Principle 11: What the FCA’s Disclosure Obligation Requires

Principle 11 creates one of the FCA’s most open-ended but consequential obligations: the duty to deal with the regulator in an open and cooperative way and to disclose anything of which the FCA would reasonably expect notice. Understanding what this means in practice — and what it does not mean — is essential for every SMF holder and compliance director.

Principle 11 of the FCA’s eleven Principles for Business states: “A firm must deal with its regulators in an open and cooperative way, and must disclose to the FCA appropriately anything relating to the firm of which the FCA would reasonably expect notice.” It is one of the shortest principles and one of the most consequential. The FCA has repeatedly used Principle 11 as the basis for enforcement action against firms that failed to tell it about significant developments in their business — not because those firms were hiding information, but because they did not properly understand the scope of what they were required to disclose and when.

The Two Limbs of Principle 11

Principle 11 contains two distinct obligations that operate simultaneously. The first is the cooperation obligation: firms must deal with the FCA in an open and cooperative manner. This covers not just what firms say to the FCA, but how they engage with it — whether they respond promptly to information requests, whether they provide complete and accurate information rather than technically accurate but misleading responses, and whether they approach the supervisory relationship as a genuine engagement rather than as a process to be managed at arm’s length.

The second is the disclosure obligation: firms must proactively disclose anything of which the FCA would reasonably expect notice. This is the more complex of the two because it requires firms to make a judgment — not just about what they are required to report under specific SUP rules, but about what the FCA would want to know even if no specific rule requires the notification. The disclosure obligation is therefore open-ended by design: the FCA has deliberately not defined exhaustively what must be disclosed, because to do so would allow firms to treat disclosure as a checklist exercise while withholding information that falls outside the enumerated categories.

The Relationship with SUP 15

The Principle 11 disclosure obligation is broader than the specific notification obligations in SUP 15. SUP 15 sets out specific categories of event that must be notified to the FCA, with specific timelines. Complying with SUP 15 is a necessary but not sufficient condition for meeting the Principle 11 disclosure obligation.

A firm that complies precisely with its SUP 15 notification obligations but fails to disclose a significant development that falls outside the specific SUP 15 categories has nonetheless breached Principle 11 if the FCA would reasonably have expected to be notified. This is not a hypothetical distinction — the FCA has taken enforcement action against firms that met all their specific notification requirements while failing to disclose broader developments that the FCA considered it should have known about. The Principle 11 obligation requires firms to ask a wider question than “does this trigger a SUP 15 notification?” — it requires asking whether the FCA would reasonably want to know about this, and disclosing where the answer is yes.

What the FCA Would Reasonably Expect Notice Of

The standard is what the FCA would “reasonably expect notice of” — which is a deliberately objective test. It does not ask whether the firm thought the development was significant, but whether the FCA would have considered it significant from its regulatory perspective. Firms therefore need to adopt the FCA’s perspective, not their own, when assessing whether a disclosure obligation is triggered.

The FCA’s perspective on what matters is guided by its statutory objectives: consumer protection, market integrity, promoting effective competition, and the financial stability objective for PRA-regulated firms. Developments that are relevant to any of these objectives are likely to fall within the Principle 11 disclosure scope. In practice, the categories that most frequently generate Principle 11 obligations include:

Material adverse developments in the firm’s financial position. Where the firm’s capital, liquidity or financial condition deteriorates materially — including where it falls below or is at risk of falling below regulatory minimums — the FCA expects prompt disclosure. This applies even before any formal threshold is breached: the FCA expects to be informed of significant emerging financial stress, not just of completed breaches of capital requirements.

Significant changes to the firm’s business or business model. Where the firm materially changes the nature of its activities, its target market, its product range or its business model, the FCA expects to be informed — particularly where the change affects the regulatory risk profile of the firm’s activities or its compliance with its existing permission. This obligation overlaps with the Variation of Permission process: where a business model change takes the firm outside its current permission, both a formal VoP application and a Principle 11 disclosure may be required.

Significant compliance failures. Where the firm discovers a material breach of FCA rules — particularly where customers may have suffered harm — the FCA expects prompt disclosure. The threshold for what counts as material is not defined precisely, but the FCA has consistently treated failures affecting significant numbers of customers, involving significant financial amounts, or involving systematic rather than isolated rule breaches as Principle 11 disclosable events. A single isolated compliance failure may not require Principle 11 disclosure; a pattern of the same failure repeated across the customer base almost certainly does.

Matters affecting the fitness of approved persons. Where the firm becomes aware of information that may affect the fitness and propriety of an approved person — including disciplinary proceedings, criminal proceedings, significant financial difficulties or regulatory concerns raised by another regulator — it has a Principle 11 obligation to disclose this promptly. The SMCR Senior Manager Conduct Rule 4 creates a parallel obligation on the individual, but the firm has its own Principle 11 obligation that runs independently.

Significant operational incidents. Cybersecurity incidents, IT failures, third-party outages or other operational events that have caused or may cause material disruption to the firm’s services or harm to its customers fall within the Principle 11 scope. The FCA’s interest in operational resilience has increased significantly in recent years, and firms should treat major operational incidents as potential Principle 11 disclosable events even where no specific rule requires notification.

Regulatory actions by other authorities. Where the firm or its affiliates receive significant regulatory attention from other domestic or overseas regulators — enforcement actions, supervisory directions, requirements, or formal investigations — the FCA expects to be informed. A firm that is being investigated by a foreign regulator and fails to disclose this to the FCA may have breached Principle 11 even if the overseas investigation relates to activities outside the FCA’s jurisdiction.

Material litigation and legal proceedings. Civil proceedings, arbitration, regulatory investigations, or significant threatened claims that could have a material impact on the firm’s financial position or its ability to meet its regulatory obligations fall within the Principle 11 scope. The threshold is materiality relative to the firm’s size and resources — a £50,000 claim against a large bank requires no Principle 11 consideration; the same claim against a small investment manager with limited capital may be a disclosable event.

The Timing Obligation: What Does “Appropriate” Mean?

Principle 11 requires disclosure “appropriately” — which includes a timing dimension. Disclosure that is technically made but unreasonably delayed does not meet the Principle 11 standard. What constitutes appropriate timing depends on the nature and urgency of the event: a major IT outage affecting thousands of customers in real time requires much more immediate disclosure than a gradual deterioration in capital adequacy that has not yet reached a critical threshold.

The FCA’s general expectation is that firms should disclose material developments as soon as they become aware of them, or as soon as they should reasonably have become aware of them. The “should reasonably have become aware” element is important: a firm cannot avoid its Principle 11 obligation by maintaining governance arrangements that prevent information about significant events from reaching the management team or compliance function. The FCA will assess whether the information existed within the firm, and whether an appropriately governed firm would have known about it and disclosed it, regardless of whether the specific individuals responsible for disclosure were actually aware.

For compliance functions, this creates a specific responsibility: ensuring that the firm has adequate processes to identify Principle 11 disclosable events and escalate them promptly. This means the compliance function must be integrated into the firm’s incident management, litigation management, financial monitoring and operational risk processes — not as a downstream recipient of information, but as an active participant in identifying when the disclosure threshold has been reached.

The SMCR Dimension: Senior Manager Conduct Rule 4

Senior Manager Conduct Rule 4 in COCON places a parallel disclosure obligation directly on individual SMF holders: they must disclose to the FCA, the PRA or other relevant regulatory bodies any information of which those bodies would reasonably expect notice. This creates a dual obligation — the firm has a Principle 11 obligation and each SMF holder has a personal Conduct Rule 4 obligation — that run independently of each other.

The significance of the dual obligation is that the FCA can take action against both the firm (for Principle 11 breach) and the individual SMF holder (for Conduct Rule 4 breach) arising from the same failure to disclose. Where a firm fails to disclose a material compliance failure, the firm may face a financial penalty under Principle 11, and the SMF holder with compliance oversight accountability may face personal enforcement action under Conduct Rule 4 — even if the SMF holder was not personally responsible for the underlying failure, if they were aware of it and failed to ensure it was disclosed.

For SMF holders, the practical implication is that they cannot rely on the compliance function to manage the Principle 11 disclosure process as a purely operational matter. Each SMF holder has a personal obligation to consider, within their area of accountability, whether there are matters that should be disclosed to the FCA — and to act on that obligation independently of what the compliance function may or may not be doing.

Consequences of Failure

The FCA has used Principle 11 consistently as an enforcement lever — both as a standalone basis for action and as an aggravating factor in enforcement proceedings where the underlying conduct could have been managed had the FCA been informed earlier. The consequences of Principle 11 failure range from financial penalties for the firm and the relevant SMF holders, to a more difficult ongoing supervisory relationship, to an increased risk of further enforcement action where the FCA concludes that the non-disclosure was part of a pattern of misleading engagement.

Crucially, Principle 11 failures rarely occur in isolation. A firm that fails to disclose a significant compliance problem typically also has underlying governance and compliance culture issues that the FCA will examine once it becomes aware of the non-disclosure. The Principle 11 failure therefore often becomes the entry point for a much broader supervisory or enforcement engagement. Prompt and transparent disclosure — even of uncomfortable developments — is consistently the more favourable path, both from a regulatory relationship perspective and from the perspective of managing the scope and duration of the FCA’s engagement.

Building Effective Principle 11 Processes

Effective Principle 11 compliance cannot be achieved through a policy document alone. It requires the firm to embed the disclosure standard into its incident management, governance and escalation processes in a way that ensures potential Principle 11 events are identified, assessed and escalated to decision-makers promptly.

The most effective Principle 11 frameworks share several characteristics. First, they define the disclosure assessment as a formal step in the firm’s incident and issue management process — not an afterthought, but a structured question asked each time a significant incident or issue is identified: would the FCA reasonably want to know about this? Second, they assign clear ownership for the Principle 11 assessment, typically to the SMF16 (compliance oversight function) with explicit escalation obligations where the assessment is uncertain. Third, they create a simple and fast escalation path to the CEO and Chair so that disclosure decisions — which often need to be made quickly — can be taken at the right level without bureaucratic delay. Fourth, they maintain a disclosure log that records all Principle 11 assessments made, whether they resulted in disclosure or a decision not to disclose, and the rationale for each decision. This log is itself evidence of compliance: it demonstrates that the firm is actively applying the Principle 11 standard rather than treating the obligation as notional.

Key References

• FCA Handbook PRIN 2.1 — The Principles
• FCA Handbook COCON — Senior Manager Conduct Rule 4
• FCA Handbook SUP 15 — Notifications to the FCA