A guide to what we can share with the public about firms, people and markets, and what we can’t.
What we can share
We can release information we’ve received under section 348 of the Financial Services and Markets Act 2000 (FSMA) when:
- it subsequently becomes publicly available in a way that’s not contrary to FSMA, or
- we have the consent of the person, company or partnership the information is about, and
- we have the consent of the person, company or partnership who gave it to us
- We publish information about the number of complaints firms have received. This is so that firms can compare their performance with their peers’ and consumers have another source of information about the firms we regulate – see our complaints data for more details.
- We publish detailed information of the volumes of ‘approved person’ applications for controlled functions that we’ve received and made a decision on.
- We publish details of thematic reviews we’ve carried out to assess a current or emerging risk relating to an issue or product across firms within a sector or market. It can be focused on both discovering what’s going on and on how we suggest the issue is tackled. We also refer to this as issues and products work or cross-firm work. We base this on information we’ve received under section 348.
- When we take formal enforcement action, we publish a Decision or Final Notice and press statement on our website, explaining what action we’ve taken and why.
What we can’t share – and why
FSMA states we can’t share confidential information with the public. So we can’t always provide information, even when requested under the Freedom of Information Act (FOIA).
This is because having a clear confidentiality restriction encourages the free flow of information to us. If there was uncertainty about information becoming public, our sources could be less willing to give it to us. And information is at the centre of how we regulate.
Also, under UK law, a public body such as the FCA must treat information as confidential. We can only disclose it if there are good public-interest reasons to do so. We must respect the private life of the people we deal with. For more information about the public interest test please see the Information Commissioner’s Office (ICO) guidance.
There are also other UK laws that only permit disclosure of information under certain conditions, such as the UK GDPR and the Data Protection Act 2018.
For us, this means respecting the non-public information we hold about the firms and individuals we regulate.
Not all the information we hold is covered by section 348 of FSMA. This is because we also hold information we’ve created rather than just received, such as:
- our opinion on whether a firm is complying with our rules
- our assessment of the riskiness of a firm’s business model
- what actions we should take next when making inquiries into a firm or market, and
- setting out the factors for and against making a new rule
For instance, we don’t usually make public the fact that we’re investigating (or have investigated) a firm or individual.
This is partly to protect the effectiveness of our investigation, as publicity might encourage people to destroy or hide evidence, and partly because announcing an FCA investigation can damage reputations.
If we can’t say we’re investigating someone, we also can’t say we’re not. Therefore, the right answer in such cases is: ‘We can neither confirm nor deny whether we’re investigating a particular firm or individual.’ For more on this, see our Enforcement Guide.
What if you’ve given us information about a firm and ask us what we’ve done? We understand that not revealing what action we may have taken can be frustrating. However, we do carefully consider any information you give us and we value it.
Even if the information has not resulted in us taking formal action against a firm, it may help us in future dealings by building up a picture of an adviser’s conduct or informing how we develop policy.
We’re sometimes asked for copies of our communications with a firm or group of firms about issues in the news, such as payment protection insurance (PPI) mis-selling, or our thematic work when we look at trends in the marketplace.
As explained above, any information we receive from a firm is protected under section 348 of FSMA.
What about when we’ve told a firm we have concerns that their conduct may have breached our rules? We can’t publicly disclose our opinions like this for another reason. We must follow formal procedures before we can say publicly that a firm has breached our rules. Our initial opinions, or views on a firm’s compliance, won’t have been through these formal procedures, so we’re not allowed to make them public.