In the past 12 months, the Enforcement Division of the UK Financial Conduct Authority (FCA) has demonstrated a remarkable consistency in pursuing its key priorities. The move into lockdown in 2020 led to a rationalisation of its caseload and an apparent slowdown in activity. Since then, a succession of significant outcomes have been published, many related to long-standing priority areas, including treating customers fairly, financial crime and anti-money laundering, as well as non-financial misconduct.
In this article, we will explore the themes emerging in each of those areas in more detail. Before doing so, we note a couple of additional points of interest that cannot be covered in detail in this short review. Most notably, the FCA has generated a number of market conduct related outcomes this year: action was taken against an individual for spoofing, a form of market manipulation, and action was taken or warning of action given against three issuers for a variety of failings in relation to market announcements.
Those published outcomes are only the tip of the iceberg: the FCA’s Market Oversight Division continues to pursue significant numbers of preliminary investigations in response to suspicious transaction and order reports or unusual market activity detected using its own systems. These can be challenging for firms to respond to and carry the risk of full-blown investigation if the response does not alleviate the FCA’s concerns.
Further, largely below the radar is the FCA’s continued use of early intervention powers, with firms asked to seek voluntary variations or restrictions on their permissions or have these imposed involuntarily to address supervisory concerns or while those concerns are remediated. Early interventions offer a quicker route than enforcement proceedings and are arguably more effective at addressing ongoing concerns. We expect they will continue to prove attractive to regulators as they look to manage increasing caseloads in the wake of the covid-19 pandemic.
Although the focus of this article is on the FCA, in respect of dual-regulated firms, the Enforcement and Legal Directorate of the Prudential Regulation Authority (PRA) is increasingly active in promoting the PRA’s agenda. It continues to work alongside the FCA in some matters but is developing an increasing and interesting body of casework of its own.
Treating customers fairly
Whether firms are deemed to have treated customers fairly looks set to be another key focus of FCA enforcement activity in the years ahead.
The fair treatment of customers has always been central to the FCA’s mission: one of the FCA’s three operational objectives is to secure an appropriate degree of protection for consumers, and the requirement for firms to treat their customers fairly is one of the FCA’s high-level Principles for Businesses (the Principles). Treating customers fairly (TCF) has been the subject of substantial thematic work over the past 15 years.
Even prior to the covid-19 pandemic, the FCA prioritised supervisory and enforcement initiatives concerning TCF. The FCA has made it clear that it expects firms to embed TCF into their culture and has taken enforcement action where it feels this has not occurred. In the past year alone, it has fined Lloyds Banking Group and Barclays a combined total of £90 million for failings in how they treated customers who had fallen into arrears on their debt repayments.
However, the devastating effects of the covid-19 pandemic on many customers’ finances have further heightened the importance of this. In the past few months, the FCA has repeatedly emphasised that TCF will be one of its priorities. In its Business Plan for 2020/21, the FCA said that two of its five areas of focus will be on ensuring that ‘the most vulnerable are protected’ and that it will ‘seek to ensure consumers and small firms are treated fairly’.
So where can we expect to see the FCA’s attention focused, and what does it expect from firms?
Retail customers in financial difficulty
A key focus of the FCA will be on how retail banks deal with individuals who have fallen into financial difficulty.
The FCA acted quickly at the outset of the pandemic to seek to mitigate the financial impact of covid-19 on retail customers, putting in place a range of emergency measures that allowed customers to benefit from payment holidays, interest-free overdrafts and various other forms of relief.
However, although those measures may have bought customers valuable time, it did not remove the need for customers to eventually repay their borrowings. Now, the FCA’s focus is likely to turn to how retail lenders deal with situations where customers find this problematic.
From past guidance and enforcement cases, it’s clear that the FCA has high expectations in this area. Where a customer has unsustainable debt, firms will be expected to obtain a detailed understanding of their specific circumstances. This is an exercise that requires time and skill, so firms will be expected to have enough staff – sufficiently skilled and trained – to assess the customer’s situation and consider what is a fair outcome for them.
To satisfy itself that customers are being treated fairly, the FCA assesses whether firms’ senior management and boards have received high-quality management information on customer outcomes and have considered fully how the processes, procedures and culture of the firm have contributed to this. The enforcement actions against Lloyds Banking Group and Barclays show that the FCA is prepared to act where it feels this has not occurred.
Within the body of retail customers, the FCA is particularly concerned about how firms deal with vulnerable customers. Vulnerable customers are those who, owing to their personal circumstances, are especially susceptible to detriment.
Customers can be vulnerable for several reasons, including their physical and mental health, the impact of life events such as a bereavement and their financial capability and resilience. Vulnerability is not static: customers may go from being non-vulnerable to vulnerable and vice versa.
Perhaps counter-intuitively, a relatively large proportion of customers could be considered vulnerable at any given moment. Research conducted by the FCA in October 2020 found that 27.7 million individuals – or over half of all UK adults - displayed signs of vulnerability.
Those who are vulnerable can suffer from a range of harm, including financial exclusion (eg, not having access to appropriate financial products), difficulty in accessing services (eg, lack of access to the internet or branches), increased likelihood in falling victim to a scam, overindebtedness and buying inappropriate products or services.
The FCA has provided guidance on the actions firms should take to treat vulnerable customers fairly. This involves embedding a mindset around the fair treatment of vulnerable customers at all stages of customers’ interaction with the firm, from the product design and set-up to customer communications and service, along with continuous evaluation of whether the needs of vulnerable customers are being met.
The FCA’s new chief executive, Nikhil Rathi, has said that the FCA will have a ‘special focus on vulnerable customers’ as the country recovers from the covid-19 pandemic. Given that the pandemic has led to a steep increase in the number of individuals with characteristics of vulnerability, firms will be expected to take meaningful and proactive steps to ensure vulnerable customers are treated fairly – or will likely face enforcement action.
Another area of future focus is likely to be on the fair treatment of small and medium-sized enterprises (SMEs). The FCA’s own Business Plan refers to one of its five areas of focus being the fair treatment of ‘consumers and small firms’. This is for two reasons.
First, following the 2008 financial crisis, several UK banks were alleged to have mistreated SME customers who struggled to repay their debts. This led to the FCA appointing skilled persons to undertake reviews, firms establishing complaints and compensation schemes and a large amount of parliamentary and press scrutiny.
Second, the covid-19 pandemic has had a heavy financial impact on many SMEs, leading to a huge proportion of SMEs taking out additional lending, often through government-backed loan schemes. Although lenders were praised for setting up and processing those loans with relative speed, at some point those debts will need to be repaid, and attention will turn to how banks manage their collection process fairly.
The challenges here are significant not only in terms of the volume of debt to be repaid (CityUK predicts that SMEs will have approximately £100 billion of unsustainable debt) but also the potential mismatch between the expectations of customers and those of firms. A survey conducted in May 2020 found that 43 per cent of businesses that had accessed government guaranteed loan schemes said they do not expect to repay the debt, either because they do not think they will be able to or because they do not believe that the government will pursue the debt.
Lending to corporates is not a regulated activity; therefore, Principle 6, the obligation to treat customers fairly, does not apply. However, the FCA has made it clear that it expects firms to act appropriately in respect of SMEs. Firms must nominate a senior manager to be responsible for SMEs, and the FCA has endorsed the Lending Standards Board (LSB) guidance for dealing with business customers as representing a proper standard of market conduct.
Firms should, therefore, ensure that their dealings with SMEs are guided by the LSB’s code, as well as lessons from previous cases. This will include having triggers to identify and act when SMEs are in financial difficulty, communicating in a sympathetic and transparent manner with the customer, considering appropriate forbearance and refinancing options and not seeking to extract other advantages from a customer’s difficulty.
Although the unregulated nature of SME lending makes enforcement action against firms more difficult for the FCA, it is not impossible. More straightforward for the FCA is enforcement action against senior managers, as senior managers’ obligations under the Senior Managers and Certification Regime (SMCR) also extend to unregulated activities.
Similarly, short of formal enforcement action, the FCA has a variety of tools at its disposal should firms be perceived to have mistreated SMEs – from requiring skilled persons reviews to attestations from senior managers.
TCF on new frontiers?
Although the FCA’s primary focus to date has been on treating customers fairly in credit markets – mortgage and unsecured lending, lending to SMEs, etc – there is the potential for the FCA to consider TCF in other contexts as well; for instance, during the covid-19 pandemic, an increasing number of consumers have taken to trading directly in the equity markets or investing in cryptocurrencies.
The FCA is concerned about the potential for consumer harm where investment decisions are initiated not by advice from a professional adviser, but following exposure to (potentially misleading) online financial promotions or adverts or high-pressure sales techniques. There is a significant risk in this context that individuals unwittingly purchase higher risk products that may not be suitable or reflect their risk tolerance.
This situation is further complicated by the fact that those individuals are often using appbased platforms offered by regulated firms to enact their investment choices. There is clear potential for a mismatch between the expectations of consumers and the actual obligations on firms to treat them fairly where those platforms are used to invest in products such as cryptocurrencies (currently unregulated).
Nevertheless, the FCA expects regulated firms to embed TCF across all of their business activities – both regulated and unregulated. Organisations must give specific thought to what this looks like in the context of investments into novel products by a new type of investor using innovative platform technology, if they wish to minimise the risk of retrospective enforcement action on the point.
Recent years have seen the FCA emphasise the need for firms to identify and address examples of non-financial misconduct (NFM) within their organisations. This feeds directly into a broader regulatory focus on culture dating back to the 2008 financial crisis.
Since then, there has been a growing recognition of the link between a culture in which harassment, bullying or other poor behaviour by individuals goes unchallenged, and business decisions that result in harm to consumers, the market and the reputation of the sector as a whole. Put bluntly, the finest and most robust systems and controls can be undermined if the right behaviours are not embedded with the firm that contains them.
The FCA brought enforcement action in this area in November 2020, prohibiting three individuals from working in financial services on the grounds that they were not fit and proper: all had been convicted of significant non-financial criminal offences while working in the sector. A fourth individual is taking his case to the Upper Tribunal. Questions remain, however, around the relevance of such conduct to the assessment of individuals’ suitability to work in the sector where it falls short of amounting to a criminal offence.
Firms must also consider the steps they should be taking to foster a working environment in which staff feel secure in calling out such behaviour (via whistle-blowing and other speak up channels) and where allegations are managed appropriately. The FCA’s approach to NFM continues to develop, and it is important that firms understand its evolving expectations in this area.
What is non-financial misconduct?
Despite extensive discussion of the subject, there is no regulatory definition of non-financial misconduct (NFM). For the purposes of this article, we have chosen to define NFM as misconduct that is not directly related to the performance of an individual’s role, but that may have an impact both on the integrity, fitness and propriety of the staff member concerned (under relevant regulations) and on the culture of a firm more broadly.
Definition notwithstanding, NFM can still be difficult to identify in practice. For example, tolerance (or even encouragement) by the senior management function (SMF) of a culture of bullying or harassment involving junior or new staff members in its business area would have a direct impact on the work environment experienced by those employees. This would then, arguably, be relevant to a regulator’s assessment of that SMF’s fitness and propriety. Such a culture might also discourage staff from challenging or reporting examples of financial misconduct they encounter in the organisation.
NFM might also occur outside the work environment, for example, during after-work drinks, in a way that continues to reverberate once people return to the office. This is, however, where the line between work and private life can become more difficult to discern.
The Court of Appeal’s judgment in Ryan Beckwith v The SRA in November 2020 maintained that concepts such as integrity and maintaining trust in a profession will only be damaged by actions in an individual’s private life where this conduct ‘realistically touches on [their] practise of the profession or the standing of the profession.’ Although this decision involved a different regulator (the Solicitors Regulation Authority) and a different regulatory scheme (the SRA Handbook), it is a cogent illustration of the difficulties that can arise in this context.
The FCA’s approach
In September 2018, former Executive Director of Supervision at the FCA, Megan Butler, stated in a letter to the Women and Equalities Committee of the House of Commons that ‘we view sexual harassment as misconduct which falls within the scope of our regulatory framework.’ This was the first time that the FCA has explicitly indicated that this type of behaviour might have regulatory implications.
This was followed a couple of months later by a speech by Executive Director of Strategy and Competition at the FCA, Christopher Woolard, in which he asserted that the way firms handle allegations of NFM is potentially as relevant to the regulator’s assessment of them as their handling of any other type of misconduct would be.
The FCA made the management of NFM a key focus for its supervision of firms and senior management. NFM should now be considered as part of fitness and propriety assessments, senior managers are expected to take reasonable steps to identify and remediate NFM within their business areas, and firms must put in place processes to manage complaints about NFM made by staff, including speak-up lines and other whistle-blowing procedures.
From an enforcement perspective, we have seen very little concluded enforcement activity from either regulator. Enforcement investigations into NFM remain rare; a freedom of information request reported in January 2021 indicated that the FCA has opened only five investigations into NFM under the SMCR in the past five years. We have yet to see a concluded FCA or PRA enforcement action against an individual concerning NFM that had not already resulted in a criminal prosecution.
In some respects, this is not surprising. Investigations into non-criminal NFM are challenging to mount. They often involve sensitive issues and require careful handling. There is also a technical question on whether and when NFM might constitute a breach of the FCA’s Individual Conduct Rules rather than simply going to an individual’s fitness and propriety.
Although the FCA does not yet appear to be making wide use of enforcement to tackle NFM, it features prominently as part of supervisory discussions with firms. NFM and whistle-blowing are increasingly seen as a bellwether of deeper cultural issues within firms. By making NFM a regulatory issue, something that is within its remit to police, the FCA can put pressure on firms to tackle and root out this type of behaviour and improve speak-up and listen-up environments as part of a broader culture focus.
This means that most investigations into allegations of NFM are being conducted by firms. Regulators appear more focused on assessing firms’ ability to identify, manage and resolve such complaints than on interrogating the allegations themselves.
Issues for firms
Tackling NFM at an organisational level raises several specific issues for firms. First is the ability to identify such complaints in whatever context they are made. The most obvious route for a complaint concerning NFM to come to an organisation’s attention is via whistle-blowing channels; however, not every whistle-blowing complaint will concern allegations of NFM. Conversely, NFM allegations may also be made outside this context.
Whatever route is taken, such claims will inevitably be sensitive and require appropriate triage. Managers must be trained to recognise this type of complaint and understand how to escalate it. A clear protocol for response should be in place.
Difficult questions can also arise around notification. Significant allegations involving senior managers may require immediate notification under Fundamental Rule 7 or Principle 11. SUP 15.3.11 obliges firms to notify the FCA immediately when they become aware, or have information that reasonably suggests, that a significant rule breach (including of the Code of Conduct Rules (COCON)) may have occurred.
Given that claims NFM has occurred characteristically present themselves as bald allegations requiring further investigation to substantiate, balancing regulatory transparency and fairness to the individuals involved may prove challenging. Where claims of NFM involve certified members of staff, fitness and propriety certificates may be due for renewal while an allegation is under investigation. This can put a firm in a difficult position in terms of whether to renew and risks prejudging the outcome of that enquiry.
The investigation must be supervised closely. Management of the information flow to and support for the whistle-blower or complainant is key. If those individuals do not feel their complaint has been taken seriously or investigated properly, this will have a significant impact on the willingness of other members of staff to speak up.
Promoting the psychological safety of the wider staff population is key. This may mean reorganising teams where the person under investigation and the person making an allegation work together – a particular challenge where teams are already under-resourced or more senior staff or leaders are implicated.
The team conducting the investigation must be independent – and seen as such. The more senior the member of staff under investigation in this context, the more important this is. They may also require specialist interview training: in sensitive cases, a very different tone and approach will be required to encourage witnesses to speak openly, whereas a more relaxed style may encourage people to share uncomfortable experiences.
The current requirement to conduct interviews remotely only compounds the difficulties teams investigating NFM face. Interviewees are likely to be under considerable personal stress and should be offered additional pastoral support throughout the investigation process.
Building an effective and robust structure for investigating NFM (and other) complaints is likely to be an investment worth making. Both regulators now expect firms to be able to address and remediate complaints about poor conduct effectively. There is significant risk of either a skilled person or a third-party review if the FCA or the PRA loses confidence in a firm’s ability to manage this type of enquiry.
Where the FCA or the PRA have persistent concerns, there are enforcement investigations into the adequacy of firms’ operation of whistle-blowing systems and controls, with the FCA and the PRA publishing a voluntary requirement in early 2021 requiring a firm to make improvements in this regard. There remains a real risk of enforcement action for firms that have inadequate management of whistle-blowing complaints (including those involving NFM).