This page contains a Flash digital edition of a book.
attestation is viewed as an expression of the duty placed on an approved person and a confirmation to the regulator of its discharge.


Similarly, reliance is placed on the analogous Principle 3, in the Principles for Businesses (PRIN) under which a firm must take reasonable care to organize and control its affairs responsibly and effectively, with adequate risk management systems.


Approaching the issue from the perspective of disclosure, both APER and PRIN respectively require approved persons and firms to deal with regulators in an open and co-operative way, disclosing to them anything of which that regulator would reasonably expect notice.10 Chapter 15 of the Supervision Manual (SUP) which concerns notifications by firms to regulators, provides examples of such matters (e.g., any significant failure in a firm’s systems and controls). An attestation which did not (but should) make reference to such a failure might, depending on the circumstances, contravene these principles. One of a small number of exceptions to the absence of express authority for attestations is in the Regulated Covered Bonds (RCB) source-book. RCB 3.2.1 states that an issuer must provide to the FCA annual written confirmation of compliance with a number of regulations concerning covered bonds. These are in the form of statements such as:


“I confirm that I am satisfed that the arrangements relating to the regulated covered bonds comply with the requirements of the RCB Regulations and the RCB source-book”.


Approach Usually with supervisory tools, the regulators provide guidance to firms on how and in what circumstances they will use a specific power. This is normally a requirement of FSMA. In the case of attestations there is only internal guidance for supervisors.


Earlier this year the FCA was ordered to disclose a small part of its internal guidance in response to a Freedom of Information Request (FOIA), but successfully withheld the majority on the basis that its disclosure would or would be likely to prejudice the exercise of its statutory function to supervise authorized persons.11 In arguments before the Information Commissioner, the FCA explained that a key element in its strategy for using attestations is that firms and individuals will not know when they will be used in preference to more formal measures. Moreover, the FCA is purposively not overly prescriptive in terms of the actions or information which attestations seek to secure. This means that firms cannot be certain what they must do to satisfy the FCA that they have adequately resolved a particular issue put by a supervisor. The uncertainty militates against firms undertaking the minimum


steps necessary and instead promotes a higher standard of compliance.


In response to the FCA practitioner panel’s concerns, the FCA’s director of supervision has promised to issue revised internal guidance and supporting materials to supervisors. These will emphasize the importance of clarity and transparency when using attestations.12


Consequences of providing attestations The key authority on the responsibility of senior management for their business and how to discharge it is the decision in Pottage versus Financial Services Authority (FSA).13 While the FSA was unsuccessful on the facts, the financial services tribunal confirmed its approach. The regulator argued that John Pottage, CEO of UBS’s wealth management business, was guilty of misconduct because he had failed “to take reasonable steps to satisfy himself by way of an initial assessment at the outset of his appointment as to the design and operational effectiveness of the governance and risk management frameworks in place.”


standards expected. Further, DEPP 6.2.8G, states that “an approved person will not be in breach if he has exercised due and reasonable care when assessing information, has reached a reasonable conclusion and has acted on it.”


The burden of proof is on the FCA, although changes to FSMA by the Financial Services (Banking Reform) Act 2013 will reverse the burden of proof for those performing senior management functions.15 This is referred to as a presumption of senior management responsibility.


There is also, potentially, the risk of prosecution under section 398 FSMA. It is an offence in purported compliance with any requirement imposed by or under FSMA to knowingly or recklessly give the regulator information which is false or misleading. The penalty is a fine but any individual convicted is also likely to be prohibited from the industry.


“If the FCA were to query the accuracy of the statement at a future date, providing there was a reasonable basis for making it with appropriate due diligence, you will have a defence to disciplinary action.”


Under section 66(2) FSMA a person is guilty of misconduct if, while an approved person, he fails to comply with a statement of principle or he is knowingly concerned in a regulatory contravention by an authorized firm. This requires personal culpability, meaning deliberate conduct, or that the standard of their conduct fell below that which would be reasonable in all the circumstances.14 This is obviously a question of fact, and the FSA were unable to show that Pottage’s actions breached the


What to remember if asked to attest It is important to recall that the Principle 7, like the requirements in the Senior Management Arrangements, Systems and Controls manual (SYSC), only requires an individual to take reasonable steps. This wording is carried over to the draft C-Con rulebook in respect of senior manager and certified person conduct rules which in 2015 will replace APER for banks and building societies. Therefore, when a manager is asked to give, for example, a notification attestation, the responsibility is to take reasonable steps to ensure that the firm appropriately monitors the risk and makes any notifications which are appropriate. In other words, it is not an unqualified or strict liability obligation.


It is worth also remembering that there is nothing special about an attestation. It is likely that the FCA will regard any assurance, particularly a written letter, as an attestation. Therefore, whatever its form might be, satisfy yourself over the content of any confirmation or assurance that you might provide to the regulator.


What questions to ask When presented with a request for an attestation there are a number of considerations:


Am I the right person? You should consider whether you are the most appropriate person within a firm. If you are an approved person ask whether the attestation relates to matters within your control function and/or within your responsibilities. Is someone better placed?


What exactly am I being asked to attest? It is helpful to remember the nature of the regulatory obligation on senior management. Generally speaking this is one of taking reasonable care or


23


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72