The FCA is increasingly requiring senior individuals to put their name to compliance guarantees without making it clear their signature will be used against them in the event of enforcement action.
Lawyers say there has been a significant increase in the use of attestations by the FCA in the past six months and predict enforcement proceedings in the coming months as a result.
An attestation is a written confirmation that a firm is meeting certain regulatory requirements. They can take the form of a Dear CEO letter and are usually required by the chief executive but can also be required of other individuals holding a significant influence function such as directors or compliance officers.
Usually attestations are used following supervisory action at an individual firm level or where wider market concerns have been established after a thematic review. The aim is to ensure senior individuals can be held accountable if the problems arise again.
“Most firms I speak to have had a request for an attestation in the last six months,” says Pinsent Masons senior associate Michael Ruck. “It’s a genius idea – the regulator asks the chief executive to sign a piece of paper saying everything is fine and then six months down the line, if something goes wrong, they can put that back in front of them and ask why they told an untruth.”
He says: “In recent months, the FCA has requested attestations from asset managers on front-office systems systems and insurers on systems and controls.”
Attestations are part of the FCA’s tougher regime for individuals and are designed to hold senior managers to account.
But experts have raised concerns the regulator is not being transparent in its strategy and individuals are signing attestations without realising the consequences for future enforcement action.
Lack of transparency
In May, minutes of the FCA’s March board meeting revealed the regulator’s independent practitioner panel and smaller business panel had
expressed concerns about the use
The minutes showed FCA director of supervision Clive Adamson said the FCA intended to communicate the purpose of attestations more clearly and ensure their use is consistent.
Ruck says: “The FCA does not want the industry to know when it is going to use attestations or why it is going to use them. It is very odd and does not balance with the idea of being transparent and open.”
DWF Fishburns partner Richard Tall says: “An individual asked to provide an attestation may not actually be aware they are being asked for one.
A significant influence function asked to provide a confirmation of any nature by the FCA should take proper professional advice and ensure they understand the nature of the obligation being imposed upon them.”
Other experts argue attestations are not clearly worded and what is being asked of individuals may be impossible to attest to.
King & Wood Mallesons SJ Berwin partner Tim Dolan says while attestations focus the attention of senior individuals on a particular area of the business, whether they are a positive development depends on what exactly the individual is being asked to sign.
“In some cases, it is impossible for an individual to attest to a certain area of their business being compliant,” he says. “There may be a number of individuals with responsibility for that area and often attestations are requested for complex areas where obligations are not very clear.”
Norton Rose Fulbright partner Peter Snowdon says: “It is not always clear to people the significance of what they are signing. Individuals need to be aware this is something the regulator may pull out in a year’s time.”
He says attestations are also “not as clearly drafted as they could be” in some cases.
“Often they are not drafted by lawyers, so the regulator does not realise what it is asking individuals to sign up to is almost impossible to meet, and neither does the individual,” Snowdon says.
“In a large business, there will sometimes be mistakes and individuals need to be aware that would mean breaching the attestation.”
So what should firms do if asked to provide an attestation?
Experts say attestations are generally used for large and medium-sized businesses but are also being issued against some small firms and advisers.
Dolan says: “An individual signing an attestation needs to have a paper trail to demonstrate why they concluded the business was compliant.
“I have seen firms using an external compliance company to help them make that assessment. Certainly, to simply sign one without doing a considerable amount of work would not be sensible.”
Snowdon says individuals must “think carefully” before signing an attestation.
“If you are at the top of the pyramid, you have to look at the staff below you,” he says. “In some inst-ances, chief executives will ask the managers below them to sign an internal attestation to say their department is compliant to ensure they have a robust audit trail.”
Experts say it is still relatively early days in the FCA’s use of this tool and therefore it remains to be seen what action will be taken in the event of an attestation being breached.
But Consulting Consortium client services director Ian Stott says a breached attestation will provide the FCA with evidence against an individual or firm and make enforcement action more likely.
He says: “If an individual is found not to be doing something they have attested to, then they have failed the fit and proper person test.”
Ruck adds: “We will see a final notice or some form of enforcement action in the next six to 12 months off the back of an attestation that has been proved to be incorrect.
An FCA spokeswoman says: “Att-estations are a way of focusing minds and an important tool as we hold those who make decisions personally accountable.
“We ask for the responsible person in a particular business area to sign an attestation, which will usually be a senior executive, often an approved person.
“We always aim to be clear with firms when we use an attestation so they understand what is expected of them.”
The increasing use of attestations brings increased accountability for senior management, but it also has the potential to impact the industry negatively as firms risk losing key people who want to avoid putting their necks on the line.
The FCA’s primary aim is to focus the minds of senior individuals and boards of firms on compliance matters the regulator considers to be important. The FCA has long been frustrated by the distance it perceives boards have from grass roots compliance.
The lack of clarity around the meaning of attestations has led many to underestimate their importance. If the attestation is contravened, the consequences for the firm and the individual can be severe. An attestation, if not abided by, will provide the FCA with evidence against an individual or firm and make it easier to take enforcement action against them.
If you are asked to provide an attestation, you should:
- Ensure you are the most appropriate person to be giving the attestation – it is very risky to attest to something you do not fully understand or do not have the authority to ensure has been carried out
- Check what is required – ensure that obligations are clear and achievable in the relevant timescale
- Implement adequate policies and processes to ensure all involved understand their obligations
- Confirm what supporting information and evidence is to be provided to the FCA by way of corroboration – incomplete or inconsistent evidence will raise red flags
- Establish access boundaries – ensure that you have access to all the documentation and material required to discharge your obligations
Ian Stott is client services director at the Consulting Consortium
Craig Palfrey, certified financial planner, Penguin Wealth
“Accountability is hugely important in all businesses, and someone has to take responsibility for having the right controls and systems in place. No-one should sign anything without reading it properly first and understanding the implications. But it’s a shame that regulators do not apply the same mentality to financial advice – it amazes me that a consumer can sign documents to say they knew the risks and yet still win a complaint.”
Pete Matthew, managing director, Jacksons Wealth Management
“I’m happy enough with the principle of this, particularly for larger firms which pose greater systemic risk. But it would be heavy handed for smaller firms and it appears the regulator is giving people a rope to hang themselves with. Just as we have to make it absolutely clear to a client what they are signing, one would hope the FCA is being transparent and clear with individuals on attestations.”