A new frontier in the boundary between professional and private life – solicitors’ undertakings
Attestations are used by the FCA to obtain “a personal commitment from an approved person at a regulated firm that specific action has been taken or will be taken”. The FCA state that this is to show action is being taken “where we would like to see change within firms, often without ongoing regulatory involvement.” The use of attestations also accords with the FCA’s more general ambition to make individuals, and in particular senior management, directly accountable for decisions made on behalf of a firm.
The legal status of an attestation is unclear - it is not legislated for in statute and neither the Financial Service and Markets Act 2000 (FSMA) nor the Financial Services Act 2012 give the FCA the right to require senior managers to attest. The clearest indication from the FCA of their policy concerning attestations including their purpose, when and how they should be used is set out in a letter dated 22 August 2014 from the Head of Supervision at the FCA (the Supervision Letter). That letter describes attestations as a formal supervisory tool and provides a summary of the FCA’s approach to using attestations and the steps they are taking to ensure they are used consistently and clearly.
The use of attestations is not limited to a particular aspect of the FCA’s role but is increasingly used in a variety of scenarios, such as a consequence of a regulatory visit, as a result of a thematic review or as part of (or instead of) formal enforcement action. There is no formal guidance on who could or should provide an attestation – it could be a range of functions from compliance officers, money laundering reporting officers (MLROs) or any other senior individuals.
The common scenarios in which the FCA may use attestations are set out in the FCA website and the Supervision Letter. The first two are forward-looking but confined to more benign risks (i.e., situations which are unlikely to result in material harm to consumers or impact on market integrity) whereas the last two are backward-looking (i.e., where a risk has been identified and the purpose is to remedy or mitigate that risk).
It will often be in both the regulator’s and the firm’s interests to resolve relatively minor breaches or risk issues without requiring any formal regulatory process and attestations may be a way to achieve this pragmatically; however, it will leave the individual who is signing the attestation vulnerable to later criticism and/or regulatory action should anything go wrong.
Signing an attestation will make an individual vulnerable to regulatory action should there be any problems or breach in the undertaking given. In the Supervision Letter, reference is made to Statement 4 of the Principles for Approved Persons i.e., the requirement for an approved person to be open and co-operative with the regulator and that a failure to notify “could result in action being taken as required and appropriate”. Therefore if circumstances change or an event occurs that means that a self-certification is no longer correct or a notification is triggered and the individual fails to report this to the regulator, this could lead to enforcement action. Although not referred to in the Supervision Letter, it appears likely that an allegation that an individual signed an attestation knowing or believing it to be false could result in enforcement action for breach of Statement 1 of the Principles (to act with integrity) and/or a s177 FSMA offence of providing false, misleading or reckless information to the regulator.
When and if the Principles for Approved Persons are replaced by the Senior Persons Regime in the banking sector, the reverse burden would mean a senior manager would have to prove that they took “all reasonable steps” to prevent the breach.
According to the Supervision Letter, depending on the attestation being required, the FCA will “usually ask for attestations to be given by the most relevant significant influence function holder”, although they are likely to leave the firm to identify who this should be. In practice there could be a number of individuals who potentially could sign an attestation.
Inevitably there is likely to be pressure from the firm for an individual to sign an attestation as the alternative may be some form of regulatory intervention, such as a skilled persons review under s166. However, individuals will need to understand that an attestation is a personal commitment with potentially serious consequences for them which mean their interests may not be aligned with that of the firm. They should consider seeking independent advice before signing. Steps to mitigate the risks may include:
The Supervision Letter sets out the FCA’s next steps to ensure increased consistency in its approach:
The FCA intends to publish information on a quarterly basis on how often it requests attestations. The first set of data sets out the number of attestations requested during 2014 by sector and conduct classification.
The conduct categories relate to the FCA’s assignment of every firm or group to one of four categories of conduct supervision: C1, C2, C3 and C4. These broadly reflect a firm’s size and retail customer numbers or wholesale presence, and the corresponding level of risk the firm potentially poses to the FCA’s objectives. Each category is subject to a different level of supervision.
For the data gathered so far, 59 attestations have been requested from Q4 2013/14 to Q3 2014/15. The number of requests per quarter have more than doubled during that period with the majority of requests in the C2 category (34 out of 59) and the sector with the most requests being Wholesale & Investment Management (21 out of 59).
It is early days in the monitoring of the use of attestations, but it is likely that in time we will see enforcement action against individuals directly related to these personal undertakings. Individuals should approach signing an attestation with caution and only sign when they are confident that they understand the commitment that they are giving, that it can be complied with and that any risks associated with them are mitigated.
Skip to content Home About Us Insights Services Contact Accessibility