FCA Conduct Rules Breaches: When Something Goes Wrong, Is Your Investigation Process Actually Fit for Purpose?

Under SMCR, the FCA's Conduct Rules apply to virtually every individual working in a regulated firm. When a potential breach is identified, what happens next is not a matter of internal discretion — it is a regulated process with statutory reporting obligations, personal accountability consequences, and an audit trail the FCA will scrutinise.

The Individual Conduct Rules set baseline standards of behaviour for all staff. The Senior Manager Conduct Rules go further, placing specific obligations on those with the greatest influence over a firm's culture and controls. When those rules are breached — or when a firm has reasonable grounds to suspect they may have been — the obligation to investigate promptly, thoroughly, and consistently is not optional. Neither is the obligation to report certain breaches to the FCA within the required timeframe.

In this episode, we examine what a genuinely robust Conduct Rules breach investigation looks like, what the reporting obligations require, and why firms that handle these situations inconsistently or without proper documentation are creating significant regulatory exposure for themselves and their senior managers.

Whether you are a compliance officer, an HR professional with regulatory responsibilities, or a senior manager with SMCR accountability, this episode gives you the practical framework to ensure your investigation process is structured, defensible, and compliant.

We cover:

— The regulatory framework: the FCA's Conduct Rules under SMCR, who they apply to, and what constitutes a breach at both Individual and Senior Manager level

— Identifying potential breaches: how to recognise conduct that may engage the Conduct Rules and the common situations that trigger an investigation obligation

— Investigation structure: how to scope, initiate, and manage an investigation in a way that is fair, thorough, consistent, and legally defensible

— Documentation standards: what records must be created at each stage and why an incomplete paper trail is as damaging as the breach itself

— FCA notification obligations: which breaches must be reported, within what timeframe, and what the report must contain to satisfy regulatory expectations

— The interaction with employment law: how Conduct Rules investigations sit alongside disciplinary procedures and why compliance and HR must work in concert

— Proportionality and consistency: how to calibrate investigation outcomes to the severity of the breach and why inconsistent treatment creates additional regulatory risk

— Post-investigation actions: remediation, control improvements, and how findings should feed into your broader governance and risk framework

— SMCR and the duty of responsibility: how the Conduct Rules interact with Senior Manager accountability and what adequate supervision of individuals beneath you actually requires

This episode is essential listening if your firm:

— Has no documented investigation procedure for potential Conduct Rules breaches

— Has managed conduct issues informally without a structured investigation or regulatory notification assessment

— Is unsure which breaches require FCA notification and within what timeframe

— Is preparing for an FCA supervisory visit or internal audit of its SMCR implementation

Resources mentioned in this episode:

Compliance Consultant's Conduct Rules Breach Investigation Toolkit is a ready-to-use resource for FCA-regulated firms. It provides a structured investigation framework, documentation templates, FCA notification guidance, and outcome recording tools enabling compliance teams to handle Conduct Rules breaches consistently and to a standard that reflects current regulatory expectations.

Built by qualified regulatory consultants who know exactly what "good" looks like.

Visit complianceconsultant.org to find out more, or call us on 0800 689 0190.

Compliance Consultant — Making Compliance Work.