In defence of reasonable steps…


The Presumption of Responsibility under the SMR has enjoyed a significant amount of scrutiny and ‘air time’ since it was originally conceived and then enacted as part of the Strengthening Individual Accountability Reforms.

Linked to the Presumption of Responsibility is the concept of ‘the Reasonable Steps Defence’. This broadly sets out that you will not be ‘presumed responsible’ (and therefore guilty of misconduct) if you can satisfy the FCA or PRA that you have

“….taken such steps as a person in (your) position could reasonably be expected to take to avoid the contravention occurring (or continuing).”

This obviously begs the question what are ‘reasonable steps’?

Both regulators have made it very clear that they will in every case “….consider the specific facts of each situation which may fall within the Presumption of Responsibility and will act as (they) consider appropriate in light of those facts.”

Therefore there is not going to be any universal set of minimum standards or ‘safe-harbours’ for Firms or Senior Managers to fall back on.

However, both regulators have published some guidance covering these areas and it is worth considering it in more detail.

Of material importance is that the phrase ‘reasonable steps’ (and numerous variations thereof), is used throughout the regulations – not only in the areas relating to the Presumption of Responsibility.

Where and how the phrase ‘reasonable steps’ is used in the regulations, and the published guidance, points to the ‘direction of travel’ of both regulators.

A person, Senior Manager or anyone else, is just as likely to be found in breach of a Conduct Rule through a failure to take ‘reasonable steps’ and to be frank, given the broad scope of the conduct rules and the significant numbers of people obliged to comply with them, this risk must be material and significant for most firms.

The regulators will expect Firms to submit evidence, make representations and engage in dialogue when considering whether to potentially take any actions relating to a contravention, an incident where whether ‘reasonable steps’ were taken is being questioned. Consequently they will assess the steps the person actually took against their interpretation of what steps they (the regulators) would consider to be reasonable, in the relevant circumstances at that time. Quite reasonably they do not intend to apply the lens of hindsight to the given situation.

In relation to Senior Manager misconduct, in their Supervisory Statement (SS-2815), PRA have set out some examples of the things they may consider when interpreting what ‘steps’ they might determine to be ‘reasonable’. These examples include:

  • The size, scale and complexity of the Firm
  • What the Senior Manager actually knew or what they ought to have known
  • The expertise and competence the Senior Manager had or ought to have had
  • What steps the Senior Manager could have taken
  • The timeliness they acted in
  • The Senior Managers responsibilities and the wider allocations of responsibilities across the Frim
  • Whether any functions were delegated, taking account that any delegation must be appropriately arranged, managed and monitored
  • Overall circumstance and environment at the Firm – if they were subject to competing priorities

The guidance also includes some examples of what PRA considers could be reasonable actions the manager might have taken to prevent the contravention occurring or continuing. This list is quite long but very worthwhile reviewing. Samples of the steps it includes are,

  • Implementing, policing, reviewing policies and procedures
  • Structuring and control of day-to-day operations, including ensuring delegations are managed and reviewed
  • Obtaining appropriate management information and critically interrogating and monitoring it
  • Ensuing issues are raised, reviewed and followed up
  • Ensuing provision of adequate and appropriate resources
  • Awareness of external developments, including key risks

FCA similarly makes much use of the ‘reasonable steps’ phrase.

In fact, ‘reasonable steps’ is used in the actual text of 3 out of the 4 Senior Manager Conduct rules, and appears more than 30 times in the new COCON (Conduct Rules) handbook.

Senior manager conduct rules

  • SC1: You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively.
  • SC2: You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system.
  • SC3: You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively.
  • SC4: You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice.

One thing worth thinking about is that although most Firms will have a very small population of Senior Managers, the way that these Conduct Rules are written has wide ranging implications on the business and people of the whole Firm.

If you consider rules 1, 2 and 3 above, the definition of ‘reasonable steps’ is linked to the Senior Manager ‘ensuring that……’ something is happening, on a continuous and ongoing basis.

This means that, at least, all direct reports to the senior manager team need to understand these rules and how they have been applied in your firm. However, in truth, the impact is even wider than that. Most operational reporting (and all board reports??) will need to be reviewed from the perspective of how does it evidence ‘reasonable steps’.

Probably, depending of the size and governance arrangements of your firm, most layers of management and supervision will be affected by the Senior Manager Conduct Rules.

Everyone with any material operational responsibility will need to be able to articulate how their departments, teams, reports, management information, policies, processes and monitoring delivers and evidences ‘reasonable steps’ to

  • Control the business
  • Comply with regulation
  • Effectively discharge delegation

In section 3.1.5 of COCON, FCA sets out some general factors (which are consistent with the PRA guidance) that FCA would expect to take into account when assessing a Senior Manager’s conduct:

  1. whether they exercised reasonable care when considering the information available to them;
  2. whether they reached a reasonable conclusion upon which to act;
  3. the nature, scale and complexity of the firm’s business;
  4. their role and responsibility as determined by reference to the relevant statement of responsibility;
  5. the knowledge they had, or should have had, of regulatory concerns, if any, relating to their role and responsibilities.

Unsurprisingly, that phrase ‘reasonable’ is crops up again.

In relation to Senior Conduct Rule no.3 (….reasonable steps to ensure that any delegation…) both regulators are quite specific (section 4.2.18)…..

“…senior conduct rules staff should have reasonable grounds for believing that the delegate has the competence, knowledge, skill and time to deal with the issue. “

And in section 4.2.21…..

“Delegating the authority for dealing with an issue or a part of the business to an individual….….without reasonable grounds for believing that the delegate has the necessary capacity, competence, knowledge, seniority or skill to deal with the issue or to take authority for dealing with part of the business indicates a failure to comply with rule SC3 in COCON 2.2.3R.”

The Regulators have stressed the importance of “obtaining appropriate internal management information, and critically interrogating and monitoring that information.

The Regulators have stressed the importance of “obtaining appropriate internal management information, and critically interrogating and monitoring that information.

You probably already have existing operational monitoring and management information, comprising ‘Key Performance Indicators’ for the business, which are relevant, informative and appropriate, although these existing provisions and controls should be reviewed and updated where required.

However, for the ‘people’ aspects of your business, it is quite likely that existing MI is lacking. In this space many firms have assumed that HR teams will deliver the solutions for ‘Accountability’ and therefore also provide the necessary MI.

In my opinion this represents a significant risk. Many existing Performance Management solutions are not geared to provide the detailed information appropriate for evidencing ‘reasonable steps’.

Consider the guidance above….

How will your existing Performance Management processes evidence that staff in key roles have the ‘Competence, Knowledge, Skill and Time’?
If you look across your business to existing Training and Competence teams and the kinds of controls and processes which have been implemented to deliver compliance with the more stringent FIT and TC obligations covering ‘approved roles’ you will find the answer.

In the most part, existing TC policy, schemes, processes and systems can be applied to easily provide the required evidence that your Senior Managers have ‘reasonable grounds to believe that delegates have the necessary!!

What evidence do you need to have ‘reasonable grounds’ for believing in the capability of your delegates?

Well, risk assessments, regular documented 1-1 meetings, frequent reviews of KPIs, documented Action Plans, clearly defined standards of Competence, relevant L&D plans, some empirical testing of knowledge and skill……….. this is the stuff of Training and Competence.

The new regime places a personal obligation on senior managers to prove that ‘reasonable steps’ were consistently taken throughout the general and daily management of the business.

Your solutions should give senior managers a ‘reasonable’ chance of preventing contraventions and misconduct, and it should identify actual issues early so that they can be stopped – these solutions must adequately cover the ‘people’ elements as well as operational and financial performance.

For most Financial Service firms, the operational and financial performance of your business is probably well covered by existing controls and potentially small parts of your ‘people’ population are well served by existing T&C.

I suggest that the ‘reasonable’ next step is to apply some (appropriate and proportionate) Training and Competence controls to everyone in your business – it will ‘defend’ your Reasonable Steps.


About Author

Avatar photo

Carl Redfern is the Compliance Director and co-founder of Redland Business Solutions, the market leader in specialist GRC Solutions for the Financial Services industry, for the past 15 years I have spent my time: • Working with Industry Forums, Professional Bodies and Regulators to help to assess the impact and define the requirements of developing regulation. • Designing solutions to support key strategic functions within Compliance, T&C, Conduct Risk, Governance and Operations. • Helping businesses to develop the business case for people, culture and conduct initiatives. Most recently, I have been extensively involved in the development of the SM&CR regimes, working with industry bodies, both regulators and many firms, assessing the implications of the rules and designing specialist solutions to enable efficient and effective implementation. Redland have been voted the Best Solutions Provider – Senior Managers Regime with our specially designed technology solution, Insight SMR, to help firms comply with SM&CR and holistically integrate Certification with wider Culture and Conduct programmes.

Leave A Reply