FCA authorised firms should be familiar with the requirement to have in place systems and controls to mitigate the risks associated with personal account dealing (PAD) by employees and other relevant individuals (COBS 11.7 and COBS 11.7A). Similarly, the risks associated with PAD are well known and include market abuse and conflicts of interest (for example between client and adviser). There has also been, in the relatively recent past, well publicised FCA Enforcement activity targeted both at firms for lack of proper systems and controls and also at individuals carrying out the trading (see for example the Final Notice in respect of WH Ireland on 23 February 2016 and in respect of Samuel Taylor on 5 May 2016). Nonetheless, in its October 2019 edition of Market Watch, the FCA shares significant concerns that is has about the adequacy of firms' response to the risks associated with PAD and hints that further Enforcement action is likely to be in the pipeline.
In broad terms, the FCA is concerned that firms' approach to PAD bears no relation to the actual risks that PAD may generate. It therefore reminds all firms that PAD rules and processes must be tailored to the risks generated by a particular business and indeed by particular parts of operations. These rules must also be embedded through programmes of education and also (importantly) through oversight (for example after a PAD notification by an employee). Where breaches of PAD rules are discovered, then firms are expected to investigate, conduct disciplinary processes and to notify the FCA (as appropriate). They are also required to re-consider whether the systems they have in place are adequate. It is not enough for firms to simply submit a suspicious transaction and order report (STOR) and to move on.
The FCA has recently stressed that misconduct risk (particularly in respect of market abuse) is dynamic and consequently requires firms to respond in a manner that adapts and evolves. In the context of PAD, the FCA believes that many firms only perceive more 'traditional' risks, such as order front-running. However, the FCA believes that new risks are always emerging. For example, it has recently drawn attention to the issues associated with 'following' client orders. 'Following' occurs when an employee (or other person subject to PAD rules) follows the trading of a client through his/her PAD, or gives a tip based on a client trade to a family member or friend. Usually the client selected is particularly successful or may be taking a very aggressive position that cannot be justified based on publicly available information. Therefore, depending on the situation, firms may become alive to the need to make a STOR in respect of a client where there are high instances of 'following' through PAD followed by a relevant public announcement a few days later. The firm may in that situation also have to make a STOR in respect of its own employee(s).
In its October 2019 Market Watch, the FCA provides firms with a useful list of factors that should be taken into account when designing PAD policies. These are set out in full below:
- Where PAD creates conflict of interest or market abuse risk within its business model.
- How such risks can be adequately mitigated. This should include identifying if PAD of any sort, by front office and compliance staff in particular, presents risks that it cannot adequately mitigate within its business model.
- Given the easy access that employees have to a range of markets for PAD, including CFD and spread betting markets which are open round-the-clock, what effective monitoring and control of PAD it could do.
- How it ensures that employees are aware of their obligations.
- The appropriate degree to which it should rely on employees acting with integrity and following internal procedures and what level of post-trade monitoring of PAD activity is necessary to ensure employees comply with policies.
- What appropriate processes should be in place for assessing PAD requests and/or notifications submitted by employees so the firm can operate appropriate control.
- How such post-trade monitoring feeds into identification of potential suspicious activity which the firm can review and, if necessary, report to the FCA.
- Whether senior managers are leading by example when engaging in PAD and act as advocates of strict compliance with the firm’s PAD rules.
Whilst some/all of this may seem obvious, the FCA notes that it is all too often seeing relaxed 'tick-box' approach to PAD systems and controls. For example, firms that rely unquestioningly on the integrity of its employees, and employees that have no proper understanding of the PAD rules, despite making annual attestations to the contrary. The FCA therefore identifies PAD as an area where the culture is one of complacency. It also questions whether many firms' PAD systems and controls are really compliant with the Handbook requirements (at COBS 11.7 and 11.7A).
In a related FCA case-study on PAD conducted in the wholesale broking sector the FCA, the following illustrative issues were discovered:
- A divergence between what the policies required and actual practice.
- Over-reliance on employee attestations and a lack of oversight and monitoring.
- Firms not equating low levels of PAD notification with potential abuse.
- A generally low level of reported breaches of PAD rules and no STORs. The FCA believes that this may indicate breaches of PAD rules and a lack of appropriate oversight by firms.
Firms should revisit their PAD rules and systems on the basis of the FCA's renewed interest in PAD and its guidance (above). A low level of rule breach or number of STORs should not (without proper consideration) be equated with a low risk of misconduct. Firms that fail to have in place and to practically implement adequate systems, run the risk of FCA Enforcement activity. All the more so given that FCA transaction monitoring may identify abusive trading and then, based on that, a failing PAD policy.