This bulletin deals with the FCA’s powers to request information from regulated firms. It
- describes how the FCA can request information on either a formal or informal basis;
- provides practical tips for efficient management of information requests; and
- highlights key FCA sources of guidance and information to assist regulated firms with the smooth management of information requests and their relationship with the FCA.
What powers does the FCA have to request information?
The FCA’s powers in relation to information requests exist to support Principle 11 (the firm’s obligation to deal openly and make appropriate disclosure to the Regulator).
The Supervision Manual (Chapter 2) and the Enforcement Guide (Chapter 3) provide helpful guidance on information requests/ provision in the context of FCA Supervision and Enforcement respectively.
In practice, the FCA relies a good deal on its expectation that firms will co-operate and respond to requests, thereby providing much of the information it requires in a Supervisory context (see SUP 2.3 in the Handbook for example). In addition it has specific statutory
powers under the Financial Services and Markets Act 2000 (FSMA), in particular under sections 165 to 168 which can be used to support the FCA’s supervisory role and in an investigatory context. These include powers to:
- require firms to provide information and documents;
- appoint investigators to investigate both general and specific concerns;
- require the production of a report by a skilled person or instruct a skilled person to prepare a report.
As summarised briefly in Financial Services Series #2, firms may also provide information to the FCA voluntarily and the FCA may request that they do.
There are pros and cons to choosing to provide information voluntarily. Firms will want to demonstrate their co-operation with the FCA but may have genuine concerns that voluntary provision of information may cause problems with their clients and their clients’ confidentiality or invite the FCA to query or challenge wider issues. Sensitive issues around the treatment of privileged documents are dealt with below.
In some cases, a request for voluntary disclosure if declined may lead to a formal request for information in any event.
Who can the FCA request information from?
The FCA can request information not just from individuals or firms who are authorised but from anyone who has ever been authorised (even if they are not currently). Group companies can face requests, as can employees.
There may be multiple requests so be prepared actively to manage the process - It will be more efficient if one person is managing and taking ownership of all document requests from the FCA. The FCA has the power to appoint someone to collect and update information if it is not happy with the information provided.
Information request vs. mandatory requirement - If providing information voluntarily will cause you problems with client confidentiality, explain this. This may be the case in particular for banks. It may be sensible, following discussion with the FCA to ask them to exercise their powers to require information. This shows a co-operative, collaborative approach to the FCA’s request, but provides you with some protection.
What can the FCA request?
The FCA can ask for specific information or documents, or particular types of information or documents. Documents, unsurprisingly, includes emails and other electronic records and telephone recordings. The FCA will expect electronic records to be provided in a form that they can read and process. In some circumstances this may be best achieved by engaging the services of a specialist electronic disclosure provider.
The issue of legal privilege is one which requires careful legal and practical analysis in the light of the circumstances of each particular case. Firms are entitled to refuse to disclose what are referred to in FSMA as “protected items” (in effect a reference to privileged documents e.g. legal advice). Whilst there are circumstances in which a firm might decide to waive privilege of certain protected items (for example reports it may have had commissioned), this should only be done after careful consideration and in a way to minimise the prospect of wider disclosure. Guidance on the FCA’s approach to the commissioning and disclosure of such reports is in chapter 3 of the Enforcement Guide (see in particular EG 3.25-3.31).
Before waiver, firms should consider whether there is any other party whose consent is required. In Ford v FSA, a regulated firm waived privilege over legal advice and provided it to the FSA. However, the court subsequently determined that the advice had been provided to certain directors and officers of the firm as well and privilege could only be waived jointly by the firm and the directors/officers.
Response to requests for information from the FCA will need to be managed carefully and records should in any event be kept of documents provided for future reference (in particular to assist in any enforcement action which may follow).
What happens to information once the FCA has it?
The FCA itself is subject to statutory restrictions regarding the onward disclosure of confidential information it has received.
However, firms need to have in mind that these obligations do not prevent disclosure altogether. In particular, confidential information may be passed on via designated “gateways” to other regulators (e.g. the PRA/overseas regulators). In practice, even if a firm has an agreement with the FCA as to how that information is to be treated, once any information is passed on by the FCA, it becomes difficult for the firm or individual to maintain control over it.
Finally, as a public authority, the FCA receives requests under the Freedom of Information Act (“FOIA”) for disclosure of information it holds. The FCA is obliged to deal with the requests in accordance with the FOIA and, if necessary, make disclosure. Whilst there are a range of exemptions which may apply to the general right of access, the Information Commissioner’s Office (ICO) generally likes to interpret the ambit of these exemptions in a restrictive way, requiring the public authority to make disclosure. This has brought the ICO and FSA/FCA into dispute fairly regularly. Each case turns on its facts but, on a number of occasions, the FSA/FCA has ultimately being declared in breach and required to make disclosure of information requested.
The FCA’s Enforcement Guide describes (in section 3) the FCA’s approach when exercising its information-gathering and
investigatory powers. It also contains an explanation of the FCA’s approach and policy in relation to certain types of information.
The points made above about privilege and protected items are likely to be of particular sensitivity if a firm is involved in actual or potential investigation or enforcement action.
Information management - Having one person managing document requests (see above) will also give the FCA a clear point of contact and this person will also be well placed to explain what searches have been undertaken at any one time. The ability to provide a sensible explanation could be crucial if you need to discuss with the FCA why a particular request is not practical or possible, especially in relation to wide- ranging requests.
Information format - It pays to check what form the FCA intends to process the information in. If the format causes problems with access or processing, the FCA is likely to re-request the information in a different form. Duplicate provision is costly and time consuming.
Privileged information - Review whether any documentation is legally privileged and how it can be ring- fenced. If privileged material is to be provided, care needs to be taken that privilege is not lost in other contexts.
Further practical information
This bulletin can only provide a high level overview. For further, more detailed information the FCA has published a number of potentially helpful resources:
Click here to view table.