The coming into force earlier this year of the Senior Managers and Certification Regime and the Senior Insurance Managers Regime introduced a new framework for many firms for the provision and request of regulatory references. Following a period of joint consultation, the Prudential Regulatory Authority (PRA) and Financial Conduct Authority (FCA) have recently published policy statements setting out the final rules on regulatory references.

The PRA and FCA acknowledge that references that pass between firms when senior individuals move roles are an effective tool for employers to assure themselves that prospective candidates are fit and proper for the role.

Who should comply?

The full rules will apply to full-scope regulatory reference firms which include deposit takers and PRA investment firms (collectively referred to as banks in the FCA policy statement) and Solvency II insurers and large non-directive insurers (collectively referred to as insurers in the FCA policy statement).

Full-scope regulatory firms will need to comply with the full reference regime from 7 March 2017 when recruiting for the following roles:

  • Senior management functions
  • Certification functions
  • Notified–non executive directors
  • Senior insurance management functions
  • FCA controlled functions
  • Other key function holders.

Obligation to request regulatory references

Banks and insurers will be required to take reasonable steps to obtain references from a candidate's current employer and anyone who has been the candidate's employer in the previous six years and at which they performed a relevant function. This requirement applies irrespective of whether the previous employer is an authorised firm or is based overseas. The information that should be requested and the timeframe in which to do so are further prescribed by the rules.

Intra-group hires

The new rules provide that where a bank or insurer is recruiting a candidate from another member of its group, it will not be required to request a reference from the group company, where the group has centralised records, or alternative measures in place to ensure sharing of relevant information between its members.

The requirement to take up regulatory references also applies to movement within the same company, if a reference was not taken up initially when the individual was first employed or if the employee was not previously regulated. It will not apply to individuals already in their regulated roles.


Under the new rules references must be obtained no later than one month before the end of the application process and ideally before the application is submitted. In circumstances where the provision of or request for a reference would require a firm or employer to make a mandatory public announcement then references can be obtained at any time.

Banks and insurers will be required to confirm with the regulator if regulatory references have been obtained and if not then explain why.

Providing regulatory references

Content of references

A bank or insurer will be required to disclose in the regulatory reference all information, of which it is aware, that it reasonably considers to be relevant to the other firm’s assessment of whether a candidate is fit and proper.

The FCA and PRA have now produced a template for full-scope regulatory firms to provide employment references. The template requires mandatory information such as details of breaches of conduct where there has been disciplinary action. However, in practice, most employees resign, either when they are suspended, pending investigation or during the disciplinary process, but before any disciplinary sanction has been imposed on them. Whilst there has been no finding of a breach of conduct, employers in these circumstances would be well advised to state the facts on the reference without expressing an opinion as to the employee's guilt i.e. that the employee resigned whilst suspended pending investigation, or during a disciplinary process, but before any decision regarding the conduct allegations had been made by the employer. The template contains open text boxes which cannot be left blank. The employer would have to answer a question with words to the effect that "we have no information which is relevant to this question."

In addition, there is an obligation on all firms to provide all relevant information in a regulatory reference. The FCA expresses in its policy statement that it is not providing further guidance on the meaning of "all relevant information" and advises firms will need to exercise their judgement on a case-by-case basis. The PRA policy statement provides examples and indicates that the "all relevant information" section could be used to provide further background information, such as mitigating circumstances.

There is no obligation on firms to disclose information that has not been properly verified. Common law and employment law principles, including the duty to give references that are accurate, true and not misleading will continue to apply independently of the regulatory requirements.

Firms should give employees an opportunity to comment on the information given in a reference but if the misconduct is discovered after termination, the employee will not be informed that an updated reference has been sent. Given the requirement to give regulatory references, agreed references as part of a settlement agreement or COT3 agreement are now likely to become a thing of the past.


The mandatory disclosure and all other information provided will need to go back six years. The FCA expects regulated firms to be able to provide references within six weeks.

The obligation to update a reference

A bank or insurer will be required to update regulatory references for six years after the employment has terminated. This may include misconduct that occurred more than six years ago, but came to light during the period required to update a reference. The requirement for banks and insurers to update disclosures on serious misconduct will not be subject to a time limit.

If a relevant employee of a bank or insurer moves to another firm, the bank or insurer will be required to update the other firm about any new information that would have required it to draft the original reference differently if that difference is significant for assessing the individual's fitness and propriety. In such circumstances, a bank or insurer may have to make reasonable inquiries as to the identity of its former employee's current employer and give details of those differences in writing as soon as reasonably practicable to the firm to whom it provided the original reference.

Record-keeping requirements

The final rules limit the regulatory reference record-keeping requirements to six years' retention of disciplinary and fitness and properness findings. As a result of the changes, banks and insurers will not need to retain records of breaches where no disciplinary action was taken solely for the purpose of references. Generally, the rules provide that a firm will not be in breach of the regulatory reference requirements if the reference does not include something for which the firm is not required to keep records.

Next steps

The FCA has left open the possibility of applying the full regulatory reference rules to other FCA-regulated firms in the future. There is, in the PRA's view, scope for firms to build on regulatory requirements for best practice and to tackle misconduct.

In the meantime and in readiness for commencement of the final rules on 7 March 2017, banks and insurers should be preparing and updating their internal systems. The PRA has even suggested that firms may find it good practice to start utilising the template before 7 March 2017. 

Attributed to Juanita Morrison, Solicitor