The CPs outline extensive frameworks for embedding D&I across all aspects of regulated firms’ governance, incentives, culture and risk management. The regulators are also looking to require firms to have far greater public transparency over their targets and progress for D&I. The proposed requirements are intended to cover firms’ D&I strategies, collection of data and target setting. There are also proposed amendments to FCA and PRA rules as well as guidance on non-financial misconduct.
What is the issue?
It is essential to understand the difference between diversity and inclusion to understand the background to the issuing of these CPs. In essence, diversity focuses on the composition of an organisation whereas inclusion is a much broader concept. A firm which is diverse but not inclusive runs the risk that its ‘diverse’ credentials will be seen, internally and externally, as a mere tick-box exercise. This will result in it losing diverse talent, as staff will feel their voices or experiences are not heard. This will not only affect the firm’s recruitment and talent retention but also its reputation. It may also be harmful to its clients.
It is acknowledged that a continued lack of diversity at all levels is a key challenge for businesses. While many firms take positive steps to improve diversity at entry level, a lack of diversity at a senior level can be perceived as evidence that a firm does not value or promote inclusion, and that there are barriers preventing employees from different groups from advancing to higher positions.
A key indicator of an inclusive organisation is a “speak up” culture which is formally embedded. In part this will be a whistleblowing procedure but it should be wider and may also include more informal staff surveys and “town halls”. In firms where individuals do not feel safe or encouraged to speak up, or do not trust the firm to take appropriate action, misconduct is more likely to go undetected, preventing firms from addressing issues before they escalate to legal claims or regulatory issues. Improving inclusivity and creating an environment that encourages constructive challenge are changes that should help to reduce this risk for firms.
How does this affect leaders?
The CPs propose greater expectations of boards and senior management in relation to driving D&I ambitions. There is a critical shift in the regulators’ terminology from D&I ‘policy’ to ‘strategy’. This is to reflect the regulators’ expectations that a firm’s leadership will proactively drive and monitor its D&I commitments. Boards are expected to hold senior management to account for their delivery on D&I, including promoting the open exchange of ideas, constructive debate and sound decision making, and boards should consider appropriate incentives for senior managers. Role modelling behaviours will also be a key consideration for leadership and middle management.
The PRA’s CP proposals seek to extend the scope of certain current Prescribed Responsibilities so that Senior Managers can be more readily held to account for the failure of D&I strategies. Whilst the FCA and PRA proposed approaches are different in relation to individual accountability, the intended outcomes of those proposals need to be fully understood and are likely to lead to significant internal changes for firms, the implementation and operation of which will require careful oversight.
Given the greater recognition of (and employee demand for) healthy cultures and psychologically-safe working environments, the regulators are also focused on addressing non-financial misconduct and, as a result, are proposing to explicitly include guidance on the potential implications of non-financial misconduct within the Code of Conduct, fitness and propriety criteria, as well as suitability guidance on the FCA’s Threshold Conditions. The FCA seems particularly keen, possibly in the light of recent enforcement cases, to clarify its position as to when and the extent to which misconduct outside of the workplace may be capable of impacting an individual’s fitness and propriety to carry out their role for a regulated firm.
What does this mean for firms?
The CPs also propose that firms should explicitly recognise D&I as a non-financial risk and embed management of this risk within governance structures and second and third line control functions. The proposals look to support greater focus on accountability by firms’ boards and senior management in monitoring effectiveness of the D&I strategies in practice and identifying where targeted interventions may be required.
Firms and their leaders will also need to review and reconsidered, alongside reducing firms’ culture risk, how D&I can reduce “group-think”. The CPs are indicating that the proposals are expected to have benefits for firms’ wider risk management and decision-making. Group-think and a reluctance to challenge (i.e. “speak up”) within firms has long been identified as a significant facilitator of many of the failings that led to the 2008 global financial crisis. As a result, the FCA and PRA have been focusing on this aspect of firm culture for some time.
How will changes be implemented?
The CPs include a strong focus on the collection, monitoring and benchmarking of data. In the FCA’s review of D&I in 2022 it was noted that existing D&I strategies were not always informed by accurate management information or effective diagnostic process and that the effectiveness of initiatives was also not captured, leading to the risk of resource inefficiency and low impact or even failure of the D&I strategies.
The proposals look to address these issues by requiring firms to “take the temperature” of their own organisation. It is proposed that this will be by collecting data on a range of demographic characteristics, before setting targets to address under-representation at all levels. Firms will also required to collect data on inclusion. This is likely to be through assessing how employees feel in relation to a range of inclusion measures, including speaking-up, challenge and discrimination. These are areas of empirical data collection that may already be difficult for firms. Challenges are likely to include ensuring sufficient employee engagement with any data collection exercise, which will require employees to disclose sensitive information, and having good regard (and finding solutions to) any related data privacy issues.
These reforms are wide-ranging in their potential impact on firms. If you would like to discuss the main legal and practical issues your firm is likely to face when implementing the eventual requirements from the regulators please contact Verena Charvet at Punter Southall Law.