The Financial Services Register has been part of the regulatory landscape since the Financial Services and Market Act 2000 came into force in 2001. It has been the place where the public can check on the details of firms and individuals that are or have been approved and regulated by the Prudential Regulation Authority (PRA) and/or the Financial Services Authority (FSA) Financial Conduct Authority (FCA).
However, with the introduction of the Senior Managers & Certification Regime (SMCR), and the fact that all staff that fall into the “Certification” category no longer (in many cases) need regulatory approval, the concept of an alternative place that consumers could go to search individuals that operate within the wider financial services market was borne. This came to the industry in the form of “The Directory” which was proposed by the FCA in response to concerns raised by many organisations that felt removing all individuals from the current Financial Services Register was in fact a backwards step. Historically many firms have used the Financial Services Register as a place to go to help assess a new recruit’s history in Financial Services, most specifically for those in CF 30 roles. The Directory will now sit alongside the existing Register to provide that more rounded view of those working in key roles in the industry.
implementing the Directory is not without its challenges. Have you asked your supplier recently how they will help you manage your Directory requirements?”
So, who do these changes affect?
Well, it will affect all relevant individuals who carry out work on behalf of almost all firms that are regulated by the FCA, but specifically:-
- Banks, Building Societies, Credit Unions and PRA Designated Investment Firms
- Insurers and re-insurers
- All other firms authorised to provide financial services under FSMA
- Appointed representatives (AR’s) acting as an agent for an FCA Authorised Firm
So, if those are the firm types that are caught by the new Directory requirements from either March or December 2020 (dependent on firm type) which individuals will sit where?
It will now become the responsibility of all financial services firms to upload and maintain accurate records of their staff who fall within the scope of the Directory (page 5). Banks and insurers are required to complete their initial data upload by 9th March 2020, with the remaining solo regulated firms required to have uploaded their initial data by 9th December 2020. After firms have completed their initial data uploads and passed the formal implementation date, the Directory must then be updated by the firm with any changes relating to Directory staff within 7 days of them taking effect. Should a firm find that there are no changes whatsoever to their Directory persons data over the course of a year, the firm must confirm to the regulator that this is the case. Supplying incorrect data or late updates will incur penalties, and ‘serial offenders’ will be subject to more serious sanctions according to recent FCA comments and press releases.
The data upload as defined by the FCA should include the following as detailed in Table A;
The regulator’s consultation on this matter identified a concern over the removal of so many roles from the existing Register. This concern has driven momentum from the FCA to implement the Directory for the transparency it will provide, however, implementing the Directory is not without its challenges. Putting aside what some industry commentators have referred to as a level of “regulatory fatigue”, there are practical issues for firms as they “come up for air” from the implementation deadline of SM&CR in December 2019 and finalise their certification plans for December 2020.
The first issue is the data set required by the regulator. For most firms the data will be held across several systems, ranging from HR to training and competence (T&C) and potentially compliance. Pulling the data from multiple systems to create and verify the initial data set will take time. Perhaps more importantly, there is the challenge of identifying when changes occur to an individual’s status that will trigger the need for a Directory update.
For example, change of work location is likely to be known by line management and HR, but possibly not by T&C or compliance. The reverse may well be the case with changes of customer engagement method. Different teams will each have sight of part of an individual’s status and this is likely to require an internal process to ensure this information is passed to the team with accountability for maintaining the Directory.
Of course, assigning responsibility to a specific person or team is important but, as many firms will attest from their early experiences with SM&CR, holding regulatory data across multiple systems is an accident waiting to happen. Many firms have recognised this and invested in a bespoke SM&CR system that helps them not only manage the individual data components, but also helps them drive efficiency of process. I guess the questions for firms that have already taken this step is “Have you asked your supplier recently how they will help you manage your Directory requirements?”
Another question posed by the Directory is the issue of data accuracy. The Directory is planned as a major source of information on individuals that hold key roles in the industry. The hope is that this should act not only as a reassurance to the general public interacting with financial services organisations, but also as a rich source of relevant data. But some industry observers have pointed out the risks of such important data being the result of self-certification by firms, with little or no ‘spot checks’ from the regulator. This represents a risk to public confidence in the Directory if it is found that firms are either self-certifying unqualified or unsuitable staff or failing to update the directory. Of course, it is worth noting that under SM&CR a specific senior manager will be personally responsible for the firm’s obligations under the Certification Regime, so the extended Directory requirements are likely to be allocated oversight to the most senior level of management within a firm.
It is well known within the industry that Trade Bodies are concerned about the introduction of the Directory and the timelines planned for implementation. Whilst both Banks and Insurers have had since September 2019 to upload data into The Directory, we understand that the upload capability has not been operating effectively and many firms with large populations have been manually keying data. We do however understand that the FCA have agreed most recently that their lack of provision of an effective bulk upload/amend capability should be resolved. In a letter to UK Finance who have raised issues about this matter on behalf of its members, the FCA appear to have committed to provide a “bulk amend” functionality to the industry by February 2020, but with the proviso that “it cannot commit on delivering every use case required by firms.” It will be interesting to see what will be delivered on this by the FCA, whether it will really meet the needs identified by firms and whether it will go some way to reducing the concern voiced by firms over the introduction of The Directory.
Knowing that a number of the key Trade Bodies has strongly lobbied the FCA for a delay in a start date to The Directory, I suspect that even with the provision of this additional items, firms are still going to be feeling very uncomfortable about a really quite onerous additional reporting requirement on firms.
Only time will tell whether the introduction of The Directory will bring the consumer benefits that the FCA hopes for. However, what is clear is that firms need a solution to this new obligation and, given the challenges of bedding in the Senior Managers Regime and finalising their plans for Certification, the solution needs to be as automated as possible.