Spotting the banana skins - avoiding FCA enforcement through better compliance oversight
description
Transcript of Spotting the banana skins - avoiding FCA enforcement through better compliance oversight
Spotting the banana skins…. Day-to-day compliance oversight: avoiding slipping up
Briefing
Thursday 1st May 2014
Nicola Green & Melanie Tillotson
2
Overview
• Current enforcement trends
• FCA requirements on firms and individuals
• Case studies
• Practical steps – compliance monitoring and beyond
FSA/FCA fines are up 50%
3
0
50
100
150
200
250
300
350
400
450
500
2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013
£ m
The FCA’s powers go beyond just fines
FCA has a wide range of enforcement powers:
• Withdraw a firm’s authorisation
• Prohibit an individual from working in financial services
• Suspend a firm or individual
• Prosecute unauthorised individuals
Other ‘tools’:
• Attestation: “focusing the attention on responsibility
and accountability”
NB:FCA action can create conflict between individual and firm
4
Publicity can now come earlier
• Warnings notices issued after decision to take action
• New powers under Financial Services Act 2012 to
promote transparency of enforcement
• FCA will in most cases publish some detail of the
warnings notice and will ordinarily identify a firm
• FCA will not ordinarily identify an individual
• 14 days to challenge disclosure
5
Understanding evolution of FCA thinking
Financial Services (Banking Reform) Act 2013
• Enhanced regime for banks, building societies
• Reversal of burden of proof
• Extension of limitation period to 6 years
• FCA/PRA Consultation
“…fining of individuals more of a deterrent”
Martin Wheatley
“…FCA clearly committed to achieving a credible deterrent and
using enforcement to demonstrate societal disapproval”
Tracey McDermott
6
FCA requirements on firms
A few themes come up in regularly in enforcement notices:
• FCA Principles for Business
3. A firm must take reasonable care to organise and control
its affairs responsibly and effectively, with adequate risk
management systems.
7
FCA requirements on individuals
• Statements of Principle for Approved Persons
6. An approved person performing an accountable significant-
influence function must exercise due skill, care and diligence in
managing the business of the firm for which he is responsible in
his accountable function.
7. An approved person performing an accountable significant-
influence function must take reasonable steps to ensure that the
business of the firm for which he is responsible in his
accountable function complies with the relevant requirements
and standards of the regulatory system.
8
FCA requirements on firms
• Senior Management Arrangements, Systems and Controls
6.1.3(R) A common platform firm and a management company
must maintain a permanent and effective compliance function
which operates independently…to monitor and, on a regular
basis, to assess the adequacy and effectiveness of the
measures and procedures put in place in accordance with SYSC
6.1.2 R, and the actions taken to address any deficiencies in the
firm's compliance with its obligations.
9
Case studies
• John Leslie and Jeffrey Bennett – £28,000 fine each
• Promotion of Unregulated Collective Investment
Schemes (UCIS)
• Systems and controls failures
• Poor oversight
• Lack of challenge of advice
10
Case studies
• John Pottage/UBS – initial FCA enforcement against
individual overturned by Upper Tribunal, firm fined £8m.
• Initial assessment of governance
• Risk focus must be justifiable
• Compliance team – procedures, resources, training
• First line of defence reliance
• Management information
11
Case studies
• Lloyds TSB Bank – £28m fine
• Risk focus must be justifiable
• File review failures should be red flag
• Remuneration arrangements should reflect compliance
• Trend and root cause analysis
12
Case studies
• Alison Moran – Compliance Officer – £20k fine
• Failure to challenge CEO
• Poor documentation of legal advice
• Jurisdictional issues
• Resourcing
13
Case studies
• Habib Bank AG Zurich – £525k fine
• Senior management oversight
• Management information
• Risk management
14
Case studies
• Homeserve Membership Limited – £30.6m fine
• Insufficient Board engagement
• Failure to address issues identified
15
Case studies
• Santander UK Plc – £12.3m fine
• Risk basis must be justifiable
• Holistic approach to file reviews not taken
• Management information able to facilitate action
• Poor monitoring of remedial actions
16
Compliance monitoring…
…the best way to avoid the banana skins!
The Three Lines of Defence:
17
The business – frontline staff
Control functions – risk and compliance
Internal & external
audit
Effective compliance monitoring
• Identify the regulatory risks faced
• Determine an effective way to assess management of
those risks and adherence to regulatory standards
• Culture is key – monitoring should be seen as a normal
part of the business
• Adequately resourced compliance monitoring function
• Effective documentation and reporting of findings
• Issue tracking and resolution management
• Root cause and trend analysis
• Board reporting
18
Compliance’s role beyond monitoring
• Contextualising and identifying risk – customer focus
• Reporting: Principle 11 – cooperation with the FCA
• Recording: Board/Management reports and minutes
• Reviewing and recording external advice
• ‘Probing’ internal ‘experts’ – ‘trust but verify’
• RESOURCES
19
Avoiding the banana skins
Ensure the decisions you take are:
• Reasoned
• Reasonable
• Recorded
• Disclosable
20
Questions
We appreciate your feedback
21