Regulatory Round up: October 2023
The FCA published its decision notice on 12th October; James Staley has referred the notice to the Upper Tribunal, so this notice is provisional.
Staley – who was CEO of Barclays – was found by the FCA to have “recklessly approved a letter sent by Barclays to the Authority on 8 October 2019 which contained two misleading statements, about the nature of his relationship with Jeffrey Epstein and the point of their last contact”. In this case, the FCA found Mr Staley had failed to comply with individual conduct rule 1 (you must act with integrity), individual conduct rule 3 (you must be open and cooperative with the regulators), and senior manager conduct rule 4 (you must disclose appropriately any information of which the FCA or the PRA would reasonably expect notice).
In 2019, the FCA contacted Barclays to ask how it had satisfied itself that there was no impropriety in the relationship between Epstein and Staley. The resulting letter was found to contain two misleading aspects.
Firstly, that the relationship between Staley and Epstein was stated as ‘not close’, however the FCA found that Staley disclosed details of discussions he was having with Barclays prior to his appointment as CEO and other information which was not in the public domain and was very confidential. In the space of 53 months, they exchanged more than 1,100 emails. There is evidence that Mr Staley described Mr Epstein as one of his “deepest” and “most cherished” friends. This is contrary to the letter to the FCA which implied a distance between the two.
In addition, given the downplaying of a close association and public statements that suggested Mr Staley had allowed no connection between Mr Epstein and his professional life, the FCA found that Staley was aware of the risk of the association to his reputation and career. The FCA said that the role of CEO requires sound judgment and the setting of a good example to other staff. By approving a letter with two misleading statements, the FCA found that he failed to comply with the conduct rules requiring open cooperation with the regulator.
Given that the Conduct Rules require the most senior staff in a firm to demonstrate good judgment, integrity and frank and open dealings with the regulator, the FCA has both fined Mr Staley £1,812,800 and made an order prohibiting him from performing any senior management or significant influence function in relation to regulated activities, effectively banning him from the UK’s financial industry.
This case is not connected to the earlier case, in which he was fined £642,430 for failing to act with due skill, care and diligence in a whistleblower case.
FCA fines Equifax Ltd £11m for cyber security breach
At the crux of the case, Equifax Ltd, which operates in the UK, sent UK consumer data to its parent company Equifax Inc, based in the US. Cyber-hackers accessed Equifax Inc’s servers and the data of UK consumers including names, dates of birth, phone numbers, login details, partial credit card details and residential addresses.
The FCA says that the cyberattack and unauthorised access was “entirely preventable”; Equifax Ltd should have identified its relationship with its parent company as outsourcing. It did not and failed to provide sufficient oversight of data management or act in response to known weaknesses in Equifax Inc’s security systems.
Equifax did not find out that UK data had been compromised until six weeks after Equifax Inc discovered the attack, and was only informed five minutes before it announced the incident. This meant that Equifax did not have sufficient ability to cope with complaints that were made in that initial period.
The FCA also found fault with communications with customers, with several statements giving an inaccurate impression of the number of consumers affected.
The FCA notice highlights breaches of Principle 3 (a firm must take reasonable care to organize and control its affairs responsibly and effectively, with adequate risk management systems) due to a failure to put into place appropriate risk management frameworks and Principle 6 (a firm must pay due regard to the interests of its customers and treat them fairly) and Principle 7 (a firm must pay due regard to the information needs of its clients and communicate information to them in a way that is clear, fair and not misleading) in its failure to offer accurate information around the breach.
The Information Commissioner had previously investigated the breach and imposed a fine of £500,000 in 2018.
FCA’s new Form A
A blog post by the Chief Operating Officer and Executive Director, Authorisations, highlights changes to SMF applications through an updated Form A. It is one of the most used forms and improvements include simplification of language, improved accessibility and better guidance. Duplicative requests for information are also being removed.
Once the form is available to your firm, you will be contacted via firstname.lastname@example.org with information on accessing the form. The old Form A can continue to be used during the transition, but will be scrapped when the rollout is complete.
The FCA plan to update other application firms, as well as reduce the overall number of forms, and will be using new technology so that any changes needed can be made quickly.
FCA censures London Capital and Finance plc
The firm is insolvent and in administration and so no fine has been imposed to ensure that bondhold creditors do not lose out. The Financial Promotions the firm used “presented a misleading picture of the minibonds and made them appear a far more attractive investment than they were. Investors were not told about the true nature of the minibonds, including the presence of hidden charges and the high-risk and unsustainable nature of the lending being carried out by LCF.”
The FCA also found that LCF used bondholders’ money to fund comparison websites to showcase its minibonds next to safer investments, which had the “effect of enticing retail investors into investing in LCF’s high-risk products.”
Gateway for firms who approve financial promotions
The FCA have now set out their final policy position on the introduction of a gateway for firms who approve financial promotions.
Under the new rules, anyone approving financial marketing for unregulated firms will need to demonstrate that they have sufficient skills and expertise to both understand the product and make sure that the promotion is accurate and offers a fair balance on the risk and reward.
The application window is open from 6 November 2023 to 6 February 2024. If firms wish to continue approving adverts, they will need to apply; firms who have submitted an application but do not receive a decision before the 7 February implementation of the rules can continue to approve adverts until they receive a decision.
PRA proposal to update SM&CR forms C and D for the Consumer Duty
In the October Consultation Paper the PRA is proposing updates for the forms that notify the PRA and FCA that someone has permanently ceased to perform a senior management function, including in the case of disciplinary action and for changes to personal information.
The Consumer Duty introduced a new individual conduct rule and this will be added to Forms C and D so that the forms can be used to notify the PRA and FCA of breaches of that rule.
The Consultation Closed on 13 November 2023.
PRA Statement on its intent to run a dynamic general insurance stress test in 2025
The exercise will aim to:
Assess the industry’s solvency and liquidity resilience to a specific adverse scenario
Assess the effectiveness of insurers’ risk management and management actions following an adverse scenario
Inform the PRA’s supervisory response following a market-wise adverse scenario.
The PRA intends to engage with the industry over the next few months, providing more details of the exercise in 2024.
Financial Services regulation continues to change apace. Continuous learning is not a luxury, but a necessity to ensure your staff have confidence to tackle the challenge of the changing landscape and support customers to the standard expected by the regulators.
Our range of online courses support essential skills and knowledge, enabling a proactive compliance knowledge that will give staff at all levels the confidence to know they’re informed, aligned with regulatory expectations and able to be responsive to any situation.
Our Financial Difficulties course equips your team with compassionate and effective strategies to identify and act on indicators of financial difficulties in customers, maintaining trust with those affected to find an appropriate solution. Our AML and Financial Crime course explains the complexities of Anti-Money Laundering clearly and simply, safeguarding your firm against the financial and compliance risks of illicit financial activities.