The FCA further notes that it will usually ask for an attestation to be given by the person with the most appropriate significant influence function – i.e., the person responsible for the area of the firm where the issue has arisen. The Letter notes that the most usual scenarios where attestations are required by the FCA are: 

  1. Notification: Where there are emerging risks at firms that are unlikely to result in consumer detriment, the FCA may ask an appropriate approved person at the firm to attest that the person will notify the FCA if the risk identified changes in its nature, magnitude or extent. This type of attestation is essentially to ensure that the firm monitors the risk and notifies the FCA of anything relevant. 
  2. Undertaking: Where the FCA requires a firm to take action, but the risk is unlikely to result in material consumer detriment, the FCA may ask for an attestation that the specific action will be undertaken. 
  3. Self-certification: Where the FCA is confident that the firm can resolve more significant issues itself, the FCA may ask for an attestation that the risks have been mitigated or resolved. 
  4. Verification. Where the FCA wants a firm to resolve issues or mitigate risks, the FCA may require that a verification is given confirming that certain action has been taken. 

The FCA’s guidance on its use of attestations is particularly welcome as the FCA has been using this new “supervisory tool” more and more since November 2012, when the FCA required the CEOs of many firms to provide attestations that they had discussed the FCA’s conflicts of interest guidance with their boards, reviewed and closed off all the issues flagged in the conflicts guidance and satisfied themselves as to their own firms’ conflicts arrangements. This initial request for an attestation came as a surprise to many CEOs, but it indicated the FCA’s growing desire to have individuals take personal responsibility for specific compliance issues. In the Letter, the FCA highlighted that all approved persons must deal with the FCA in an open and cooperative way and that any failure to meet FCA requirements (including non-compliance with an attestation request) could result in enforcement action being taken against the relevant individual.  

The Letter (and the FCA Practitioner Panel’s letter requesting the guidance on attestations) are available here.