Partly contested cases, the pipeline and AML investigations

Speech by Mark Steward, Director of Enforcement and Market Oversight at the FCA, delivered at the Global Investigations Review Live event in London.

Speaker: Mark Steward, Director of Enforcement and Market Oversight
Event: Global Investigations Review Live event, London
Delivered: 4 April 2019
Note: this is the speech as drafted and may differ from the delivered version

Highlights

  • Partly contested cases avoid a ‘deal-making’ approach to the imposition of penalties and sanctions giving subjects an opportunity to test and challenge the FCA’s penalties before the RDC, an independent FCA Board committee, without losing any cooperation benefit.
  • Firms will be held accountable for foreseeable harm.
  • The FCA is investigating suspected breaches of the Money Laundering Regulations that might give rise to either criminal or civil proceedings, giving effect to the full intention of the Money Laundering Regulations which provides for criminal prosecutions.

I want to speak briefly about 3 things: partly contested cases, some recent decisions and, by request, AML investigations.

Partly contested cases

Before this path was created, parties either had to agree everything or have the whole dispute referred to the RDC and most chose the former

The partly contested case process was introduced in 2017 to permit anyone who is the subject of FCA disciplinary action to choose to have part of the dispute determined by the Regulatory Decisions Committee (RDC), without losing the opportunity to obtain some or all of the credit for agreement.

Before this path was created, parties either had to agree everything or have the whole dispute referred to the RDC and most chose the former. The consequence was the FCA’s specialist decision-making committee which was designed to be independent of case teams was often excluded from the very cases it was set up to decide. It also made the resolution process look transactional. The new pathway, which is optional, avoids a ‘deal-making’ approach to the imposition of penalties and sanctions, provides a mechanism for the RDC, an independent FCA Board committee, to be consulted and engaged more frequently and gives subjects an opportunity to test and challenge the FCA’s penalty discretion without losing all of the credit for agreement.

After a slow start, we have now had 3 completed cases that have used this process. In each of the 3 cases that have used this process, all relevant facts and matters, other than the sanction, were agreed.

The partly contested case route does not exclude the Upper Tribunal from exercising its review function if the subject of the proceedings is unhappy with the RDC decision. However, the agreed statement of facts includes an agreement from the relevant party that they will not reopen any agreed issue unless the Upper Tribunal, of its own motion, decides to reopen an issue.

The very first case, involving Linear Investments Ltd, was referred to the Upper Tribunal and the hearing was held in February. The decision is reserved. At the hearing, the Upper Tribunal did not seek to re-open any of the agreed issues and submissions on the penalty were made using the agreed statement of facts. The case involves systems and controls around post-trade surveillance and we published the Decision Notice last September ahead of the Upper Tribunal hearing. We eagerly await the Upper Tribunal decision.

In each of the 3 cases that have used this process, all relevant facts and matters, other than the sanction, were agreed

The next 2 cases have resulted in final outcomes and did not involve the Upper Tribunal. The first concerned Carphone Warehouse which was fined just over £29m for mis-selling mobile phone insurance and the Final Notice was published last month. The second decision is currently scheduled to be announced very shortly.

A few early observations on the process:

  • First, the agreed statement of facts needs to be very carefully particularised, perhaps with a tighter narrative than statutory notices may have been over the years, keeping in mind: first that the Warning Notice, in these cases, is effectively the agreed statement of facts, also setting out the scope of what is in dispute, and secondly that the Warning Notice is not issued by the RDC, as occurs in other contested cases where the RDC is engaged.
  • Secondly, the need for precise particularisation applies equally to the way in which submissions on penalty and sanction should be prepared and evidenced in the agreed facts with an evidential basis for relevant aggravating or mitigating factors.
  • Thirdly, the process appears to have worked well, providing the 3 parties with genuine opportunities to test and challenge the FCA’s sanctioning discretion without losing the credit normally applied for cooperation in agreeing the relevant facts and matters.

We hope and look forward to more parties choosing this process.

Recent cases

I want to mention a few recent cases.

In September 2018, we fined Tesco Personal Finance plc (Tesco Bank) £16,400,000 for failing to exercise due skill, care and diligence in protecting its personal current account holders against a cyber-attack that took place in November 2016. Following the attack, Tesco Bank immediately put in place a comprehensive redress programme and devoted significant resources to improving its systems and controls as well as the skills of the individuals who operate them. They received full credit for this. However, the case highlighted an important issue. The attack was wholly foreseeable as there had been a specific warning 12 months earlier which meant what happened, including the harm to customers, was avoidable.

Foreseeability was also a feature of our Carphone Warehouse case because the incidence of complaints and cancellations after the ‘Geek Squad’ policy was sold should have alerted the firm to the potential that the policy was being mis-sold. While this type of warning is perhaps not as explicit as the warning in the Tesco Bank case, they were clear red flags, making mis-selling a predictable and likely cause.

In December 2018, we fined Santander £32,817,800 for failing to effectively process the accounts and investments of deceased customers. Santander failed to transfer funds totalling over £183m to beneficiaries when it should have done. 40,428 deceased customers were directly affected. In some cases, funds were held for many years depriving the beneficiaries of their use for lengthy periods. The case highlighted what occurs when a firm has inadequate escalation processes and inadequate horizon scanning by senior management. Once again, the senior management reacted well to the problem once they had actual knowledge of it. But they should have been alerted to it or they should have found out about it much sooner.

And finally, we fined UBS £27,599,000 for transaction report failings that occurred over a 9-year period and we fined Goldman Sachs just over £34m for similar failings over a 10-year period. Transaction reporting concerns lifeblood questions for these businesses: do you know who are you transacting with, for whom, in what markets, in what volumes and at what prices? And what does it mean if you can’t answer those questions accurately? These cases demonstrate, yet again, that transaction reporting is not just about the fight against market abuse: it is also about whether firms are able to regulate, supervise and understand their own activities properly. And these problems should never have persisted for such long periods of time. Firms should implement regular, 6-monthly reconciliations to detect reporting issues and to prevent breaches becoming endemic.

reasonable systems and controls don’t work well all by themselves: they need to be accompanied by strong escalation protocols

These cases highlight 3 issues.

First, firms will be held accountable for foreseeable harm and what happened in both Tesco and in Carphone Warehouse was or should have been foreseeable.

Secondly, reasonable systems and controls don’t work well all by themselves: they need to be accompanied by strong escalation protocols. In each of these cases, senior management was either invisible or lacking influence because there had been little or no escalation or management data was insufficient to alert senior management that problems had not only arisen, they were persisting without solution.

We have a large number of investigations on foot, some of them entering important phases, tackling some very serious issues, including suspected financial crime in our markets, suspected false or misleading statements by listed issuers, and suspected significant AML system and control issues

Conceptually, this observation could be used to build a useful metric of management capability: how long does it take for a problem to be detected and then to be escalated to the person who is sufficiently authorised and resourced to fix it properly? Hours, days, weeks, months or years?

Finally, these cases raise the related question of whether poor escalation protocols and/or inadequate lines of sight into the heart of the business are consistent with the senior management obligation to take ‘reasonable steps’ to prevent a breach. While these cases involve conduct that predates the senior managers’ regime, these cases signal that in any assessment of ‘reasonable steps’, escalation and senior management sight lines over problems that are not being solved effectively will be an issue.

Current pipeline

We have a large number of investigations on foot, some of them entering important phases, tackling some very serious issues, including suspected financial crime in our markets, suspected false or misleading statements by listed issuers, and suspected significant AML system and control issues under the Money Laundering Regulations.

I have been asked to say something about the Money-Laundering investigations given we are now conducting ‘dual track’ AML investigations, ie investigations into suspected breaches of the Money-Laundering Regulations that might give rise to either criminal or civil proceedings.

we are now conducting ‘dual track’ AML investigations, ie investigations into suspected breaches of the Money-Laundering Regulations that might give rise to either criminal or civil proceedings

I don’t think there should be anything controversial here. It would be inconsistent with the investigative mindset to narrow the scope of potential outcomes provided for by the law before you have made any inquiries or been able to assess the nature of the matter under investigation. Moreover, this practice brings AML investigations into line with the FCA’s practice in market abuse investigations which have been conducted on a ‘dual track’ basis for many years as well.

More importantly, I think it is time that we gave effect to the full intention of the Money-Laundering Regulations which provides for criminal prosecutions. In making poor AML systems and controls potentially a criminal offence, the MLRs are signalling that, in egregious circumstances, MLR failures let down the whole community and in this sense, they may constitute:

'...a breach and violation of public rights and duties which affect the whole community, considered as a community; and are distinguished by the harsher appellation of crimes and misdemeanours.’ (Commentaries on the Laws of England (1765-69), William Blackstone.)

This does not mean every investigation where we think there is a case to answer will or should be prosecuted in this way. I suspect criminal prosecutions, as opposed to civil or regulatory action, will be exceptional. However, we need to enliven the jurisdiction if we want to ensure it is not a white elephant and that is what we intend to do where we find strong evidence of egregiously poor systems and controls and what looks like actual money-laundering.