Breaches

What is a Breach?

PRA and FCA approved Conduct Rules are in place for employees in certain roles. Any violation of these established Conduct Rules is considered a Breach.

The reporting of Breaches is an FCA mandated requirement. An individual or senior manager will need to be reported if they are in violation of Conduct Rules. Reporting of the Breach will include any disciplinary action that was taken.

The responsibility to inform regulators resides with organisations if:

They are aware that the Conduct Rules have been breached.
They suspect an individual has breached the Conduct Rules.
They have previously reported a potential breach and have reached a final determination.
If a formal warning has been issued as a result of a breach.
If an employee has been suspended, dismissed or reduced in duties as the result of a breach.

If the breach involves an individual at Senior Manager level, it is expected that regulators will be notified within 7 business days of the firm becoming aware of the issue/violation.

If the breach involves non-senior managers, regulators are required to be updated on a quarterly basis with any breaches or suspected breaches. Breach Notifications will identify the individual(s) related to the issue and include any disciplinary actions.

Note

Breach Notifications need only be generated and sent once.

Breach Notifications should include the following:

Information about any circumstances relevant to the Breach or offence.
Identification of the rule or requirement or offence.
Any steps that an organisation or individual has taken or intends to take to rectify or remedy the breach, or prevent any future potential occurrence.

Administrator Page

A Breach record can be initiated by the SMCR Administrator.

To create a Breach record:

Select the SMCR Global icon, then the Breaches tab.

The SMCR Solution - Breaches screen displays.

The SMCR Solution - Breaches screen presents a summary of any breaches that have been identified and recorded for different individuals.

The date of the breach and the date that the breach was reported, are also captured on this screen. These dates are important, as there are time requirements regarding the reporting of breaches to regulators.

Senior Manager breach: Regulators must be notified within 7 business days of the organisation becoming aware of the issue.
Other, non-Senior Manager individuals breach: Regulators must be updated on a quarterly basis with any breach or suspected breach information.

To view information regarding a breach that is recorded for an individual:

Select the Open record (folder) icon.

An overview of the recorded breach displays.

Record a Breach

If a breach has occurred, the incident can be recorded on the SMCR Solution - Breaches screen.

To record a new Breach:

Select New.

The New Breach Entry screen displays

Information to include within the Breach record:

Individual: Search for an Individual using a Wizard. The search will auto-populate a selected individual's Senior Manager Functions and Responsibilities fields (if applicable) when the record is saved.
Status: Dropdown menu to select and indicate the record's status. Manually change the status of the record by selecting one of the following options:

Pending: The record has not been completed/sent to the FCA.

Completed: The record has been completed, sent to the FCA, and is considered addressed.

Withdrawn: The breach/suspected breach is no longer considered an issue and is withdrawn.

Details of the Reported Breach

Reported Date: Date the breach was reported.
Breached Date: Date the actual incident occurred.
Select Breached Conduct Rule: Dropdown menu listing the different Conduct Rules. A blank option exists for breaches which fall out of scope of the Conduct Rules. In these cases, the breach should be clearly outlined in the Details of the Breach field (beneath).
Details of the Breach: Field to outline information regarding the breach.

Remedies and Outcomes

Remedies: Field to detail what steps have been taken to rectify the breach.
Completed Date: Date the information concerning the breach was entered and the record was completed.
Outcome of the Breach: Field to indicate how the incident was resolved, including any disciplinary action taken.

Attachments

Attachments: Any documents relevant to the incident can be attached and named in this section.

To attach a document:

Select the Wand icon to open the related Wizard, search for and attach the required document.

Once all of the breach information has been added, select Save to save the record.

The completed record will display on the SMCR Solution - Breaches screen.

Reporting on Breaches

It is possible to generate a report that details the current status of all breaches.

To generate and view breach report information:

Navigate to the SMCR Solution - Breaches screen and select Reports.

A related dropdown menu displays.

Select the Other Reports and Documents option.

The Report Wizard opens.

In the Other Reports section, select the Conduct Rules - Breach Report option.

The SMCR Conduct Rules - Breach Report screen displays.

Use the available options to determine how information will display in the report:

Show: Provides a filter that will determine which breach records will display in the report according to record status.

Pending: Only Breach records with a Pending status will display in the report.

Completed: Breach records with a Completed status will display in the report.

All: All Breach records irrespective of status will display in the report.

Order By: Sorting option that will determine how the records on the report appear

Reported Date: Ascending order

Breached Date: Ascending order

Include Personal Information: Selecting the option to include personal information will include the individuals ID, Passport, Date of Birth, Nationality within the report.

The report can be saved to Working Documents or viewed immediately in a variety of formats (for example, Excel).