United Kingdom: Financial Services Enforcement and Investigation
Within the United Kingdom, the Financial Conduct Authority (FCA) is the agency primarily responsible for the investigation of potential misconduct within the financial services sector. The FCA has a large and active enforcement division, which has recently been through significant changes following the arrival of its current director, Mark Steward, and the criticisms of the Green Report in November 2015 and the Treasury Review in December 2014.1
The FCA’s powers are not limited to enforcement against authorised firms and the individuals who work at them. As part of its role in promoting market integrity, it is also empowered to investigate and bring enforcement proceedings against listed corporates and their officers in relation to compliance with their listing and disclosure obligations. The FCA has recently taken action against Tesco and Rio Tinto and is said to be currently investigating announcements in the run-up to the collapse of Carillion, among others. The FCA can also investigate and enforce against anyone for the criminal and civil offences of insider dealing and market manipulation. It can prosecute authorised firms and their officers for certain breaches of the Money Laundering Regulations, and we see a new impetus to use these criminal powers as well as the power to impose regulatory fines relied on previously for systems and controls breaches. In addition, the FCA is now beginning to exercise its concurrent antitrust enforcement powers to investigate and take action in relation to anticompetitive behaviour within the financial services sector.
The Prudential Regulation Authority (PRA) also has power to investigate and enforce against firms that breach its rules. In the five years of its existence, it has been less active in its use of these powers, taking regulatory enforcement action only 10 times. The PRA’s Regulatory Action Division is significantly smaller than the FCA’s Enforcement Division and often outsources its investigations to the FCA.2
The remainder of this article therefore outlines the FCA’s enforcement process and sets out our view of the FCA’s current enforcement priorities, the agency’s expectations of those subject to investigation and the FCA’s approach to penalties. Those operating within the financial services sector in the United Kingdom need also to be aware of the role of other agencies, in particular the Serious Fraud Office (SFO) with its focus on criminal offences involving serious and complex fraud or bribery, but these are outside the scope of this article.
Overview of FCA enforcement process
An enforcement investigation can be opened where there are circumstances suggesting misconduct, or for authorised firms where there is ‘good reason’ for doing so. This is a low threshold, and since the Green Report the FCA has emphasised an appetite to open more investigations and use them as a ‘diagnostic’ tool, ie, to determine whether any wrongdoing has occurred and not just to investigate in cases where the evidence is strongly suggestive of breaches. Before an investigation is opened, the subject may be approached for information to help inform the decision: the market oversight team regularly contacts issuers with requests for an insider list and chronology, or supervisors require authorised firms to provide detail in relation to areas of concern arising from their relationship with the firm or their specialist work (eg, on client assets or financial crime) or suspicious transactions. These requests are usually made using the FCA’s formal powers, so require a careful and prompt response.
Once an investigation is under way, a number of investigators will be appointed and the subjects of the investigation notified, except in those rare cases where there are grounds to believe that this will prejudice the investigation. There will ordinarily be a ‘scoping’ meeting held between the investigators and the subject: these are often treated as a formality but can be a useful opportunity to set the tone, understand the investigation’s focus and agree a preliminary timetable. The FCA will then obtain evidence, usually by a combination of document requests and witness and subject interviews. Where it can, it will ordinarily use its powers to compel production of evidence, primarily to avoid difficulties with confidentiality obligations. These powers are wide (their precise extent will depend on the nature of the concerns under investigation) but do not allow the compulsion of items protected under section 413 of the Financial Services and Markets Act, which are broadly materials to which legal privilege would apply.
We have seen cases in which the evidence gathering phase of an investigation has lasted several years. Recently FCA senior management has emphasised the desirability of prompt and efficient investigation, with investigations being closed at an early stage where the initial evidence justifies this, but we have seen limited evidence of this occurring in practice save in those few cases where exculpatory evidence has been found rapidly. When sufficient evidence has been gathered for the investigation team to understand the nature of any misconduct that has taken place and the appropriate action in response, if the enforcement team thinks there is a case to answer, it will seek to resolve the matter with the subject, initially through settlement negotiations.
The approach to settlement was revised in early 2017, in part to enable the subject better to understand the case alleged. Settlement discussions will now be based on a draft formal notice setting out the facts as the FCA sees them, the alleged breaches and the proposed sanction, annotated to refer to an accompanying bundle of supporting evidence. The settlement period should now be preceded by a pre-resolution meeting at which the key facts and findings will be outlined. Negotiations themselves will generally take place over a 28-day period, save in exceptional circumstances, although there may in practice be more flexibility over this in future. Discussions may lead to full settlement, or since last year to a ‘focused resolution’, ie, partial agreement relating to some or all of the factual allegations, breaches or sanction. Where agreement is reached, a settlement discount of up to 30 per cent of the proposed penalty is available.
Any matters that are not agreed are then determined by the FCA’s Regulatory Decisions Committee (RDC), which is independent of the enforcement function. If the subject wants to challenge the RDC’s decision, the case can be referred directly to the Upper Tribunal for a full rehearing. Alternatively, a subject can choose to leapfrog the RDC stage and refer the matter directly to the Tribunal. There seems limited enthusiasm for the prospect of partial settlement among firms as yet, given the loss of certainty involved, although as it offers the possibility of preserving a settlement discount, there may be some circumstances in which this route will be attractive.
Current FCA enforcement priorities
The FCA is currently consulting on its approach to enforcement, as part of a drive towards transparency that began with the 2017 publication of its mission document.3 In its March 2018 ‘Approach to Enforcement’ paper (the Approach document), it describes the overriding principle of its approach as substantive justice, ensuring it carries out investigations in a consistent and open-minded way to deliver the right outcomes.4 The Approach document highlights one area already repeatedly emphasised as a priority for enforcement, namely individual responsibility.
The enforcement division’s approach to investigating individuals has also changed, in order to promote consistent decision-making and ensure that action is taken against both individuals and firms wherever appropriate. Enforcement now investigates individual wrongdoing ‘as far as possible’ at the same time as it conducts its investigation into firms, and we are increasingly seeing individual culpability highlighted as one of the issues under investigation even where there is no individual identified initially. Concurrent investigations may have a significant impact on the ability of firms to resolve matters early through settlement if the FCA holds good on its stated intention to resolve matters against firm and individuals at the same time.
This can be seen as an ongoing response to the sustained criticism the FCA has received for its difficulties in taking meaningful action against senior individuals within the regulated sector, and in particular for largely failing to hold to account any of those popularly perceived to have been responsible for the financial crisis. Early in 2016 the FCA (and PRA) rolled out a new framework for regulating individuals working within banks, deposit takers and certain significant investment firms, the Senior Managers and Certification Regime (SMCR). Over the course of 2018 and 2019, the regulators plan to rollout a similar regime to the rest of the regulated sector. For those firms within the regime, a wider population of individuals is subject to the FCA’s Code of Conduct rules (COCON) than was the case previously under the approved persons regime. In addition, senior managers are now under a duty of responsibility, whereby action can be taken against them if they are responsible for the management of any activities of their firm in relation to which the firm breaches a regulatory requirement and they did not take such steps as could reasonably be expected to prevent the breach occurring or continuing.
It remains to be seen what impact these new rules will have, as no final notices have been published solely under the new regime at the time of writing.
We have also identified a clearer focus on market disclosures since the arrival of Mark Steward, who sees good disclosure by issuers as ‘an important component in any market working well’. The FCA has confirmed that it is investigating the circumstances surrounding Carillion’s July 2017 profit warning and two other companies, Mitie Group plc and Cobham plc, have announced that they are currently subject to similar investigations.
As well as ongoing investigations, there have been two recent outcomes arising from corporate failure to comply with the disclosure requirements that demonstrate the FCA’s interest in the conduct of listed companies and also highlight other developing themes. In October 2017 Rio Tinto plc was fined over £27 million for breaching the Disclosure and Transparency Rules, after it failed to conduct impairment tests ahead of announcing its 2012 interim results, as a consequence of which the FCA said that those interim results were inaccurate and misleading.5 The record fine imposed in that case demonstrates the risks faced by large corporates as a result of the way in which the FCA assesses financial penalties. The final notice makes clear that Rio Tinto’s failures were not at the most serious end of the spectrum; despite this, because the penalty was calculated by reference to the firm’s market capitalisation, it became the highest penalty ever imposed for failings of this type.
The March 2017 action against Tesco6 was notable primarily because the FCA did not impose a financial penalty on the firm. Instead, the case was the first in which a firm was required to pay restitution estimated at £85 million to market participants who were deemed to have lost out as a result of its misstatement. There has been an earlier market abuse case in which an individual was ordered to pay restitution,7 but in that case this was directed towards a single counterparty who had sustained financial losses as a result of an instrument linked to the shares that were manipulated rather than participants in the market generally. The Tesco final notice sets out the terms of the restitution scheme, which aims to identify and reimburse those who invested in certain Tesco securities between the misstatement and the correction published a month later. The decision not to impose an additional penalty appears to have been influenced by the concurrent deferred prosecution agreement Tesco reached with the SFO, which included a very substantial fine, and what is described as Tesco’s ‘exemplary’ cooperation and steps to ensure that similar misconduct will not recur.
As a third priority, we would highlight financial crime and anti-money laundering, which is specifically called out in the FCA’s Business Plan for 2018–19 and is the basis for numerous financial crime investigations currently under way across the enforcement division. Over the past 15 years, the FCA has sanctioned a number of firms for failing to operate effective anti-money laundering systems and controls, leading to significant fines (the largest being £163 million imposed against Deutsche Bank in January 2017) and, in two recent cases, the imposition of short-term restrictions on the regulated activities being conducted by the subjects. So far, it has not used its power to prosecute firms for such failings where breaches of the Money Laundering Regulations 2007 and 2017 may amount to criminal offences. We anticipate that it may well seek to do so in the near future, as well as scrutinising the conduct of senior individuals, including money laundering reporting officers.
FCA expectations of firms subject to investigation
The FCA continues to stress the importance of cooperation from those subject to investigation, and the Approach document suggests that even more significance will in future be attached to this when assessing the appropriate outcome of any case. The FCA states it will in future encourage firms to voluntarily account for and redress misconduct by imposing lower sanctions on such firms, and imposing more severe sanctions on those who fail to address harm.
This goes beyond the approach to date, which has suggested that credit will be given for cooperation but with little concrete detail or practical guidance about what cooperation means in practice. This has begun to change: the Tesco notice referred to ‘exemplary’ cooperation and described this as proactively offering information, responding constructively to requests and disclosing significant material voluntarily and agreeing not to interview witnesses without prior reference to the FCA; the Deutsche Bank notice describes the bank’s cooperation as exceptional for including senior management engagement from the outset, extensive and wide-ranging internal investigations and reporting the conclusions of those investigations in a fully transparent manner. Authorised firms are required to be open and cooperative with the FCA, and all recipients are obliged to respond to lawful compelled requests for information. The FCA will not credit the cooperation of an investigation subject doing only what it is obliged to do in any event. If a firm does wish to demonstrate unusual cooperation, early dialogue with the FCA will be essential so that the investigation team understands the efforts made and the approach adopted.
There is, however, a tension between the FCA’s desire to encourage firms to uncover and report wrongdoing and the concerns regularly expressed by senior enforcement staff that firms do not put the FCA’s own investigation at risk by, for example, interviewing potential witnesses. Mark Steward has also publicly and repeatedly expressed scepticism about the value of firm-commissioned investigation reports, and there is increasingly an expectation on the part of the FCA that it will be consulted about the conduct of internal investigations early on, rather than simply being presented with the product of a firm’s own investigation. It is notable that Tesco was given credit for refraining, at the FCA’s request, from interviewing witnesses or taking statements. The FCA’s desire to exert control over the conduct of investigations is also apparent from its resistance, in some cases, to allowing a firm’s external lawyers to attend compelled interviews of the firm’s employees, even in cases where those employees are witnesses and not subjects of the investigation.
Firms under investigation or considering self-reporting will therefore need to consider at an early stage how best to approach any internal investigation, including at which points it may be appropriate to consult with the FCA regarding its expectations.
The FCA, like the SFO, also appears increasingly willing to challenge assertions of legal professional privilege over certain categories of material. Consistent with this trend, we are seeing more requests from the FCA for privilege logs (a list of documents withheld from the FCA on privilege grounds) and requests for those logs to contain increasing levels of detail with respect to the withheld documents.
Following a controversial High Court judgment in May 2017 in the context of an SFO criminal investigation, there is considerable uncertainty over when privilege will attach to material generated in the course of an internal investigation – in particular to notes of interviews with employees and other potential witnesses.8 At the time of writing, that judgment is under appeal. Subject to the outcome of that appeal, however, it is more important than ever for firms to consider carefully how any employee interviews should be conducted and recorded, and indeed whether, in certain circumstances, interviews should be conducted at all. Firms under investigation or considering self-reporting may therefore need to limit the creation of material that is unlikely to attract privilege, as well as carefully considering how to minimise the risks associated with agreeing to share the product of an internal investigation. These risks can be particularly acute in investigations with a cross-border element or high possibility of civil litigation in other jurisdictions (particularly the United States).
Even where a claim of privilege is accepted by the FCA, waiver of privilege over relevant documents is increasingly viewed as a hallmark of cooperation and firms may come under significant pressure to disclose privileged documents. Indeed, the FCA’s Enforcement Guide expressly states that a firm’s willingness to volunteer the results of its own investigation, whether privileged or not, will be welcomed and may be taken into account by the FCA when deciding what action to take.9
The FCA’s current approach to imposing financial penalties was introduced in March 2010, and is based on a five-step process, beginning with the disgorgement of any benefit, then assessment of a figure representative of the risk of harm caused by the breach, adjustment for any aggravating or mitigating factors, further adjustment for deterrence and reduction for early settlement.10 This process was designed to make the assessment of penalties more transparent, but the flexibility adopted in relation to each step in practice has undermined that goal.
The published policy suggests that, for firms, the figure representative of the risk of harm caused will be based on the relevant revenue earned by the firm, to which a set percentage will be applied depending on the seriousness of the misconduct alleged. In practice, the FCA has departed from this in many of its cases. Examples include:
- those involving issuers, where the firm’s market capitalisation has been used as the starting point;
- those involving client assets, where the average client assets at risk has been used;
- those involving transaction reporting failures, where an amount per transactions has been used; and
- those involving breaches of the obligation to cooperate with the regulator under principle 11 of the Principles for Business which have selected an arbitrary figure to reflect seriousness.11
Even where a starting point is identified, the resulting figure can be adjusted for proportionality if this is deemed appropriate: the Rio Tinto figure was reduced by 25 per cent, in a recent case against Interactive Brokers (UK) Limited it was halved and the Deutsche Bank figure was also reduced to an apparently arbitrary £200 million.
Final notices published under the existing regime provide little clarity as to how aggravating and mitigating factors are assessed at the third step of the calculation. The use of the adjustment for deterrence to increase the penalty dramatically is similarly opaque and has been widely criticised.
The FCA has committed to a review of its current penalty approach and is targeting publication of a consultation on the issue during 2018, but it is not yet clear how wide-ranging any resulting changes might be.
The current approach consultation confirms that the FCA will also continue to expand the use of its full suite of enforcement powers. The last decade has seen the FCA grow in confidence as a criminal prosecutor, with a number of successful prosecutions for insider dealing, breaches of the regulatory perimeter and associated fraud, and substantive money laundering offences.
The FCA has made tentative use of the restriction and suspension powers it has had since 2014, imposing restrictions on the regulated activities conducted by Bank of Beirut in 2015 and Sonali Bank in 2016 in response to failings in those institutions, anti-money laundering systems and controls. Both cases involved financial penalties as well as restrictions, and the purpose of imposing the restriction was said in each case to be a more effective deterrent than a financial penalty alone.
The power to suspend or restrict a firm’s regulated activities as a consequence of regulatory breach is intended to be disciplinary rather than protective in nature. There is a renewed focus on using the FCA’s power to vary a firm’s permissions in order to prevent harm. This can be done by the FCA on its own initiative, but in practice firms often prefer to vary their permissions voluntarily rather than have a variation imposed by means of a public notice.
The FCA is committed to investigating serious misconduct wherever this affects the proper functioning of UK markets. Where issues arise, careful consideration will need to be given as to how best to approach an FCA inquiry or investigation so as to minimise the associated risks. Proactivity and cooperation can bring benefits but these may come at a substantial price. A firm’s handling of information and the individuals involved in an investigation will also require careful management to balance their interests against regulatory expectations.
1 HM Treasury commissioned a report into enforcement decision-making at the FCA and PRA that was completed in December 2014: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/389063/enforcement_review_response_final.pdf. The FCA and PRA commissioned a report into enforcement actions following the failure of HBOS from Andrew Green QC: https://www.bankofengland.co.uk/-/media/boe/files/report/2015/andrew-green-report-into-fca-enforcement-actions-following-failure-of-hbos.pdf?la=en&hash=8A4DFC882AF297ADFCC2CA5E9E89
2 For further detail on the PRA’s powers and how these are used, see www.bankofengland.co.uk/prudential-regulation/regulatory-action.
8 Serious Fraud Office v Eurasian Natural Resources Corporation Ltd  EWHC 1017 (QB). See also Bilta (UK) Ltd and others v RBS and another  EWHC 3535 (Ch) and R (Health and Safety Executive) v Paul Jukes  EWCA Crim 176.
9 FCA Enforcement Guide, paragraph 3.18.
10 The framework is set out in detail in DEPP 6.
11 Eg, in its 2015 action against Deutsche Bank AG https://www.fca.org.uk/publication/final-notices/deutsche-bank-ag-2015.pdf.