2012 has been a year of high profile actions by the UK Financial Services Authority (FSA) against senior managers for system and control failings of financial firms. It is also a year of many "first time" landmark penalties focusing on senior management behaviour that was previously under the radar of regulatory enforcement.
For example, on 1 October 2010, the FSA imposed a £100,000 fine on an employee of a Swiss bank, which marks the first time an individual has been fined by the FSA not for any personal wrongdoing, but for failing to do more to control the conduct of others. On 12 September 2012, the FSA banned former boss of a British bank from holding any senior position in a UK financial institution and fined him £500,000, the largest fine the FSA has ever levied against a senior executive, essentially holding him personally responsible for the alleged high risk strategies that led to a multi-billion pound bailout of the bank and subsequent takeover by another financial institution.
Senior management in financial firms based in Asia should be concerned about these developments. The long arm of the FSA has recently targeted not only foreign firms based in the UK, but may also extend its regulatory gaze to decisionmakers based in FSA-regulated financial firms in Asia.
OVERVIEW OF REGULATORY REGIME
The FSA’s statutory objectives, set out in section 2(2) of the Financial Services and Markets Act 2000 (Act) are the maintenance of confidence in the financial system, promoting financial stability, the protection of consumers and the reduction of financial crime.
Statements of Principle and a Code of Conduct for Approved Persons (APER) were issued pursuant to section 64 of the Act, and contain general statements regarding the fundamental obligations of approved persons under the regulatory system. An approved person is guilty of misconduct if he fails to comply with the Statements of Principle issued under section 64 of the Act.
The FSA has the power, pursuant to section 66 of the Act, to impose a financial penalty of such amount as it considers appropriate where it appears to the FSA that the person is guilty of misconduct. The FSA has the power, pursuant to section 56 of the Act, to make a prohibition order if it appears to the FSA that an individual is not a fit and proper person to perform functions in relation to a regulated activity carried on by an authorised person.
NEWLY APPOINTED CEO RESPONSIBLE TO INITIATE IMMEDIATE SYSTEMATIC OVERHAUL?
On 1 October 2010, the FSA issued a Decision Notice to a former CEO of the Wealth Management division of a Swiss bank, imposing a fine of £100,000. The ex-CEO was not accused of any personal wrongdoing, but attracted disciplinary action from be FSA for failing to "take reasonable steps to identify and remediate the serious flaws" in the bank's compliance and risk management systems as soon as he took over as CEO.
The crux of the FSA’s case against the ex-CEO was that he should have initiated a systematic overhaul to identify and remediate the serious flaws in the governance and risk management framework of the firm sooner than he did at the end of July 2007. Bearing in mind that the ex-CEO took over as CEO in September 2006, the FSA is essentially arguing that his actions over the course of 10 months immediately after he assumed the role was too little too late.
The ex-CEO of the Swiss bank challenged the FSA's decision in an appeal to the Upper Tribunal (Tax and Chancery Chamber) (Tribunal) which determined on 20 April 2012 that although some of the serious flaws alleged by the FSA were made out, it had not been established by the FSA that an overarching initial review would have been the reasonable step for the ex-CEO to take in the circumstances.
Had the FSA's decision stood, senior individuals in FSAregulated entities would have been subject to an extremely high standard. The only way to ensure compliance with regulatory obligations and avoid FSA enforcement action would be to initiate a comprehensive review of risk management practices whenever taking over a new senior management role within any regulated business. The Tribunal's decision makes clear that the FSA must present clear evidence that such an initial view is necessary in the circumstances.
The question remains, how much does a newly appointed CEO have to do to adequately comply with regulatory requirements? The Tribunal found that it was not unreasonable that a full initial review was not undertaken. The Tribunal considered that the following steps taken by the ex- CEO of the Swiss bank were a reasonable response for a newly appointed CEO, given the information he had at the time:
- Following the discovery of certain internal breaches and fraud in October 2006 and January 2007, he immediately took steps to remediate these issues, including engaging a third party firm to conduct a broader review. The FSA alleged that these issues were cumulative “warning signals” that should have prompted the ex-CEO to initiate a systemic overhaul review.
However, the Tribunal was not convinced that such incidents would have prompted, as a reasonable response, a systemic overhaul. The Tribunal thought it was reasonable for the ex-CEO, who was not a risk expert, to instead hold a meeting with his heads of risk and compliance to seek their expert opinion.
- On 30 March 2007, and as a result of increasing concern that there were gaps in governance and risk management frameworks prompted by a number of problems arising without prior warning to management, the ex-CEO initiated an informal risk strategy brainstorming meeting attended by the heads of compliance, risk management and risk control. The Tribunal concluded that the ex-CEO was entitled to rely on the expertise of his senior internal advisors since he was given no cause to challenge their assurances.
- At the end of July 2007, the ex-CEO having obtained the advice of the new Head of Operations, decided to initiate a comprehensive systemic review of the effectiveness of the control environment across all parts of the business. The FSA's pursuit of the ex-CEO of the Swiss bank shows its clear conviction that senior individuals within FSA regulated entities must take ownership of the governance and risk management processes within their organisations. To avoid personal liability for risk management failings, an executive must be able to show the adequacy of the processes and that they have taken all reasonable steps to ensure compliance. Newly appointed senior managers will not escape scrutiny.
PERSONAL RESPONSIBILITY FOR FAILED GROUP STRATEGY?
Whilst the FSA was thwarted on appeal against the former CEO of the Swiss bank, it may have been vindicated in its crusade against senior managers when it issued a final determination against another the former head of a British bank, which ranks him has one of the only bankers from a bailed out bank to have been personally held to account for the corporate culture and failed strategy that he presided over.
The crux of the FSA's case against the head of this embattled British bank was that he directed the Corporate Division of his firm to pursue an aggressive growth strategy in a hostile economic environment, where the level of control and oversight was not sufficiently robust to effectively assess, manage and mitigate the risks involved. Given that this bank boss pursued the aggressive growth strategy despite known weaknesses in the control framework, the FSA concluded that that his conduct constituted a failure to exercise due skill, care and diligence in managing the business of the firm.
The boss of the British bank raised the following arguments, which many senior managers in a similar position may consider a reasonable defence for taking calculated business risks in stormy economic climes:
- The growth strategy of the firm was agreed by the Group Board. Responsibility should be considered in the context of involvement of others – his role was one of oversight, and he was entitled to place reasonable reliance on information he received from others to make decisions in conjunction with others. Therefore it is inherently unfair that he should take the full brunt of disciplinary action for the failure of the British bank and conduct perceived to have contributed to the financial crisis.
- The financial crisis was so severe and worsened with such speed that it was not realistic to expect him to have planned for such an event. The strategy and approach taken by the Corporate Division was considered reasonable at that time. He should not be faulted for failing to predict the economic downturn since the British bank received both external and internal advice to support a positive assessment of the economy. It is only with the benefit of hindsight that it can be said they adopted the wrong strategy
- The risk management and controls framework was already in place at the time he assumed his senior role at the Corporate Division. The FSA did not complain at the time that the Corporate Division's systems and controls fell below the requisite standard. Furthermore, any pre-existing control failings were not evident to him and it was unreasonable to have expected him to have known of these flaws in the system.
The FSA rejected the bank boss’s defences. The FSA’s message to senior managers is that those who make high risk bets will bear the solitude of their decision. There is no “safety in numbers” where decision-making is concerned – senior managers cannot hide behind committees and “group think.” The scope of the bank boss’s role in this case was to have oversight of systems and controls of the firm, and as such a significant degree of reliance had been placed on his judgment and experience. The FSA therefore concluded that it was up to him and no-one else to ensure such systems and controls were compliant with regulatory standards.
The FSA has also demonstrated that it will be prepared to question the quality of business decisions with the benefit of hindsight. The FSA concluded that the bank boss’s decision to direct the aggressive growth strategy when he should have been aware of the weaknesses with management and control structures was an unreasonable decision. Even though the FSA accepted that the full severity of the financial crisis was not reasonably foreseeable, nevertheless the FSA said that this does not excuse the bank boss’s conduct. The severity of the financial crisis merely served to subsequently highlight and uncover the disastrous consequences of such conduct. Furthermore, just because the FSA did not, in its on-going supervisory review of the firm, have the foresight to uncover such structural weaknesses before the disastrous consequences could arise, does not mean that the senior manager would be forgiven.
WHAT MUST THE FSA PROVE – REASONABLENESS AND DUE SKILL, CARE, AND DILIGENCE
What is the yardstick of "reasonableness" when making tough business decisions in tough times? There could be subtle but important variances in the standard required to be met, depending on which Statement of Principle of APER is alleged by the FSA to have been breached.
The case against the ex-CEO of the Swiss bank is that he breached Statement of Principle 7 of APER, which states:
“An approved person performing a significant influence function must take reasonable steps to ensure that the business of the firm for which he is responsible in his controlled function complies with the relevant requirements and standards of the regulatory system”.
The case against the head of the Corporate Division of the British bank is that he breached Statement of Principle 6 of APER, which states:
“An approved person performing a significant influence function must exercise due skill, care and diligence in managing the business of the firm for which he is responsible in his control function.”
APER 3.1.4G provides that an approved person will only be in breach of a Statement of Principle where he is personally culpable – his conduct was deliberate or below that which is reasonable in all the circumstances. In other words, an approved person will not be in breach simply because a regulatory failure occurred in an area of business for which he is responsible.
Since the FSA did not allege that the conduct of the ex-CEO of the Swiss bank was deliberate, the burden was on the FSA to prove that he acted outside the bounds of reasonableness. Furthermore, given that the crux of the FSA’s case was on the timing of the systematic overhaul (not that such overhaul was inadequate or had not undertaken at all), then implicitly the FSA had to prove that conducting a systematic overhaul 10 months after assuming the role of CEO was outside the bounds of reasonableness. The FSA failed to satisfy the Tribunal that the Swiss bank boss acted unreasonably.
The impugned head of the Corporate Division of the British bank sought to rely on the FSA's earlier failure to show that the Swiss bank boss had acted unreasonably, by arguing that the FSA had the burden of showing his conduct failed to meet a very high standard of subjective reasonableness. He argued that the threshold of reasonableness was so high that that the FSA had to show what he did was beyond the range of plausible judgment. However, in the case of the British banker, the FSA had relied on Principle 6, which introduces an objective test of due skill, care and diligence. Furthermore, the FSA had pleaded its case more broadly in the case of the British banker - the FSA was not fettered to consider merely the timing of certain conduct, but had the scope to consider the British banker's conduct more broadly.
ASIAN FIRMS EXPANDING IN THE UK SHOULD BE AWARE OF THE FSA'S NEW PROACTIVE APPROACH
As part of the British banker's defence against the FSA allegations, he made a well-aimed dig at the FSA for itself not pre-empting the troubles of the embattled British bank. If the FSA had such a degree of foresight, then why did it not preempt the bank's woes? This is an issue the FSA is well aware of, as demonstrated in the swansong speech of exiting FSA Chief Executive Victor Sants: "The FSA has changed radically over the past five years. The FSA is now operating on a more "intensive" approach to supervision. This is designed to replace the old reactive style with a proactive "outcomes based" approach."1
The FSA will be prepared to take this new pro-active approach with foreign firms operating in London, as demonstrated by another severe enforcement outcome against a Japanese insurer and its former executive chairman and managing director of the London branch.
The insurance company considered that the Japanese market had become saturated and therefore focused on expanding its European business from a London base, supported by the secondment of its senior management employee from Japan to the branch office in London to act as executive chairman and managing director of the London branch. Other senior employees were also rotated to work in senior management positions at the London branch office from Japan, with little or no prior European experience.
The FSA accused the ex-executive chairman and managing director of the London branch of failing to ensure management positions were filled appropriately with staff experienced in European markets. The FSA also highlighted as a key failure the fact that he permitted the continued expansion of the European business in London without reasonably assessing or implementing the controls over the branch business required to support that expansion. Whilst these accusations indicate that senior management "dropped the ball", arguably there was no tangible harm done to the public. Nevertheless, as part of the FSA's proactive approach, the FSA will be looking to root out management weaknesses before they lead to the problems of the magnitude experienced in the financial crisis. Foreign firms looking to undertake similar expansion strategies in London, or with similar secondment programs, should be aware that the exexecutive chairman and managing director of the London branch was personally fined £100,000 and banned from working in London in the financial services sector as a result of these control failings.
REPORTS BY SKILLED PERSONS – INTRUSIVE FSA SUPERVISION OF BRITISH BANKS IN ASIA
Section 166 of the Act gives the FSA power to require banks to engage an independent third party firm, at the bank's own expense, to conduct a review and provide the FSA with a report as a diagnostic, monitoring or remedial tool (Skilled Persons Report).
FSA-regulated financial firms in Asia would be subject to supervision by local financial services regulators. Additionally, FSA-regulated financial firms in Asia would be well aware that parallel reporting requirements must be also be satisfied with respect to the FSA, which may include compliance with producing a Skilled Persons Report. Therefore in addition to any internal review conducted by the bank itself to satisfy reporting to local regulators, the FSA may demand a duplication inquiry be conducted. This may result in extensive and significant duplication of cost and effort for British banks operating in Asia with multiple reporting obligations.
In an effort to avoid repetition of the recent structural failings of financial firms, the emerging theme in the recent FSA cases is that the FSA will scrutinise the conduct of new senior managers, and proactively inquire into the reasonableness of management decisions. The FSA will take a dim view of senior managers who pursue profitable high risk or expansionist strategies without regard for risk management. UK branches of overseas financial institutions and conversely British banks in Asia will not escape the long arm of the FSA's intrusive regulatory supervision.