Blog article
See all stories »

FCA/PRA Diversity and Inclusion for Crypto and FinTech Firms: PART III

By Rodrigo Zepeda, CEO, Storm-7 Consulting

INTRODUCTION

In 2023, the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) (Bank of England (BoE)) (collectively the “regulators”) sought to engage with financial firms and other stakeholders, to discuss new proposed measures to boost “diversity and inclusion” (D&I) in financial services (FS) in the United Kingdom (UK).

In PART I of this four-part blog series, we defined and discussed key D&I concepts such as demographic characteristics, diversity, groupthink, inclusion, non-financial misconduct (NFM), and psychological safety. In PART II we provided an overview of the D&I proposals, and we identified the tiered standards to be introduced under the proposed FCA/PRA framework.

In PART III, we will analyse how new NFM obligations fit into the D&I framework, what they will entail, and more crucially, how this will affect and impact crypto and financial technology (FinTech) firms.

REGULATORY FRAMEWORKS
The regulatory frameworks relevant to this analysis include:

MISCONDUCT
Misconduct
is a very broad term because it can potentially include any type of unacceptable or improper behaviour. However, historically, misconduct has been applied by the FCA in relation to financial misconduct, such as accounting fraud; corporate fraud; financial fraud; financial misstatements or irregularities; financial wrongdoing; misappropriation; mismanagement; and theft.

When misconduct is segmented in this way, it becomes much easier to address in regulatory frameworks. Let us say an FCA authorised investment firm also runs an in-house bakery. All bakery staff might be excluded from FCA Conduct Rules because they have nothing to do with the firm’s investment business and financial dealings.

In this way, only departments and employees that could potentially be involved in financial misconduct relating to the firm’s main business would be covered by Conduct Rules. That is why the FCA Code of Conduct for Staff sourcebook (COCON) sets out the persons to whom COCON applies (COCON 1.1.2R). At the same time, COCON also lists a number of exceptions to its application with respect to certain types of employees, as we can see in the table below.

However, as soon as we introduce NFM into the misconduct equation everything changes. This is because NFM can be carried out by anyone. At a basic level, the FCA considers that NFM includes evidence of bullying, discrimination (on the basis of an individual’s protected (or otherwise) characteristics) and sexual harassment (FCA DP21/2, 46, para. [5.69]).

The FCA asserts that NFM can erode psychological safety and trust in firms, it can increase groupthink, and it can create unhealthy cultures that can facilitate regulatory breaches and wrongdoing (FCA CP23/20, 23, paras. [4.1] and [4.9]). In practice, NFM is NOT limited to relevant staff. All types of firm personnel can be involved in NFM. For instance, it would be ludicrous to say that only a firm’s investment managers may bully, discriminate, or sexually harass others, but not a firm’s HR or IT personnel.

Bullying, discrimination, and sexual harassment can be carried out by ANYONE working in a firm. Therefore, if NFM is to be regulated it needs to cover everyone working in a firm, otherwise regulation of NFM does not make sense. This would mean that only some, and not all, firm employees would be covered by bullying, discrimination, and sexual harassment rules.

The point is that a firm’s culture exists firmwide. It is not limited to a select group of employees. If you wish to change or regulate firm behaviour, you must implement NFM rules that apply firmwide across-the-board to all employees. In addition, if you want to regulate NFM in the FS sector, you need to implement harmonised NFM standards across all types of firms.

However, this is NOT what the FCA’s NFM rules set out to achieve. 

TARGET POPULATIONS
For illustrative purposes, we will provide a rough estimate of the target population of firms authorised by the FCA and the PRA in the UK. According to the FCA’s Annual Report (2022/2023, 6), the FCA supervises around 50,000 firms. The PRA (BoE) regulates around 1,500 firms (PRA 2024). In addition, the target population of E-Money firms and Payment Services firms in the UK is said to be around 1,300 firms (Laverty and Stagg 2023). There are also nine registered CRAs operating in the UK (FCA 2021, 3).  

APPLICATION OF NFM RULES
To begin with, any non-part 4A FSMA firms, which includes CRAs, E-Money firms, and Payment Services firms, are completely excluded from application of the NFM rules (FCA CP23/20, 18, para. [3.24]). So, what that means is that everyone who works at any of the nine CRAs, such as “S&P Global Ratings UK Limited”, “Moody’s Investors Service Limited”, or “Fitch Ratings Ltd”, will be excluded from the FCA bullying, discrimination, and sexual harassment rules.

So will all 1,300 E-Money firms and Payment Services firms that operate in the UK. In 2023, it was estimated that there were 21,472 employees who worked in Payment Services Providers (PSPs) in the UK (IBISWorld 2023). All of these employees will be left unprotected from NFM under the new D&I proposed measures.

In addition, all 1,500 PRA-regulated firms, which consist of banks, building societies, credit unions, insurers, and major investment firms, will also be excluded from application of the NFM rules. In 2020, the FinTech sector launched the “FinTech For All Charter”, an industry-led initiative seeking to address high levels of workplace harassment and to promote diversity within the sector (UKBAA 2020).

With thousands of firms and tens of thousands of employees excluded from application of the NFM rules, how can it be possibly said that the NFM rules are inclusive? How can these rules be said to support growing calls for an inclusive industry? They will, in effect, fragment regulatory conduct standards across different FS sectors.

Worse still, they will exclude the very firms that are at high risk of developing toxic cultures and toxic work environments in the first place, such as technology start-up firms. The issue is that many of these types of firms often operate in highly unstructured work environments, which may lack clear, strict, and robust workplace rules.

Or rules may technically exist, but they may not be strictly adhered to or enforced. In addition, such work environments may reflect fast-paced, high pressure, and results-driven cultures. The types of cultures where angry outbursts, emotional manipulation, belittling comments, derogatory remarks, individual or group humiliation, or verbal insults slowly but surely come to be accepted by employees.

Professional women who work in the UK finance sector still report that they encounter bullying, sexism, and micro-aggressions in the workplace, and that the “old boys club” is still alive and well (McGachey, 2024). Women in technology start-ups may fare even worse, since they may feel frightened to speak up or raise their concerns in such unstructured work environments (Adams, 2021; Kapin, 2023; Women Who Tech, 2023Young, 2023).

It is no coincidence that a UK FinTech sector survey conducted by InChorus revealed that 85% of harassment related incidents were related to gender, 84% of victims were harassed more than once, and 78% of victims did not report the incident complained of (UKBAA 2020). Victims feared reporting their manager, feared that they would not be believed, or they did not want to face any retaliation from reporting (UKBAA 2020).

NFM RULES
The proposed D&I NFM Rules ostensibly seek to better integrate NFM considerations into:

  • Conduct Rules;
  • staff fitness and propriety (Fit and Proper) assessments; and
  • suitability criteria and guidance for firms to operate in the financial sector (Threshold Conditions) (FCA CP23/20, 5; 23, para [4.7]).

The D&I NFM Rules will therefore amend:

  • the FCA COCON sourcebook;
  • the FCA Fit and Proper test for Employees and Senior Personnel (FIT) sourcebook; and
  • the FCA Threshold Conditions sourcebook (COND) (FCA CP23/20, 16, para. [3.11]).  

The FCA Handbook will be amended to include a new “Diversity and Inclusion Instrument” which will set out the new D&I provisions. This will include the term “discriminatory practices” which is defined to mean:

“…includes discrimination against, or the harassment or victimisation of, a person or group due to their demographic characteristics, where these behaviours would be a breach of the Equality Act if they related to protected characteristics” (FCA CP23/20, Annex A, 3).

If this provision looks a little confusing that is because it is. Discrimination of an EA 2010 protected characteristic such as age, race (including colour, ethnic or national origin, nationality), or sexual orientation is against the law. There are nine protected characteristics at law.

In effect, “discriminatory practices” extends the ambit of discrimination by including other demographic characteristics such as socio-economic background. These demographic characteristics are not recognised at law, but they are recognised for the purposes of the NFM Rules. Under the discriminatory practices definition, socio-economic background would be treated as if it were a protected characteristic to determine if discrimination has occurred or not.

The kind of conduct covered by the NFM Rules will include conduct in relation to an individual (B) that:

  • has the purpose or effect of: (1) violating B’s dignity; or (2) creating an intimidating, hostile, degrading, humiliating or offensive environment for B;
  • is offensive, intimidating or violent to B;
  • is unreasonable and oppressive to B; or  
  • humiliates, degrades or injures B (FCA CP23/20, Annex A, 36).

Examples of conduct that will breach NFM Rules listed are set out below (FCA CP23/20, Annex A, 43-44).

HOW NFM RULES WILL AFFECT AND IMPACT CRYPTO AND FINTECH FIRMS
The real question is how will the NFM Rules potentially affect and impact crypto and FinTech firms when they come into force in 2025? Technically, if FinTech firms operate solely as E-Money firms or Payment Services firms then they will be excluded from application of the NFM Rules.

However, it may not be as simple as this for FinTech firms. This is because banking and payment services are currently experiencing a rapid state of transition. FinTech business and payments models are rapidly changing. Because of high market competition, many FinTech E-Money and Payment Services firms are seeking to expand their offerings into other areas which will require Part 4A FSMA authorisation.

For example, in 2022, “Revolut”, which was authorised as an E-Money firm, was granted permission to offer crypto asset services. However, because it has not received its banking licence it is not yet able to offer loans and overdrafts like “Monzo” and “Starling”. When it does, it will be subject to the NFM Rules. In 2023, “Ayden” was granted authorisation as a UK bank.

So FinTech firms will be increasingly expanding their offerings to compete in new multifaceted payment markets. If they stick within their narrow authorisation window, they avoid the NFM Rules, but they may be unable to tap into new financial markets.

For crypto firms, if firms promote cryptoassets in the UK to retail consumers they must either be authorised by the FCA, or have their marketing approved by an authorised firm. This second channel is highly expensive and time-consuming, so many crypto firms may seek to become authorised themselves, making them subject to the NFM Rules.

In addition, regulation of certain types of cryptoassets in the UK is already set to be implemented in 2024 and 2025. So much larger numbers of crypto firms will be subject to FCA authorisation by the time the NFM Rules take force. With the introduction of the Markets in Crypto-Assets Regulation (MiCA) in the European Union (EU) in 2023, cryptoassets are also set to become legitimised.

All crypto and FinTech firms that hold Part 4A FSMA authorisation will be subject to the NFM Rules in 2025. Given space constraints, it is not possible to list all the issues and problems that may arise for such firms. However, four of the more pressing points that such firms should note are set out below.

Conduct Rules Staff (CRS)

First, the NFM Rules limit the application of COCON to conduct that relates to a function carried out by a member of the Conduct Rules staff (CRS), where that function relates to the carrying on of an activity by the firm (FCA CP23/20, Annex A, 37-38). So, the NFM Rules are NOT applicable in general across firms.

For instance, any misconduct that relates to a part of a firm’s business that does not carry on any FS activities will be excluded from application of the NFM Rules (FCA CP23/20, 25, para. [4.21]). Crypto and FinTech firms will therefore have to very carefully map out who is governed and affected by the NFM Rules.

Serious Misconduct

Second, only “serious” NFM will amount to a breach of COCON (FCA CP23/2020, 25, para. [4.22]; COCON 1.1.7G). There is no simple test to determine what is serious, there is a list of general factors that are to be used to assess compliance (FCA CP23/2020, Annex A, 43).

If you take a look at the factors, you can see that determining what is serious NFM will be extremely difficult in practice. That means the determination of severity made by individuals, crypto firms, and FinTech firms may be very different to the determination made by the FCA.

Out of Scope NFM

Third, NFM may fall “out of scope” because it relates to an employee’s personal or private life (FCA CP23/2020, 25, para. [4.20]). There is a list of factors provided for individuals and firms to attempt to decide whether NFM is within the scope of COCON or not. This is an area that may prove to be incredibly problematic for technology start-up crypto and FinTech firms in which work life and private life become heavily intermixed. That means that such firms have to create very clear and detailed policies and rules to ensure that all employees, not just CRS, fully understand where the NFM boundaries lie. This will likely prove very difficult to do.  

Excused NFM
Fourth, NFM in relation to a FMW may fall outside the scope of the NFM Rules if the CRS member either: (1) considers that that there was a good and proper reason for the conduct; or (2) did not intend to have a negative impact on the subject of the misconduct, did not know that they were doing so, and was not reckless about the effect of their conduct (FCA CP23/20, Annex A, 44; COCON 4.1.11 G).

The belief of the CRS member must be reasonable (an unreasonable belief that conduct is justified may itself show a lack of integrity) (FCA CP23/20, Annex A, 44; COCON 4.1.11 G). It is inevitable that this is an area that will become extensively used and relied upon in NFM cases where individuals seek to provide a range of “defences” in order to potentially evade liability under the NFM Rules.

If there is a distinct lack of clarity and certainty whether conduct is characterised as NFM, it is highly likely that many employees will fear to report such conduct or to come forward, especially if they fear repercusssions, or if they fear it may negatively affect their position within a firm.

SUMMARY
I think it would be fair to say that the new proposed NFM Rules are not clear or simple to apply, interpret, or understand in practice. They will be difficult enough for traditional finance (TradFi) firms to comply with. They are likely to prove even more difficult for new crypto and FinTech firms to comply with that may have gained very little operational experience with regards to FCA rules. 

The problem is that there are so many conditions and caveats contained within the NFM Rules. It is extremely difficult for firms to set out and prescribe clear rules which CRS members and employees must adhere to. Actions and behaviour in firms can be very subjective, and actions and behaviour viewed by some people as "acceptable" may be viewed as "offensive" by others. 

For instance, how can crypto and FinTech firms precisely define what "violating someone's dignity" means, or what "creating an intimidating, hostile, degrading, humiliating or offensive environment" for someone means. What kind of behaviour in a workplace will be deemed to be offensive, intimidating or violent, or will be deemed to be unreasonable and oppressive, or which may humiliate, degrade or injure a person.

In PART IV of this blog series, we will analyse what the D&I rules and obligations consist of, to which types of firms they will apply, and how they will affect and impact crypto and FinTech firms.

 

 

 

 

 

5403

Comments: (0)

Now hiring