United Kingdom: Financial Services Enforcement and Investigation

As the agency primarily responsible for the investigation of potential misconduct within the financial services sector in the UK, the Financial Conduct Authority (FCA) continues to investigate many forms of suspected misconduct. While the number of cases under investigation by the FCA’s Enforcement Division continues to grow, there has been a dramatic reduction in the number of public outcomes flowing from its work in recent years, following a period of significant change. One of those changes has been the introduction of a form of partial settlement, which can now be used by subjects of investigation to challenge the penalty proposed by the FCA.

The FCA’s powers are not limited to enforcement against authorised firms and the individuals who work at them. As part of its role in promoting market integrity it is also empowered to investigate and bring enforcement proceedings against listed corporates and their officers in relation to compliance with their listing and disclosure obligations. Again, public outcomes have failed to materialise since those against Tesco and Rio Tinto in 2017, although investigations may continue into announcements in the run-up to the collapse of Carillion, for example. The FCA can also investigate and prosecute anyone for the criminal and civil offences of insider dealing and market manipulation. It can prosecute authorised firms and their officers for certain breaches of the Money Laundering Regulations. We see an ongoing focus on regulatory action for AML-related systems and controls breaches, but no use of the criminal powers in this area has been made as yet, despite a large number of investigations beginning on this basis. In addition, the FCA has begun to exercise its concurrent antitrust enforcement powers to investigate and take action in relation to anticompetitive behaviour within the financial services sector.

The Prudential Regulation Authority (PRA) also has power to investigate and enforce against firms that breach its rules. In the five years of its existence, it has been less active in its use of these powers, taking regulatory enforcement action only 10 times. Although the PRA’s Regulatory Action Division is significantly smaller than the FCA’s Enforcement Division and has historically outsourced its investigations to the FCA, we have recently seen an increased appetite for independent investigation and an increase in the number of joint investigations being undertaken with the FCA.^[1]

The remainder of this chapter outlines the FCA’s enforcement process and sets out our view of the FCA’s current enforcement priorities, the agency’s expectations of those subject to investigation, and the FCA’s approach to penalties. Those operating within the financial services sector in the UK need also to be aware of the role of other agencies, in particular the Serious Fraud Office (SFO) with its focus on criminal offences involving serious fraud and bribery, but these are outside the scope of this chapter.

Overview of FCA enforcement process

An FCA enforcement investigation can be opened where there are grounds to suspect that serious misconduct has occurred. This is a low threshold, and in recent years the FCA has emphasised an appetite to open more investigations and use them as a ‘diagnostic’ tool – that is, to determine whether serious misconduct has occurred, and not just to investigate in cases where the evidence is strongly suggestive of breaches. Before an investigation is opened, the subject may be approached for information to help inform the decision: the Market Oversight team regularly contacts issuers with requests for an insider list and chronology, or supervisors require authorised firms to provide detail in relation to areas of concern arising from their relationship with the firm or their specialist work (on, for example, client assets or financial crime) or suspicious transactions. These requests are usually made using the FCA’s formal powers, so require a careful and prompt response.

Once an investigation is under way, a number of investigators will be appointed and the subjects of the investigation notified, except in those rare cases where there are grounds to believe that this will prejudice the investigation. There will ordinarily be a ‘scoping’ meeting held between the investigators and the subject: these are often treated as a formality but can be a useful opportunity to set the tone, understand the investigation’s focus and agree a preliminary timetable. The FCA will then obtain evidence, usually by a combination of document requests and witness and subject interviews. Where it can, it will ordinarily use its powers to compel production of evidence, primarily to avoid difficulties with confidentiality obligations. These powers are wide (their precise extent will depend on the nature of the concerns under investi­gation) but do not allow the compulsion of items protected under section 413 FSMA, which are broadly materials to which legal privilege would apply.

We have seen cases in which the evidence-gathering phase of an investigation has lasted several years, with the result that published outcomes often relate to wrongdoing that has long been remedied: two of the most recently published FCA outcomes, penalties of £27.6 million and £34.3 million imposed on UBS AG and Goldman Sachs International in March 2019, related to reporting failings that stretched back to November 2007.

Recently, FCA senior management has emphasised the desirability of prompt and efficient investigation, with investigations being closed at an early stage where the initial evidence justifies this, but we have seen limited evidence of this occurring in practice, save in those few cases where exculpatory evidence has been found rapidly.

When sufficient evidence has been gathered for the investigation team to understand the nature of any misconduct that has taken place and the appropriate action in response, if the enforcement team thinks there is a case to answer, it will seek to resolve the matter with the subject, initially through settlement negotiations.

Any matters that are not agreed are then determined by the FCA’s Regulatory Decisions Committee (RDC), a committee of the Board of the FCA that is independent of the Enforcement function. If the subject wants to challenge the RDC’s decision, the case can be referred directly to the Upper Tribunal for a full re-hearing. Alternatively, a subject can choose to leapfrog the RDC stage and refer the matter directly to the Upper Tribunal.

The approach to settlement was revised in early 2017, in part to enable the subject to better understand the case alleged. Settlement discussions will now be based on a draft formal notice setting out the facts as the FCA sees them, the alleged breaches and the proposed sanction, annotated to refer to an accompanying bundle of supporting evidence. The settlement period should now be preceded by a pre-resolution meeting at which the key facts and findings will be outlined. Negotiations themselves will generally take place over a 28-day period, save in exceptional circumstances, although there may in practice be more flexibility over this. Discussions may lead to full settlement, or else to a ‘focused resolution’ (ie, partial agreement relating to some or all of the factual allegations, breaches or sanction). Where agreement is reached, a settlement discount of up to 30 per cent of the proposed penalty is available.

Some firms are now making use of this partial settlement route to challenge the amount of the proposed fine while preserving the settlement discount available: in March and April 2019, the FCA published outcomes against Carphone Warehouse and Standard Chartered Bank in which the firms had each accepted issues of fact and liability, and made representations before the RDC only on the issue of sanction/penalty (thereby retaining a 30 per cent discount for early settlement). In April 2019, the Upper Tribunal also published its decision in relation to Linear Investments Limited, the first case where it was determining a reference in which the only issue referred was the size of the penalty.

Current FCA enforcement priorities

The FCA consulted last year on its Approach to Enforcement, as part of a drive towards transparency that began with the 2017 publication of its Mission document,^[2] although the outcome of that consultation has not yet been published. In its March 2018 Approach to Enforcement paper, it describes the overriding principle of its approach as substantive justice, ensuring it carries out investigations in a consistent and open-minded way to deliver the right outcomes.^[3]

The Approach document highlights one area already repeatedly emphasised as a priority for enforcement, namely individual responsibility. The Enforcement Division’s approach to investigating individuals has shifted in recent years to promote consistent decision-making and ensure that action is taken against both individuals and firms wherever appropriate. Enforcement now investigates individual wrongdoing ‘as far as possible’ at the same time as it conducts its investigation into firms, and we are increasingly seeing individual culpability highlighted as one of the issues under investigation even where there is no individual identified initially. Concurrent investigations may have a significant impact on the ability of firms to resolve matters early through settlement if the FCA holds good on its stated intention to resolve matters against firm and individuals at the same time. This can be seen as an ongoing response to the sustained criticism the FCA has received for its difficulties in taking meaningful action against senior individuals within the regulated sector, and in particular for largely failing to hold to account any of those popularly perceived to have been responsible for the financial crisis. Early in 2016 the FCA (and PRA) rolled out a new framework for regulating individuals working within banks, deposit takers and certain significant investment firms, the Senior Managers and Certification Regime. Over the course of 2018 and 2019, the regulators plan to roll a similar regime out to the rest of the regulated sector. For those firms within the regime, a wider population of individuals is subject to the FCA’s Code of Conduct rules than was the case previously under the approved persons regime. In addition, senior managers are now under a duty of responsibility, whereby action can be taken against them if they are responsible for the management of any activities of their firm in relation to which the firm breaches a regulatory requirement and they did not take such steps as could reasonably be expected to prevent the breach occurring or continuing.

It remains to be seen what impact these new rules will have, as the only final notice published to date that is based solely on the new rules relates to Jes Staley’s actions in response to a whistleblowing allegation. This provides no real precedent for the management and oversight aspect of the new regime. What is clear is that the regulator is focusing not simply on the effectiveness of underlying systems and controls, but also the speed with which issues are escalated to senior management and, once escalated, how long it takes for the issues to be robustly addressed.

We have also identified a focus on market disclosures since the arrival of Mark Steward, who sees good disclosure by issuers as ‘an important component in any market working well’. That said, these investigations are proving challenging: while the investigation into circumstances surrounding Carillion’s July 2017 profit warning appears to be ongoing, those announced into two other companies, Mitie Group plc and Cobham plc, were both discontinued during 2018. Despite this, the FCA has confirmed that it has a number of investigations ongoing into suspected or misleading statements by listed issuers, a number of which are nearing resolution.

There have been two outcomes within Mark Steward’s tenure as director of enforcement arising from corporate failure to comply with the disclosure requirements that demonstrate the FCA’s interest in the conduct of listed companies and highlight other developing themes. In October 2017, Rio Tinto plc was fined over £27 million for breaching the Disclosure and Transparency Rules after it failed to conduct impairment tests ahead of announcing its 2012 interim results, as a consequence of which the FCA said that those interim results were inaccurate and misleading.^[4] The record fine imposed in that case demonstrates the risks posed to large corporates as a result of the way in which the FCA assesses financial penalties. The final notice makes clear that Rio Tinto’s failures were not at the most serious end of the spectrum; despite this, because the penalty was calculated by reference to the firm’s market capitalisation, it became the highest penalty ever imposed for failings of this type.

The March 2017 action against Tesco^[5] was notable primarily because the FCA did not impose a financial penalty on the firm. Instead, the case was the first in which a firm was required to pay restitution estimated at £85 million to market participants who were deemed to have lost out as a result of its misstatement. There has been an earlier market abuse case in which an individual was ordered to pay restitution,^[6] but in that case this was directed towards a single counterparty who had sustained financial losses as a result of an instrument linked to the shares that were manipulated rather than participants in the market generally. The Tesco final notice sets out the terms of the restitution scheme, which aims to identify and reimburse those who invested in certain Tesco securities between the misstatement and the correction published a month later. The decision not to impose an additional penalty appears to have been influenced by the concurrent deferred prosecution agreement Tesco reached with the SFO, which included a fine of £129 million, and what is described as Tesco’s ‘exemplary’ cooperation and steps to ensure similar misconduct will not recur.

As a third priority, we would highlight an ongoing focus on financial crime and anti-money laundering, and how these overlap with market abuse. Financial crime is specifically called out in the FCA’s Business Plan for 2018–19 and is the basis for numerous financial crime investigations currently under way across the Enforcement Division. Over the past 15 years the FCA has sanctioned a number firms for failing to operate effective anti-money laundering systems and controls, leading to significant fines (the largest being £163 million imposed against Deutsche Bank in January 2017, while the most recent is that imposed on Standard Chartered Bank in April 2019, in a simultaneous settlement alongside numerous agencies in the US) and the imposition of short-term restrictions on the regulated activities being conducted by the subjects. So far, the FCA has not used its power to prosecute firms for such failings where breaches of the Money Laundering Regulations 2007 and 2017 may amount to criminal offences, although such action has been regularly threatened. Mark Steward, the FCA’s Director of Enforcement, recently stated:

I suspect criminal prosecutions [for AML systems and controls failings], as opposed to civil or regulatory action, will be exceptional. However, we need to enliven the jurisdiction if we want to ensure it is not a white elephant and that is what we intend to do where we find strong evidence of egregiously poor systems and controls and what looks like actual money-laundering.

FCA expectations of firms subject to investigation

The FCA continues to stress the importance of cooperation from those subject to investigation, and the Approach document suggests that even more significance will be attached to this in future when assessing the appropriate outcome of any case. The FCA states it will in future encourage firms to voluntarily account for and redress misconduct by imposing lower sanctions on such firms, and imposing more severe sanctions on those who fail to address harm.

This goes beyond the approach to date, which has suggested that credit will be given for cooperation but given little concrete detail or practical guidance about what cooperation means in practice. This has begun to change: the Tesco notice referred to ‘exemplary’ cooperation and described this as proactively offering information, responding constructively to requests and disclosing significant material voluntarily, and agreeing not to interview witnesses without prior reference to the FCA; the Deutsche Bank notice describes the bank’s cooperation as exceptional for including senior management engagement from the outset, extensive and wide-ranging internal investigations and reporting the conclusions of those investigations in a fully transparent manner. Authorised firms are required to be open and cooperative with the FCA, and all recipients are obliged to respond to lawfully compelled requests for information. The FCA will not credit the cooperation of an investigation subject doing only what it is obliged to do in any event. If a firm does wish to demonstrate unusual cooperation, early dialogue with the FCA will be essential so that the investigation team understands the efforts made and the approach adopted.

There is, however, a tension between the FCA’s desire to encourage firms to uncover and report wrongdoing and the concerns regularly expressed by senior enforcement staff that firms not put the FCA’s own investigation at risk by, for example, interviewing potential witnesses. Mark Steward has also publicly and repeatedly expressed scepticism about the value of firm-commissioned investigation reports, and there is increasingly an expectation on the part of the FCA that it will be consulted about the conduct of internal investigations early on, rather than simply being presented with the product of a firm’s own investigation. It is notable that Tesco was given credit for refraining, at the FCA’s request, from interviewing witnesses or taking statements. The FCA’s desire to exert control over the conduct of investigations is also apparent from its resistance, in some cases, to allowing a firm’s external lawyers to attend compelled interviews of the firm’s employees, even in cases where those employees are witnesses and not subjects of the investigation.

Firms under investigation or considering self-reporting will therefore need to consider at an early stage how best to approach any internal investigation, including at which points it may be appropriate to consult with the FCA regarding its expectations.

The FCA, like the SFO, also appears increasingly willing to challenge assertions of legal professional privilege over certain categories of material. Consistent with this trend, we are seeing more requests from the FCA for privilege logs (a list of documents withheld from the FCA on privilege grounds) and requests for those logs to contain increasing levels of detail with respect to the withheld documents.

Whether privilege will attach to material generated in the course of an internal investigation – in particular to notes of interviews with employees and other potential witnesses – will depend on the circumstances, especially whether litigation has commenced or is in reasonable contemplation.^[7] It is particularly important for firms to consider carefully how any employee interviews should be conducted and recorded, and indeed whether, in certain circumstances, interviews should be conducted at all. Firms under investigation or considering self-reporting may need to limit the creation of material that is unlikely to attract privilege, as well as carefully considering how to minimise the risks associated with agreeing to share the product of an internal investigation. These risks can be particularly acute in investigations with a cross-border element or high possibility of civil litigation in other jurisdictions (particularly the US).

Even where a claim of privilege is accepted by the FCA, waiver of privilege over relevant documents is increasingly viewed as a hallmark of cooperation and firms may come under significant pressure to disclose privileged documents. Indeed, the FCA’s Enforcement Guide expressly states that a firm’s willingness to volunteer the results of its own investigation, whether privileged or not, will be welcomed and may be taken into account by the FCA when deciding what action to take.^[8]

Penalties

The FCA’s current approach to imposing financial penalties was introduced in March 2010 and is based on a five-step process, beginning with the disgorgement of any benefit, then assessment of a figure representative of the risk of harm caused by the breach, adjustment for any aggravating or mitigating factors, further adjustment for deterrence, and reduction for early settlement.^[9] This process was designed to make the assessment of penalties more transparent, but the flexibility adopted in relation to each step in practice has undermined that goal. The FCA has committed to a review of its current penalty approach but no consultation has been published as yet, and it is not yet clear how wide-ranging any resulting changes might be.

The current policy suggests that for firms, the figure representative of the risk of harm caused will be based on the relevant revenue earned by the firm, to which a set percentage will be applied depending on the seriousness of the misconduct alleged. In practice, the FCA has departed from this in many of its cases. Examples include those involving issuers, where the firm’s market capitalisation has been used as the starting point; those involving client assets, where the average client assets at risk has been used; those involving transaction reporting failures, where an amount per transactions has been used; and those involving breaches of the obligation to cooperate with the regulator under Principle 11 of the Principles for Business, which have selected an arbitrary figure to reflect seriousness.^[10] Even where a starting point is identified the resulting figure can be adjusted for proportionality if this is deemed appropriate: the Rio Tinto figure was reduced by 25 per cent, in a recent case against Interactive Brokers (UK) Limited it was halved, and the Deutsche Bank figure was also reduced to an apparently arbitrary £200 million. Significant reductions for proportionality were also made to several of the penalty metrics used in the Standard Chartered Bank decision published in April 2019.

Final notices published under the existing regime provide little clarity as to how aggravating and mitigating factors are assessed at the third step of the calculation. The use of the adjustment for deterrence to increase the penalty dramatically is similarly opaque and has been widely criticised.

The Approach consultation confirmed that the FCA will also continue to expand the use of its full suite of enforcement powers. The last decade has seen the FCA grow in confidence as a criminal prosecutor, with a number of successful prosecutions for insider dealing, breaches of the regulatory perimeter and associated fraud, and substantive money laundering offences.

The FCA has made tentative use of the restriction and suspension powers it has had since 2014, imposing restrictions on the regulated activities conducted by Bank of Beirut in 2015 and Sonali Bank in 2016 in response to failings in those institutions’ anti-money laundering systems and controls. Both cases involved financial penalties as well as restrictions, and the purpose of imposing the restriction was said in each case to be more effective deterrence than a financial penalty alone.

The power to suspend or restrict a firm’s regulated activities as a consequence of regulatory breach is intended to be disciplinary rather than protective in nature. There is a renewed focus on using the FCA’s power to vary a firm’s permissions in order to prevent harm. This can be done by the FCA on its own initiative, but in practice, firms often prefer to vary their permissions voluntarily rather than have a variation imposed by means of a public notice.

Conclusion

The FCA is committed to investigating serious misconduct wherever this affects the proper functioning of UK markets. Where issues arise, careful consideration will need to be given regarding how best to approach an FCA enquiry or investigation to minimise the associated risks. Proactivity and cooperation can bring benefits, but these may come at a substantial price. A firm’s handling of information and the individuals involved in an investigation will also require careful management to ensure their interests are balanced against regulatory expectations.

Footnotes