United States: Individual Accountability: The Senior Managers And Beyond

Last Updated: December 4 2015
Article by Barnabas W.B. Reynolds and Reena Agrawal Sahni

There has been much debate among regulators and in the general public about whether there should have been more enforcement action against executives and other individuals in banks for misconduct in the events leading up to the 2008 financial crisis and after. The U.K. government has taken several actions against banks and companies for their corporate misconduct and involvement in market manipulation scandals of recent years. However, regulators have found it difficult to hold individuals accountable for being involved in the same misconduct, particularly individuals in management roles. Complex organizational structures of large banks and investment firms that are important for running global businesses efficiently are viewed as contributing to the problem.


Regulators are starting to address this issue by changing the rules around individual accountability. The United Kingdom is reforming its approach to supervising and taking enforcement action against individuals in senior management positions and individuals who are employed in positions where they could pose a risk of significant harm to the firm or any of its clients (we'll call them certified personnel). For regulatory purposes, senior managers include not only directors but also chief executives, heads of key business lines, and certain highranking compliance and risk management personnel.

From March 7, 2016, banks, certain large investment firms, building societies, and credit unions established in the United Kingdom, including U.K. subsidiaries of overseas firms (referred to here collectively as SMR firms) and U.K. branches of third-country or European Economic Area (EEA) SMR firms (known as incoming branches), will be subject to a new Senior Manager and Certification Regime (SM&CR).


In the past, U.K. managers were allowed to define their own roles. Any personal liability would have been based on a legal standard of causation. The SM&CR rules aim to clarify areas of responsibility and therefore accountability. They require the allocation of certain prescribed responsibilities to senior managers and the production of Statements of Responsibility for those managers. SMR firms and incoming branches will need to create and manage processes that are effective absent deliberate wrongdoing on the part of a team member, and that minimize the risk and effects of any such wrongdoing. Most notably, the regime, as originally framed, introduced a "presumption of responsibility" for senior managers that effectively reversed the burden of proof by holding senior managers in a particular function responsible for a firm's regulatory breaches. Senior managers would have been required to rebut the presumption that they were responsible for breaches by demonstrating that they took reasonable steps to prevent them from occurring or continuing.

Such a rule is not without precedent. A similar presumption of responsibility mechanism already exists in Germany, where enforcement actions have successfully been taken against executives in particular positions of importance. However, one of the key concerns about the U.K. presumption of responsibility was that it would deter certain individuals from performing senior management roles and those who were undeterred would demand to be adequately compensated or insured for taking on the increased risk of personal liability. The U.K. Government announced several changes to the SM&CR in October, amongst which is the replacement of the presumption of responsibility with a statutory duty of responsibility. The burden of proving that a senior manager did not take reasonable steps to stop a breach will be on the regulator. The changes, at the time of writing this article, were set out in a Bill laid before Parliament.


Although the United States does not have a directly comparable regulatory regime for senior managers, many of the requirements of the SM&CR already are reflected in other U.S. regulations, with some differences. U.S. regulators have broad enforcement powers as part of their supervisory mandate. Just as in the United Kingdom, U.S. regulators have principally directed their enforcement actions at institutions and not individuals at those institutions. However, along with a renewed focus on governance and management, U.S. regulators are now placing more emphasis on the need to hold individuals accountable. For example, the U.S. Department of Justice recently issued new guidelines to bolster its ability to pursue individuals in corporate cases.


Any fundamental governance-related regulatory change such as this has the potential to be extraterritorial in impact, especially for global financial institutions. The SM&CR has the potential to reach senior managers located outside of the U.K., just as do actions taken by the U.S. regulators or the European Central Bank regarding individuals outside the U.S. and E.U., respectively. Differing standards and enforcement regimes can in theory give rise to conflicts between overlapping oversight requirements. However, the approaches of the various regulators are generally likely to work together, though it's possible (if unlikely) that oversight in one jurisdiction might prioritize safety and soundness within that jurisdiction at the expense of another.


In implementing accountability regimes, regulators must strike a difficult balance. On the one hand, there is a clear need for the rules to operate efficiently to ensure executives are effective in their management roles and to prevent executives from ignoring regulatory breaches. On the other hand, regulators must ensure that the new accountability regimes are fair and do not impose de facto strict liability on executives who take reasonable steps to prevent and detect problems. There is a risk that, crudely applied, the reforms could give rise to a random minefield of rules and regulations on liability that directors and employees will find difficult to navigate and which could deter key individuals from taking up roles of responsibility within their organizations.

In this article, we focus on the new SM&CR and its extraterritorial effect, and particularly on the rules on the personal liability of senior managers. We then compare U.K. regulations with those in the United States. This article does not seek to cover the general regulation of individuals, remuneration rules, firm registration processes, the impacts of resolution and recovery regimes, or other aspects of individual regulation. The new regulatory approach of focusing on individuals is likely to evolve, so this snapshot reveals the direction of travel more than the final destination.


The SM&CR represents a fundamental change in the approach to regulating senior managers, certified personnel, and conduct within SMR firms and U.K. branches. Firms, rather than the regulators, will be given primary responsibility for vetting senior managers and certified personnel, and only senior managers will be subject to the regulators' approval.

The SM&CR is made up of the Senior Managers Regime, the Certification Regime, and a new Code of Conduct. Each of these three elements is summarized in a box to the right. The rules will be applied by both the U.K.'s Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA), although each regulator's approach will differ according to its statutory objectives and areas of competence. In particular, the PRA, as the U.K.'s prudential regulator, will not apply its SM&CR rules to incoming U.K. branches of EEA firms because, under E.U. law, the prudential regulation of such branches is mostly within the competence of the relevant home member state.

The Senior Manager Regime will replace the "controlled functions" that currently are part of the Approved Persons Regime (APR) with a new set of PRA and FCA senior management functions that will cover a narrower range of individuals. The regulators intend to grandfather all controlled functions to their Senior Managers Regime, so that an individual who is already authorized under APR and whose activities cover a senior management function, for example as a chief executive, will not need to go through the authorization process in order to continue as an approved person under the new regime. Individuals who are currently approved persons but who do not perform a senior management function will no longer be required to be authorized by the regulators and will no longer be approved persons from March 7, 2016; although they will likely fall into the certified personnel category.

A separate Senior Managers Regime for certain U.K. insurance firms, based on the E.U. Solvency II Directive, and which we don't cover here in detail, is also being implemented in the U.K. The U.K. Fair and Effective Markets Review1 recommended that aspects of the new regime be extended to certain other types of financial institution. In the October announcement, the U.K. Government confirmed that it will adopt that recommendation. It is expected that the SM&CR will be extended, during 2018, to all U.K. authorized investment firms, asset managers, insurers and consumer credit firms. The detail of the expanded regime, as fleshed out by regulatory rules, remains to be seen.


This regulatory revamp of senior management responsibilities takes the law into two difficult and uncharted regions. First, it raises more acutely than ever the issue of personal liability in a world in which regulators want to hold senior management, not just firms or rogue employees, accountable for wrongdoing. Second, the revision of the existing regime highlights the tension between business-line management, which is crucial for successful and efficient management in global businesses, and top-down management of each legal entity (so-called entity-level management), which is a key element of postfinancial crisis regulation.

Personal liability in financial services is an area where there is somewhat limited jurisprudence, and there are uncertainties as to where the line of liability is to be drawn. More importantly, it is difficult to identify what well-intentioned senior managers can do to protect themselves.

Generally, under the enforcement rules of the Financial Services and Markets Act 2000 (FSMA), the FCA and PRA can only take disciplinary action against a senior manager where the relevant regulator is satisfied that the person is guilty of misconduct and, if he or she is guilty, that it is appropriate in all circumstances to take such action.2 According to current FCA guidance,3 the FCA can only impose a penalty on an individual if it is proven that the person was personally culpable, i.e., where the behavior was deliberate or where the approved person's standard of behavior was below that which would be reasonable in all the circumstances existing at the time of the conduct concerned. Under the current enforcement regime, the enforcing regulator has to satisfy the applicable evidential standard of proof to show a regulatory breach had occurred. The FCA and the Upper Tribunal, the body responsible for handling appeals against FCA decisions, have generally applied the "balance of probabilities" standard of proof applicable in civil cases. This is in contrast to the higher "beyond reasonable doubt" standard of proof applied by criminal courts or in civil cases where quasi-criminal sanctions, such as deprivation of liberty, may be imposed.

Previous FCA jurisprudence suggested that a "sliding scale" standard of proof could be applied, whereby the civil standard could be varied to a standard close to its criminal equivalent in cases of serious regulatory breaches. This approach has now been abandoned.4 The Upper Tribunal confirmed this year in the case of Carrimjee v the FCA [2015] UKUT 0079 (TCC) that, despite the FCA having power to impose serious sanctions, such as industry bans or substantial fines, FCA proceedings are not quasi-criminal in character and the civil standard should always apply.

A new liability will apply if: (i) the senior manager's firm committed a regulatory breach, (ii) the senior manager was a senior manager at the time of the regulatory breach, (iii) the senior manager was responsible for the management of any of the firm's activities in relation to which the breach occurred, and (iv) the senior manager did not take such steps as a person in the senior manager's position could reasonably be expected to take to avoid the contravention occurring (or continuing).

Whether the relevant senior manager was responsible for that part of the business to which the breach relates would be a question of fact. The Statements of Responsibility that institutions will be required to prepare (and may agree at a detailed level with the regulators), showing what each senior manager is responsible for, will be crucial in informing the regulator's determination on this issue.5


The new liability standard requires the regulators to prove, on a balance of probabilities, that conditions (i) to (iv) are satisfied. A senior manager must have failed to take steps that he could reasonably have been expected to take to avoid the breach from occurring or continuing. The U.K. regulators have published guidance which sets out some types of steps that senior managers would be expected to take to prevent or stop breaches. This guidance published by the PRA in the context of the operation of the former presumption of responsibility test includes actions it would consider as reasonable steps and the evidence it would expect senior managers to provide to demonstrate that reasonable steps were taken. The guidance will serve as the basis of the regulators' expectations of senior managers in satisfying the new statutory duty of responsibility which requires a senior manager to take reasonable steps to prevent contravention by way of a breach. It would be helpful if the regulators published additional guidance clarifying the types of steps that would not be required in every case, for example, commissioning external consulting reports. One of the concerns with the presumption of responsibility was that firms would focus their attention on creating evidence rather than on operating an efficient and compliant business. Without any further guidance from the regulators, there is still a risk that, though the extent of the duty may have been ameliorated by the removal of the presumption of responsibility, firms and senior managers will be motivated to create extensive paper trails to evidence the details of their decision-making process. The PRA has recognized that one of the challenges in implementing the SM&CR has been encouraging and ensuring that the right outcomes are achieved.


How the FCA and PRA will enforce the new liability standard in practice is of particular concern to firms and their senior management. For instance, it is not clear if the FCA/PRA are required to prove that there was a causative link between the senior manager's role and the breach in question. In the absence of such link, there would arguably be no case for the senior manager to answer and it would only be if this test was passed that the senior manager would be tasked with considering — probably again on the balance of probabilities — the reasonable steps element. Although on a strict reading of the legislation, a causative link does not appear to be one of the conditions, it is at least arguable that it is one of the circumstances that the enforcing regulator needs to consider under FSMA before deciding to take enforcement action.


The easier question is how senior managers can avoid personal liability under the SM&CR, even without the presumption of responsibility. The answer is: They should take such steps as a person in their position could reasonably be expected to take to prevent regulatory breaches from happening or continuing in the area for which they are responsible. Senior managers will need to be in a position to identify and address actual or suspected regulatory breaches in a timely manner. In respect of the presumption of responsibility, the FCA confirmed in its draft guidance that it would consider any preventative action as a relevant factor in determining whether a senior manager acted reasonably.6 Presumably the regulators are unlikely to seek to alter this position under the revised SM&CR in light of the removal of the presumption of responsibility, but of course the ultimate position will depend on how the final amending legislative provisions are couched.


Regulations on living wills, governance, and employee compensation are now all applied on a legal entity-level basis. Similarly, senior management responsibilities are to be applied against an entity-level backdrop. Tensions and problems arise when key business personnel within the entities concerned don't report directly to senior management. The risk is that the flow of information necessary for senior managers to perform their functions is more limited than what is required to enable them to prevent and detect regulatory breaches.

In a matrix-managed organization, it may be difficult for a senior manager to show sufficient control. One practical solution is for designated senior managers to take steps to ensure that reporting lines are established from relevant business heads and other relevant personnel to the legal entity-level senior managers, whether in the U.K. or overseas, which are clear to staff and operate effectively and as close to real time as possible. Information could flow directly through people not directly accountable to the senior manager. Global business management will still be possible, but relevant legal entity senior managers' involvement and approval will now be mandatory. The objective is for senior managers to gain an accurate and thorough understanding of the parts of the firm's business for which they are responsible, including the strengths and weaknesses in the governance and risk management framework. On this basis, senior managers should have sufficient information to be able to determine (among other things) whether improvements to the firm's systems, controls, and culture are needed to prevent or remedy breaches, whether persons responsible for any failings need to be removed or disciplined, and whether the regulators need to be notified if breaches are identified.


The SM&CR also introduces a new criminal offense for a reckless decision by a senior manager that causes a bank (i.e. deposit-taking institution) to fail. This offense does not apply to non-banks. It will only apply to senior managers working in U.K. SMR firms and not in U.K. branches of overseas firms. The FCA and PRA don't have the power to impose criminal sanctions for this offense but can instigate criminal court proceedings against responsible senior managers. As is the case for all criminal proceedings, the prosecution will bear the burden of proving a senior manager's guilt on the basis of the usual "beyond a reasonable doubt" criminal standard of proof. The FCA, PRA, and the U.K. government have not published any guidance on precisely what conduct would be likely to constitute the reckless decision offense; however, courts probably would rely on existing case law and general criminal law principles to make this determination.

On this basis, it is likely that a senior manager will be deemed to have made a reckless decision if he or she was aware that there was a risk that such decision could cause his or her firm to fail and it was unreasonable for him or her to take that risk in the circumstances as known to him or her.7 The more obvious the risk, the more likely it is that a court would find that the senior manager must have been aware of the risk.8 The penalties for the offense can be severe and include up to 12 years in prison on indictment and/or an unlimited fine. The Parliamentary Commission on Banking Standards, which proposed the introduction of this offense, acknowledged that securing a conviction for the offense may be difficult in practice.9

The SM&CR will apply to personnel of U.K. SMR firms (including U.K. subsidiaries of non-U.K. firms) and of incoming branches of overseas SMR firms (both non-EEA and EEA incorporated), although the application of the new regime will be tailored for branches to reflect the nature of the branch's activities.

For certified personnel, the Conduct Rules and the Certification Regime will generally only apply to personnel who are either based in the U.K. or perform services for clients in the U.K.10 U.K. regulators have provided additional guidance on who is not a U.K. client in this context. For instance, U.K. persons to whom research is provided by a non-U.K.-based employee would not be clients. Similarly, if a non-U.K.-based employee has contact with a U.K. person for relationship purposes, the U.K. person would not be a client in this context.11 This applies regardless of whether the relevant SMR firm is a U.K. subsidiary or an incoming branch. Examples of certified personnel include staff responsible for benchmark submission and administration, proprietary traders and material risk takers (in line with the Remuneration Code).

In relation to senior managers of both U.K. firms and branches, the Senior Managers Regime and the Conduct Rules will always apply to persons in designated positions wherever they are located. As such, it has extraterritorial effect and will apply regardless of whether the individual is based in the U.K. or provides services to U.K. clients.12 Thus, individuals who perform senior management functions for a U.K. firm or incoming branch will have to become authorized as senior managers regardless of whether they are based in the U.K. or abroad. If a senior manager is employed by other group entities, the potential for conflicting and overlapping requirements arises — and at the very least it will be more difficult to determine the non-U.K. manager's U.K. responsibilities.

As a result, firms will take steps to minimize the risk of conflicting requirements. Such measures may include reorganizing governance structures according to legal entity structures instead of business lines, and ensuring the delegation of responsibility for the conduct of an incoming branch's or U.K. subsidiary's regulated activities to a U.K.-based senior manager. The U.K. regulators have indicated that they will determine the application of the regime to a particular individual on a case-by-case basis taking into account the organizational structure of the firm, its reporting structure, and whether any U.K.-based senior managers have an appropriate degree of accountability, autonomy, and responsibility for the U.K. entity or branch. The regulator's focus will be on individuals who are directly responsible for implementing the firm's strategy in the U.K. entity or branch for its U.K. regulated activities.


Onerous "presumption of responsibility" regimes exist in some jurisdictions, including Germany. Under the German Stock Corporation Act, board members are jointly and severally liable for breaches of their directors' duties under German corporate law unless they can demonstrate they acted with due care and skill. Where the allegations relate to the directors' business decisions, the board members may benefit from the operation of the "business judgment rule," which provides a degree of protection for decisions made on the basis of adequate information and for the benefit of the company.

Directors also bear the burden of proof in relation to satisfying the requirements of the business judgment rule. The reverse burden of proof and the scope of the business judgment rule are currently subject to discussion, and it remains to be seen whether the German legislature or courts will take action to mitigate the liability risk for board members.


The United States does not have a regulatory regime directly comparable to either the APR or the SM&CR. However, there are several parallels between the U.K. regime and existing U.S. regulatory requirements.

Additionally, recent speeches by U.S. bank regulators suggest that, while the U.S. probably won't implement a directly comparable regime, the policy objectives of the U.S. regulators are closely aligned with those of the U.K. regime.

Several U.S. regulators have recently discussed the appropriate role of supervision in maintaining the safety and soundness of banking organizations and the link between supervision and the culture of an organization.13 While the U.K. regime explicitly calls for an active role by the U.K. regulators in approving senior managers, the U.S. rules have traditionally provided for the same watchfulness as to the quality and appropriateness of key personnel through more informal supervisory review and consultation. U.S. regulators have been increasingly focused on oversight of personnel who can expose an institution to significant risk and ensuring that organizations have the proper internal controls to monitor and manage such risk. This has manifested itself in more prescriptive regulatory requirements and responsibilities for the board of directors and other executive management, particularly the heads of the risk, compliance, audit, and legal functions.


The U.S. business judgment rule presumption generally affords directors and officers protection from personal liability for prudent, informed business decisions made in good faith. As in other jurisdictions, directors and officers generally obtain protection from personal liability through indemnification agreements and directors and officers liability insurance in the absence of bad faith or malfeasance, although such protections are limited in certain circumstances by law and regulation.

Certain statutory authorities allow U.S. regulators to bring cases against individuals for failure to meet their duties. For example, the Federal Deposit Insurance Corp. (FDIC) can bring civil lawsuits against former directors and officers of a failed bank for a demonstrated failure to satisfy the duties of loyalty and care. The degree of protection afforded to directors of failed banks by the FDIC under the business judgment rule has often been the subject of litigation.

Similarly, in the event of a receivership of a large financial institution under Title II of the Dodd-Frank Act, or the Orderly Liquidation Authority, directors and officers can be personally liable in a civil case brought by the FDIC as receiver for gross negligence or conduct that demonstrates a greater disregard of a duty of care than gross negligence, including intentional tortious conduct. Furthermore, clawback provisions allow the FDIC to recover incentive payment and other compensation from directors and senior executives for the two years prior to the company's failure if they are found to be substantially responsible for the failure.14

U.S. banking regulators can, like their E.U. counterparts, dismiss employees as part of enforcement actions against firms. U.S. bank regulators can take enforcement actions against directors and officers (and other so-called "institution-affiliated parties") for violations of laws, breach of fiduciary duties, and unsafe and unsound practices. For example, the Federal Reserve Board can remove any officer, director, or employee of a foreign banking organization involved in its U.S. branch or other operations upon a finding of improper conduct or as a result of being convicted of certain criminal offenses.15


Just as in the U.K., U.S. regulators and prosecutors have been increasingly focused on individual accountability. William Dudley, President of the Federal Reserve Bank of New York, has suggested that it would be helpful if individuals who are convicted of an illegal activity were prohibited from employment in the financial services industry forever.16 He suggested that the U.S. should make it more difficult (as the U.K. is seeking to do) for employees who cross ethical boundaries to be able to move from one firm to another in order to escape the consequences, and put forth the idea of a database that would keep track of the hiring and the firing of financial professionals maintained by financial institution supervisors, akin to the regime that currently exists for broker-dealers in the U.S.17

Moreover, the U.S. Department of Justice recently issued a memorandum with guidance for civil and criminal prosecutors to pursue the prosecution of individual employees involved in corporate misconduct. The memorandum acknowledges the "substantial challenges unique to pursuing individuals for corporate misdeeds" and suggests that individual accountability for those who perpetuated the misconduct is "one of the most effective ways to combat corporate misconduct."18 Under the guidance, cooperation credit for corporations requires that the corporation provide information to the Department of Justice about the role of individual employees in the misconduct, and prosecutors are instructed not to release culpable individuals from civil or criminal liability as part of the resolution of a matter with the corporation.

The new U.K. rules on personal responsibility place firms and senior managers into a new world of regulatory requirements and obligations. It remains to be seen how industry standards will develop to protect well-intentioned senior managers from being held responsible for their firms' regulatory breaches and how firms might structure reporting lines to allow senior managers sufficient oversight of relevant business parts while allowing firms to maintain organizational and operational efficiency.

Notwithstanding that the U.S. does not have such a formal framework in place, there is an increased focus on individual accountability in the U.S. as well, and it remains to be seen how the U.S. regulatory and prosecutorial environment will change for individuals at banking organizations.


1 The final report and recommendations of FEMR are available at: http://www.bankofengland.co.uk/markets/Documents/ femrjun15.pdf.

2 See FSMA, section 66.

3 DEPP 6.2.4G.

4 See, for example, the discussion in Carrimjee v the FCA [2015] UKUT 0079 (TCC).

5 See the PRA's Supervisory Statement SS28/15, Id., para. 2.71.

6 The PRA also confirmed that it would only take action against senior managers where this is appropriate in all the circumstances and that such circumstances may include the nature and seriousness of the breach. See para. 2.67 of the PRA's Supervisory Statement SS28/15.

7 R. v. G [2004] 1 AC 1034, paragraph 41.

8 Seray – Wurie v DPP [2012] EWHC 208 (Admin), para. 21.

9 See para. 1182 of the Parliamentary Commission on Banking Standards, "Changing banking for good," available at http:// www.publications.parliament.uk/pa/jt201314/jtselect/ jtpcbs/27/27ii12.htm.

10 There is some doubt over how this territorial restriction applies to the PRA Certification Regime and Conduct Rules. Based on the available PRA guidance, it would appear that, for incoming non-EEA branches, the PRA Certification Regime would only capture U.K.-based personnel. For non-EEA branches, the PRA has stated that the scope of its Certification Regime would only capture "the U.K. population of Material Risk Takers" — see page 13 of the Policy Statement PS20/15 (August 2015) available at http://www.bankofengland.co.uk/pra/Documents/publications/ ps/2015/ps2015.pdf. However, for U.K. firms, on a strict reading of the PRA's guidance, it would seem that the PRA Certification Regime could apply to such firms' personnel based overseas; see footnote 44 in the Consultation Paper FCA CP14/13/PRA CP14/14 (July 2014), available at http://www.fca.org.uk/static/ documents/consultation-papers/cp14-13.pdf.

11 See pages 26 to 27 of the FCA CP15/10 (August 2015), available at https://www.fca.org.uk/your-fca/documents/ consultation-papers/cp15-10.

12 Nonexecutive directors of incoming U.K. branches will generally be excluded from the scope of the SM&CR rules.

13 See Remarks by Thomas J. Curry Before the Annual Conference of The Clearing House Association, New York, New York (November 21, 2014), available at http://www.occ.gov/news-issuances/ speeches/2014/pub-speech-2014-160.pdf.

14 The Securities and Exchange Commission recently proposed a rule to implement Section 954 of the Dodd-Frank Act that would, among other provisions, require listed issuers, including but not limited to banks, to develop, implement, and disclose policies requiring clawback of "erroneously awarded compensation" in the event of an accounting restatement. Specifically, issuers would be required to recover incentive-based compensation received by any executive officer in the three years prior to a material restatement of the issuer's financial statements that is in excess of the compensation that would have been received if the compensation had been determined based on the restated financial statements. Such clawback would be required regardless of the reason for the restatement, i.e., not limited to restatements required because of misconduct, and including restatements that are required because of no-fault computational errors. For a detailed overview of the proposed rule see Shearman & Sterling LLP, "SEC Proposes Highly Anticipated Clawback Rules" (July 9, 2015), available at http://www.shearman.com/~/media/ Files/NewsInsights/Publications/2015/07/SEC-Proposes-Highly-Anticipated-Clawback-Rules-ECEB-070915.pdf.

15 12 U.S.C.A. § 1818(e).

16 Speech, "Enhancing Financial Stability by Improving Culture in the Financial Services Industry," William C. Dudley, President and Chief Executive, Remarks as the Workshop on Reforming Culture and Behavior in the Financial Services Industry, Federal Reserve Bank of New York, New York City (October 20, 2014), available at http:// www.newyorkfed.org/newsevents/speeches/2014/dud141020a. html. Section 19 of the Federal Deposit Insurance Act prohibits anyone convicted of a crime of dishonesty, breach of trust, or money laundering from working at an insured depository institution or bank holding company. Dudley has suggested expanding Section 19 to cover the entire financial services industry.

17 Id.

18 See Memorandum from Sally Quillian Yates, Deputy Attorney General, U.S. Department of Justice, "Individual Accountability for Corporate Wrongdoing," Sept. 9, 2015, available at http://www. justice.gov/dag/file/769036/download.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Barnabas W.B. Reynolds
In association with
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
Email Address
Company Name
Confirm Password
Mondaq Topics -- Select your Interests
 Law Performance
 Law Practice
 Media & IT
 Real Estate
 Wealth Mgt
Asia Pacific
European Union
Latin America
Middle East
United States
Worldwide Updates
Check to state you have read and
agree to our Terms and Conditions

Terms & Conditions and Privacy Statement

Mondaq.com (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

Use of www.mondaq.com

You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about Mondaq.com’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.


Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.


Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.

Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

If you do not want us to provide your name and email address you may opt out by clicking here .

If you do not wish to receive any future announcements of products and services offered by Mondaq by clicking here .

Information Collection and Use

We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to unsubscribe@mondaq.com with “no disclosure” in the subject heading

Mondaq News Alerts

In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.


A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

Log Files

We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.


This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

Surveys & Contests

From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.


If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.


This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to webmaster@mondaq.com.

Correcting/Updating Personal Information

If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to EditorialAdvisor@mondaq.com.

Notification of Changes

If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

How to contact Mondaq

You can contact us with comments or queries at enquiries@mondaq.com.

If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at problems@mondaq.com and we will use commercially reasonable efforts to determine and correct the problem promptly.