View more on these topics

Tightening the regulatory noose: FCA forces firms to sign compliance guarantees

The FCA is increasingly requiring senior individuals to put their name to compliance guarantees without making it clear their signature will be used against them in the event of enforcement action.

Lawyers say there has been a significant increase in the use of attestations by the FCA in the past six months and predict enforcement proceedings in the coming months as a result.

An attestation is a written confirmation that a firm is meeting certain regulatory requirements. They can take the form of a Dear CEO letter and are usually required by the chief executive but can also be required of other individuals holding a significant influence function such as directors or compliance officers.

Usually attestations are used following supervisory action at an individual firm level or where wider market concerns have been established after a thematic review. The aim is to ensure senior individuals can be held accountable if the problems arise again.

“Most firms I speak to have had a request for an attestation in the last six months,” says Pinsent Masons senior associate Michael Ruck. “It’s a genius idea – the regulator asks the chief executive to sign a piece of paper saying everything is fine and then six months down the line, if something goes wrong, they can put that back in front of them and ask why they told an untruth.”

He says: “In recent months, the FCA has requested attestations from asset managers on front-office systems systems and insurers on systems and controls.”

Attestations are part of the FCA’s tougher regime for individuals and are designed to hold senior managers to account.

But experts have raised concerns the regulator is not being transparent in its strategy and individuals are signing attestations without realising the consequences for future enforcement action.

Lack of transparency

In May, minutes of the FCA’s March board meeting revealed the regulator’s independent practitioner panel and smaller business panel had
expressed concerns about the use
of attestations.

The minutes showed FCA director of supervision Clive Adamson said the FCA intended to communicate the purpose of attestations more clearly and ensure their use is consistent.

Ruck says: “The FCA does not want the industry to know when it is going to use attestations or why it is going to use them. It is very odd and does not balance with the idea of being transparent and open.”

DWF Fishburns partner Richard Tall says: “An individual asked to provide an attestation may not actually be aware they are being asked for one. 

A significant influence function asked to provide a confirmation of any nature by the FCA should take proper professional advice and ensure they understand the nature of the obligation being imposed upon them.”

Other experts argue attestations are not clearly worded and what is being asked of individuals may be impossible to attest to.

King & Wood Mallesons SJ Berwin partner Tim Dolan says while attestations focus the attention of senior individuals on a particular area of the business, whether they are a positive development depends on what exactly the individual is being asked to sign.

“In some cases, it is impossible for an individual to attest to a certain area of their business being compliant,” he says. “There may be a number of individuals with responsibility for that area and often attestations are requested for complex areas where obligations are not very clear.”

Norton Rose Fulbright partner Peter Snowdon says: “It is not always clear to people the significance of what they are signing. Individuals need to be aware this is something the regulator may pull out in a year’s time.”

He says attestations are also “not as clearly drafted as they could be” in some cases.

“Often they are not drafted by lawyers, so the regulator does not realise what it is asking individuals to sign up to is almost impossible to meet, and neither does the individual,” Snowdon says. 

“In a large business, there will sometimes be mistakes and individuals need to be aware that would mean breaching the attestation.”

Audit trail

So what should firms do if asked to provide an attestation?

Experts say attestations are generally used for large and medium-sized businesses but are also being issued against some small firms and advisers.

Dolan says: “An individual signing an attestation needs to have a paper trail to demonstrate why they concluded the business was compliant.

“I have seen firms using an external compliance company to help them make that assessment. Certainly, to simply sign one without doing a considerable amount of work would not be sensible.”

Snowdon says individuals must “think carefully” before signing an attestation.

“If you are at the top of the pyramid, you have to look at the staff below you,” he says. “In some inst-ances, chief executives will ask the managers below them to sign an internal attestation to say their department is compliant to ensure they have a robust audit trail.”

Experts say it is still relatively early days in the FCA’s use of this tool and therefore it remains to be seen what action will be taken in the event of an attestation being breached.

But Consulting Consortium client services director Ian Stott says a breached attestation will provide the FCA with evidence against an individual or firm and make enforcement action more likely.

He says: “If an individual is found not to be doing something they have attested to, then they have failed the fit and proper person test.”

Ruck adds: “We will see a final notice or some form of enforcement action in the next six to 12 months off the back of an attestation that has been proved to be incorrect.   

An FCA spokeswoman says: “Att-estations are a way of focusing minds and an important tool as we hold those who make decisions personally accountable.

“We ask for the responsible person in a particular business area to sign an attestation, which will usually be a senior executive, often an approved person. 

“We always aim to be clear with firms when we use an attestation so they understand what is expected of them.”

Expert view


The increasing use of attestations brings increased accountability for senior management, but it also has the potential to impact the industry negatively as firms risk losing key people who want to avoid putting their necks on the line.

The FCA’s primary aim is to focus the minds of senior individuals and boards of firms on compliance matters the regulator considers to be important. The FCA has long been frustrated by the distance it perceives boards have from grass roots compliance.

The lack of clarity around the meaning of attestations has led many to underestimate their importance. If the attestation is contravened, the consequences for the firm and the individual can be severe. An attestation, if not abided by, will provide the FCA with evidence against an individual or firm and make it easier to take enforcement action against them.

If you are asked to provide an attestation, you should:

  • Ensure you are the most appropriate person to be giving the attestation – it is very risky to attest to something you do not fully understand or do not have the authority to ensure has been carried out
  • Check what is required – ensure that obligations are clear and achievable in the relevant timescale
  • Implement adequate policies and processes to ensure all involved understand their obligations
  • Confirm what supporting information and evidence is to be provided to the FCA by way of corroboration – incomplete or inconsistent evidence will raise red flags
  • Establish access boundaries – ensure that you have access to all the documentation and material required to discharge your obligations

Ian Stott is client services director at the Consulting Consortium

Adviser views

Craig Palfrey Penguin 700 by 450
Penguin certified financial planner Craig Palfrey

Craig Palfrey, certified financial planner, Penguin Wealth

“Accountability is hugely important in all businesses, and someone has to take responsibility for having the right controls and systems in place. No-one should sign anything without reading it properly first and understanding the implications. But it’s a shame that regulators do not apply the same mentality to financial advice – it amazes me that a consumer can sign documents to say they knew the risks and yet still win a complaint.”


Pete Matthew, managing director, Jacksons Wealth Management

“I’m happy enough with the principle of this, particularly for larger firms which pose greater systemic risk. But it would be heavy handed for smaller firms and it appears the regulator is giving people a rope to hang themselves with. Just as we have to make it absolutely clear to a client what they are signing, one would hope the FCA is being transparent and clear with individuals on attestations.”


News and expert analysis straight to your inbox

Sign up


There are 11 comments at the moment, we would love to hear your opinion too.

  1. Much as I get the need for this type of accountability (one should know their business’s procedures are compliant with current regulations and managers should not trust what they are told by the people beneath them), I predict a log-jam for business with providers, as boxes are ticked not once but twice and three times.

    Maybe small is beautiful and easier to manage from a compliance perspective after all?!

  2. Derek Bradley ceo Panacea Adviser 4th July 2014 at 10:38 am

    And some advisers still do not see a lack of long-stop being an issue. This is the first of many more steps to remove the protection of limited liability too. Advisers should be very afraid indeed.

  3. Julian Stevens 4th July 2014 at 10:41 am

    And, of course, we all know that FCA guidance is subject to variable interpretation at some unknown future date, on which basis signing an attestation is effectively binding yourself to meet a set of criteria that the regulator reserves the right to change.

    Thus, senior executives may well find themselves in a position where their choice will be either to sign the attestation or seek alternative employment.

  4. I would be happy to sign as long as the requirements where specific. The regulator for once also agrees to lead by example and gain the same agreements for all its senior positions.

    I wonder how Arch and Keydata would have been handled if such a document had been signed at that time by senior FSA staff?

    I would also question a fact that you can document as much as you want, check as much as you want and still have a problem. Unfortunately it has been proven time and time again that those with no ethics will always find away around the most robust systems and checks. They eventually are found out, but if you have signed a attestation where would this leave senior management, I would suggest and easy target.

  5. It seems to me that attestations are an ill-thought through concept from the FCA’s perspective. Approved persons are already accountable because the rules and FSMA make them so. This is the basis on which the FCA can hold someone to account and fine or ban.

    The legal status of attestation letters is far less clear. It looks like the equivalent of agreeing to something you have already agreed to. Asking a citizen to sign a statement saying they won’t break the law doesn’t stand for much when they do. What does it add?

    There are problems with attestation letters that will no doubt be tested by lawyers in due course. Here are some:

    1. How long are they valid and/or meaningful? What was true today may not be tomorrow for perfectly valid reasons.

    2. Personnel change or move on, particularly in large firms. When Santander were fined the FCA made it clear that individuals could not be held to account specifically for this reason – the Final Notice makes interesting reading in this respect.

    3. It is highly doubtful that strict liability can be created by signing the letter, approved persons must comply with APER rules and reasonableness will always be a factor.

    4. If push came to shove it wouldn’t be too difficult to argue that the letter was signed under some form of duress. Who wouldn’t sign when your business depends on it and the regulator is issuing statements like “be afraid…”. Any other firm specific pressure to sign will only make it worse.

    There must be more but I don’t have time to think it through in full. Good work for lawyers.

  6. Julian Stevens 4th July 2014 at 12:06 pm

    It’ll make it easier for the FCA to identify which person to tar and feather when it finds something it doesn’t like about a firm’s practices, processes, procedures, culture, record keeping or just about anything else with which it fancies finding fault.

  7. Great idea. The FCA has stated on many occasions the reason for no action against senior people was that they could not identify who was actually personally responsible. It was a board thing etc etc. Well this should put an end to that. They can now hold individuals to account in exactly the same way as they can advisers. About flaming time too. I just hope those who sign cannot escape any liability if they have moved to a different job or career when the preverbal hits the fan on issues that happened when they were at the guilty company years before. Until there is a long-stop reinstated for all, these people of influence too should carry that liability to the grave.

  8. Attestations are used to ensure appropriate action will be taken by a firm with someone accountable for the action – essentailly someonce committting to oversee the fix to an identified problem.

    I dont understand the issue some of the above commentators are raising? Rather than making an emtpy promise that an issue will be resolved and doing nothing about it – someone will now be formally accountable for its mitigation – Surely a good thing??

    Attestation avoids the option of hiding behind committies and boards and holds someone personally to account. Next time you hear of a bank being fined for massive failings but no-one loosing thier jobs, remember this.

  9. @Julian
    I appreciate your point but given nearly all are required to be signed by the CEO and/or Compliance Officer it doesn’t narrow it down much.

    As for unintended consequences I would suggest there are a few too.

    First (and I have seen this happen), people required to sign these perceive that there is an increased personal risk. Whether true or not the evidence is palpable and they ask for more money and get it. Costs go up, pay gap widens, clients pay.

    Second, firms and their senior staff that are genuinely trying to do the right thing get spooked and wonder why they bother when they get indiscriminately fried with everyone else. Respect and willingness to engage with the regulator decreases.

    Third, there is an insidious element to the letters that belies the attempts of the regulator to claim openness and transparency.

    Fourth, the people who don’t care whether they do it right or wrong still don’t. Signing a letter isn’t going to change them. If anything, their willingness to sign is a demonstration of their ‘integrity’ and possibly reduces regulatory interest.

    Fifth, if it’s good enough for firms then it must be good enough for regulators of those firms (who must surely represent the exemplar standard). How many senior FCA staff have signed similar? Respect for the regulator increased or decreased?

  10. Makes you wonder if Sants had signed an attestation, and that’s the reason he jumped ship from Barclays ? you would have thought with him being head of compliance and regulation he would have had some kind of major responsibility ?

  11. Julian Stevens 7th July 2014 at 10:06 am

    When he appeared before the TSC back in March 2011, Hector Sants was asked repeatedly by Andrew Tyrie specifically to identify those whose dereliction of regulatory duty (or perhaps just plain incompetence) had in large measure allowed the banking crisis to come about. But he repeatedly stonewalled, ascribing it merely to a “collective” and “cultural” failure within the FSA and, as usual, Tyrie was completely powerless to do anything about such a manifest failure on the part of Sants to deal with the Committee “in an open and cooperative manner”. How can such a state of affairs be remotely satisfactory?

    Wind forward three years and we now see the FCA insisting that individuals within the firms it regulates must, by way of signing guarantees of 100% compliance, take personal responsibility for failings that haven’t even yet been identified.

    Will Clive Adamson be subject to any sort of sanctions for his not just one but TWO gaffes? So far, seemingly not. Are such bungles within its own ranks deemed acceptable by the FCA, just another of those s**t happens things? All the FCA has said is that it intends to delay putting off its decision on how it intends to divvy up its OPM bonus pot until completion of Clifford Chance’s already hugely expensive investigation into Adamson gaffe No. 2. Should Adamson be awarded a share of this bonus pot, the very existence of which is highly questionable, it really will expose the FCA as a quango with neither shame, conscience or integrity.

Leave a comment


Why register with Money Marketing ?

Providing trusted insight for professional advisers.  Since 1985 Money Marketing has helped promote and analyse the financial adviser community in the UK and continues to be the trusted industry brand for independent insight and advice.

News & analysis delivered directly to your inbox
Register today to receive our range of news alerts including daily and weekly briefings

Money Marketing Events
Be the first to hear about our industry leading conferences, awards, roundtables and more.

Research and insight
Take part in and see the results of Money Marketing's flagship investigations into industry trends.

Have your say
Only registered users can post comments. As the voice of the adviser community, our content generates robust debate. Sign up today and make your voice heard.

Register now

Having problems?

Contact us on +44 (0)20 7292 3712

Lines are open Monday to Friday 9:00am -5.00pm