Do the current trends in FCA/PRA enforcement signal the beginning of the Senior Managers Regime?
The FCA had enforced noticeably fewer penalties as we approach the end of 2017. Significant fines were imposed against individuals as opposed to firms, and generally fewer open cases have been closed following investigation (see 2017 FCA fines here). What are these trends telling you and your firm? And might they signal the commencement of the Senior Managers and Certification Regime (SMCR)?
Let's look at these questions by exploring the FCA and the PRA's current enforcement patterns and how senior managers may best prepare for the SMCR.
Recent FCA fines: a changing dynamic
The FCA has a five-stage process for determining the appropriate financial penalty for both individuals and firms, detailed in their Decision Procedure and Penalties manual (DEPP) (see here).
At the time of writing, 4 fines have so far been imposed against individuals in 2018 totalling £785,000 (see the FCA's website). This compares with 2017 £436,000. We observe both a significant decrease in the amount of financial penalties in 2016 (i.e. £22,216,446) and 2015 (£905,219,078), and a steady increase in fines against individuals as defendants.
For example, the largest financial penalty at the FCA against an individual so far in 2018 has been that of £321,000 against the CEO of Barclays (the PRA fined Mr Staley the same amount). He was found to have not acted with the due disseminated information that gave a false and misleading impression of the firm's financial position. The Financial Controller was fined for breaches on the grounds of s. 118(7) Financial Services and Markets Act 2000 and FIT related to market abuse, and a lack of fitness/propriety and client money/assets in the trading firm sector.
The main themes emerging from the recent fines include market abuse, financial crime and anti-money-laundering (AML), as well as skill, care, due-diligence and fitness and propriety, all of which relate to conduct failures of senior individuals in their management roles. Going forward, it is expected that the FCA's enforcement success might be determined not by the size of their fines, but the extent to which they have imposed individual responsibility for regulatory breaches. As Mark Steward made clear last year, 'what is important, in this context, is not the size of the outcome but the perception that detection and responsive action are both inevitable and speedy' (see: http://bit.ly/2iJid7m).
The key features of the SMCR
The shift in focus on individual responsibility from the Regulator is no surprise. In its 'Changing Banking for Good' report in 2013, the Parliamentary Commission on Banking Standards (PCBS) argued that the Approved Persons Regime at the time made it difficult to directly punish the individuals responsible for banking failures which led to the 2008 financial crisis (the report is accessible here). This was due to so-called 'accountability firewalls', whereby board decisions prevented the Regulator from seeing who was in fact responsible. The Parliamentary Commission observed that the regime had created 'a largely illusory impression of regulatory control over individuals, while meaningful responsibilities were not in practice attributed to anyone' (see p. 8 of the PCBS' report).
In contrast, the new SMCR features new sanctions and a criminal offence for senior persons found to have carried out their professional responsibilities recklessly. It empowers the FCA to fine or imprison convicted individuals (see here). According to the recent FCA Consultation Paper CP17/25 on the Senior Managers Regime, the SMCR's intended purpose is to encourage a stronger culture of responsibility, and restore customer confidence in the financial services industry.
An in-depth analysis of the SMCR is outside the scope of this blog, however, it is important to note that the regime has now been extended to all FCA-regulated firms, including foreign firms operating through a UK branch. Included within its scope are Senior Management Functions (SMFs) which require prior approval by the FCA or the PRA. For example, with regard to Executives, Chief Executive (SMF 1) and Chief Finance (SMF 2) functions would need to be pre-approved by the PRA, whilst the FCA would be responsible for pre-approving Compliance Oversight (SMF 16) and Money Laundering Reporting (SMF 17) functions. For Non-Executives, most would need to be pre-approved by the PRA, such as the Chairman (SMF 9) or the Chair of the Risk Committee (SMF 10). The FCA Consultation Paper also mentions certification staff as part of the new FSMA requirement for all firms. Certified staff would include Significant Management, Proprietary traders, material risk takers and functions that are subject to qualification requirements such as mortgage and financial advisers.
In addition, the PRA has extended the SMCR to insurers so as to implement a 'consistent but proportionate regulatory framework to strengthening individual accountability' (see here). The PRA assumed responsibility for approving Senior Managers in insurance firms. As regards Certification, the PRA proposed, among other things, the application of the PRA's Conduct Rules to all key function holders (KFHs) and material risk-takers at large insurers.
Importantly, the Consultation Paper sets out the statutory duty of responsibility expected of every Senior Manager. It explains that Senior Managers are responsible for certain areas within the firm which they could be held accountable for if they did not take 'reasonable steps' to prevent or stop the breach (see: s. 4.20 of the FCA Consultation Paper). It specifies that the burden of proof lies with the FCA 'to show that the Senior Manager did not take the steps a person in their position could reasonably be expected to take to avoid the firm's breach occurring.' The FCA has provided guidance on what amounts to 'reasonable steps' in its Decision Procedure and Penalties manual (DEPP) (for more details, see s. 6.2.9-E, DEPP).
If the firm is subject to an ongoing FCA investigation, maintaining a good enforcement relationship with the Regulator will be critical. The FCA encourages senior managers to be transparent about any conduct issues so they can be openly managed in an effective way. Moreover, in Mark Steward's aforementioned speech, the FCA proposes that the early settlement discount can now be allowed only as long as the defendant agrees that the circumstances of the case amount to a regulatory breach before the Regulatory Decisions Committee (RDC). In case defendants contest the proposed sanction, they will still be able argue their case before the RDC, however without the financial incentive. Given that the RDC procedure involves accepting the Regulator's findings, a subsequent disciplinary penalty as well as the implicit reputational damage that comes with the penalty's publication, senior managers may also consider expediting their case to the Upper Tribunal. Before or after the FCA's Warning Notice, this option is available in case a defendant believes they may not win the argument.
We can conclude that the growing number of fines imposed by the FCA against individuals foreshadow the implementation of the SMCR. Given the significant cultural shift this will bring to firms and the severe consequences for senior managers breaching their duty of responsibility, all FCA-regulated firms are strongly encouraged to begin preparations for the forthcoming implementation of the SMCR as soon as possible. Precautionary measures that senior managers can take at a preventative stage may include a clear Statement of Responsibilities for each SMF, followed by a Management Responsibilities Map. The FCA recommends that these should 'make it simple to see how the responsibilities allocated in a particular statement of responsibilities fit into the overall system of management and governance of the firm' (see s. 25.4, FCA Consultation Paper). It will be critical that these regulated firms make all necessary adjustments to ensure that their culture, conduct and existing governance arrangements meet FCA expectations.
Written by Iulia Nicolescu with amendments by Jon Murphy - Managing Director of Limehouse Consulting
This publication contains general information only and is based on the experiences and research gathered by Limehouse Consulting and Strategy Limited (hereinafter "Limehouse") practitioners. Limehouse, is not, by means of this publication, rendering business, financial, investment, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Limehouse, its affiliates, and related entities shall not be responsible for any loss sustained by any person who relies on this publication. Please see www.limehouseconsulting.com for a detailed description of the legal structure of Limehouse and the organisation's offerings. Copyright © 2018 Limehouse Consulting and Strategy Limited.