Speech by Mark Steward, FCA Executive Director of Enforcement and Market Oversight, delivered at the City & Financial Global Ltd event, London.
Speaker: Mark Steward, Executive Director of Enforcement and Market Oversight
Event: FCA Investigations and Enforcement: A Guide to Managing Regulatory Action
Delivered: 12 February 2020
Note: this is the speech as drafted and may differ from the delivered version
- The point of financial penalties is deterrence but this is not the point of enforcement which is about just outcomes. In 2019 we imposed financial penalties of over £310 million on firms that also paid or are paying over £231 million in restitution. Addressing both serious misconduct as well as its consequences ensures just outcomes.
- Most of the cases involving financial penalties have involved serious breaches of the General Principles. In these cases too little attention is paid to the General Principles in planning and organising what a firm is doing.
- Firms need to engage with the Principles when undertaking regulated activities.
Thank you for inviting me here this morning to open today’s event on managing FCA Investigations and Enforcement.
I want to speak to you about 2 things: first, financial penalties and the importance of cooperation and remediation; secondly some observations and issues arising from cases over the last 12 months, especially regulatory cases involving breaches of the General Principles.
In Chapter 6 of the FCA’s Decision Procedure and Penalties manual, otherwise known as DEPP 6 or the FCA’s Penalties Policy, we say:
'The principal purpose of imposing a financial penalty or issuing a public censure is to promote high standards of regulatory and/or market conduct by deterring persons who have committed breaches from committing further breaches, helping to deter other persons from committing similar breaches, and demonstrating generally the benefits of compliant behaviour.'
This is a good description also of the principles of both specific and general deterrence that underpin sanctions and punishment in other contexts, including in the criminal law context.
The purpose of penalties under DEPP 6, however, is not the purpose of enforcement.
Enforcement is focussed on ensuring just outcomes and the prevention of serious misconduct, not just through deterrence but also through:
- early detection with a view to stopping ongoing misconduct as soon as possible; and
- the broad use of remedial orders to ensure appropriate action is taken to repair harm that has occurred, especially financial loss to consumers
In this context, there are cases where both a deterrent sanction and remedial orders are equally necessary to ensure a just outcome. Dealing with the consequences of misconduct is as important as any sanction, as our penalty policy also demonstrates.
Now, as I have just said, while deterrence, especially general deterrence, is the key purpose of any regulatory sanctioning process, deterrence should not be confused with the point of enforcement.
As far back as 1829, Sir Robert Peel articulated principles of enforcement that remain helpful today. His first principle, described as the “basic mission”, is prevention and the last boldly asserts that the test of enforcement is the ‘absence of crime and disorder’ rather than “the visible evidence of action in dealing with it”.
Prevention leading to absence then is the point. An outcomes based approach could not be expressed more plainly. Easier said than done of course.
At risk of breaching the last principle, it is hard to avoid talking a little about the “visible evidence of action” in dealing with misconduct.
Over the course of 2019 we imposed financial penalties totalling over £310 million on firms that have also paid or are paying associated restitution and compensation of over £231 million.
This is consistent with our aim to deal not only with serious misconduct but also ensure its consequences are addressed. I cannot reiterate how important this is.
While the absence of crime and misconduct is a noble cause, it is hopelessly unlikely. Things will go wrong and some of those things that go wrong will be caused by or involve regulatory misconduct.
Knowing this is practical and sensible and is also the reason why it is important to value reactions and responses by firms after things go wrong. This includes systems and controls designed to detect things going wrong at the earliest point in time.
As we have made publicly clear, we may impose tougher sanctions where we see firms failing to correct relevant deficiencies and make good losses to consumers caused by those firms’ failings. We may also reduce sanctions to give credit for rapidly-commenced, pro-active, co-operative and thorough remediation, especially consumer redress.
In rare cases, the quality, extent and speed of that redress may justify very significant reductions in sanction.
This is also consistent with DEPP 6 which makes it clear that in assessing a proposed financial penalty we will take into account the conduct of a person after the breach (see DEPP 6.2.1(2)).
Attention to the consequences of misconduct, remediation and reparation to victims is not one of the Peelian principles of enforcement. I think it is difficult to conceive of a just outcome without ensuring both the misconduct and its consequences are addressed.
Penalty Policy in practice
There have been several cases in which we have materially reduced our financial penalties on firms in excess of the automatic 30% discount for cases that are fully resolved at stage 1.
We encourage firms to respond to this incentive by going beyond what we expect and taking immediate, unprompted steps, in consultation with us, to thoroughly and quickly ameliorate harm caused by their conduct failures.
Indeed, the discretion here is important given the wide-ranging circumstances that need to be taken into account. Otherwise penalty setting would resemble a rigid and complex mechanical process rather than a weighing up of relevant factors including whether:
- a breach is deliberate or reckless
- the duration of the breach
- the amount of benefit or loss avoided
- whether it reveals serious or systemic weaknesses
- the impact of the breach, including its impact on confidence and trust in markets
- the quantum of loss to consumers or other market users, if any; and
- the extent to which financial crime may have been facilitated by the breach
All of these factors (and others) are set out in DEPP 6 and must be synthesised with the facts, as found, when determining the size of any financial penalty.
The exercise is one of judgement combined with discretion in which the steps, set out in DEPP 6, guide the decision-making mind in a rational and reasonable way, ensuring matters of culpability and mitigation are identified and fairly considered.
The key here is that DEPP 6 sets out an approach rather than a rigid formula, a difference that still appears to confuse some critics.
As you know, there is no maximum financial penalty in these cases which means the assessment of a penalty does not start with a predefined yardstick. It is often said the where there is a maximum penalty, there is an invitation to compare the facts as they are found with the counterfactual ‘worst possible case’, enabling the decision-maker to judge the present case on a spectrum.
This is not possible in instances, as in our cases, where there is no maximum and individual circumstances and situations differ markedly.
For this reason, after disgorgement of any profits, the decision-maker must make an assessment of seriousness, often, but not exclusively, using revenue from the relevant business area. This provides the decision-maker with a yardstick that may or may not be helpful in assessing seriousness.
However, the amount of revenue may be disproportionate to the nature of the misconduct in question either because it is too high or too low, and so may need adjustment. The process of adjustment also requires aggravating and mitigating circumstances to be taken into account. The overriding need, though, is general deterrence.
In this context, a financial penalty is not intended to punish: no element of retribution is involved. Instead, the decision-maker needs to ensure a price for the contravention is sufficiently higher than any gain or benefit was, is or might be in the future.
Even well-respected observers mistake the process as a quantification of harm in terms of money rather than a price for breach that is intended to deter others.
And how we apply DEPP 6 is summarised in each of our published Final Notices.
Partly-Contested Cases: Penalties
We have introduced also a means by which persons who wish to contest our proposed penalty can do so without losing the automatic discount for agreeing facts and liability. There are also variations on this theme as well.
The partly contested process allows parties to argue for reduced or different sanctions before the Regulatory Decisions Committee (RDC). A small number of parties have taken up this option and we have a couple of cases currently pending before the RDC.
Some of you may wish to find out a little more about the partly contested route, especially in relation to contests over the quantum of financial penalty that is sought.
Observations on the General Principles
Let me make some observations on some of the issues that have arisen in the cases we have completed over the last year or so.
Most of these cases have involved serious breaches of our Principles for Business, dealing with, among other things:
- lack of skill, care and diligence including when the risk of harm to customers is obvious or clearly foreseeable
- poor systems and controls whether they have not existed or have not been at all fit for purpose, exposing customers to harm or the risk of harm
- poor judgement, especially in relation to the reporting of misconduct to the FCA and law enforcement authorities; and
- unfair treatment of customers, usually where customers’ interests are overridden or sidelined negligently or recklessly by poor sales or distribution practices
And each of these cases is worth looking at because there are important preventative clues to be found in each of them.
A broad but overwhelmingly fundamental point is that, in each of the cases, it is apparent that neither firms nor senior management engaged directly or explicitly with the Principles for Businesses in deciding, carrying out or managing the conduct that led to the findings of breach.
There was no evidence that the Principles had been used to test or measure conduct before it was embarked on; nor used to measure systems and controls that were being put in place; nor used at any stage in identifying or addressing the inadequacies of the misconduct that occurred.
Indeed, it would seem, in many cases, the misconduct was not apparent until significant harm was also apparent.
The Principles are sometimes criticised because it is said their generality makes it difficult for firms to determine the difference between compliance and non-compliance, leading to concerns that enforcement of principles leads to enforcement by hindsight.
It is difficult to know whether this is in fact the case when an investigation into failings to comply with the Principles reveals they were never really in mind in the first place and finds no evidence of the Principles being used to guide decision-making or to oversee relevant functions, outcomes or consequences, especially for consumers.
Everything appears in hindsight where there is no reasonable planning or foresight.
The Principles set out a firm’s fundamental obligations and are sound, simple propositions – integrity, skill, care and diligence, fair treatment etc. And they are different to specific rules because they don’t contain any instructions to guide compliance.
A rule, for example, like a speed limit requiring drivers to drive no more than 30 mph, answers the compliance question. No further thought or deliberation is required. It is a mechanical command to a set of circumstances and compliance can be measured easily.
A rule is effective for regulating simple, repeatable circumstances but rules cannot anticipate every single situation or circumstance. In this sense, principles are designed to respond and guide in growingly complex circumstances. Our principles, when applied, will more consistently ensure rational, reasonable and justifiable steps are taken.
For example, using the driving analogy again, a principle is more like a general obligation, for example ‘slow down’ or ‘drive safely’.
To comply requires judgement, a ‘spatial’ awareness of context and changing circumstances, foresight of reasonably predictable consequences, planning, prudence and effective execution.
These types of obligations are not satisfied by accident: they require deliberate and intended thought, planning and organisation.
Taking the command to ‘drive safely’ as an example, a prudent driver will use professional judgement, having been properly trained, not only on the need to arrive on time, but on how to get there, what the relevant road rules are and what the limits of the car might be.
A prudent driver will also know the road and maintain a contextual awareness of the conditions, the weather and the traffic. Finally, a good driver will keep an eye not only on what is in the immediate foreground but also, with knowledge of relevant data, on what may be happening around the corner, all with both hands on the steering wheel.
The Principles are the foundations of good conduct and should be an integral part of the operational process of planning or decision-making at all levels and as a way of overseeing and assessing whether the firm’s conduct remains appropriate.
If firms and their senior management approach a business activity from the outset using the Principles as a foundational guide, as part of the organisation of activities and as a way of monitoring execution of activities, I am sure we would see considerably less unintended harm caused by misconduct.
In short, what we need is less hindsight and more foresight.
We have brought many other cases not involving our principles or rules. There have been many of them, some of them involving widespread harm. All of them involve serious misconduct, including:
- the criminal convictions of Fabiana Abdel-Malek, a former senior compliance officer at UBS and Walid Anis Choucair, a professional trader, following an 11 week trial, on 5 counts of insider dealing. They were sentenced to three years imprisonment.
- we have also instituted proceedings against Park First Ltd and its senior managers over the failure of what we allege was an illegal collective investment scheme that raised £230 million from over 4,500 investors. We allege the scheme was promoted with false or misleading statements including promises of returns of 10% in years 3 and 4 and 12% returns on years 5 and 6, which we say they knew were unrealistic. We are seeking compensation for investors who have lost substantial sums of money they cannot afford to lose.
- we are presently in the High court against two unregulated pension introducers and connected individuals who were involved in the transfer of at least £86 million of pension assets from 2,000 pensioners where we are alleging misleading statements were used to persuade consumers to transfer their pensions into higher risk assets. Again we are seeking compensation orders.
- we have also concluded long running action against Dharam Prakash Gopee, an incorrigible repeat offender who caused substantial harm to vulnerable consumers for many years, in defiance of court orders, through illegal money lending. This action led to a confiscation order of £5.1 million, one of the highest confiscation orders against an individual, under the Proceeds of Crime Act.
Tackling notorious and blatant offenders like Mr Gopee now not only ensures justice for those he has harmed but provides longer protection in the future for the public. The latter cases demonstrate that a focus on seriousness should not be confused with widespread impact or well-known names.
On that note, I will stop.