You may recall the fine imposed on 3 HSBC firms of over £3 million by the FSA for failing to have adequate systems and controls in place to protect their customers’ confidential details that were lost in the post on 2 occasions. Following on from this the FSA will publish shortly a response paper on a 2009 consultation aimed at increasing enforcement financial penalties that it can impose.
In its consultation paper, the FSA proposed the introduction of a 5 steps framework to determine the fine in an enforcement action:
- Step 1 - ‘disgorgement’ of any benefit derived as a result of the breach;
- Step 2 – determination of a figure reflecting ‘the nature, impact and seriousness of the breach’;
- Step 3 – adjustment of the Step 2 figure to reflect any aggravating or mitigating factors;
- Step 4 – ‘an upwards adjustment’ to the figure may be made ‘if necessary to ensure the penalty has an appropriate deterrent effect’;
- Step 5 – a settlement discount may be applied.
Under the proposed scheme the penalties imposed may vary depending on whether the fine is imposed on a firm or an individual. For cases against firms, the FSA propose arriving at the Step 2 figure by taking a percentage of the firm’s relevant income. According to the seriousness of the breach percentage fines will be applied at zero, 5, 10, or 20% of the firm’s income. In deciding the appropriate percentage fine the FSA propose taking into account various factors relating to the impact and seriousness of the breach.
For penalties imposed on individuals, the FSA propose fines of up to 40% of the individual’s income, calculated as the gross amount of all benefits received by the individual from the employment in connection to the breach and for the period of the breach. In relation to penalties against individuals for market abuse, the FSA propose a minimum fine of £100,000.We will keep you updated of any change to the FSA’s powers.