Authors:
Charli Curran, Senior Director, Ankura | Zulfi Meerza, Senior Associate Solicitor, Rahman Ravelli
Introduction
Non-financial misconduct has become an urgent matter of discussion across the financial services sector. Workplace behaviours such as harassment and abuse are indicators of a poor workplace culture, lacking diversity and inclusion. This has been referred to by both the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) (together, “the Regulators”) when addressing Parliament.1
Recent actions by the Regulators demonstrate behavioural misconduct and workplace culture are at the forefront of the regulatory agenda (see ‘Legal and Regulatory Developments’ below). High-profile cases of non-financial misconduct in the last year emphasise that this is a business risk that needs to be addressed across a range of sectors, not just within financial services.
Legal and Regulatory Developments
There is currently no reference to non-financial misconduct in the fitness and propriety assessment2 relating to individuals performing a Senior Management Function (SMF) or a Certification Function (CF), or the conduct rules3 which apply more widely to employees. This has not stopped the FCA from pursuing cases of non-financial misconduct despite criticism it received in its case against John Frensham. This matter was heard before the Upper Tribunal in 20214 and set a precedent for fitness and propriety assessments - there must be a sufficient connection between the misconduct and a person’s role when working in financial services.
The FCA’s September 2023 consultation paper5 proposes to explicitly include non-financial misconduct within the regulatory regime. Specifically:
- bullying within the workplace is relevant to fitness and propriety, as well as similar behaviour in a person’s private life;
- clear conduct rules covering serious instances of bullying and harassment towards colleagues;
- to bring discriminatory practices (e.g., sexually, or racially motivated offences) and any adverse findings against associated individuals within the suitability criteria for firms.
In February 2024, the FCA initiated an information gathering exercise (targeting insurers)6, relating to non-financial misconduct, including the use of Non-Disclosure Agreements (NDAs). It is anticipated that the Regulators will make similar information requests across the financial services sector. We expect the FCA will use any information provided to focus supervisory attention.
Regulators will provide further updates as the year progresses, with the new rules anticipated in 2025. But with regulatory reforms still in discussion, there remains a level of uncertainty on what will be expected of firms when dealing with non-financial misconduct cases. Outside the financial services sector, legislative reforms (Worker Protection Act 2023)7 are expected to come into force in October 2024. These will require all organisations to take “reasonable steps” to prevent employee harassment. However, what “reasonable steps” will entail is unclear.
Despite the uncertainty, there are short-term initiatives firms can consider now, to better respond to and monitor incidents.
How Should Firms Start To Prepare?
Policy and procedures
One objective of the FCA’s ongoing information gathering exercise is to establish if a firm’s formal reporting channels, policies, and procedures are fit for purpose. Being able to rely on an internal policy/procedures document that clearly defines the types of behaviours covered under non-financial misconduct is important. When responding to an incident, this will make it easier for firms to scope an investigation and assess the alleged behaviour against policy (and later the regulations).
Gathering and preparing data to be shared with the FCA
To prepare for future information requests, firms should start gathering data related to non-financial misconduct cases. This exercise is a useful starting point for firms to assess what mitigation measures are currently in place. Some of the key points firms must keep in mind when collating information are (i) establishing the exact scope of the relevant data set and response coordination, (ii) navigating issues around the existence of NDAs and (iii) dealing with legal professional privilege considerations.
NDAs are confidential legally binding contracts that prohibit the parties from sharing specified information with others. The criticism surrounding NDAs is that they are often used to ‘cover-up’ allegations of sexual harassment and abuse in financial services. Whilst the latest request from the FCA to insurers has only sought statistics on the types of outcomes recorded (including the use of NDAs), it may in due course seek the underlying details of some NDAs (if appropriate) through further information requests.
In terms of privilege, the FCA’s data survey targeting insurers did not seek to gather information on specific allegations or personal information. Nevertheless, firms must carefully consider whether legal privilege applies to the material sought and whether any of the information or material can be properly withheld. For example, it is unlikely that the provision of raw generic data would constitute a waiver of privilege, but detailed responses may relate to privileged information. Redacting or limiting what is provided should be considered so that answers do not betray the nature of legal advice.
Anti-harassment culture
For firms to effectively govern specific areas of risk, the risk needs to be championed at the executive level. Harassment is a form of behaviour between one or a group of individuals toward another / others. This behaviour or interaction, including how it is perceived by individuals, is based on many subjective factors including an individual’s pathology, social context, and life experiences, which makes it difficult for a business to assess and govern as a tangible risk. The subjective nature of human interactions and behaviours, also means that the risk of harassment and exclusion is prevalent across all levels and operations of the business.
Appointing a senior individual to be responsible for governing harassment and exclusion risk ensures that these types of risks are being considered from the top down. This also demonstrates the firm’s intolerance to harassment behaviours, which will help drive cultural change across the organisation.
Reporting mechanisms
Firms should ensure reporting mechanisms exist and work effectively. Are current whistleblowing channels appropriate for dealing with sensitive allegations? Often, individuals who have been subject to abusive behaviours find it difficult to report their experiences. Options should be made available to employees to ensure individuals reporting sensitive topics, such as harassment, have access to a forum or an individual(s) they consider to be comfortable reporting the allegations to.
Responding to allegations of non-financial misconduct
A documented triaging process to assess all allegations of non-financial misconduct is also crucial. Non-financial misconduct covers a broad variety of behaviours ranging from subtle microaggressions and poor practice to serious misconduct and criminal offences.
It will be important for firms to ensure a proportionate response to reports which will also help inform how the investigation is resourced (i.e., whether you require independent and specialist advisors). There is a risk that serious instances of non-financial misconduct become public. This could include scrutiny of any investigation that follows. Firms need to consider active and reactive communication strategies as part of their response. Understanding the risk and impact of each allegation will help firms respond proportionately and assess whether regulatory disclosure is necessary.
An inadequate investigation can receive the same level of public and regulatory scrutiny as a failure to investigate. Firms should make sure their teams are trained and have access to independent experts to undertake higher-profile or highly sensitive investigations.
Remediation and culture
Investigations into non-financial misconduct often focus on the individuals directly involved in the incident. Rarely do firms look at the issue from a wider perspective to understand whether the behaviour is confined to one individual or group of individuals. In preparing for regulatory change, firms will need to consider long-term initiatives and how company culture can be assessed. Simply being reactive to individual incidents will limit effective remediation.
Conclusion
By way of published updates, the FCA plans to provide firms with regulatory clarity. In the interim, firms can begin preparing for further anticipated information requests. The information gathered can be a useful starting point for firms to evaluate how they have recorded, detected, and responded to non-financial misconduct incidents.
Appointing an owner of the business risk and putting structures in place to respond to incidents, will emphasise a firm’s zero tolerance for harassment and exclusion. Aligning this appointment with a review of existing procedures and controls will help the business to understand and respond to any gaps they have.
If you require support or advice on relevant governance initiatives pertaining to issues of non-financial misconduct or require investigation support, our teams at Ankura and Rahman Ravelli can assist. Alternatively, please click here if you are interested in attending one of our industry roundtable events on non-financial misconduct.
Related content:
1 For example, see comments within the UK Government’s Treasury Committee’s latest report, “Sexism in the City”, published on 8 March 2024: https://committees.parliament.uk/publications/43731/documents/217019/default/
2 Fit and Proper test for Employees and Senior Personnel (FIT).
3 Code of Conduct rules (COCON).
4 Full decision: https://assets.publishing.service.gov.uk/media/612e14dfe90e07054107585e/Frensham_v_FCA.pdf
5 https://www.fca.org.uk/publication/consultation/cp23-20.pdf
6 https://www.fca.org.uk/publication/correspondence/culture-nfm-survey-letter-insurers-insurance-intermediaries.pdf
7 Worker Protection (Amendment of Equality Act 2010) Act 2023.
© Copyright 2024. The views expressed herein are those of the author(s) and not necessarily the views of Ankura Consulting Group, LLC., its management, its subsidiaries, its affiliates, or its other professionals. Ankura is not a law firm and cannot provide legal advice.
