News & Insights

Client Alert

May 20, 2019

What happens in Vegas...

Non-financial misconduct and the UK Senior Managers and Certification Regime


The old adage goes that, “What happens in Vegas, stays in Vegas.” But, does this really hold true in the UK financial services sector?

The Senior Managers and Certification Regime (the “SMCR”) has been hailed by the UK regulators as ushering in a step change in the way that the UK regulatory system deals with individual accountability for wrongdoing in the financial services sector.

We all think we know regulatory misconduct when we see it - an individual’s conduct (in the context of the business of the firm) has fallen short of the regulators’ rules and expectations. But issues of personal conduct have always been more difficult to quantify. So, where does the line between personal conduct and regulatory misconduct really sit?

The trend in recent years has been towards a more expansive view of the impact of such misconduct on an individual’s regulatory status.

This Alert analyses recent developments and provides guidance as to when issues of personal conduct may be relevant to an individual’s position in the regulatory system.

non-financial misconduct

Elements of personal conduct have always been relevant to the assessment of an individual’s fitness and propriety.

Although the section of the FCA Handbook relating to Fitness and Propriety (known as “FIT”) has fallen some way behind current practice in the industry (and would arguably benefit from a refresh), it still contains some useful guidance as to the sorts of personal conduct issues that can give rise to questions around fitness and propriety. In particular, FIT 2.1.3G contains a list of matters – some of which relate to personal conduct – that go directly to fitness and propriety.

However, the advent of the #MeToo movement, and the FCA’s focus on the link between poor organizational culture and poor regulatory outcomes, has thrown the issue of so-called “non-financial misconduct” (see box to the right) into sharper relief.

On 28 September 2018, in response to a request from the Women and Equalities Select Committee of the UK Parliament, Megan Butler (the FCA’s Executive Director of Wholesale Supervision) wrote to the Chair of the Committee[i] setting out the FCA’s view that:

  • sexual harassment is misconduct which falls within the scope of the FCA’s jurisdiction;
  • when approving individual senior managers, the FCA will consider criminal convictions, and sanctions for discrimination, harassment or sexual misconduct; and
  • a culture in which sexual harassment is tolerated would be a poor culture which the FCA would see as its function as a regulator to address.

On 19 December 2018, in a speech entitled “Opening up and speaking out[ii],” Christopher Woolard (the FCA’s Executive Director of Strategy and Competition) noted that diversity is a driver of culture. He went on to say that the way a senior manager approaches diversity issues may be relevant to the assessment of the person’s competence and character. Likewise, he noted, the way firms handle non-financial misconduct, including sexual misconduct, is potentially relevant to the FCA’s assessment of that firm in the same way that other misconduct would be. He went on to say, “Our message to firms is clear: non-financial misconduct is misconduct, plain and simple.”

breaking down the boundary between the private and the regulatory

The case of Paul Flowers (former Chairman of the Co-operative Bank) provides an interesting example of non-financial misconduct. The FCA prohibited Mr Flowers (“PF”) for a series of incidents which, taken together in conjunction with PF’s own circumstances, were sufficient for the regulator to conclude that he was not a fit and proper person, due to a lack of integrity and reputation[iii]. While PF’s position was in many respects unusual, the case is interesting due to the range of conduct it dealt with, including:

  • using a work phone to call premium rate chat lines (for which he received a warning from the Bank, apologised and promised to repay all costs incurred);
  • sending and receiving messages over work email that were of an explicit nature, or related to controlled substances (in breach of the Bank’s IT policies and its Code of Conduct for Directors); and
  • a subsequent drug-related criminal conviction (albeit after he had ceased to be Chair of the Bank).

The FCA concluded that PF lacked the readiness and willingness to comply with financial services regulatory, and other legal, regulatory and professional requirements and standards. The pattern of disregard for standards demonstrated – in the FCA’s view – his lack of integrity.

It would be easy to dismiss the Flowers case as being an extreme example; however the conduct set out above is essentially personal in nature, with the main real link to work life being that PF used work-related systems.

In part the FCA’s interest can be explained by the fact that the Flowers case was a high-profile public matter relating to a senior person at a major bank. That said, the inevitable conclusion is that if a series of matters arises in respect of a regulated individual which might be characterized as mainly personal (and therefore normally dealt with under employment policies) firms must also consider whether those matters (together or separately) tell them anything about the individual’s fitness and propriety. This will particularly be the case if the matters themselves indicate a lack of readiness and willingness to comply with legal, regulatory and professional requirements.

The case of Jonathan Burrows is another good example of this intersection[iv]. Mr Burrows was an approved person in a regulated firm. In the course of travelling to work, Mr Burrows knowingly and deliberately evaded paying the appropriate rail fare for his journey over an extended time period. As a result, the FCA found that Mr Burrows lacked honesty and integrity, and therefore issued him with a prohibition. The case is interesting because it illustrates that regulatory action can and will be taken for matters arising in an individual’s life wholly outside of work. The FCA’s approach was undoubtedly conditioned by the fact that (a) fare evasion is a criminal offence, and (b) there was a clear element of dishonesty on the part of Mr Burrows in knowingly evading the fare over an extended period. Nevertheless, the FCA put its position pithily in the Burrows Final Notice:

“Those individuals who are approved to work within the financial services industry should conduct themselves with honesty and integrity in both their professional and personal capacities. As Mr Burrows held a senior position within the financial services industry and was an approved person, he should have been a role model for others and his conduct has fallen short of the standard expected for someone in his position.”

The intersection with Employment law

The intersection between the Senior Managers Regime and existing employment law can be complex to navigate where issues of non-financial misconduct are concerned.

Questions commonly arise as to an individual’s fitness and propriety in the course of employment-related processes. This extends to situations where non-financial misconduct arises in the course of a disciplinary or employment process. As set out above, these will need to be dealt with as and when they arise.

In the recent case of Radia v. Jeffries International Ltd[v], an analyst (who was also an FCA approved person) had brought proceedings before the Employment Tribunal against his employer. In its initial judgment, the Tribunal found that the individual was not a credible witness, noting that he had been evasive, had not told the truth and had misled the Tribunal in a number of respects. As a result of these findings, the employer dismissed the analyst for gross misconduct. The analyst brought a further claim against the employer, which was dismissed by a subsequent Tribunal. On appeal, the Employment Appeal Tribunal found that the employer (and the Employment Tribunal) had reasonably taken the view that the analyst’s behaviour was incompatible with the fit and proper test for approved persons[vi].

The question of whether the Head of HR is also a Senior Manager in their own right can also have a significant impact on these issues. This is because their regulatory responsibilities will affect the way they discharge their functions. Ongoing obligations of trust and confidence to employees often require investigations to be conducted sensitively and confidentially. However, regulatory duties may mean that notifications need to be made:

  • at the point of allegation (i.e. even prior to investigation) for the most serious cases; and
  • when the relevant internal disciplinary action is first taken by the firm.

This can put the firm’s Head of HR and the Head of Compliance in a difficult position, particularly because the act of notifying the regulator may give rise to significant reputational implications for the employee under investigation. This is important, because the obligation to keep the regulator informed does not prevent the employee from being able to pursue the firm (or even the Senior Manager as a named individual respondent) for a breach of contract action and/or constructive dismissal due to the approach adopted in the disciplinary process.

The key is to ensure effective liaison and consultation between the HR function and Compliance (with appropriate employment law and regulatory legal advice) throughout the course of an investigation, together with clear communications to the regulator indicating how the firm expects the disciplinary process to proceed and that it is not pre-judging the outcome. This will help to ensure that the firm (and any Senior Managers) tread an appropriate line between:

  • the firm’s responsibilities to be fair to its employees; and
  • its duties, and its Senior Managers’ duties, to the regulators.
A duty to disclose?

There are multiple duties to disclose information relating to members of staff to the regulator, many of which overlap and some of which have different triggers for notification. The way they interact can be complicated.

Recent reports have suggested that the FCA has held concerns that matters of non-financial conduct may not have been reported to it as they should have been. While the FCA hasn’t said much publicly on this issue, it is clear that it considers such matters to be reportable at an early stage under Principle 11. This is because the matter may tell the regulator something about:

  • the fitness and propriety of the individual or individuals caught up in it; and
  • the overarching culture at the firm, or in the business unit, concerned. This is particularly important given the FCA’s focus on firm culture as a driver of poor outcomes. In that context, the FCA is likely to be particularly interested in information suggesting that employees knew about an ongoing course of non-financial misconduct by an individual but did not raise concerns about it at the time. This might well be suggestive of a poor corporate culture at the firm.

The regulators have not been particularly forthcoming as to when they might expect notification, although the notification requirements in SUP 10C of the FCA Handbook suggest that in suitably serious cases, notification should be made within a very short period, and in some cases immediately[vii]. As such, while in some cases, the appropriate time to make a notification will be once a firm has concluded - or substantially concluded - its investigation, it is worth noting that the duty to notify may arise at the point an allegation is made in very serious cases (especially where the allegation involves a very senior individual).

Key points to remember in relation to disclosure are:

  • Even though there are specific notification rules in each regulator’s handbook[viii], duties to notify under FCA Principle 11 and PRA Fundamental Rule 7 may arise at any time.
  • The question of materiality will also loom large in the discussions. This will very much depend on the facts of each case, but in broad terms anything that suggests non-financial misconduct on the part of a senior manager is likely to be something of which the Regulators will expect notice.
  • Issues to be disclosed may not be confined to senior managers – firms will need to consider disclosure in respect of non-financial misconduct happening below the senior manager population (though it will often be only more serious matters that should be disclosed in those circumstances).
  • The Regulators will wish to receive (to the extent possible) a full account, and the steps the firm is taking.
  • If incomplete information is provided, or there is an ongoing investigative or disciplinary process, the Regulators will wish to be kept up to date with progress. Firms should ensure that they keep the relevant regulator regularly updated.
  • In practice, save where there is a specific requirement to notify via a channel established by the rules, or the Handbook specifically states otherwise[ix], the Regulator is likely to be content with a single notification.

At the end of this briefing are a series of “Do’s and Don’ts” drawing together the key themes above.

Settlement and Non-Disclosure Agreements

A number of high-profile incidents in which settlement and non-disclosure agreements have been used to prevent individuals from speaking out have led to the regulators adopting a relatively hard-edged approach towards such agreements in the financial services sector. For example, in SUP 10A.15.4G, the FCA notes that firms should not enter into arrangements or agreements with employees as part of employment processes that could conflict with obligations to disclose information to it. In practice, this means that firms should not:

  • seek to prevent the individual making a protected disclosure, or any other disclosure of information to the regulator;
  • include any warranty under which the employees are asked to confirm that they have not made a protected disclosure and they do not know of any information which could lead them to making a protected disclosure; or
  • agree not to disclose matters to the regulator, or put themselves in a position of not being able to disclose matters appropriately in other contexts (for example in a regulatory reference).

As regards protected disclosures, this is nothing new - it has long been the case that contractual terms are void insofar as they purport to prevent a person from making a protected disclosure. However, it does serve to highlight the fact that the regulators have been, and continue to be, concerned to ensure there is no question of employees being “gagged” as part of an employment settlement. Wrapping ex-employees up in NDAs was roundly criticised in the Weinstein saga, and the regulators have been clear there is likely to be significant regulatory scrutiny if NDAs are used inappropriately in the financial services sector.


These issues are difficult for firms to navigate, and there are many traps for the unwary. While it would be tempting to dismiss the cases above as the product of extreme circumstances, it is clear from recent activity by the FCA that the UK regulators will look more closely than ever before at the intersection between personal conduct and regulatory standards. As such, it would be dangerous to assume that the old adage, “What happens in Vegas, stays in Vegas,” has any relevance to the modern UK regulatory system.

DO’s and don’ts

Based on the cases above, and our experience of advising clients on the interaction between employment law and the regulatory system, we set out below a number of Do’s and Don’ts for firms considering non-financial misconduct:

DON’T assume that an issue of non-financial misconduct is something for the firm to deal with alone without regulator involvement.

DON’T assume it is safe to wait to notify the regulator until you have finished a full internal investigation of any allegations. You may be under a duty to disclose at the point of allegation.

DON’T assume that “without prejudice” discussions are exempt from regulatory disclosure - the regulator is likely to expect to be told even if disclosable information arises in a “without prejudice” context.

DON'T assume – if you are a dual regulated firm – that informing one regulator (but not the other) is sufficient to discharge your regulatory responsibilities.

DO consider the extent to which the personal conduct could have an impact on the firm’s and the regulator’s assessment of the individual’s fitness and propriety, or may have breached the Conduct Rules.

DO involve Compliance early and, if necessary, obtain legal advice on duties of disclosure if the person is a senior manager / approved person, or a certified person.

DO bear in mind the firm’s duties under employment law alongside the regulatory requirements.

DO ensure any disclosure is made with fairness to the individual in mind, recognizing that the regulator will not expect employment law to trump a duty to disclose.

DO consider carefully the timing of any disclosure to the regulator. In particular, consider whether the regulator would want to know immediately, or at the conclusion of any investigation.

DO take account of the seriousness of the allegation and the seniority of the individual concerned in deciding whether a notification ought to be made immediately on receipt of an allegation.

DO consider whether other positions the individual may hold in the group that could lead to requirements to make disclosures to FCA and PRA (e.g. a senior individual in a solo regulated entity who may be a certified person for a bank in the same group).

DO consider – and if necessary take advice on – the extent to which the FCA and PRA may have different notification obligations.

DO remember that, even if none of the specific notification rules apply, the firm may have a duty to disclose matters to the regulators under FCA Principle 11 and PRA Fundamental Rule 7.


DO ensure, if you are a dual regulated firm, that you convey appropriate information to both regulators.

DO assume, if you are a dual regulated firm, that the FCA and PRA supervision teams will discuss the issue between them.


[i] See

[ii] “Opening up and speaking out: diversity in financial services and the challenge to be met”, Christopher Woolard, 19 December 2019, see:

[iii] See:



[vi] The analyst’s appeal succeeded in part, on grounds unrelated to the findings on fitness and propriety, namely that he had not been given an appropriate opportunity by the firm to appeal the findings of the disciplinary process that led to his dismissal.

[vii] SUP10C.14.18R requires a firm to notify the FCA as soon as practicable (and in any event within seven business days) if it becomes aware of information which would be reasonably material to an assessment of a senior manager’s fitness and propriety.  There is a separate duty under SUP10C.14.7R to notify the FCA as soon as practicable (and where possible within one business day) of a firm becoming aware of, or having material which reasonably suggests, that a senior manager will cease performing a senior management function, and the firm will submit a Qualified Form C.

[viii] See, for example, SUP 10C and SUP15 of the FCA Handbook, and the section entitled “Notifications” in the PRA Rule Book.

[ix] See, for example, SUP15.3.14B G, which notes that disciplinary action for breach of conduct rules may have to be notified twice: once under the requirement to notify the FCA of a significant breach of a conduct rule, and once in the annual return for disciplinary action required under SUP15.3.11R.