Bankers may not have gone to jail as a result of their failure to manage the financial turbulence of the last few years, but politicians are determined that there should be no repeat of the mismanagement and greed that caused it. The issue is not just one of punishing bankers for their neglect during the crisis; it is the protection – even retrieval—of the ethical reputation of London’s financial markets.
The recent disclosure that the UK’s Financial Conduct Authority began 104 investigations in 2014i, compared to just 90 in 2013 indicates a new degree of regulatory hyperactivity in the UK. The same disclosure also shows that the regulator is not disclosing many of the outcomes of its investigations, after a deal has been reached.
A much more abrasive relationship is now experienced by regulated firms, with regulators stating that their system is designed to provide a ‘credible deterrence’ to any firms seeking to game the system. This expression was first used to refer to penalties for criminal activity, such as market abuse or insider trading. It was more recently used by Sir Hector Sants, the previous head of the FSA. Regulation of day-to-day banking activity is now underpinned by a nuclear option. One legal firm said, ‘we are travelling down the American path to much tighter implementation of rules and much harsher penalties’.
The FCA, which supervises some 26,000 firms, with a budget of £450m, had its authority increased when supervision of the LIBOR markets – tarnished by scandal– was removed from the British Bankers Association and handed over to the key national regulator.
All stages of the regulatory process, through routine supervision to enforcement, are now infused with great suspicion of the motives and competence of regulated firms. The latter stage of the process attracts most attention. The head of the UK’s Prudential Regulatory Authority – the UK regulator of the largest financial institutions and insurance companies overseen by the Bank of England — Andrew Bailey, meantime has recently threatened to ‘hold the feet to the fire’ of HSBC, whose Swiss bank has been found to assist tax evasion by its customers. The bank had already been heavily fined in the US for money laundering breaches by its Mexican operations. American regulators have flexed their muscles in recent years, imposing multi-billion fines on BNP Paribas ($8.9 billion ) and Standard Chartered Bank (a mere $1.9 billion) for similar abuses.
The regulator today determines the rules of engagement with the institutions they supervise. They insist on going much further than the compliance checks in the lower echelons of the company, which characterised ‘light touch’ regulation of the last decade. The UK’s Financial Conduct Authority, for example, expects to be briefed by the chief executive about a firm’s strategy, personnel changes, developments in business lines and system problems. Jonathan Herbst, a partner at Norton Rose Fulbright, says ‘The regulator needs to understand every part of a business’s activity, especially if it has systemic applications. He wants to know where it is making its money and how. He expects to be informed when there is a development at the bank. He insists on having access to the CEO. This is the basis of the relationship with the regulator. Most CEOs have got the message and those that don’t may learn the hard way. When management says, this is our plan and this is how we manage it, the FCA doesn’t say, ‘that’s fine, we’re just a regulator, we know less than you about it’. It is a very different world. The FCA is a quite different regulator to the FSA [the preceding authority, replaced by the FCA and the PRA in 2013]. It is a powerful reality.’
The regulator makes no secret that it wants to be interventionist, and expects to receive details about a company at an early stage of any corporate action. One bank was preparing a major cross-border takeover of another financial institution before it informed the regulator. The matter was disclosed to the media and the regulator hauled it in and gave it a black mark for not informing it, according to Tony Woodcock, a partner at UK law firm Stephenson Harwood. The bank had always intended to report the takeover, he says, but decided to wait until the bid was further along the path to implementation before reporting it as a previous bid by the company had failed after news was leaked. Managers suspected the leaks came from the regulator and they were reluctant to make an early report. ‘They got slapped over the wrists.’
The severity of BNP’s massive fine referred to above arose in part from the view that the bank was not taking its American regulators with due seriousness, according to one lawyer close to the case who did not wish to be named. They reached this conclusion because the bank was slow to respond to regulators’ demands for documentation. ‘They were not as helpful as they should have been. Regulators no longer have an implicit trust of banks and they immediately suspect that the bank has something to hide, whether it was the case with BNP or not.’ Lawyers wishing to be more charitable to the bank see a cultural breakdown, with Swiss values of privacy over-riding those of openness, expected by the US regulator. Scott Maberry, a partner of US law firm Sheppard Mullin, says, ‘It is not natural for a proud business executive to cooperate with outside regulators. They are at the top of their profession, they are contributing disproportionally to the economies of their country. Their own counsel don’t always understand that and they need a lawyer to bridge the clash of cultures. Foreign banks working in the US do not grasp the leverage situation. They tend to over-estimate their own leverage, that is their own ability to say to the non-US investigator, get lost. They will do that and that will set them down the path of non-cooperation which leads to adversarial decisions and compromise their ability to settle the case.’ The intervention of the French Minister of Finance into the case, attacking the expected size of the fine, was seen as intruding on the regulators’ autonomy. James Odell, a lawyer at Blank Rome, a New York based law firm, said that ‘It is critical to understand the aggressive mentality of some US enforcement regulators and to deal with them directly.’ BNP Paribas told Operational Risk and Regulation magazine that the ‘matter was settled and in the past.’
An apparent snub to regulators in the US Department of Justice pursing the Swiss bank UBS over tax evasion charges added fuel to the regulatory effort. The bank had arranged a meeting between the Swiss ambassador to the United States and US government officials, behind the back of the regulator, to attempt to have the case switched to a regulator that it perceived would favour its case. The ploy is believed to have upset the investigators in the Department of Justice, the Securities and Exchange Commission and the Inland Revenue Service. The result was a $780m fine for the Swiss bank. Ali Sallaway at UK lawyers Freshfields, who was not involved in the case, says ‘banks that go out of the way to co-operate with the regulators will be rewarded with lesser fines. Regulators expect supine behaviour. There is absolutely no advantage to be gained by non-cooperation.’
Regulators insist that legal rules and regulations are less important than the maintenance of an open relationship with the regulator, says Herbst. ‘But when the proverbial hits the fan, the institution will see the rules being applied. The first priority of every institution is to manage their relationship. It needs to be intense and open. Co-operation with the authorities is the byword for the regulators. It is like being a member of the club where the chairman controls behaviour, whatever the rules say.’
The intensity of the relationship depends on the size of the firm, with larger firms having dedicated supervisors and smaller ones sharing supervisors with other firms in their sector. The FCA supervises a total of 26,000 firms, and on occasion has been attacked for its inability to investigate apparent abuses in smaller firms. Such an alleged abuse was perpetrated by Curzon Capital, an investment firm used by companies connected to Ukrainian oligarch Victor Pinchuk. The firm was reportedly ‘intimately involved in devising an elaborate scheme to conceal the true ownership of a huge stake – more than 25% — in a London based oil company Regal Petroleum’, The UK newspaper The Sunday Timesii provided the FCA with documented evidence. Curzon is regulated by the FCA yet no regulatory action followed. The newspaper concluded thatiii, ‘The City of London cannot be trusted to regulate its activities.’ One observer, who did not wish to be named, said that ‘the regulator is massively overstretched. Investors could have been drawn into a financial institution such as Curzon and been unwittingly involved in this scheme. They are not getting the protection they deserve.’ He also observed that the large number of firms from Central Europe entering the UK markets has added to the pressure on regulators in the City of London. The FCA commented, ‘concerning Curzon, we are not able to confirm or deny whether an investigation has taken place.’ Representatives of Victor Pinchuk declined to comment on the case.
A more aggressive approach to ‘thematic visits’ to firms is expected to explore risks such as those exposed by Curzon. The regulator will likely inform the firm the subject for discussion in advance, the material with which he expects to be provided and the people he expects to meet at the firm on his visit. The firm is well advised to clear diaries to ensure the meeting goes well. Odell at Blank Rome says, ‘it is essential to respect the regulator, to understand their priorities. There is no substitute for doing your homework about the individual regulator as well as their organisations.’
Regulators will be well briefed when they attend meetings with firms that they supervise, says Simon Firth, a partner at UK law firm Linklaters. The FCA has a sizeable team of supervisors for the largest institutions. ‘They will have a large amount of information at their fingertips, and they will expect the firm to have as much or more.’ Firth points to the need to understand the regulators’ ‘pressure points.’ These are the areas where the regulator has concerns, which they need the firm to respond to. Pressure points are likely to have come to the regulators attention in the course of routine scrutiny of a sector. Today’s pressure points, according to Herbst are policies governing conflicts of interest with respect to inducements and policies for ensuring swift execution of trades.
Tactics used by the FCA to monitor and police behaviour include detailed demands for evidence of compliance. These will be made in a letter following a visit and are likely to be specific. The regulator has the scope to put pressure on the manager responsible for an area under scrutiny, by requesting him to sign an ‘attestation letter’. This details the changes it has made (in response to earlier requests for action by the regulator) and the standards of controls the firm has in place. Firms are not required by law to sign such a document, but reluctance to sign it will be interpreted as lack of compliance. Herbst says ‘This is a typical example of the soft power used by the regulator. They are not using their formal powers when they ask you to attest to something. But every firm knows that if you don’t do it, you are going to be picked off. While they are not placing a requirement on a firm to sign off on something, in reality it is a requirement.’ The FCA will increasingly use attestation letters to hold individuals to account, says Michael Ruck, a senior manager at Pinsent Masons, the UK law firm. Ruck worked in the enforcement department at the FCA until the end of 2013.
The introduction of the ‘Senior Managers Regime’ (SMR) – which puts the onus on the senior manager to disprove a criticism made by the regulator — will enhance the authority’s capacity to hold individuals accountable, says Ruck. ‘The FCA will have a document which they can use to show that you as a firm and you, the individual who signed, got this wrong. They will want to know why you got this wrong. In this case, the FCA’s ability to take enforcement action has been enhanced.’ The introduction of the SMR was recommended by the Parliamentary Commission on Banking Standards and is expected to come into force later this year.
The regulator will probe its concern that controls are failing or completely absent with a ‘skilled person’s review’, under Section 166 of the Financial Services and Markets Act. This is ordered by the regulator and conducted by an independent firm, but paid for by the firm being examined. The regulator receives a draft of the review before the target firm is showed it. ‘These are arm-twisting tactics’, says Nathan Willmott of UK law firm Berwin Leighton Paisner (BLP). ‘They can make life pretty miserable for the firm. A huge amount of management time is required to handle the review and each one costs [the firm] over £2m.’ Willmott says one review was prompted by a firm’s failure to report an appointment to the board to the FCA, although it had no statutory duty to do so. Systems or governance failures can also be reviewed. The firm under review will be required to implement the review’s recommendations. Willmott says that ‘regulator can use the tool of threatening to vary permissions. The regulator has a broad power to vary those permissions which can be very painful for the firm’.
Willmott noted that the regulator forced firms to cease selling single-premium Payment Protection Insurance [PPI] by threatening to withdraw its permission to sell a much wider range of related products. ‘It was lawful for firms to be selling PPI but the regulator didn’t like it. There was detailed negotiation between the regulator and firms, which led to the firms voluntarily agreeing not to continue selling.’
The findings of a skilled person review – if of sufficient concern — can be referred to the FCA’s enforcement team, which carries out an investigation. If this discovers that the firm is in breach of the FCA’s 11 Principles of Businessivor the PRA’s Fundamental Rulesv, it will be punished. In fact the Prudential Regulatory Authority requires a company to have ‘effective risk management procedures’. This requirement is more severe than the FCA’s requirement on the firm to ‘take reasonable steps to have in place risk management procedures’. Wilmott says, ‘The PRA’s rule is an absolute requirement. Even if you took all reasonable steps, you are still in breach of your duties. There is no defence. It is strict liability and covers all the risks you face as a business, from financial crime risk, to risks of breach of your regulatory duties, to credit risk, underwriting risk for insurers and operational risk.’
Breaches of these principles subjects a firm to the possibility of the withdrawal of permissions, a public censure and a fine. Much of this is negotiable, subject to a willingness to show contrition and to make changes detailed by the regulator. Discounts on the fine of up to 30 per cent, are available to firms that accepts its punishment at the earliest stage. A sliding scale of discounting follows that. Those seeking to minimise the effect of a damaging outcome will agree to waive legal privilege. The FCA cannot require this, but it is likely to be requested by the regulator and the firm’s agreement may produce a further discount. Willmott says, ‘There is a huge amount of pressure to give up privileged materials. We routinely find supervisors asking to see documents that they know are privileged and effectively asking a firm to waive privilege. Typically this is legal advice where litigation is ongoing or in contemplation’.
The last resort for those contesting the fine is a referral to the regulatory Tribunal. This is independent of the regulator and has the status of a court. Willmott says, ‘The factors are so heavily stacked against you at the Tribunal that it is very rarely used. For example, they may threaten to bring in new evidence against you. It will take a number of industry players to club together to take on the regulator. For the moment, none has shown the sort of determination to take the FCA on.’ Companies are less supine, says Tony Woodcock. ‘Firms are not prepared to roll over and agree to the regulator’s first proposal. There are abrasive negotiations and firm seek to push back the regulator’s demands.’
Individuals identified as responsible for the firm’s systems error are increasingly likely to face action, in the wake of a settlement by the firm. Ruck says the FCA’s approach has become more tactical over the last year. ‘They used to investigate the firm and the individual at the same time, and this gave the firm the chance to settle the matter, on the understanding that the individuals were not pursued. Now they investigate the firm without the individuals, only to go after the individuals when the firm has settled. It is a new tactic and one that underpins the view that accountability is going straight to the top of the firm. Once again, they are building underpinnings for the introduction of the Senior Management Regime.’
Senior management has long been in the sites of the US regulators says James Odell. ‘Firms typically provide legal representation for executives named in cases, unless they have gone out on their own and broken the firm’s rules. One result has been a bonanza for law firms specialising in white collar issues.’ Cynics might comment that the parties responsible, at least in part, for the crash, have ended up the prime beneficiaries of the recovery.
i Statistics found by a Freedom of Information request and published by Pinsent Masons.
ii Sunday Times 8 December 2013.
ii iSunday Times 29 December 2013.
iv http://fshandbook.info/FS/html/FCA/PRIN/2/1.
v http://www.bankofengland.co.uk/pra/Pages/publications/rulebookcon.aspx.
©2015 Wolters Kluwer. All Rights Reserved.