From MiFID II to Consumer Duty – reflections on employee competence
What you’ll find in this article:
- Original Provisions under MiFID
- MiFID II impacts knowledge & competence requirements
- Key MiFID II changes that affected organisations preparation and planning
- The Senior Manager and Certification Regime (SM&CR)
- Implementation of MiFID II
- How will these changes impact your firm?
- MiFID and the Consumer Duty
You could be forgiven for questioning how European regulation might impact financial services organisations in the coming months and years. However, the FCA have made it very clear that firms must continue to abide by their obligations under UK law, including those derived from EU Law, and carry on with implementation plans for MiFID II and other pieces of EU financial services legislation that are due to come into effect.
– FCA Policy Statement 17/14 – MiFID II Implementation
The EU Directive, MiFID, came into force on the 3rd of January 2018. This significantly impacted how firms design their HR strategy, people and compliance policies, training and competence (T&C), accountability and more. Now, further consumer and accountability regimes, like the Consumer Duty or Individual Accountability Framework (IAF), have been introduced across the UK and Europe.
So, although this regulation isn’t anything new, it continues to be highly relevant to the financial services and the industry’s approach to consumer care, employee training, and overall compliance culture. In this guide, we outline the key principles of MiFID, it’s impact on firms and how it ties into SM&CR and the Consumer Duty.
Download MiFID whitepaper
Original Provisions under MiFID
The Markets in Financial Instruments is the EU legislation that regulates firms who provide services to clients linked to “financial instruments” (shares, bonds, units in collective investment schemes and derivatives) and the venues where these instruments are traded.
Under the first iteration of this framework, investment firms are required to ensure that their employees have the skills, knowledge and expertise necessary to discharge their responsibilities allocated to them. These MiFID requirements have been incorporated into the existing training & competence (T&C) regime which helps to support the FCA’s consumer protection objective. The regime consists of:
- A high-level competent employees rule in SYSC, derived from the MiFID requirement, which requires firms to employ personnel with the skills, knowledge and expertise necessary for the discharge of the responsibilities allocated to them (including wholesale firms).
- More detailed professionalism requirements in our training & competence sourcebook (T&C) for certain retail activities. Including the need to attain an appropriate qualification where relevant.
Policy Statement 17/14 confirms the changes that will be implemented under MiFID II are wide-ranging, covering conduct of business and other matters. Of particular relevance to this whitepaper is the section on knowledge & competence requirements which relates to people risk, T&C good practice and frameworks building on RDR principles.
MiFID II impacts knowledge & competence requirements
In complying with ESMA (European Securities and Markets Authority) guidelines, the FCA implemented changes necessary to comply, but they confirmed they did not go beyond what is necessary. They confirmed that ‘they do not plan to extend the existing T&C regime on appropriate qualifications to those who are not currently subject to it’.
Instead, under MiFID II, the FCA gives firms flexibility in how to provide their employees with the knowledge and competence necessary to comply with the guidelines. This was great news for organisations, ensuring that the delivery of knowledge and competence was proportionate and targeted based on the firm’s size, complexity, culture and people development strategy.
This enables firms to leverage their established T&C policies and procedures, using already established in-house training needs-based assessment and annual assessments, continuous professional development and new product training. However, this threw up challenges for firms with no specific experience of T&C or existing expertise in this area.
The FCA has also stated that they would not introduce any new data reporting requirements to comply with these guidelines.
Key MiFID II changes that affected organisations preparation and planning
1. Impacted firms
- Investment Firms
- Interdealer Brokers
- Investment Advisers
- Corporate Finance Firms and Venture Capital Firms
- Investment Managers Including Individual and Collective Portfolio Managers
- Financial Advisers
- Local Authorities2. Impacted roles
The FCA have confirmed that those roles impacted would include those who give “investment information.” Giving information means directly providing information to clients (retail and professional) about financial instruments, structured deposits, investment services or ancillary services, either upon request of the client or at the initiative of the firm.
MiFID II Article 25 (1) introduces a requirement that firms must ensure that individuals providing advice or information to clients possess the necessary knowledge and competence to ensure that firms meet their investor protection obligations (under Articles 24 and 25).
In response to CP 16/29, firms wanted clarification on who was deemed to give “investment information” and what this would mean to individuals in firms.
In PS 17/14 18.10, the FCA confirms that the MiFID’s definition of investment advice involves the provision of a personal recommendation to a client. The definition of “giving information” in the guidelines requires an assessment of whether the staff member directly interacts with a client and whether the staff member provides services or activities listed in sections A or B of Annex 1 of MiFID II.
3. Maximum and Minimum Timeframes to attain competence
The ESMA guidelines introduced some concepts which are new to the UK. These include a maximum time of 4 years during which employees need to acquire knowledge and competence and a minimum time of 6 months for employees to be considered eligible to have acquired appropriate experience and can work unsupervised.
In response to a question in CP16/43 18.15, of how to define relevant experience, the FCA pointed to the guideline definition of “appropriate experience” including that “the member of staff has successfully demonstrated the ability to perform the relevant services through previous work”. They go on to advise that this work must be relevant to the role being performed.
We saw in RDR the introduction of the 30-month rule for the achievement of qualifications but this was for retail investment advisers only, so the 4-year rule now impacts this population too.
The policy statement confirms the introduction of these maximum and minimum timescales. The ESMA guidelines do not allow for grandfathering and therefore firms will need to be ready to comply from the 3rd of January, ensuring any individuals working under supervision, do so only for the maximum 4 years.
4. Qualifications and CPD
ESMA requires employees to have both an appropriate qualification and appropriate experience. Where qualifications are not mandated by T&C, the regulators aim to allow firms flexibility so that employees can achieve the required qualification through tests or training courses that meet the criteria set out by the guidelines. (It is confirmed that the review of appropriate qualifications could be undertaken by the firm or an external body).
Ensuring staff possess an appropriate qualification and maintain and update their knowledge and competence by undertaking CPD was a significant problem for some firms in terms of tracking, recording and monitoring for example. However, mandating CPD aligns other roles with the demands placed on retail investment advisers and was a step in the right direction in terms of professionalism.
The FCA believes that their expectations in relation to qualifications and CPD were already in line with MiFID’s original objectives and confirmed that they would not extending the list of retail qualifications in TC, nor would they set out mandatory qualifications in SYSC. SYSC also offers guidance on qualifications and CPD (if not subject to T&C).
They advise firms to consider the ESMA requirements so they can ensure any qualifications, training courses and tests meet the criteria.
Earlier in the paper, we confirmed the requirement for employees to work under supervision while they are working to attain an appropriate qualification and relevant experience for a maximum period of four years.
The ESMA guidelines (paragraph 20d) state that “the level and intensity of supervision should reflect the relevant qualification and experience of the staff member being supervised and this could include, where appropriate, supervision during client meetings and other forms of communication such as telephone calls and e-mails.”
The FCA confirms that they believe that existing guidance in T&C and SYSC is consistent with the statement above, however the requirement that relevant individuals who supervise should hold an appropriate qualification required an amendment to the new rule in SYSC to ensure this is clear. (this brings the rule for appropriate qualifications for Supervisors in line with Article 25 (1) MiFID.
The FCA also took the opportunity to provide further details regarding its position on firms choosing to outsource Supervision to a 3rd party. They confirmed that firms must be very clear on and manage the operational risks that outsourcing can bring, ensuring due diligence on selection of a 3rd party, regular evaluations of the effectiveness of the model and of course that the firm ultimately remains fully responsible and accountable.
The Senior Manager and Certification Regime (SM&CR)
Implementation of SM&CR and SIMR was of course already in place for banks, building societies and insurers hen MiFID II was released. The FCA Consultation Papers CP17/25 and CP17/26 describe how the regime will impact the rest of the FSMA firms and the changes being made to Accountability 1 firms.
A core pillar reinforced in these CP’s is the certification regime which currently applies and will apply to “employees who could pose a risk of significant harm to the firm or any of its customers.” Firms are responsible for having processes in place to ensure such individuals hold the appropriate qualifications, have completed training (or training is underway), and have the appropriate level of competence.
The FCA says: “This will help firms and us to be clear about which individuals in senior management are responsible for what aspect of a firm’s business. Greater personal accountability will focus minds and drive up standards.”
There is no direct equivalent to SM&CR in MiFID II, but MiFID allows for member states to have their own rules for their firms. The FCA do confirm however that when determining fitness and propriety that this should extend to take account of the ESMA guidelines on knowledge and competence.
Implementation of MiFID II
The FCA proposed to achieve compliance with the guidelines by amending the training and competence (T&C) and Senior Management Arrangements, Systems and Controls (SYSC) and sourcebooks to implement Article 25 (1) of MiFID II and ESMA’s MiFID guidelines on knowledge & competence.
There will be no extension to the FCA list for retail qualifications as a result of the guidelines and no mandatory qualifications will be listed in SYSC. (Firms should however consider the ESMA requirements to ensure they meet the guidelines criteria – The FCA website has been updated to include this).
There will be no transitional or grandfathering arrangements (then FCA and ESMA do not provide for these in their final guidelines).
How will these changes impact your firm?
There are many aspects of your organisation that must be considered to ensure that you comply with MiFID II (and of course SMR if you are also implementing this for the first time in 2018). The list below is not exhaustive but highlights some of the critical areas to include in your analysis and plans. (Future whitepapers will look at some of these in more detail).
- HR Strategy, Policy and Processes – Examine current people strategy in relation to recruitment, on-boarding, probation, development and line management/supervision. You may need to consider the organisational design, line manager/supervisor capability, people development and budget impacts.
- Training & Competence Schemes – MiFID II introduced more detailed knowledge and competence requirements for firms or entities not currently subject to the FCA T&C sourcebook i.e. employees providing relevant services to clients on behalf of the investment firm. Good practice already in place in firms with staff subject to T&C rules will be a good starting point, this can be made proportionate and relevant to the additional roles now impacted by MiFID II.
- Employee Competency – Firms should review and expand training & competence frameworks/schemes to define and measure competencies and KPIs across a wider role base. You will need to decide how to implement appropriate controls e.g. authorisations to include all roles now in scope and ensure people understand what they can and cannot do. You need to consider how the new rules in relation to minimum and maximum timeframes to attain competence impact staff currently under supervision. MI and reporting now needs to extend across the organisation including; managing and adhering to conduct rules including breaches, annual assessment of knowledge and skills and declaration of competence, regular compliance monitoring, board reporting; fitness & propriety and certification.
- Supervision – With the expansion of the rules to include those roles that provide investment information, firms should have more structured supervision of a far wider population across the firm. Will this mean additional resource or expanding the remit of line managers? Whatever the answer, firms will need to consider line manager/supervisor capability, experience and now qualifications as well as how this might impact the organisational framework, hierarchies and spans of control.
- People Development – The FCA takes a pragmatic view to how firms can comply with the extended guidelines and how these can be met in such a way that benefits the colleague, the customer and organisation. It ensures that your learning strategy and people development plans can be reviewed and enhanced to meet the MiFID II requirements while ensuring that your investment delivers true growth in organisational capability and enhanced customer outcomes. Your revised training and development needs analysis and plans should include decisions on appropriate qualifications, whether internal or external and how these will be delivered and tracked and be checked against the ESMA guidelines criteria. This will be integral to the overall training needs analysis across the organisation including induction, role development, talent management and CPD.
- Budget – All of this has an impact on cost and budget allocation. Many firms previously focused on some of the apparently more challenging aspects of MiFID II, however as policy became clearer, firms could not ignore the impact of the changes described in this paper on; people capability, organisational design, learning and development, resources, systems and additional compliance costs.
- Risk Management – The impacts are broad ranging. It is not just about MiFID II rules but also how these interact with other regulation such as Consumer Duty, SM&CR, SYSC and T&C. There are connections and dependencies in amongst these which if not properly identified and managed will increase risk of non-compliance and potential consumer detriment.
- Accountability and conduct – The impact on Fitness & Propriety, Conduct Rules and Certification are now confirmed under MiFID II. This in turn has a major impact on Senior Manager responsibility and accountability, for example, in the fulfilment of prescribed responsibilities relating to the Certified regime and the firms culture. Senior managers must therefore take a keen interest in the implementation and BAU plans for MiFID II Knowledge and Competence as well as all other aspects of the regulation.
- Administration, governance and controls – The scale and widening of those roles now in scope and in firms will test even the most efficient of manual processes. The value of accurate and timely MI and reporting will grow in significance. Firms must explore the benefits provided by systemising management through people risk and T&C management software platforms. Trailight will help you with that.
MiFID and the Consumer Duty
The first time MiFID II introduced specific knowledge and competence requirements for in-scope firms and their employees was on the 3rd of January 2018. A lot has happened since then; Brexit, the full roll out of SMCR in the UK and, in the summer of 2023, the Consumer Duty.
The Duty has had a massive impact on our industry and so it’s a good time for organisations to reflect on the importance of the knowledge and competence impacts that MiFID introduced and their continued and heightened relevance to today’s regulatory landscape.
Without doubt, the Consumer Duty needs highly competent people with the appropriate knowledge, skills and behaviours if it’s to be successfully delivered.
An extract from the FCA Webinar – Consumer Duty: The Next Steps, 6 December 2023
“In terms of where we have seen examples where more could be done, we have seen where some firms are not investing quite as much time in training their staff to an appropriate level, particularly in those areas where the consumer needs are more complex or the products are more complex. So really having staff that understand those complexities, both the product and the customer needs, are so important, in order to understand the consumer’s needs, the financial objectives and get them to a solution that really is fitting with what they need”.
MiFID II gave firms flexibility in how they provide their employees with the knowledge and competence necessary. This helps ensure that the delivery of knowledge and competence is proportionate and targeted based on the firm’s size, complexity, culture and people development strategy. This enables firms to leverage their established T&C policies and procedures, using established in-house training, essential company learning programmes, needs-based assessment, continuous professional development and now, new training on the impact of the Consumer Duty on roles.
The importance of the Senior Manager and Certification Regime (SMCR)
A core pillar of MiFID II is the certification regime which applies to employees who could pose a risk of significant harm to the firm or any of its customers. Firms are responsible for having processes in place to ensure such individuals hold the appropriate qualifications (where required), have completed training (or training is underway), and have the appropriate level of competence, conduct and behaviours. We believe that this should also include reference to the delivery of Consumer Duty outcomes.
Parallels with MiFID Impacts on your firm
The list below is not exhaustive but highlights some of the critical areas.
- HR Strategy, Policy and Processes – It’s important to cast a critical eye over current people strategy in relation to recruitment, onboarding, probation, development and line management/supervision. You may need to consider organisational design, line manager/supervisor capability, people development and budget impacts.
- Training & Competence Schemes – Are these robust, proportionate, and most importantly, delivering the right consumer outcomes? Training & competence frameworks/schemes should define and measure competencies and KPIs across a wider role and metrics base.
MI and reporting must extend across the organisation including; managing and adhering to conduct rules, including non-financial breaches, assessment of knowledge and skills, regular compliance monitoring, board reporting; fitness & propriety and certification.
Data from T&C schemes will play a big role in helping evidence Consumer Duty impacts on customers and can therefore support the compilation of the annual assessment and board report.
“You also need to focus on how you are monitoring and measuring consumer outcomes, again on an ongoing basis and using the necessary data. That will help to both give you the evidence you need to assure yourselves and your Boards and your customers that you are delivering the necessary outcomes, and enable you to continue to learn and improve and deliver in your customers’ interest’s”. FCA Webinar – Consumer Duty: The Next Steps 6 December 2023.
- Qualifications and CPD – Where qualifications are not mandated by T&C, the regulators allow firms flexibility so that employees can achieve the required qualification through tests or training courses. Maintaining and updating knowledge and competence by undertaking CPD is either mandated by regulation or should be regarded as very good practice for many staff.
- Supervision – MiFID required more structured supervision of a far wider population across the firm. This is equally important for the Duty. Firms must continue to consider line manager/supervisor capability, experience and qualifications, as well as how this might impact the organisational framework, hierarchies and spans of control. This reinforces the need for employees to work under appropriate supervision where assessment of consumer impact becomes highly relevant.
The FCA says: “The level and intensity of supervision should reflect the relevant qualification and experience of the staff member being supervised and this could include, where appropriate, supervision during client meetings and other forms of communication such as telephone calls and e-mails.”
Where firms choose to outsource supervision to a third party, they must be very clear on, and prepared to manage, the operational risks that outsourcing can bring, ensuring due diligence on the selection of a third party, regular evaluations of the effectiveness of the model, and, of course, that the firm ultimately remains fully responsible and accountable.
- People Development – The Duty brings wider ramifications. Ensure that your learning strategy and people development plans are continually reviewed and enhanced to meet the demands of the Duty and utilise data collection, analysis, and the findings of the annual assessment. It’s important that your investment in development delivers true growth in organisational capability and enhanced consumer outcomes. This will be integral to the overall training needs analysis across the organisation including induction, role development, talent management and CPD.
- Budget – There is obviously a cost impact on; people capability, organisational design, learning and development, resources, systems and additional compliance costs.
- Risk Management – The impacts are wider now. It’s about MiFID II rules, Consumer Duty and how these interact with other regulation such as SM&CR, SYSC and T&C. There are connections and dependencies in amongst these which, if not properly identified and managed, will increase the risk of non-compliance and potential consumer detriment.
- Accountability and conduct – Fitness & propriety, conduct rules and certification take on an increasingly important purpose in the firm. This in turn has a major impact on Senior Manager responsibility and accountability.
“… while the Executive owns delivery of the Duty, Boards have a really critical role to play in setting the strategy and assuring that your organisation is delivering the Duty and the right consumer outcomes as part of that strategy. We want to see Boards working with their Executives, challenging them and driving them in the right direction to deliver and embed the Duty.” FCA Webinar – Consumer Duty: The Next Steps 6 December 2023.
- Administration, governance and controls – The Duty will test even the most efficient of manual processes. The value of accurate and timely MI and reporting will grow in significance. Firms must explore the benefits provided by systemising management through SMC&R, people risk and T&C management software platforms. The ability to draw together data from disparate systems in one place and interrogate the outputs in context become a necessity. Trailight will help you with that, providing a unified individual regulatory compliance platform that draws together all individual data in one place.
We said back in 2017 that with SM&CR, and certification in particular, the FCA intends “that the firm itself effectively becomes a mini-regulator, responsible for determining competence prior to certification with a resulting role to play in protecting markets and consumers”. This was important for compliance with MiFID II knowledge and competence rules, however, it has taken on even more relevance with the implementation of the Consumer Duty.
Ongoing responsibility for delivering and maintaining high standards of competence and behaviour sits with senior managers who are responsible and accountable for that. However, there is an important additional step of scrutiny by the board mandated by the regulator and as they have emphasised: “The Board or equivalent governing body must review and approve an assessment of whether your firm is delivering good outcomes for your customers. This is not an attestation to us, (the FCA will sample reports) it is a piece of internal governance. It is a really important one.” FCA Webinar – Consumer Duty: The Next Steps 6 December 2023.