FCA and PRA consult on proposals to increase diversity and inclusion in financial services

On 25 September 2023, the Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) published consultation papers (FCA CP23/20 and PRA CP18/23) proposing a new regulatory framework on diversity and inclusion (D&I) in the financial services sector.

The proposals are aimed at supporting healthy work cultures, reducing groupthink, unlocking new talent, and improving understanding of and provision for diverse consumer needs. The regulators consider that greater levels of D&I can improve outcomes for markets and consumers while strengthening the competitiveness of the UK’s financial services sector. The proposals will impact all firms but will be applied proportionately. This means that certain requirements (for example data reporting and the requirement to have a D&I strategy) will only apply to the larger and more complex firms, and some firms (for example, payment and e-money firms) are out of scope entirely.

While the FCA and PRA have published individual consultation papers, they have worked closely together to develop a coordinated set of proposals (although dual-regulated firms should review both papers carefully to understand how the proposals affect them).

In this briefing note we summarise key parts of the proposals and discuss next steps for the regulators and firms.

Non-financial misconduct

Under the new proposals, it will be made clear that adverse findings about individuals’ conduct in relation to issues such as bullying, sexual harassment, and discrimination, should form part of fitness and propriety assessments. They could constitute a breach of the Conduct Rules that should be reported to the FCA and disclosed in future regulatory references. In particular:

• The FIT sections of the FCA Handbook and the relevant parts of the PRA’s supervisory statements will be amended to clarify that non-financial misconduct forms part of the “fit and proper” test. In particular, it is highlighted that bullying and similar misconduct within the workplace is relevant to fitness and propriety. Notably, the proposals provide for partial or full prohibition of carrying out regulated roles in relation to certain conduct such as sexual or racially motivated offences.
• The scope of COCON will be expanded to cover serious instances of bullying, harassment, and similar behaviour. Further guidance will be provided by the regulators in due course on what conduct is in scope.
• The guidance on the Suitability Threshold Conditions in COND will be amended to include, for example, sexual or discriminatory offences and other discriminatory practices.

D&I strategies

While many firms already have D&I strategies in place, the regulators are proposing to make this a formal requirement. Firms will be required to develop an evidence-based D&I strategy that will contain, at a minimum, the firm’s D&I objectives and goals, a plan for meeting those objectives and goals and measuring progress, a summary of the arrangements in place to identify and manage any obstacles to meeting the objectives and goals, and ways to ensure adequate knowledge of the D&I strategy within the firm’s staff.

Each firm’s board will be responsible for the maintenance and oversight of the firm’s D&I strategy. While the regulators do not intend to mandate how frequently the D&I strategy should be updated, they expect firms to be satisfied that the D&I strategy remains fit for purpose. The D&I strategy should also be made easily accessible. Sharing the firm’s D&I strategy on its website is likely to satisfy this requirement.

D&I targets

Although mixed views have been expressed about D&I target setting in the financial services sector previously, the regulators consider that targets play an important role in driving progress on diversity and inclusion. The consultation papers contain various proposals in this area:

• In scope firms will be required to set targets to address underrepresentation: the expectation is that at least one target will be set for each of the board, its senior leadership, and the employee population as a whole. The regulators do not intend to specify which particular demographic characteristics the targets must relate to. Instead, firms should consider the context in which they operate and determine this internally.
• Firms will also be required to publicly disclose their targets and their progress towards them annually. These targets will need to be reviewed and updated regularly to ensure they remain stretching but realistic. The board will be responsible for overseeing these targets.

Data reporting

The regulators are conscious of the fact that firms may face difficulty in collecting D&I related information from their employees, and in some instances it may be necessary for them to first build trust with their employees in relation to sharing their personal data. Notwithstanding this, data reporting is considered to be a key part of the new proposed framework. To that end:

• All firms will be required to report their average number of employees to the regulators to help them determine which firms are in scope of the other proposed D&I requirements.
• Large firms (which are considered to be firms with 251 or more average number of employees over a rolling three-year period as at a specified annual reference date) will be required to report annually to the regulators:
  • Data across a range of demographic characteristics, such as age, ethnicity, sex or gender, religion, sexual orientation, and disability or long-term ill health conditions.
  • Information on inclusion, such as whether employees feel safe to speak up if they observe inappropriate behaviour or misconduct in the workplace or to express disagreement with or challenge the dominant opinion or decision without fear of negative consequences.

Firms may also voluntarily report on other characteristics such as gender identity, parental responsibilities, carer responsibilities, and socio-economic background. The regulators are currently considering whether they should mandate the reporting of such data.

Proportionality

While D&I is considered to be crucial for all firms, the regulators are conscious of the fact that a one size fits all’ approach is not appropriate. The proposals are therefore intended to be implemented in a proportionate manner depending on the nature of the firm, in accordance with the tables below.

It should be noted that, with limited exceptions, the regulators’ proposals only apply to employees that carry out their activities predominantly from an establishment in the UK. For third country firms, the proposals only apply to activities of the firm that are carried out from an establishment in the UK.

Below is a list of FCA policy proposals and to which firms the proposals apply:

• Non-financial misconduct
  • All FSMA firms with a Part 4A permission and where relevant Threshold Conditions and existing chapters of the FCA Handbook apply.
• Data reporting
  • All FSMA firms with a Part 4A permission need to report their number of employees annually, but excluding all Limited Scope SM&CR firms.
  • All FSMA firms with a Part 4A permission with 251 or more employees (as discussed above) have additional reporting obligations, but excluding all Limited Scope SM&CR firms.
• D&I strategies
  • Dual-regulated CRR and Solvency II firms of any size (firms to which the CRR or Solvency II parts of the PRA Rulebook apply).
  • All other FSMA firms with a Part 4A permission with 251 or more employees have additional reporting obligations, but excluding all Limited Scope SM&CR firms.
• Data disclosure
  • All FSMA firms with a Part 4A permission that have 251 or more employees, but excluding all Limited Scope SM&CR firms.
• D&I targets
  • All FSMA firms with a Part 4A permission that have 251 or more employees, but excluding all Limited Scope SM&CR firms.
• Risk and governance
  • All FSMA firms with a Part 4A permission that have 251 or more employees, but excluding all Limited Scope SM&CR firms.

Note: non-Part 4A FSMA firms (such as credit rating agencies, payment services, and e-money firms) are out of scope of these proposals. However, the FCA notes that it may consult on this at a later stage as part of future regulatory reform of these sectors.

Below is a list of PRA policy proposals and to which firms the proposals apply:

• Firm-wide strategies
  • All CRR and Solvency II firms with respect to their establishment in the UK, including third country branches.
• Monitoring diversity and inclusion
  • All CRR and Solvency II firms with respect to their establishment in the UK, including third country branches.
• Individual accountability
  • All CRR and Solvency II firms with respect to their establishment in the UK, including third country branches.
• Board governance
  • All CRR and Solvency II firms with respect to their establishment in the UK, excluding third country branches.
• Targets
  • Only those CRR and Solvency II firms (including third country branches) with 251 or more employees who are predominantly carrying out activities from an establishment in the UK.
• Regulatory reporting
  • Only those CRR and Solvency II firms (including third country branches) with 251 or more employees who are predominantly carrying out activities from an establishment in the UK.
• Disclosure
  • Only those CRR and Solvency II firms (including third country branches) with 251 or more employees who are predominantly carrying out activities from an establishment in the UK.

Note: non-CRR and non-Solvency II firms are out of scope of these proposals.

Timing

The FCA and PRA are asking for comments on the proposals set out in their consultation papers by 18 December 2023. Following the end of the consultation period, the regulators will review the feedback and develop final regulatory requirements for publication in Policy Statements in 2024.

It is currently proposed that the new rules will come into force 12 months from publication of the Policy Statements, subject to some transitional provisions. This is to give firms enough time to improve existing policies where necessary, or to develop and implement new policy, governance, oversight, and data collection processes.

Separately, the Treasury Select Committee has been undertaking an inquiry into Sexism in the City, specifically the barriers faced by women in financial services and the progress made in removing gender pay gaps. The FCA provided written evidence in relation to the inquiry in September. The inquiry is no longer accepting evidence and will publish a report on its findings in due course.

Commentary and next steps

Employment implications for firms

Since 2018, the FCA has taken the stance that “non-financial misconduct is misconduct, plain and simple”. In practice, however, things have not been quite as ‘simple’ as the FCA suggested. There was limited explanation as to how non-financial misconduct might breach conduct rules (no examples of non-financial misconduct were included in COCON, for instance) leaving firms with difficult judgment calls as to when and to what extent there would be a breach. The Upper Tribunal in Frensham (for more on which see here) was unconvinced by the FCA’s approach, which only served to muddy the waters further.

Against this backdrop, the proposal to include non-financial misconduct explicitly in both COCON and the guidance on the Suitability Threshold Conditions sends a clear message that the FCA considers such behaviour to be firmly within its remit. The proposals also go a long way towards clarifying the regulatory implications of non-financial misconduct, including conduct outside work. The FCA says further guidance will be provided, which will hopefully address any questions which might remain (such as where to draw the line when determining if behaviour is “serious”). In the meantime, firms are advised to ensure they have appropriate policies and processes in place to enable them to investigate non-financial misconduct robustly and to evaluate how it might impact on an individual’s fitness and propriety in practice.

Also of significance to firms is the proposed requirement for boards and senior managers to “drive” D&I. The proposals explicitly move away from the previous terminology of “D&I policies” to developing “D&I strategies” instead. This sets a clear expectation on firms that this is not simply a box-ticking exercise: instead, taking a proactive approach to implementing and evaluating D&I objectives will be required.

At this stage, firms may wish to review their existing D&I strategies and targets alongside their data collection processes and policies and consider what difficulties they currently encounter. This should help give firms a better understanding of what changes they may need to make going forward to ensure compliance once the requirements are finalised. For more information on practical steps firms can take, see our article on creating safer workplaces.

Implications for senior executives

Senior executives need to be aware of the expanded scope of the FCA’s COCON, which may lead to greater scrutiny of their conduct by firms than has previously been the case. Particularly significant is the FCA’s emphasis that misconduct outside of the work context may be relevant when deciding whether someone is fit and proper to work within a regulated role, even if it occurs outside of the workplace and is unrelated to someone’s role. This potentially increases the scope of regulators to look into the private lives of executives, and for behaviour outside of work to have an impact on an individual’s career in financial services.

The proposals also place greater responsibility on boards and senior management to drive D&I, emphasising the need for executives to be held accountable for delivering on it. Senior executives need to understand the importance of promoting D&I, as well as modelling appropriate behaviours and calling out behaviour which falls short of expected standards. For more information on the role individuals can play in supporting D&I, see our article on allyship in the workplace.

With thanks to Dearbhla Carrigan, a paralegal in the financial services team, for contributing to this article.

This publication is a general summary of the law. It should not replace legal advice tailored to your specific circumstances.

© Farrer & Co LLP, November 2023