Mr Staley also instructed Barclays Group Security to try to identify the letter’s author.

Subsequently, on 29 June 2016, Mr Staley was told that Group Compliance might be treating the letter as a whistleblow, and was advised by senior colleagues (including from Group Compliance) not to attempt to identify its author. He accepted this advice and told Group Security to cease its efforts to identify the author of the letter.

Following a request from Mr Staley for an update, on 8 July 2016, Group Compliance told Mr Staley that the allegations about the recruitment process appeared to be unsubstantiated and that Group Compliance expected to conclude its investigation shortly. Mr Staley mistakenly understood this to mean the letter was no longer being treated as a whistleblow. However, he failed to confirm this expressly with Group Compliance, and also failed to inform Group Compliance that he intended to resume steps to try to identify the letter’s author (which he subsequently did).

On the basis of these facts, the FCA concluded that Mr Staley had failed to act with due skill, care and diligence as required by individual conduct rule 2.  Specifically, the FCA found that Mr Staley was the subject of (and a key witness in relation to) aspects of the complaint made within the letter.  As CEO exercising due skill, care and diligence, he ought to have identified that he had a conflict of interest and should have taken particular care to maintain an appropriate distance from the investigation.  Instead, the FCA found that Mr Stalely allowed his own interest in the complaint to override his objectivity.  In particular, by disclosing the letter outside of the Barclays group and by involving himself in the ensuing investigation, Mr Staley risked compromising the independence of Group Compliance’s investigation process.

Moreover, from 29 June 2016, Mr Staley was on notice that the letter was being treated by Barclays as a potential whistleblow. As such, he ought to have recognised that he needed to consult explicitly with those in Barclays who had primary responsibility for whistleblowing. He did not do so. In particular, he:

  • failed to obtain express confirmation that the letter was not a whistleblow and that it was permissible for steps to be taken to identify its author,
  • failed to inform Group Compliance  that he intended to attempt to identify the letter’s author, and
  • instead relied on his own misunderstanding of the 8 July 2016 discussion, without making any formal record of the discussion and his reasons for reinstructing Group Security to try to identify the letter’s author.

Given the conflict of interest and his lack of objectivity, the FCA concluded that Mr Staley acted unreasonably in proceeding in this way.

More generally, the FCA felt that Mr Staley’s actions risked compromising the effectiveness and reputation of the UK whistleblowing regime – something which the FCA regards as “an important resource by which the financial services industry and regulators can identify poor behaviours”.

[1] COCON 4.1.3G

[2] COCON 4.1.3G

[3] COCON 4.1.3G

[4] COCON 4.1.6G

[5] COCON 4.1.5G

[6] COCON 4.1.7

[7] COCON 4.1.8G

[8] COCON 4.1.8G

[9] COCON 4.1.8AG