In November 2018, the SEC published its second annual enforcement report which provides a summary of the SEC's enforcement-related work during 2018. Although the SEC and FCA hold different remits, it is instructive to consider the SEC report against the annual enforcement report which was published by the FCA earlier in 2018 to identify not only where both regulators have been active in the past but also possible future enforcement trends. Although the two reports are not directly comparable in certain respects (for example, aspects of the content of, the periods covered by, and the amount of detail in, the two reports differ), the key similarities and differences are noteworthy, particularly given the multi-jurisdictional and overlapping subject matter of many SEC and FCA investigations.
OVERALL ACTIVITY LEVELS
In their introduction to the SEC report, the Co-Directors of Enforcement emphasise that quantitative metrics such as "the raw number of cases filed or the total amounts of fines and penalties...cannot adequately measure the effectiveness of an enforcement program." Nevertheless, these broad measures do provide headline indicators of how active each regulator has been during the relevant period.
Number of cases commenced
- In 2018,1 the SEC brought 821 actions including 490 "stand alone" actions and 210 "follow-on" actions (proceedings in which the SEC seeks bars based on the outcome of SEC actions or actions by other regulators). This represents an increase on the total for 2017 (754) but is less than the total for 2016 (868).
- During the year,2 the FCA opened 302 cases (an increase from the total of 282 for the previous year) and, at the end of March 2018, the FCA had more than 500 open cases (an increase from the 410 open cases at 1 April 2017). The increase in activity reflects the FCA's "evolving" approach to investigations which are now viewed by the FCA as a diagnostic tool for finding out what has happened rather than as a precursor to contemplated enforcement action. As a result, the FCA is more willing to open an investigation if the statutory threshold is met but a corollary is that it is also closing more investigations without taking enforcement action (it closed 208 cases during the course of the year).
Total level of fines
- The picture which is presented by the total level of fines imposed by each regulator is more mixed. Whilst the total amount of penalties imposed by the SEC increased to US$1.439 billion (from US$832 million in 2017), a significant portion of this total (US$853 million) is attributable to the Petrobras case.3
- In contrast, the FCA only imposed 16 fines totalling 69.9 million. This compares with total fines of 181 million in 2016/17 and 884.6 million in 2015/16.
Types of investigation
- Unfortunately, the information given in the two reports about the types of cases which each regulator is investigating is not readily comparable. For its part, a significant number of the SEC's 490 "stand alone" cases concerned securities offerings (approximately 25%), investment advisory issues (approximately 22%) and issuer reporting/accounting and auditing (approximately 16%). The SEC also continued to bring actions relating to broker-dealer misconduct (13%), insider trading (10%) and market manipulation (7%).
- Of the investigations opened by the FCA during the year, insider dealing accounted for approximately 19%, culture/governance approximately 16% and financial crime approximately 15%.
The SEC report also describes the SEC's priorities for the year and its results and progress in achieving these goals. It is striking that these priorities closely reflect some of the key areas in which the FCA has been, and continues to be, active. We comment on each of these priorities below.
- Both the SEC and FCA are focused on individual accountability. In its report, the SEC notes that "Institutions act only through their employees, and holding culpable individuals responsible for wrongdoing is essential to achieving our goals of general and specific deterrence and protecting investors by removing bad actors from our markets." The SEC reported that it charged individuals in over 70% of its "stand alone" enforcement actions in the past year.
- Similarly, individual accountability has been a focus of the FCA for many years. In June 2013, the Parliamentary Commission on Banking Standards published a report regarding which the commission's Chairman, Andrew Tyrie MP, stated that "a lack of personal responsibility had been commonplace throughout the industry. Senior figures have continued to shelter behind an accountability firewall." As a result, the FCA introduced a new Senior Managers and Certification Regime ("SMCR") which seeks to clarify the allocation of responsibilities among senior management. SMCR came into effect for banks in March 2016 and has recently been extended to cover insurance companies. The FCA report does not provide details of the number of investigations which it has opened into individuals but, in response to a Freedom of Information Act request, the FCA confirmed in August 2018 that there were 19 investigations which were open into Senior Managers and Certified Persons. This indicates a slow start for enforcement under the SMCR but the significant increase in the number of investigations into culture/governance issues (48 cases opened during the year) suggests that the FCA is determined to ensure the SMCR is an effective deterrent.
- A priority for both regulators is the protection of retail investors. The SEC report notes that it investigates "hundreds of cases alleging misconduct perpetrated against retail investors" and that, during the course of the year, a total of US$794 million was returned to harmed investors.
- The SEC has established the Retail Strategy Task Force which is focused on the protection of retail investors. The FCA has within its Enforcement and Markets Oversight Division a Retail and Regulatory Investigations Directorate which has a similar focus.
- The FCA report does not provide details of the total amount of restitution which has been paid to investors but, during the course of the year, the FCA reported that in 3 cases, restitution totalling at least 250 million had been ordered or agreed to be paid.4
- The SEC has established a Cyber Unit which is focused on digital assets and initial coin offerings. The SEC has broadened its focus on cyber security and brought its first ever action against a public company for failing to disclose a massive cyber invasion.
- Although not reflected in its enforcement report, the FCA is also focused on cyber security issues. In a recent speech, the FCA's Executive Director of Supervision commented that the FCA had seen no immediate end to the escalation in tech and cyber incidents that are affecting UK financial services. In the year to October, firms had reported a 187% increase in tech "outages" to the FCA with 18% of all the incidents reported being cyber-related. In December 2018, the FCA announced the findings from a review of cyber security at a sample of firms in the asset management and wholesale banking sectors.
- The SEC's main enforcement goal is to impose a set of remedies that effectively targets the underlying misconduct and provides relief to those who have been wronged. The SEC noted that while most of its remedies are financial-based, it has been experimenting with supplementing that aspect with additional, nonfinancial sanctions. In one case, the CEO of a medical technology company was accused of using her super-majority voting power to defraud other shareholders. In a settlement agreement, the SEC stripped her of that super-majority power and implemented measures so that the benefit of any sale or liquidation event would go first to the injured shareholders before her.5 In another example, the CEO and Chairman of a car company was forced to resign his position as Chairman in addition to paying fines. The SEC also restructured the company's corporate governance by adding two new independent directors and a new independent director committee.6 Whilst the FCA has a broad range of sanctions which it can impose where misconduct is established, it has not sought to impose any comparable sanctions.
Effective Use of Limited Resources
- Finally, the SEC sought to allocate effectively its limited resources in 2018. The number of employees was down 10% from its peak in 2016, and the SEC is currently subject to a hiring freeze. Additionally, the SEC faced budgetary constraints that are likely to get worse after a 2017 Supreme Court decision which held that the SEC's claims for disgorgement are subject to a five-year statute of limitations.7 The SEC anticipates that this decision will cause it to forgo US$900 million in disgorgement.
- The FCA has also seen a reduction in the average number of employees in its Enforcement and Market Oversight Division 643 in 2018 down from 670 in 2017 although total income was subject to a small increase (up by 25.4 million to just over 600 million in 2018).