In this section I’ll be examining the steps you should take as an SMF holder, where a potentially significant breach is discovered within your area of the business.
Now, at the top of your mind should be your personal duty under Senior Manager Conduct Rule 4 - to disclose to the regulators anything of which they would reasonably expect notice. Now remember that’s a proactive notification obligation. The FCA handbook and the PRA rule book both contain guidance and further rules on exactly what needs to be notified, but it’s fair to assume that anything that amounts to a significant breach of any regulatory rule will be something that they would expect notice of.
So this matter has been reported up to you but, before you pick up the phone to the regulator, it’s important that further investigation is undertaken to make sure that what you have been told is true. So these investigations will tend to be in two stages.
First, an urgent and short time framed investigation to ascertain exactly what you know and whether those issues are likely to give rise to a notification obligation. Then once the notification has been made, a further more detailed investigation to assess the full facts - to interview individuals, review documents and understand exactly what happened, what the root causes of the issue were and what steps need to be taken to enhance systems and controls. That’s really part of your regulatory duty as the SMF holder for the relevant part of the business. To ensure the investigation is thorough, to ensure that the lessons that were learnt are then properly implemented by way of enhancements to systems and controls.
And then thinking about that duty to notify, the duty is yours personally. It’s not the duty of the CEO, it’s not the duty of the head of compliance but where the breach occurs within your area of the business it’s your personal duty to ensure that appropriate notifications are made.
Informed, timely reactions are essential when dealing with a problem in your business area. We set out the key steps you should take when dealing with a regulatory breach.
Under the new regime, there is still no single place that Senior Managers can look and understand exactly what’s expected of them. To help, we have produced a survival guide which sets out your key areas of risk and most importantly, the practical steps you need to take to comply with your regulatory obligations.
Deputy Global Head of Litigation & Corporate Risk, and Co-head of the Investigations, Financial Regulation and White Collar practice group. Specialises in complex regulatory issues for…View Nathan Willmott's full profile