Spotting the banana skins…. Day-to-day compliance oversight: avoiding slipping up

Briefing

Thursday 1st May 2014

Nicola Green & Melanie Tillotson

2

Overview

• Current enforcement trends

• FCA requirements on firms and individuals

• Case studies

• Practical steps – compliance monitoring and beyond

FSA/FCA fines are up 50%

3

0

50

100

150

200

250

300

350

400

450

500

2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013

£ m

The FCA’s powers go beyond just fines

FCA has a wide range of enforcement powers:

• Withdraw a firm’s authorisation

• Prohibit an individual from working in financial services

• Suspend a firm or individual

• Prosecute unauthorised individuals

Other ‘tools’:

• Attestation: “focusing the attention on responsibility

and accountability”

NB:FCA action can create conflict between individual and firm

4

Publicity can now come earlier

• Warnings notices issued after decision to take action

• New powers under Financial Services Act 2012 to

promote transparency of enforcement

• FCA will in most cases publish some detail of the

warnings notice and will ordinarily identify a firm

• FCA will not ordinarily identify an individual

• 14 days to challenge disclosure

5

Understanding evolution of FCA thinking

Financial Services (Banking Reform) Act 2013

• Enhanced regime for banks, building societies

• Reversal of burden of proof

• Extension of limitation period to 6 years

• FCA/PRA Consultation

“…fining of individuals more of a deterrent”

Martin Wheatley

“…FCA clearly committed to achieving a credible deterrent and

using enforcement to demonstrate societal disapproval”

Tracey McDermott

6

FCA requirements on firms

A few themes come up in regularly in enforcement notices:

• FCA Principles for Business

3. A firm must take reasonable care to organise and control

its affairs responsibly and effectively, with adequate risk

management systems.

7

FCA requirements on individuals

• Statements of Principle for Approved Persons

6. An approved person performing an accountable significant-

influence function must exercise due skill, care and diligence in

managing the business of the firm for which he is responsible in

his accountable function.

7. An approved person performing an accountable significant-

influence function must take reasonable steps to ensure that the

business of the firm for which he is responsible in his

accountable function complies with the relevant requirements

and standards of the regulatory system.

8

FCA requirements on firms

• Senior Management Arrangements, Systems and Controls

6.1.3(R) A common platform firm and a management company

must maintain a permanent and effective compliance function

which operates independently…to monitor and, on a regular

basis, to assess the adequacy and effectiveness of the

measures and procedures put in place in accordance with SYSC

6.1.2 R, and the actions taken to address any deficiencies in the

firm's compliance with its obligations.

9

Case studies

• John Leslie and Jeffrey Bennett – £28,000 fine each

• Promotion of Unregulated Collective Investment

Schemes (UCIS)

• Systems and controls failures

• Poor oversight

• Lack of challenge of advice

10

Case studies

• John Pottage/UBS – initial FCA enforcement against

individual overturned by Upper Tribunal, firm fined £8m.

• Initial assessment of governance

• Risk focus must be justifiable

• Compliance team – procedures, resources, training

• First line of defence reliance

• Management information

11

Case studies

• Lloyds TSB Bank – £28m fine

• Risk focus must be justifiable

• File review failures should be red flag

• Remuneration arrangements should reflect compliance

• Trend and root cause analysis

12

Case studies

• Alison Moran – Compliance Officer – £20k fine

• Failure to challenge CEO

• Poor documentation of legal advice

• Jurisdictional issues

• Resourcing

13

Case studies

• Habib Bank AG Zurich – £525k fine

• Senior management oversight

• Management information

• Risk management

14

Case studies

• Homeserve Membership Limited – £30.6m fine

• Insufficient Board engagement

• Failure to address issues identified

15

Case studies

• Santander UK Plc – £12.3m fine

• Risk basis must be justifiable

• Holistic approach to file reviews not taken

• Management information able to facilitate action

• Poor monitoring of remedial actions

16

Compliance monitoring…

…the best way to avoid the banana skins!

The Three Lines of Defence:

17

The business – frontline staff

Control functions – risk and compliance

Internal & external

audit

Effective compliance monitoring

• Identify the regulatory risks faced

• Determine an effective way to assess management of

those risks and adherence to regulatory standards

• Culture is key – monitoring should be seen as a normal

part of the business

• Adequately resourced compliance monitoring function

• Effective documentation and reporting of findings

• Issue tracking and resolution management

• Root cause and trend analysis

• Board reporting

18

Compliance’s role beyond monitoring

• Contextualising and identifying risk – customer focus

• Reporting: Principle 11 – cooperation with the FCA

• Recording: Board/Management reports and minutes

• Reviewing and recording external advice

• ‘Probing’ internal ‘experts’ – ‘trust but verify’

• RESOURCES

19

Avoiding the banana skins

Ensure the decisions you take are:

• Reasoned

• Reasonable

• Recorded

• Disclosable

20

Questions

We appreciate your feedback

21