A guide to what information about firms, people and markets we can release to the public, and why we can't release some of it.
What we can share
We can share information we have received under Section 348 of the Financial Services and Markets Act 2000 (FSMA) when:
- it is already publicly available
- we have the consent of the relevant ‘person’, company or partnership the information is about, and/or
- we have the consent of the relevant person, company or partnership who gave it to us
So, for example:
- We publish information about the number of complaints firms have received so that firms can compare their performance against their peers and consumers have an additional source of information about the firms we regulate – see our complaints data for more details.
- We now publish detailed information of the volumes of ‘approved person’ applications for controlled functions that we have received and made a decision on.
- We publish details of ‘thematic review’ work we have carried out to assess a current or emerging risk relating to an issue or product across a number of firms within a sector or market. It can be focused on both discovering what is going on and on how we suggest the issue is tackled. We also refer to this as ‘issues and products’ work or ‘cross-firm’ work. We base this on information we have received under section 348.
- When we take formal enforcement action, we publish a ‘Decision’ or ‘Final’ Notice and press statement on our website, explaining what action we have taken and why.
What we can’t share – and why
FSMA states we can’t share ‘confidential information’ with the public. So we can’t always provide information, even when requested under the Freedom of Information Act (FoIA) 2000.
This is because having a clear confidentiality restriction encourages the free-flow of information. If there was uncertainty about information becoming public, our sources could be less willing to give it to us. And information is at the centre of how we regulate.
Also, under UK law, a public body like the FCA has to treat information as confidential. We can only disclose it if there are good public-interest reasons to do so. We must ‘respect’ the ‘private life’ of the persons we deal with. For further information about the ‘public interest’ test please see the Information Commissioner’s Office guidance.
For us, this means respecting the (non-public) information we hold about the firms and individuals we regulate. Also, the standards of many of the financial services sectors we regulate are set by laws made by the European Parliament. Along with other European regulators, we are under an ‘obligation of professional secrecy’ to protect any information we receive.
Not all of the information we hold is covered by section 348 FSMA. This is because we also hold information we have created rather than just received, such as:
- our opinion on whether a firm is complying with our rules
- our assessment of the riskiness of a firm’s business model
- what actions we should take next when making inquiries into a firm or market, and
- setting out the factors for and against making a new rule
For instance, we don’t usually make public the fact that we are investigating (or have investigated) a particular firm or individual.
This is partly to protect the effectiveness of our investigation, as publicity might encourage people to destroy or hide evidence, and partly because announcing an FCA investigation can damage reputations.
If we can’t say that we are investigating someone, we also can’t say that we are not! We can’t say ‘no comment’ to one request but confirm we are not investigating someone in reply to another. So we think that ‘no comment’ – or ‘we can neither confirm nor deny whether we are investigating a particular firm or individual’ – is the right answer in both cases. For more on this, see our Enforcement Guide.
What if you’ve given us information about firm x and ask us what we have done? We understand that not revealing what action we may have taken can be frustrating. But we do carefully consider the information you give us and we value it. Even if the information has not resulted in us taking formal action against a firm, it often helps us in future dealings – building up a picture of an adviser’s conduct or informing how we develop policy.
We are sometimes asked for copies of our communications with a firm or group of firms about particular issues in the news. These could be news stories about payment protection insurance (PPI) mis-selling or about our ‘thematic’ work when we look at trends in the marketplace.
As we have explained above, any information that we have received from a firm is protected under section 348 FSMA.
But what about when we have told a firm that we have concerns that their conduct may have breached our rules?
We cannot publicly disclose our opinions like this for another reason. We must follow formal procedures before we can say publicly that a firm has actually breached our rules. Our initial opinions, or views on a firm’s compliance, will not have been through these formal procedures, so we are not allowed to make them public.