Background Checking in UK Financial Services

Understanding the background checking best practice and regulations in UK financial services

This article will explain the scope of background checking regulations that affect UK financial services. It will also give you a practical guide on what is standard practice in the UK financial sector.

The regulatory requirements:

There's one piece of regulation that mandates background checks to be conducted by all firms either registered with the FCA (financial conduct authority), or the PRA (Prudential Regulation Authority) called SMCR. The FCA and PRA have published detailed guidance on checking requirements.

There is lot's of misinformation about the scope of checks required in this sector. The SMCR regulation is not as broad as some organisations may suggest.

Which roles are affected? SMCR requires Senior managers or those working in certified functions to be checked. Senior managers are individuals who perform one of the senior management functions designated by the FCA. A certified function is anyone whose role means it is possible for them to cause significant harm to the firm or its customers/clients, the FCA includes: client dealing functions and functions requiring qualifications.

How often do they need to be checked? Requiring FCA approval prior to appointing a senior manager means checks need to be conducted prior to employment. Ongoing assessment of fitness is required and so conducting DBS (criminal) checks yearly is the standard practice. 

Which checks do I need to conduct? For Senior Managers a standard DBS (criminal) check which is the middle tier of DBS check and a basic DBS check is required for the Certification Regime. Six years worth of regulatory references, this means using the FCA's template of questions to ask previous employers. A fit and proper declaration which is a set of questions self declared and signed by the individual. And an FCA register check, which is checking the public register on the FCA's website. These are required under SMCR.

What about overseas applicants? The equivalent to a standard DBS check and other financial register check needs to be conducted where the applicant has been residing. Along with the other checks mandated: Regulatory references and a fit and proper declaration.

What are the penalties? Action can and has been taken against individuals for firms failing to comply with SMCR. This could be in the form of fines or criminal action against the senior manager at the firm. For example, the FCA fined the CEO of Barclays £321,000 in 2018. Recurring themes in recent fines include anti-money-laundering, as well as lack of care in due-diligence and fitness and propriety.

The practical guide:

This practical guide will provide a description of what people actually do and why this may vary from one company to another. The checks commonly conducted in the sector are much broader than SMCR guidance mandates and rightly so since this is really a baseline to not get fined. But to be really diligent there are other checks to be done.

What about employees outside of SMCR? For employees that are not senior managers or in certified roles, it's common to conduct a lighter range of background checks for all other roles outside of SMCR. Although, it's important to note, these are not mandated by the regulators, you can follow any process fit for your company.

What if I can't get a regulatory reference? Only other financially regulated firms are obligated to complete a full regulatory reference. It's common for organisations to have policies restricting the information they give in references. Hence if someones been working in another sector, you're likely to just get a standard employment reference.

How do I need to collect and store checks? You'll want to keep evidence of all the questions asked and the responses. You'll want to be able to prove who's supplied the reference, this is usually by collecting a dated signature. Since regulatory references contain personal information, you'll want to store the file or webpage in a password protected environment. For register checks and the DBS check, you can store the reference/certificate number from the search to prove it's taken place.

What about other forms of checks? Other forms of background checks are common in the sector, including financial checks, identity, address, directorships and education checks. Good background checking practice applies to ensure the checks are relevant to the sector or the position. For example if an individual is handling financial data, it's considered good practice to conduct financial checks on an individual. Or working in a role that a professional qualification is important such as legal or accounting, a qualification/education check is sensible. 

Can I use a third party? You can use a 3rd party and for a standard DBS check, you will need to go through a business registered with the DBS. Since only certain firms can conduct this level of criminal background check. It's important to check with the firm their process for helping firms in the financial sector. Some will include identity and address checks as part of their DBS process and some will not consider a fit and proper test something that can be outsourced.

Prove your knowledge:

Is it all starting to add up now? There is a lot of jargon out there and different interpretations of the regulation but hopefully you are in a position that you now feel comfortable understanding your requirements. 

If you are a HR or Talent person, you can take this test to prove your knowledge on the subject of background checks in the financial sector. The test takes 5 minutes and you will receive a certificate at the end of it. You can use this to show your peers or your employer you have read and understood how to conduct checks in this sector.

Take certification (5 minutes)