For a number of years the FSA have been seeking to pursue the approach to enforcement of punishing senior management for failings within a regulated firm in addition to or even instead of the firm itself. There is some logic to such an approach, which is likely to win hearty support from shareholders of an organisation who, in the most extreme of situations, would rather that the (likely already) departed senior management suffer the regulator’s punishment rather than the balance sheet of the firm.
However, the FSA have had limited success with this approach. With respect to the executives of the failed Royal Bank of Scotland, the official report found that no individual could be found legally responsible for the failure under existing rules, with the FSA seeking an amendment to the rules in the future.
It was revealed that the FSA had experienced a material setback in enforcing its interpretation of existing regulatory obligations for senior management (a term used in this context to denote Significant Influence Function, or “SIF”, holders as so defined within the FSA rulebook) with the Upper Tribunal unanimously finding that John Pottage, former Chief Executive of UBS’ Wealth Management Division, had not been deficient in carrying out his role. The FSA had previously decided to fine Pottage £100,000 for breaches of Principle 7 of the Principles for Approved Persons which requires reasonable steps to ensure that a business complies with regulatory rules and standards.
The Tribunal upheld Pottage’s challenge to the FSA’s decision, determining that there was no evidence that Pottage had breached his regulatory obligations. In a statement in response, the FSA said that it had always recognised that pursuing disciplinary action against senior management in large firms is very challenging.
Client Assets Operational Oversight function
In terms of FSA policy, it has become apparent from recent policy initiatives and also interactions with firms that the FSA is insisting that senior executives be named as responsible for particular regulatory matters. The best example of this is the new Client Assets Operational Oversight function.
On the one hand, naming a specific individual adds clarity to the matter and increases the prospects of a good outcome in the relevant area. However, it raises the concerning issue of accountability for the individual concerned who may ultimately bear sole responsibility if a material issue manifests.
There is surely a danger that personal responsibility and ultimately bans and fines may deter some perfectly competent staff from assuming the really important roles. This could be counterproductive to the FSA’s stated policy (as per Consultation Paper 10/3: Effective Corporate Governance) that “firms must make sure that the right people are in place for all key roles”.
One could also imagine a situation in which “senior” SIF holders allocate roles and responsibilities in a way that ensures that “junior” SIF holders have the reallydangerous targets on their backs. This may already be apparent in a firm which has registered a Compliance Officer as the CF10 (the Compliance Oversight Function, a necessary registration at each firm under the Approved Person’s regime), but without that person truly wielding the level of influence contemplated by the role’s definition, which expects the CF10 to be a director or senior manager of the firm. If not a director or partner of the firm, CF10s need to ask themselves whether they are truly a senior manager within the firm. The FSA’s expectations of them will be at that level.
The extent of personal risk to CF10s is brought home by a number of enforcement actions against such persons in recent months resulting in fines and bans. Like all SIFs, CF10s need to be aware of, engage with and meet the regulatory expectations of them.
In the enforcement case against Alexander Ten-Holter, trader and former compliance officer at Greenlight Capital (UK) LLP, the outcome of which was published in January 2012, the FSA expressed its view that, “It is the role of the compliance function to ensure, so far as possible, that no mistakes, misjudgements or deliberate breaches occur and that policies, procedures and regulatory requirements are adhered to”. This greatly exceeds the current definition of the role within the FSA’s rulebook (at SYSC 6.1) which describes it as involving monitoring on a regular basis the effectiveness of the firm’s procedures and also advising and assisting the firm’s compliance with its obligations.
The FSA’s unilaterally applied adornments to the compliance position’s duties, as virtuous as they are troubling, come at a time when firms and their compliance staff are already burdened with a huge volume of regulatory change, both nationally and internationally. If any job description for a compliance officer were to suggest that a single individual was responsible for seeking to ensure that a firm meet its regulatory obligations, you would be tempted to redraft it to ensure a more collective responsibility – in keeping with the FSA’s own mantra of senior management responsibility. Failing that, the role in question would need to carry a very high risk premium.
The compliance function should be seen as an advising, checking, and catalytic role, performed under delegation from the principals of the business. This model stems from the time of the FSA’s seminal consultation on senior management responsibility of 1999 which helped persuade business principals that they retained institutional responsibility for everything.
It would be an enormously retrospective step if senior management of regulated financial services firms were now able to rely on the FSA’s words to hold compliance staff responsible for all material compliance shortcomings. Previously ribbed as the office policeman and business prevention unit, compliance departments may now face the prospect of a deafening silence when they get things right and the double jeopardy of FSA enforcement and internal blame when they – or anyone else – gets something wrong.
While not wishing to dispute the importance of the use of the FSA’s power to punish (fairly and appropriately) shortcomings by individuals in positions of responsibility, it would clearly be an unintended consequence of the FSA’s enforcement strategy if talented persons were dissuaded from performing important management and compliance roles at financial services firms. This feels like the urban myth (if it is even that) that no one holds ladders in the US as they wish to avoid incurring legal obligations to the person up the ladder.
In seeking to deter credibly and also fairly, the FSA must itself make the right judgements. It should not use enforcement cases to exact and simultaneously set higher standards than provided for by the existing rules, as they wouldonly be checked in circumstances in which punished parties have the fortitude and finances to appeal.