Attestations. You may have heard of them. You may have had to prepare one for a senior manager. Or you may be an approved person who has been asked to provide one. Either way, you’ll have been through a process that was no doubt stressful and uncomfortable.
The bad news is that these are here to stay. Originally introduced by the Financial Services Authority (FSA) in 2012, they were brought in as a means of trying to hold senior management more accountable for major failings in firms. Their use has been continued by the Financial Conduct Authority, but the way in which they are applied has been queried recently by the FCA’s Practitioner Panel. The FCA replied in a letter dated 22 August 2014, which dispelled any doubt about the way attestations are to be used in the future.
So it’s time for a fresh look at the problems that attestations can pose to firms. The biggest one is that making the attestation is often the tip of the iceberg. It’s the work that goes on beneath the surface, which means that the relevant senior manager can put pen to paper, where most of the effort takes place. Like icebergs, this is the part that often goes unseen.
Briefly before I go on, what is an attestation? Just in case you’re not familiar with the concept in terms of regulation. It’s where the FCA requires a senior manager (who is an approved person) at a firm to sign a statement confirming a particular course of action has been or will be taken.
What’s the purpose of this? Firstly to ensure that specific action the FCA wants firms to take, will get done. It also gives the FCA leverage in future if the particular course of action is not followed, to hold the individual personally accountable for the failing.
The FCA believes that such personal statements focus the minds of senior management that they are making a statement to the regulator; so they had better make sure what’s contained in the attestation is correct and actually takes place.
What makes these even more emotionally charged is that they are usually requested by the FCA when it requires failings to be addressed (such as weaknesses in governance and controls). However they can also be used to get firms to commit to future action, for example, to inform the FCA if any emerging risks change significantly in nature.
Here’s an example of how they work. Back in 2012 the FSA asked the CEOs of a number of asset managers to attest that arrangements were sufficient to ensure that they managed their conflicts of interest. This was as a result of the FSA’s themed review of asset management firms, which found that many firms had failed to establish an adequate framework for identifying and managing conflicts.
Invariably, the chosen senior manager has no choice but to provide this attestation. Failure to do so will be seen as not meeting Principle for Business 11 – by failing to deal with the regulator in an open and co-operative manner.
So these attestations are serious business. And senior managers will quite rightly be extremely reluctant to give one until reassured that what they’re signing up to has actually happened or will definitely happen. The FCA has stated it does not expect firms to create onerous processes to support attestations. But in practice, who would want to attest to something without rigorous checks and evidence being produced beforehand?
This poses a big problem for firms. How do you decide when the conditions are right for the attestation to be signed? This is where training comes in.
Firstly, those who hold approved person status need to be familiar and comfortable with regulatory expectations in this area. One way is by attendance at seminars focused on this particular subject – professional training can go a long way towards instilling confidence in senior managers.
Secondly, the FCA has said that it is encouraging firms to have open debate with their supervisors so both sides know what’s expected from the attestation. In many cases, this dialogue will be led by the compliance department, who need to have the right level of understanding of regulatory requirements in this area. There are plenty of opportunities to learn in more detail about how regulation operates, which should form part of the CPD plans for any compliance team.
Thirdly, whilst firms can take the necessary action to address issues required by attestations, they should check that their culture is right too. Ultimately, that is what the FCA will be looking for. There are a growing number of opportunities to learn what constitutes a sound culture, both from a general perspective and in specific areas, for example, TCF and corporate governance.
So, if the relevant people in a firm have their professional development taken care of, this could take the sting out of the attestation process.
Industry Events Online now holds details for hundreds of upcoming events so the chances of finding something that meets your needs is increasing all the time. Also, training providers offer both general training materials as well as those focusing on specialist areas. Take a look at the search facility and see how the options are ever-expanding.
So, now the FCA has laid out its stall in terms of its approach to attestations, firms can respond accordingly. They need to make sure the right culture is embedded and that the right people (for example, in compliance) understand the technical requirements. And most importantly, those directly affected (i.e. senior managers) understand what the implications are when an attestation is requested directly of them.
Training is a cornerstone here. Firms can’t ignore its importance. But with Industry Events Online, developing and implementing training plans is becoming easier than ever.
So when this particular iceberg approaches, you can steer round it rather than crash into it!
By Martyn Oughton a Professional Member of the International Compliance Association (ICA). Martyn now writes a regular blog for Industry Events Online focusing on the importance of training in all aspects of compliance. Read Martyn's other publications at Martyn's Writers' Residence website.
To keep up to speed with new events and blog posts sign up to the Industry Events Online weekly newsletter.