Regulated financial services firms are obliged to deal with their regulators in an open and cooperative way. As part of this obligation, in addition to stand-alone routine reporting obligations, firms must disclose to the Financial Conduct Authority (FCA) anything relating to the firm of which the regulator would reasonably expect notice.
This broad self-reporting obligation can create a minefield for financial services firms. On the one hand, firms do not wish to set hares running by notifying their regulators of matters which may ultimately turn out to be non-issues. On the other, failure to notify when obliged to do so could lead to regulatory sanctions.
This article considers some key questions and considerations around self-reporting and how best to navigate this thorny area. It focuses on obligations owed to the FCA, although similar issues will arise for firms that are also regulated by the Prudential Regulation Authority.
What matters must be reported?
Underneath the broad overarching obligation to report anything of which the regulator “would reasonably expect notice” sit further detailed rules and guidance, which are set out in the Supervision section of the FCA Handbook. Examples of the types of matter that must be notified include, among many others, a significant breach of an FCA rule or a breach of any requirement imposed by the Financial Services & Markets Act 2000. In this context, the obligation to notify is triggered when a firm becomes aware or has information which reasonably suggests a breach has occurred, may have occurred or may occur in the foreseeable future.
While detailed, the guidance still requires a significant element of subjective judgement by the firm as to whether the obligation to notify has arisen. Often such judgement is needed at the outset of a matter when information about the issue is limited. This can make the decision more difficult.
If in doubt, the prudent approach is to self-report: the consequences and penalties for not reporting when obliged to do so can be significant.
When should the report be made?
In most cases, the obligation to report is an immediate one. Any notification should be made as soon as possible: undue delay could lead to criticism by the FCA at a later date.
What method should be used?
In almost all circumstances the notification should be made in writing. If the firm has a regular supervisory contact, it may also wish to consider contacting them by telephone to notify them of the matter.
The FCA rules include a standard notification form which should be used in most circumstances.
What information should the report include?
If using the standard notification form, the form itself provides a structure to enable the firm to set out its details and the issues identified. The main free text boxes require the firm to provide details of the notification issue, the impact of the notification and how the issue has been or will be resolved.
While the information provided in response to these questions will be fact-specific and may be very technical in nature, there are likely to be some general themes for firms to consider:
- So far as possible, information should be kept factual and limited to what’s known at the time. Firms should avoid speculating and providing information they may later need to go back and correct or clarify.
- At the same time though, it’s a careful balance: firms should also avoid holding back relevant information, as failing to disclose pertinent details in a timely manner may later lead to criticism by the FCA.
- When considering any impact of the notification, firms should think about any impact from all angles, in particular on past business, current business and future business (including in each case the impact on any customers, clients or counterparties). The FCA will be particularly interested in potential (not just actual) customer harm and the steps that firms intend to take to address those issues (whether that’s further analysis, customer contact or, in some cases, customer redress).
To an extent, next steps will depend on the approach taken by the FCA to the notification, which in turn may be driven by the nature and the scale of the issue that has been reported. The FCA may, for example, engage by asking questions or requesting a meeting. In any case, it may be some time before the FCA decides whether or not to open a formal investigation.
If the FCA does not engage or respond to the notification, firms may nonetheless need to provide additional updates to the FCA on any further actions taken. Even if the FCA does not engage at the outset, it should not be assumed that it won’t take further steps in future and so it pays for firms to keep updating the FCA on progress.
The key when self-reporting is at every stage to demonstrate to the FCA that the firm is taking matters seriously and that any loss or harm will be considered and addressed without the need for regulator intervention. By adopting this proactive approach, firms are far more likely to avoid formal regulatory investigation and keep control of the narrative.
For more information on how we can help, please contact the author of this article.