The FCA’s annual Business Plan sets out its main areas of focus for 2019/20. As well as being a look to the year ahead, the Business Plan reflects areas of focus of FCA enforcement action over the past year. This blog discusses four such priority areas and examples of recent enforcement action taken by the FCA in relation to: culture and governance; operational resilience; financial crime and money laundering; and the treatment of customers.

1. Firm’s culture and governance

The FCA continues to focus on individual accountability and cultural change, following the introduction of the Senior Managers and Certification Regime (“SMCR”) for banks and insurers. SMCR will soon be extended to all authorised firms. We expect individual accountability, culture and governance to continue to be areas of focus for FCA Enforcement, in line with its stated aim to investigate firms and individuals concurrently.

The following examples of enforcement action over the past year exemplify this trend:

  • On 1 March 2018, the FCA banned Paul Flowers, former Chair of Co-op Bank, from the financial services industry for failing to act with integrity. The FCA found that on several occasions while Chair, Mr Flowers: (a) used his work mobile telephone to call a premium rate chat line; and (b) used his work email account to send and receive sexually explicit and otherwise inappropriate messages, and to discuss illegal drugs.
  • On 11 May 2018, the FCA and PRA jointly fined James Staley, CEO of Barclays Group, £642,430 for failing to act with due skill, care and diligence in the way he dealt with an anonymous letter, which risked undermining confidence in Barclays’ whistleblowing policy and the protection it afforded to whistleblowers. Barclays is also now subject to special requirements by which it must report annually to the regulators detailing how it handles whistleblowing, with personal attestations required from those Senior Managers responsible for the relevant systems and controls.
  • On 16 May 2018, the FCA published a Decision Notice seeking to fine Mohammad Prodhan, former CEO of Sonali Bank (UK) Limited (“SBUK”), £76,400, for acting without due skill, care and diligence and for being knowingly concerned in a breach by SBUK of its obligations to maintain effective AML systems. According to the Decision Notice, Mr Prodhan was the senior manager at SBUK with responsibility for the establishment and maintenance of effective AML systems and controls. Mr Prodhan has referred this Decision Notice to the Upper Tribunal.

2. Operational resilience

In today’s world, technology is integral to the delivery of financial products and services. This brings both significant benefits and risks to firms and their customers. The disruption from technology outages and cyber-attacks is an on-going challenge for firms, including from regulatory, financial crime and data protection perspectives.

The importance of having robust operational systems and controls, and the willingness of the FCA to take enforcement action in respect of deficiencies in such areas, is exemplified by a Final Notice issued in late 2018:

  • On 1 October 2018, the FCA fined Tesco Personal Finance plc (“Tesco Bank”) £16,400,000 for failing to exercise due skill, care and diligence in protecting its personal current account holders against a cyber attack in 2016. The FCA found that the cyber attack should have been largely avoidable, but that the cyber attackers had been able to exploit deficiencies in Tesco Bank’s design of its debit card, its financial crime controls and in its Financial Crime Operations Team.

Financial crime and anti-money laundering (“AML”)

One of the FCA’s main aims is to stop the UK financial sector from being used to facilitate financial crime. (See related blog FCA Business Plan 2019-20: priority to make the UK’s financial markets a difficult target for criminals.)

This is done by working closely with other UK and international agencies, and via monitoring data and intelligence received from firms and other market participants. Three recent examples of FCA enforcement action emphasise the importance of firms implementing proper systems and controls regarding AML and transaction reporting, and we expect this to continue to be a focus area:

  • On 6 June 2018, the FCA fined Canara Bank £896,100 and imposed a restriction, preventing it from accepting deposits from new customers for 147 days, due to inadequate AML systems and controls.
  • On 7 June 2018, the FCA sought to impose a fine of £409,300 on Linear Investments Limited for failing to take reasonable care to organise and control its affairs responsibly and effectively to ensure potential instances of market abuse could be detected and reported. On 9 April 2019, the Upper Tribunal upheld the level of penalty imposed by the FCA. This was the first decision by the Upper Tribunal under the FCA’s partly contested cases process.
  • In March 2019, the FCA fined UBS AG £27.6m and Goldman Sachs International (GSI) £34.3m for failings relating to the submission of transaction reports. The FCA found that between 2007 and 2017 both firms failed to provide complete and accurate information in relation to reportable transactions. The FCA also identified failings relating to aspects of both firms’ change management processes, their maintenance of the reference data used in reporting and how they tested whether all the transactions reported to the FCA were accurate and complete.

4. Fair treatment of existing customers

Over the past year, the FCA and other agencies, such as the Competition and Markets Authority (“CMA”), have raised concerns that firms often have strong incentives to offer better deals and service to new or prospective customers, to the detriment of existing customers. In other words, consumers are penalised for their loyalty. This is likely to be a key area for the FCA and CMA in the coming year.

More generally, the FCA continues to take action against firms when it appears that customers are not being treated fairly, for example in relation to complaints handling or the mis-selling of products:

  • On 29 October 2018, the FCA fined Liberty Mutual Insurance Europe SE (“Liberty”) £5,280,800 for failures in its oversight of mobile phone insurance claims and complaints handling processes administered through a third party. The FCA found that Liberty’s failure to effectively supervise and monitor the third party’s activities meant that its customers were exposed to the possibility that their claims and complaints would not be handled fairly.
  • On 19 December 2018, the FCA fined Santander UK Plc £32.8m for failing to ensure that its probate and bereavement process paid due regard to the interests of its customers and those who represented them on their death and treated them fairly. For example, in some cases, funds were held for many years contributing to beneficiaries being deprived of the use of them for a considerable amount of time.
  • On 13 March 2019, the FCA fined The Carphone Warehouse £29,107,600 for failings that led to the mis-selling of ’Geek Squad’, a mobile phone insurance and technical support product. The FCA found The Carphone Warehouse failed to give its sales consultants the right training to give suitable advice to customers. In particular, sales consultants were not trained adequately to assess a customer’s needs to determine whether Geek Squad was suitable. It also failed to properly consider high cancellation rates – an indicator of a risk of mis-selling.