On August 26, the UK Financial Conduct Authority (FCA) published a letter dated August 22, 2014 (Letter) addressed to the FCA Practitioner Panel. The Panel is a statutory body representing the interests of the financial services industry that was established to ensure that the FCA effectively consults with practitioners and consumers in connection with its rules and guidance. The Letter is the FCA’s formal response to the FCA Practitioner Panel’s request for more detailed guidance on the principles under which the FCA’s attestation powers operate – which had previously been unclear. In the Letter, the FCA confirms that it has introduced attestations as a formal “supervisory tool” and that when they are used the FCA seeks a personal commitment from an approved person at the relevant FCA-authorized firm that specific action has been taken or will be taken. The FCA’s stated aim for attestations is to ensure that there is clear accountability and senior management focus on specific issues where the FCA would like to see change within firms (often without any ongoing regulatory involvement).  

The FCA further notes that it will usually ask for an attestation to be given by the person with the most appropriate significant influence function – i.e., the person responsible for the area of the firm where the issue has arisen. The Letter notes that the most usual scenarios where attestations are required by the FCA are: 

  1. Notification: Where there are emerging risks at firms that are unlikely to result in consumer detriment, the FCA may ask an appropriate approved person at the firm to attest that the person will notify the FCA if the risk identified changes in its nature, magnitude or extent. This type of attestation is essentially to ensure that the firm monitors the risk and notifies the FCA of anything relevant. 
  2. Undertaking: Where the FCA requires a firm to take action, but the risk is unlikely to result in material consumer detriment, the FCA may ask for an attestation that the specific action will be undertaken. 
  3. Self-certification: Where the FCA is confident that the firm can resolve more significant issues itself, the FCA may ask for an attestation that the risks have been mitigated or resolved. 
  4. Verification. Where the FCA wants a firm to resolve issues or mitigate risks, the FCA may require that a verification is given confirming that certain action has been taken. 

The FCA’s guidance on its use of attestations is particularly welcome as the FCA has been using this new “supervisory tool” more and more since November 2012, when the FCA required the CEOs of many firms to provide attestations that they had discussed the FCA’s conflicts of interest guidance with their boards, reviewed and closed off all the issues flagged in the conflicts guidance and satisfied themselves as to their own firms’ conflicts arrangements. This initial request for an attestation came as a surprise to many CEOs, but it indicated the FCA’s growing desire to have individuals take personal responsibility for specific compliance issues. In the Letter, the FCA highlighted that all approved persons must deal with the FCA in an open and cooperative way and that any failure to meet FCA requirements (including non-compliance with an attestation request) could result in enforcement action being taken against the relevant individual.  

The Letter (and the FCA Practitioner Panel’s letter requesting the guidance on attestations) are available here.