United Kingdom | Publication | November 2023
On 25 September 2023, the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) published consultations setting out their proposals to introduce a new regulatory framework on diversity and inclusion (D&I) in the financial sector. The FCA’s consultation paper, CP23/20, is on D&I in the financial sector – ‘working together to drive change’, and the PRA’s consultation is CP18/23 on D&I in PRA-regulated firms.
The consultation papers follow a range of work undertaken by the UK regulatory authorities in recent years, most notably the FCA, PRA and Bank of England’s joint Discussion Paper from July 2021 and the launch by the FCA in April 2022 of its 3-year strategy to improve outcomes for consumers and markets, which set a number of priorities, including accelerating the pace of change on D&I.
In its consultation the PRA states that the purpose of its proposals is to advance its objectives of safety and soundness and policyholder protection by improving D&I outcomes in PRA-regulated firms. It adds that D&I are important to governance and firm-wide culture. The PRA considers that more diverse and inclusive firms would help to reduce groupthink supporting more effective and prudent decision-making and risk management.
In its consultation paper the FCA states that more diverse and inclusive firms can support better outcomes for both firms and consumers. It adds that this links to all three of its operational objectives and its new secondary objective. Like the PRA the FCA asserts that the combination of D&I reduces the risk of groupthink which can lead to weak governance and a failure to act in consumers’ best interests.
On 22 November 2022, the FCA published a speech by Sheldon Mills, Executive Director, Consumers and Competition, FCA, in which he discussed why D&I matters. He explained that the FCA is committed to acting on D&I because progress on making financial services representative of the country and communities it serves remains at best uneven, and at worst, stagnant.
Achieving a more diverse and inclusive financial services industry is an important part of the environmental, social and governance (ESG) priority the FCA has set out in its Business Plan for 2022 to 2025. There is growing evidence that a diversity of perspectives and thought, when part of an inclusive culture, results in better judgements and decision making. All firms need to understand the needs of their customers and be able to respond to them through product design, flexible consumer service and communications. There is a question whether a firm can adequately respond to the needs of these consumers if they do not have the diversity of background and experience required to overcome biases and blind spots.
The regulators are also acutely aware that good data is critical, measuring progress and reporting are critical in order to improve progress on D&I.
Focusing on D&I also supports the work that the FCA and the industry have undertaken to implement the Consumer Duty - research has shown that consumers in minority ethnic groups are disproportionately likely to have low financial resilience. Therefore, the Duty and the regulator’s work on D&I are aligned and mutually reinforcing.
As well as ensuring that firms are diverse, it is also important that firms are inclusive – an inclusive firm is one which establishes a culture that welcomes and encourages the sharing of a wide range of perspectives and ideas, including from minority groups. For some time, the regulators have been aware that diversity of thought, when part of an inclusive culture, supports better decision making by firms. More diverse and inclusive firms benefit from better risk management, as individuals feel more empowered to have open discussions and debates, without fear of having their views shut down. It's also worth briefly noting whistleblowing which the FCA has been focussed on for some time. Healthy cultures are ones where people are able to speak up and everyone is listening to each other, it is really important that firms have in place effective whistleblowing systems to facilitate this.
The proposals contained in the consultation papers focus on seven key themes:
The proposals apply differently to firms depending on their number of employees, their categorisation under the Senior Managers and Certification Regime (SM&CR) and whether they are dual-regulated (for these purposes Capital Requirements Regulation (CRR) firms and Solvency II firms including third country bank and insurance branches). To reduce regulatory burden, smaller firms with fewer than 251 employees would be exempt from many of the requirements.
The regulators consider that consistent D&I data is critical to understanding a firm’s composition and designing interventions to address areas of under representation or lack of inclusion. The proposals focus on firms’ reporting D&I data to the regulators and firms’ making D&I disclosures to the public. With both of these firms will be collecting demographic and inclusion data from staff.
In terms of data reporting to the regulators, all regulated firms with a Part 4A permission will need to report their number of employees annually, excluding Limited Scope SM&CR firms. All regulated firms with a Part 4A permission with 251 or more employees will have additional reporting obligations, excluding Limited Scope SM&CR firms. Some data will need to be reported on a mandatory basis (namely information around age, sexual orientation, sex or gender, disability and long-term health conditions, ethnicity and religion) whilst other information will be provided to the regulators on a voluntary basis (namely parental responsibility, carer responsibilities, gender identity, socio-economic background and the reporting of both sex and gender). Dual regulated firms with less than 251 employees will only have to report their number of employees.
Some concerns have been previously raised regarding the time it will take to implement or update systems, as well as getting data from employees. In light of this it is proposed that the rules when finalised would come into force 12 months from the date of their publication. The data to be reported would be at this reference date. The reporting window would open the day after the reference date and close 3 months later. The FCA gives the example that if the final rules were published on 1 March 2024, the first reporting reference date would be 1 March 2025 and firms would have until 2 June 2025 to submit their data.
The FCA is also proposing a transitional regime so that the first reporting cycle would be on a ‘comply or explain’ basis. What this means is that should a firm be unable to submit all the required data in the first reporting period, they would need to explain why this is not possible and set out the steps they are taking to ensure they will be able to submit a complete report when required. In this first cycle, the FCA would encourage firms to submit what data they have available, even if incomplete. Large firms, except Limited Scope SM&CR firms, would be required to submit a complete report in the second reporting cycle.
In terms of making disclosures to the public, the proposal is for firms to disclose the same information they report to the regulators under the data reporting requirements except in percentages rather than whole numbers. Like reporting, the FCA proposes that its rules will come into force 12 months after they have been published. Disclosures should be made either at the same time firms publish annual reports and accounts, or, for firms that do not publish annual reports and accounts, within 6 months of the end of their financial year. In the first year of the rules being in force, firms can make their disclosures on a voluntary basis. From the following year onwards, disclosures are mandatory for firms in scope.
The regulators have looked at the potential implications these requirements may have under the UK General Data Protection Regulation (GDPR) and state in the consultations that they are consistent with their obligations under the legislation. The regulators have also consulted with the Information Commissioner’s Office in line with the GDPR and it had no comments.
According to the FCA’s cost benefit analysis (CBA) it sees firms incurring significant one-off costs arising in relation to data. For large firms, the FCA estimates average one-off costs of £29,800 for data disclosure and £33,200 for data reporting. The requirement for firms to report annually is more frequent than the Single Resolution Authority and European Banking Authority which asks for data every 2 or 3 years respectively. The FCA is aware that opting for annual reporting will be more costly for firms, noting that reporting data every year rather than every two years increases firms’ ongoing costs by 8%. However, the FCA feels that this is acceptable arguing that the data it will receive will be more accurate.
The pressure point on costs may be updating internal systems to collect the information and firms may wish to start thinking about the steps they need to take in order that they can report the required information. In particular, they may wish to consider what data they currently collect and see how it fairs against the D&I metrics that are being proposed. This should then help the firm understand what changes they might need to make to their systems and processes. Some firms may choose to wait to see what the final rules say but making some sort of start now may prove beneficial in the long term as a firm will get a good idea as to where they currently stand and what, if any, serious gaps they face.
Another key proposal that firms will need to think about concerns a requirement on them to establish, implement and maintain an effective D&I strategy (previously called D&I policy). Arguably this may not be too onerous with the FCA reporting in its consultation that a recent review had found that 87% of large firms and 45% of small firms already had a D&I strategy in place and see D&I as core to a firm’s culture and practices.
The requirement will apply to dual regulated firms of any size to which the CRR or Solvency II parts of the PRA Rulebook apply. It also applies to all other FCA regulated firms that have 251 or more employees, except for Limited Scope SM&CR firms.
The D&I strategy will need to be evidence based and cover, as a minimum:
Firms that do not already have a D&I strategy in place will need to create something from scratch. Other firms, those that already have a D&I strategy in place, will need to review it and update it accordingly. This is likely to include most firms as in its consultation paper the FCA warned that many of the D&I strategies it had seen failed to explain the firm’s D&I strategy’s purpose and lacked sufficient detail. Conducting a gap analysis against the current D&I strategy against the proposals may be helpful at this stage.
It is also worth noting that the D&I strategy is not meant to be a static document but something that evolves and is updated from time to time. In its consultation the FCA has not prescribed the frequency with which firms should update the D&I strategy and has instead simply said that a firm needs to be satisfied that the document remains fit for purpose. Firms should be mindful that the D&I strategy will be a key document, when assessing how a firm has identified, monitored or taken steps to address D&I issues. Also, the D&I strategy will be made accessible, so current and potential employees, investors, suppliers and consumers will be able to refer to it. Therefore, the document will be particularly important and will need to be updated regularly.
Whilst a discussion of the employment law aspects of D&I is outside the scope of this briefing note it is worth noting the Equality and Human Rights Commission’s statutory code of practice recommends that employers have in place a DEI policy (or strategy) which employees are fully aware of and understand. This can help an employer establish a “reasonable steps” defence under the Equality Act 2010 which may help an employer avoid liability for discrimination or harassment committed by an employee.
The regulators propose that firms will need to determine and set appropriate diversity targets. The basis for this proposal is that target setting will encourage firms to focus their attention and effort on reaching their D&I goals while enabling them to measure their progress. The proposed requirement will apply to dual regulated firms, and firms regulated by the FCA with 251 or more employees, excluding Limited Scope SM&CR firms. Firms within scope based overseas that carry out operations in the UK will not have to set a target for the areas of the firm that are based overseas.
The proposal is that firms will be required to set targets to address underrepresentation. It will be generally expected that a firm will set at least 1 target for each of the board, its senior leadership and the employee population as a whole. These targets will then be reviewed and updated regularly to ensure that they remain stretching but realistic. Firms will also need to publicly disclose their targets and progress towards them annually. The regulators have not proposed which demographic characteristics the targets must cover nor what those targets should be. This has been left to firms. The targets could be informed by the data collection.
The proposals around governance apply to dual regulated firms (excluding third country branches) and FCA regulated firms with 251 or more employees, excluding Limited Scope SM&CR firms.
From an FCA perspective, the regulator proposes to introduce new guidance to make clear that matters relating to D&I are to be considered as a non-financial risk and treated appropriately within the firm’s governance structures. The board will also be responsible for the maintenance and oversight of the firm’s D&I strategy. The regulator also states that risk functions, as well as Internal Audit, can play an important role in managing risk and that D&I should not be seen as a ‘tick box’ compliance issue. Support functions including HR also have a role to play to help embed and monitor D&I practices. They can also help boards ensure a higher degree of scrutiny, with senior management being held accountable for delivering on D&I. The FCA is not proposing new requirements on board recruitment and succession planning on the basis that these present significant costs to firms and that many firms already have in place well-established approaches.
From a PRA perspective, the regulator is aware that dual regulated firms already have to consider a broad set of qualities and competences when recruiting to the board, and to put in place a policy to promote board diversity. These firms must also explain on their website how they comply with these requirements and for banks the requirements extend to holding companies on a consolidated or sub-consolidated basis. The PRA is proposing to update this policy by introducing certain new requirements including:
The FCA is expecting on average one off costs for large firms of around £36,400 to implement the new requirements. One possible step that firms may consider is how the review of the D&I strategy could be built into cyclical reviews of people and operating strategies and conducting an analysis of any updates that need to be applied.
The FCA is not proposing to not amend its rules to require an individual within each firm to be assigned responsibility for D&I.
The PRA is taking a different approach particularly as dual regulated firms are already required to assign a prescribed responsibility (PR) for culture to a senior management function (SMF) holder.
PR I is usually held by the chair of the board and sets out responsibility for leading the board’s development of the firm’s culture. The PRA proposes that the SMF holding PR I would be responsible for ensuring the board sets, approves, and adopts an appropriate D&I strategy. This SMF holder would be expected to ensure that all members of the board have adequate time and opportunity to contribute to the development of the D&I strategy and provide independent challenge.
PR H, usually held by the CEO, includes responsibility for overseeing the adoption of the firm’s culture in the day-to-day management of the firm. The PRA proposes that the SMF holder with PR H would be expected to have their responsibilities for D&I reflected in their statement of responsibilities (SoRs). In addition, the SMF holder with PR H would be responsible for ensuring that the D&I strategy set by the board is implemented across the firm and that all business areas understand the role they play in implementation. They would also be expected to have their responsibility for D&I appropriately reflected in their performance objectives and remuneration scorecard, and their performance against these reflected in their remuneration decisions, via the application of risk adjustments (where these apply).
For dual-regulated firms that are not in scope of the PRs for culture, the PRA proposes that it will expect at least one SMF holder to have responsibility for the implementation of the firm’s D&I strategy reflected in their SoRs. Where this is assigned to an executive SMF, D&I responsibility will also be reflected in their performance objectives, as well as their variable remuneration where this exists.
The regulators’ proposals seek to better integrate non-financial misconduct (NFM) considerations into staff fitness and propriety assessments, the Conduct Rules and Threshold Conditions. The proposals apply to dual regulated firms and FCA regulated firms. The regulators are introducing these new requirements for a number of reasons including that NFM such as bullying can lead staff feeling reluctant to raise concerns and speak up.
The FCA makes several proposals including:
| Description of conduct | Whether generally within the scope of COCON |
| Misconduct by A in relation to a fellow member of the workforce while both are on their firm’s premises. | Yes |
| Misconduct by A in relation to a fellow member of the workforce while A is working remotely for their firm. | Yes |
| Misconduct by A in relation to a family member while A is working remotely for their firm. | No |
| Misconduct by A in relation to a member of the public while A is commuting to their firm’s place of business for work. | No |
| Misconduct by A in relation to a fellow member of the workforce when both are travelling to a meeting in which they will represent their firm. | Yes |
| Misconduct by A in relation to a client at a business meeting in which A is representing their firm. | Yes |
| Misconduct by A in relation to a fellow member of the workforce at a social occasion organised by their firm. | Yes |
| Misconduct by A in relation to a fellow member of the workforce at a social occasion organised by them in their personal capacity. | No |
| Misconduct by A in relation to a fellow member of the workforce at a social occasion organised by a client of their firm in which they will represent their firm or where the main reason for the invitation is their working for their firm. | Yes |
The PRA is proposing to update both Supervisory Statement 35/15 and 28/15 to clarify that it may take into consideration established patterns of behaviour of an individual that would, or would be likely to, affect the firm’s safety and soundness, when considering whether the individual meets the PRA’s standards of fitness and propriety.
It will be interesting to see how the non-financial misconduct proposals evolve following the consultation. In the past the FCA has taken action to prohibit certain individuals from working in the financial industry, following findings that they were not fit and proper. A recent notable example is the March 2021 Decision Notice the FCA issued regarding Jon Frensham (formerly known as Jonathan James Hunt). The FCA has previously made it clear that should allegations or evidence of non-financial misconduct come to light it expects a regulated firm to take them seriously through appropriate internal procedures. When replying to a letter from the Treasury Select Committee earlier this year the FCA said, “[a] corporate culture that tolerates sexual harassment or other non-financial misconduct is unlikely to be one in which people feel able to speak up and challenge decisions, or one in which they will have faith that concerns will be independently and fairly assessed. Such a culture also raises questions about a firm’s decision making and risk management.”
Both the FCA and PRA have not proposed to mandate a training requirement for firms but there will be costs arising from the need to familiarise employees with the changes that will need to be made. There are many ways in which training can be delivered, including formal classroom training, online learning etc. Training sessions will need to be meaningful, not simply going through the motions, and tailored to appropriate staff levels. There will also be a need for board level training.
The deadline for feedback on both consultations is 18 December 2023. The regulators are expected to review the feedback and develop final regulatory requirements for publication in Policy Statements sometime in 2024.
Publication
The Court of Appeal has overturned a 2023 High Court decision in Manolete v White [2024], ruling that courts cannot issue injunctions requiring members to draw down their occupational pensions to make them available to judgment creditors.
Publication
The Chancellor presented her maiden Budget on October 30, 2024.
Publication
On October 29, 2024, the PPF published a response to its March 2024 consultation, confirming that it would proceed with its proposal to give actuaries the option of using a bespoke discount rate assumption in s. 143 valuations of smaller pension schemes.
Subscribe and stay up to date with the latest legal news, information and events . . .
© Norton Rose Fulbright LLP 2023