Attestations have become a powerful weapon in the FCA’s arsenal, a process designed to push responsibility for regulatory failures down from the level of the firm to the individual, says Chris Kaye, Director of CCL Co-Comply.
The issue is that despite their increased use by the FCA, attestations do not form part of the FCA Handbook and are not covered by any FCA rules. Indeed a recent Freedom of Information request by a City law firm to the FCA revealed that attestations could be agreed or negotiated with FCA supervisors. Furthermore there appears to be no set formula for starting an attestation order – again, it is a discretionary decision resting with the supervisor.
There is no specific legal power under which the FCA could request a person to sign an attestation.In such ‘grey’ circumstances, an employee in a significant influence function (SIF) might be tempted to refuse to sign an attestation or the firm itself might prevent them from doing so.
If SIFs and specifically the Compliance Officer is nervous about the use of attestations by the FCA, especially attestations with broad sweeping language, then maybe the firm also needs to look internally at how it is using the attestation mechanism with its own employees. Asking employees to regularly attest that they have informed Compliance of any material issue such as a conflict of interest, or that the employee has read and understood the latest compliance manual, is applying the same draconian process used by the FCA.
Often internal attestations are no more than template emails that the employee responds to. Many do not even provide an easily accessible link to the firm’s latest compliance manual or provide commentary on any significant changes since the last release. This approach will only instill a belief that the firm is using the process to cover its own back, whereas the attestation should be a powerful tool to help the employee understand their regulatory obligations. Providing easy links to the policies and procedures it refers to will make life easier and foster a better response.
If a regulated firm follows simple processes like this, there is no need to fear the attestation requests of the FCA – or run the risk of a Skilled Person review.