What the Latest ‘Dear CEO…’ Letters Tell Us & How SM&CR Holds the Key

2020 has started with a bang from the FCA’s perspective with two ‘Dear CEO…’ letters being issued within a matter of days of the New Year fireworks heralding in 2020. Whilst directed to different sectors of the financial services market and raising different core concerns, the letters share a common theme. The FCA states that SM&CR sets the standard of personal conduct and provides an opportunity and catalyst to transform culture for financial services. This provides a significant indicator of the way in which the FCA is viewing emerging marketplace risks and how it intends to approach them in 2020. With over £392 million in fines published in 2019, the FCA is clearly serious.

The first ‘Dear CEO…’ letter was issued to general insurers on 6th January 2020 [1]. The letter was sent as a response to the findings of a Lloyd’s of London survey of 6,000 of its members. In response to the survey John Neal, Lloyd’s CEO, described the level of sexual harassment in the market as ‘shocking’.[2]  In the survey, 8% of respondents said they had witnessed sexual harassment in the last 12 months, 45% said they felt comfortable raising a complaint and only 41% of those who had raised concerns said they felt they were listened to.

The letter states: “Poor culture in financial services can lead directly to harm for consumers, market participants, employees and markets. It was a key root cause of recent major conduct failings within the industry”. It goes on to say: “We expect firms, and senior managers to embed healthy cultures by identifying and modifying the key drivers of their culture”. “The Senior Managers and Certification Regime (SM&CR) provides an opportunity and is intended to be the catalyst to transform culture in financial services”, the letter states.

Both letters highlight the risks poor culture can have on consumers, market participants, employees and markets and both emphasise that SM&CR (with its focus on high standards of personal conduct, individual accountability and strong governance) should be the catalyst for this change in culture.

The second ‘Dear CEO…’ letter was issued to firms in the ‘financial advisers’ portfolio [3]. The FCA issued the letter as a response to what it identified as an increasing number of cases where the actions of firms had caused ‘significant harm to consumers’ financial well-being’. The FCA noted four areas of concern to consumers:

  1. Receiving unsuitable advice for their needs and objectives (with particular reference to defined benefit pension transfers);
  2. Falling victim to pension and investment scams;
  3. Not receiving redress as a result of the non-payment of FOS awards and/or failing firms being unable to compensate consumers;
  4. Paying excessive fees or charges for products and services.

Whilst the letter talks about the specific actions it expects firms to take to mitigate each area of concern, e.g. starting with the presumption that a pension transfer is not suitable for a client, it also stresses that SM&CR was introduced to ‘set a new standard of personal conduct for everyone working in financial services’ and that firms should work hard to implement SM&CR and consider its implications for people processes and governance within firms.

Therefore, although focusing on different sectors and starting with different initial concerns, both letters highlight the risks poor culture can have on consumers, market participants, employees and markets and both emphasise that SM&CR (with its focus on high standards of personal conduct, individual accountability and strong governance) should be the catalyst for this change in culture.

Digging into statements from the FCA over the last year, there are many comments from different senior managers within the Regulator that reinforce the tone and direction of the messages in the ‘Dear CEO…’ letters, so it is clear that this is a message that should not be taken lightly.

The regulator’s position on this is further underlined in its 19/20 Business Plan in which[4] the FCA states that they will be working with firms to promote and embed healthy culture, focusing on the four drivers of behaviour”.  They have defined these as Purpose, Leadership, Reward and Managing People. The plan also says that diversity and inclusion (D&I) issues may have an impact on the fitness and propriety of senior managers”. Several speeches made by senior FCA executives in 2019 have reiterated these points.

 References to diversity and culture can be found in the ‘Dear CEO…’ letter to general insurers. The letter identifies the lack of diversity as an obstacle to creating change and states that non-financial misconduct should be taken into account when making judgements about a person’s fitness and propriety.

 So, what are we to make of this? One thing for certain is that our conduct regulator is leaving us all in no doubt that it believes that poor culture can certainly drive poor consumer outcomes and with the expectation that the responsibility for culture sits with both senior managers and the wider employee population. The FCA is also pointing to SM&CR as the framework that can act as the “catalyst” for that culture change.

 Because culture is unique to each firm and is so elusive to define, it would be naive in the extreme to simply say that by implementing SM&CR, culture will get fixed. However, what is reasonable to say is that implementing and embedding SM&CR in a firm will be a positive and powerful enabler to culture change and, in so doing, will avoid the kinds of ‘Dear CEO…’ letter highlighted above.

The key components of SM&CR are well known and should be in place in firms already, although solo-regulated firms may still be finalising their Certification arrangements. However, in the context of these recent ‘Dear CEO…’ letters, I would recommend firms revisit and strengthen their SM&CR arrangements in the following areas:

  1. Conduct Rules training: In addition to the existing messages in your training, you should raise awareness of the issues around diversity and inclusion and make clear connections between diversity and healthy culture.
  2. Fitness and Propriety assessments: These should also include questions about non-financial misconduct and diversity and inclusion. Of course, the answers to these questions should be incorporated into the final assessment.
  3. Regulatory References: Like conduct rules training and Fitness and Propriety assessments, references should include any issues of non-financial misconduct.
  4. Reasonable Steps: Senior managers should not only conduct themselves in a manner which promotes a healthy culture, they should also document that they took the reasonable steps expected of a senior manager. Failure to do so could be problematic for that executive in the event of an investigation by the regulator.
  5. Senior Manager Prescribed Responsibilities: For solo and dual-regulated firms, there are Prescribed Responsibilities for the key areas that the regulator has identified as being influential towards creating a healthy culture. The obvious ones are as follows:
Senior Managers Regime
Certification Regime
Conduct Rules Regime


Dual-regulated firms have in addition:

Business Model


Working with the senior managers who have been assigned these responsibilities to ensure they understand how their leadership for these responsibilities can build a healthy culture will go a long way to evidencing progress.

  1. Systematic approach to SM&CR: Finally, to embed SM&CR as a cultural aid and to be able to have the oversight and good governance that the regulator is demanding, firms really need a cross-function and collaborative approach to operating the regime across their business, covering areas such as HR, Compliance and Operations. For firms to develop an approach that maintains all the current and historical records in a single place, manages all the workflow to ensure actions and reports get done ‘to time’ and ‘to standard’ should be the “holy grail”; thus, allowing the business to demonstrate that it is compliant with the regime, whilst generating business benefits from the oversight and transparency a systematised approach will bring.

Working on these six areas alone won’t guarantee a positive, strong, healthy culture. However, it will create the foundations for a safer and stronger future for both firms and the industry as a whole.

Good conduct and culture is most likely to develop effectively and embed well within businesses when it is driven from the top, but cultures really only grow to be the ones that people like to operate in when every employee accepts that they are responsible for it too. The FCA can’t force you to adapt, but by using SM&CR they aim to be able to spot leading indicators of poor culture and evidence strongly suggests that they are prepared to act.


[1] https://www.fca.org.uk/publication/correspondence/dear-ceo-letter-non-financial-misconduct-wholesale-general-insurance-firms.pdf

[2] https://www.bloomberg.com/news/articles/2019-09-23/lloyd-s-of-london-survey-reveals-shocking-sexual-harassment

[3] https://www.fca.org.uk/publication/correspondence/portfolio-strategy-letter-for-financial-advisers.pdf

[4] https://www.fca.org.uk/publication/business-plans/business-plan-2019-20.pdf

Leave A Reply