The regulatory landscape is constantly developing. Whilst the US remains the most active and aggressive landscape and still outstrips any other nation in respect the scale and breadth of regulatory activity, the UK is catching up and the increased burden regulation represents has been little short of transformative.
Financial regulators across the globe continue to focus on a firm's culture and governance, combatting corporate fraud and market abuse (recently strengthened in the EU by the Market Abuse Regulation (MAR)) and clamping down on bribery and corruption. The UK is no exception, with the cross-sector priorities for the FCA in its Business Plan 2018/19 including these familiar themes, along with a focus on the impact of Big Data and technology, and the need for adequate data security and resilience. In addition, the plan highlights an increased commitment to the protection of consumers, with priorities including the treatment of existing customers, high-cost credit and long-term savings and pensions and intergenerational differences.
Financial crime & anti-money laundering (AML)
Combatting financial crime and money laundering is key to the FCA's main statutory objective to improve market integrity and protect consumers. The FCA has been active in this area for some time and, with the expansion of the transaction reporting regime under the Markets in Financial Instruments Directive II (MiFID II), the FCA is able to access a greater wealth of information on regulated firms in order to monitor activities in the market and to uncover, investigate and enforce against unlawful behaviour. The FCA notes in its plan that it will increasingly focus on fixed income, commodity and non-standard derivative markets in addition to equity markets.
Part of combatting financial crime is tackling market abuse. There was a 50% increase in investigations opened as at 31 March 2017 (122) compared with the position as at 1 April 2016 (54). The FCA secured six criminal convictions for market abuse offences during this period and firms are also in the firing line. In August 2016, a sponsor firm was fined GBP 530,500 for representing that a client was eligible for a Premium Listing when it had not carried out the requisite due diligence (in addition to being found in breach for systems and controls failures). In another example, the FCA, for the first time, used its powers under section 384 FSMA to require Tesco to pay compensation to investors following inflated share prices as a result of trading data published in 2014 which gave a false or misleading impression about the value of publicly traded shares and bonds.
We can expect the FCA to continue to focus on market abuse and the extension in scope of the reporting regime for firms, brought about by the MAR, is likely to provide the FCA with more information on practices going on in the market, potentially leading to more cases being selected for investigation.
The issues identified by the FCA in relation to financial crime have at their heart a firm's systems and controls; financial institutions and their insurers should be aware that investigations into specific issues may also, and often do, lead into a broader investigation into a company's systems and controls. Investigations into breaches of AML, for example, frequently lead also to the identification of a breach of Principle 3 (PRIN 3) of the FCA Handbook ("A firm must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems").
The FCA is focusing increasingly on all financial crime systems and controls, not just AML processes, including sanctions and transaction screening, the treatment of politically exposed persons and a firm's cyber security.
Culture and governance
The FCA recently published (in March 2018) a discussion paper "Transforming Culture in Financial Services", the foreword of which begins: "Culture in financial services is widely accepted as a key root cause of the major conduct failings that have occurred within the industry in recent history, causing harm to both consumers and markets.... Given its impact and the role it needs to play in re-building trust in financial services, firms' culture is a priority for the FCA. We expect firms to foster cultures which support the spirit of regulation in preventing harm to consumers and markets."
The discussion paper (which does not invite feedback) contains essays from leading academics and market practitioners which broadly postulate that formal processes and procedures need to align with belief systems within firms to achieve a productive and good ethical culture. The paper notes that regulation can only play a role in improving culture; firms (and each individual therein) play an important role in developing and improving culture.
However, as Andrew Bailey, Chief Executive of the FCA, put it in a recent speech "There is no single 'right' culture. It depends on circumstances, and there are certainly cultural characteristics which are highly suggestive of good outcomes..." Both the speech and the discussion paper stress that the Senior Managers and Certification Regime (SM&CR) sets out minimum standards of behaviour and that the FCA expects firms to promote cultures that support the spirit of regulation in preventing harm to consumers and markets. It will be necessary for senior managers to continually assess their behaviour and that of those in their teams to ensure that processes flex and improve over time. Firms should expect that the FCA will be stepping up supervision and enforcement activity to incentivise a good culture.
This focus on a firm's culture is not new to the FCA and Andrew Bailey stated "I can safely predict that the issue of culture and its role in the conduct of firms will run and run, as it should, because it should not stand still" and, as expected, it was featured as a priority in the recently published FCA Business Plan for 2018/19. As part of this plan, the FCA has announced that it will be looking at the remuneration policies of firms that fall outside of the Remuneration Codes in order to assess the risks that staff incentives, remuneration and performance management policies may pose to consumers.
Innovation and resilience
The line between fostering innovation and prudent regulation is difficult for regulators to walk. There is no doubt that technology plays a very important role in developing financial products and enhancing and improving business processes. Innovation is key to this development. However, the rate that such technologies are coming through leads to the potential for harm to the industry and its consumers, and places strain on regulators to set rules appropriate to their use. The FCA's work in this area focuses on ensuring that firms are more resilient and, as noted in the business plan for 2018/19, they intend to achieve this by strengthening their supervisory assessments of firms "to better understand their current and planned use of technology, resilience to cyber-attacks and staff expertise". This is with the aim of setting out clearly what the FCA expects of firms in this regard, with specific issues addressed with enforcement, where appropriate.
Regulators are increasingly looking to companies and their directors to ensure that the proper systems and controls are put in place to manage and reduce the risk and to be more resilient and the FCA's business plan has it as a priority. The FCA intends to work with firms to achieve this aim and this includes assessing a firm's risk due to outsourcing and the use of third party providers.
To emphasise the importance with which boards should view cyber security, in mid-February 2018, the FCA published a joint update with the Information Commissioner's Office (ICO) on the incoming General Data Protection Regulation (GDPR), demonstrating their partnership in preparation for the GDPR. It was emphasised in the update that compliance with the GDPR is now a board level responsibility, and firms must be able to produce evidence to demonstrate the steps that they have taken to comply. Given that the fining powers of the ICO have increased significantly, this should be a concern for directors and their insurers.
FCA enforcement activity continues apace in the UK. A record number of investigations were opened during the 2016/17 period, perhaps in part due to the FCA's more open-minded approach to fact finding and information gathering. Andrew Green QC, in his report into the failure of HBOS, commented that the Financial Services Authority (FSA) (as it was then) took the view that any investigations it opened into HBOS would not result in a successful outcome so they were not started. Mark Steward, the FCA's Director of Enforcement and Market Oversight, said in a speech in September 2017 "...the function of an investigation is essentially diagnostic, to enable us to understand, when serious misconduct may be in issue, what has really happened and what we need to do about it... while all litigation we conduct should be premised on a proper investigation of the evidence, an investigation does not mean litigation is inevitable."
Whilst it should be noted that a higher percentage of investigations were concluded with no action being taken than in the previous period, the very fact of an FCA investigation presents a risk of subsequent enforcement action, regardless of how serious any misconduct uncovered is, and exposes insurance policies to claims for investigation costs in turn.
Any investigation into a firm also presents a risk to individuals working for that firm, particularly in light of the SM&CR, triggering claims to D&O policies as well. In theory, a comprehensive D&O policy should already cover SMRs - definitions of insured persons are quite broad under D&O policies and so would arguably already include those in an SMR function. Similarly, if the policy provides for investigation costs, then this should already address the potential actions against SMRs. Insurers may nevertheless receive broker requests to amend policies to expressly refer to SMR functions being covered.
Of course, whether the investigations in fact trigger investigation costs cover is policy and fact dependent. The FCA's ability to require information and documents is broad and is central to all of its investigative powers; there is little that the regulator cannot ask a firm for even where there is no exercise of compulsory or formal powers, and the FCA expects a high level of co-operation. It is not easy to challenge such requests and often counterproductive to do so. A frequently utilised tool is the Skilled Persons Report (section 166 reports). They can be burdensome on companies due to the level of cooperation required and the costs of these, which can be substantial, fall on the target company.
Factors impacting regulatory supervision and enforcement
Regulators increasingly have political agendas and one manifestation of that is that we see regulators getting expressly pressured by politicians, or political bodies, to open enquiries against people or entities they regulate.
Section 166 reports, for example, have been subject to numerous headlines recently as MPs mounted intense pressure on the FCA to account for its handling of a section 166 report into RBS's alleged mistreatment of struggling small businesses, whose accounts were moved into its restructuring unit. In February 2018, the Treasury Committee decided to make the un-redacted report public after months of public wrangling with the FCA, who had received the report in September 2016 but refused to publish it. These section 166 reports are usually confidential but Ms Morgan, Chair of the Treasury Committee, said there was "overwhelming" public interest in bringing transparency to this case and invoked parliamentary privilege.
Often times, this pressure is coupled with open criticism of the regulator. Both the FCA and the FRC were criticised in relation to their enforcement activity, or lack thereof, in relation to the collapse and state bailout of banking group HBOS which led to enquiries being initiated. The Treasury Committee's report stated "The regulators failed, both before and after the HBOS crisis...the HBOS experience calls for the FCA and the PRA to exhibit greater vigilance and energy if they are to win public confidence."
This increasing pressure placed on the FCA and other regulators to act could potentially lead to more enforcement action being taken in the future.
The UK's withdrawal from the EU
The FCA's business plan is littered with references to the impact of the UK's withdrawal from the EU with the foreword noting "The priorities in this year's Business Plan reflect the high level of resource we need to dedicate to EU Withdrawal, given its impact both on our regulation and on the firms we regulate. This inevitably affects the amount of work we can undertake in other areas. As a result, agreeing our 2018/19 priorities has involved particularly rigorous scrutiny and challenge." Brexit is costing the FCA a total of GBP 30m this year; the decision to leave the European Union will have a "substantial impact" on the way it works.
The past few years have seen an increase in global anti- corruption collaboration and enforcement, resulting in companies being sanctioned in more than one jurisdiction. This closer co-operation and intelligence sharing only increases the chances of a company and its directors being caught. By way of example, three ex-employees of Rolls- Royce's former Energy division have pleaded guilty to bribery and corruption offences in the United States District Court for the Southern District of Ohio Eastern Division. This followed parallel investigations by the US authorities and the UK's SFO into corruption and failure to prevent bribery in relation to the sale of energy systems and related services. It can be expected that such collaboration and cooperation between regulators will increase and firms and individuals may find themselves exposed in multi jurisdictions.
It is a challenging environment for financial institutions and their directors and officers; regulatory scrutiny and enforcement activity is only going in one direction. Whilst the UK is still some way behind the US, in terms of the level of enforcement activity and scale of penalties, the FCA is by no means a passive regulator but a force to be reckoned with.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.