Since the introduction of the SM&CR regime we have helped many clients through our training programs for Senior Managers and under the IDD training for other staff to get a better understanding of what it means to be subject to the Conduct Rules – whether individual or for senior managers. Through this we have identified a very common theme: everyone wants to know what meeting the conduct rules entail.
Another interesting and common feature we see during our training is that many smaller business owners believe that they are in some way shielded from the full force of the regulatory system by the principal of proportionality. This is partially true but regrettably not in the way that they believe it operates. Proportionality operates so that a business needs to have in place an appropriate system of governance and controls to match their business models. However, many SME business owners believe that this means small business equals few controls. That is not accurate. Proportionality applies to the level of risk posed by the business not to turnover. A business may be small but if it has a high consumer business content leading to a significant risk of consumer detriment the system of governance and controls must be proportionate to that risk not to turnover.
There is a further dynamic which operates within small businesses which is very evident from the examples set out in this article: the smaller the business the less places there are to hide. More SME business owners have been the subject of regulatory proceedings than have executives at larger entities because it has historically been easier to evidence that they were responsible for the firm’s failings. With SM&CR that may change but for the moment is certainly rings true.
To use a quote attributed to Winston Churchill,
“Those that fail to learn from history, are doomed to repeat it.”
This article discusses by reference to examples and historical decisions, the impact of being subject to the Conduct Rules for those already subject to the Rules and for those who very soon will be.
The SM&CR Conduct Rules
By now everyone will know what the rules are but to aide memory here they are:
Senior Managers Regime (SMR)
- You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively
- You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system
- You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the responsibility effectively
- You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice
Individual Conduct Rules (ICR)
- You must act with integrity
- You must act with due care, skill and diligence
- You must be open and cooperative with the FCA, PRA and other regulators
- You must pay due regard to the interests of customers and treat them fairly
- You must observe proper standards of market conduct
The best approach is to look at examples of outcomes of regulatory action, that is fines and bans which have been handed out by the FCA through the FCA regulatory process. Many of these are prior to the introduction of the SM&CR but there are significant similarities between the language used meaning that it is likely that individuals held responsible under the earlier regime would be held responsible under the new regime for the same conduct and activities.
In addition, it is worth noting that a significant number of individuals had breached more than one principle. In many cases the second principle breached was a failure to be open and transparent (or to cooperate) with the FCA. In such cases the individuals exacerbated their own plight by being dishonest when dealing with the FCA resulting in a finding of not being ‘fit and proper’ which often leads, by itself to a ban from undertaking functions relating to regulated activities.
We will look at these examples by reference to the SMR and ICR which we will, wherever possible group together.
It is important to note that the activity by the individual which may lead to them not being considered ‘fit and proper’ need not be directly related to their role at a regulated entity or as a consequence of a failing at the regulated entity they are connected with. So for example, Mr Forsythe was found to not be fit and proper because he had sought to evade tax (as well as falsifying documents) and though the tax evasion related to his employment at a regulated firm it need not have done.
Another example is of the banker, a few years ago now, who avoided paying the appropriate travel costs to get into London every day for work. When convicted he also received a ban as being not fit and proper.
Acting with Integrity (ICR 1)
Misleading the FCA is the most common example of lacking integrity. It should be noted though that the FCA describe their list of examples as ‘non-exhaustive’ leaving the door open for them to adjudge individual cases on their merits where they see that to be within their remit.
Cases are diverse and start with the simple such as those for Elizabeth Parry, Darren Cummings and Alexander Stuart who misled the FCA about their qualifications for Fit and Proper requirements. In the first of these Ms Parry misled the FCA about whether she had a qualification by falsifying a CII document and Mr Cummings undertook similar activity. In the latter Mr Stuart misled the FCA by providing a false training record to the CII. All were banned for life and paid fines in the tens of thousands.
Certainly, these three examples provide a clear and relevant warning for anyone subject to SM&CR who must now or from next month ensure they are fit and proper each year and are required to undertake training or development in order to do so.
More complex examples include:
- Mr Forsythe a former CEO of a Mutual who split his income with his wife to save tax (leading to its own finding of a lack of integrity) and falsification of the Remuneration Committee minutes leading to a second finding of lack of integrity. In addition to his ban he was fined £80,000.
- Angela Burns a CEO of an investment consultancy who, while a NED at two Mutuals, introduced them to a financing company without disclosing that she was seeking a consulting arrangement with that financier. She was fined £20,000 and banned from being a NED.
- Alistair Burns an IFA and CEO who was fined £60,000 and banned for the sale of SIPPS which were unsuitable and where he had a significant conflict of interest.
- Guillaume Adolph who was found to not be fit and proper after knowingly being involved in the manipulation of LIBOR. His fine was £180,000 and he was banned.
- Stewart Ford whom we will hear about again in this article was fined £76million for his involvement in the sale of bond investments through misleading marketing.
We were unable to find any instances where an individual found guilty of lacking integrity was fined but still able to retain their permission to continue as an authorised person, which speaks volumes of the FCA’s view of the importance of integrity within the financial system.
Communications with Regulators (SMR4 and ICR3)
As can be seen above, individuals have a habit of digging themselves more deeply into a hole when dealing with regulators which can lead to direct evidence of dishonesty. Sometimes however, the evidence may not be strong enough to prove direct dishonesty or sometimes it may not be necessary to evidence direct dishonesty leading to a charge of lack of integrity. The following provide examples of where an individual has failed to be open and cooperative or failed to disclose information they should have:
- William Dickson was found to not be fit and proper because he did not respond to communications from the FCA and did not cooperate with them over the payment of his annual fees. His license was withdrawn and he was banned from undertaking functions related to regulated activities.
- Achilles Macris, the infamous London Whale, was fined almost £800,000 for not informing the FCA about matters which they FCA would reasonable want to know. He attended an interview with the FCA to discuss losses within the business he was involved in and while he explained the existence of losses and outlined action that had been taken he was found to have not explained the position in a balanced way which would have identified the significant magnitude of those losses or that the firm’s risk tolerances had been significantly breached.
- Stewart Ford was also have found to not been open and cooperative with the FCA during the investigation of the bond trading with which he was involved.
As with integrity, a failure to communicate appropriately with a regulator is likely to lead to a ban from the industry.
Due Regard to Customers Interests and TCF
There is a significant body of examples of where a firm has been found guilty of a breach of PRIN 6 TCF and there is no need to repeat these given the focus over the last decade or more on TCF. However, the following is instructive in terms of a breach of the TCF requirements by an individual.
Christopher Niehaus was fined over £37,000 for disclosure of confidential information about a client to a friend on WhatsApp. There was no detriment to any party and no intention that the information should be used for insider trading. He was simply wanting to impress his friend about the client and deal he was working on, but it was a breach of the client’s right to confidentiality. Had there been an intention to profit from his disclosure Mr Niehaus would not doubt have also been banned.
Due Care, Skill and Diligence (ICR 2)
In many of the examples we provide in this section the individuals activities (or lack of activity) may just have easily been a breach of SMR 1 or 2 but we will for these purposes treat them separately and look at them individually. Examples of a breach of due care, skill and diligence include:
- Tariq Carrimjee was fined almost £90,000 and banned from holding a Compliance or Money Laundering Reporting Officer (MLRO) Function for failing to act with due care, skill or diligence in recklessly permitting a client to trade in a manner he knew or ought to know was aimed at manipulating a market.
- James Staley, the CEO of Barclays was fined over £320,000 for failing to exercise due care, skill and diligence in relation to a whistleblowing event for failing to recognise that he may have a conflict of interest in relation to the whistleblowing event.
- Timothy Philip was banned from having any responsibility for client monies and fined £60,000 for failing to exercise due care, skill and diligence when approving withdrawals from a client money account. He did not follow existing written procedures within the firm.This particular case is a very good example of a breach of ICR 2 because the procedures for compliance with the CASS rules existed (for a reason) and he chose to ignore them. This is instructive because evidences the difficulties for an individual to prove they have acted with due car, skill and diligence if they have ignored appropriate and proper procedures.
- Steven Smith, who was head of compliance and the MLRO at a bank was fined £17, 900 and banned from compliance and MLRO activities for failure of due care, skill and diligence for systemic failings at the bank relating to its Anti-Money Laundering (AML) activities and for failing to advise the management that the systems were not working effectively. Interestingly the bank was also fined significantly for its failure to have in place appropriate controls, akin to SMR 1 and 2. The importance of this case is its contrast to the case of Charles Palmer which we will look at in the next section. Mr Palmer, a CEO, sought to argue that he was not responsible for failures and unsuccessfully blamed his Risk Officer.
Effective Control and Compliance with Regulatory System and Delegation (SMR 1, 2 & 3)
We follow Due care, Skill and Diligence with SMR 1 and 2 because of the close connection between the two and the ability to contrast them. It is highly likely that in many cases regulatory action under SMR 1 and/or 2 will also involve an allegation of breach of ICR 2.
- John Radford was fined £468,600 and banned for a failure to properly understand the regulatory system in relation to the CASS requirements leading to the firm he was a director of to effectively use client monies as working capital. Despite warnings and advice from the firm’s auditors he continued, leading to a significant shortfall of client monies when the firm was closed down which is why the fine was so significant.
- Colin McIntosh was fined £51,600 and banned from involvement with regulated activities for his involvement in a broker which had a number of Appointed Representatives. The allegations were serious and led to customer detriment and a lack of insurance due to business being bound under binders through sub-delegation which was not permitted by the binders. Mr McIntosh was the CF1 Director but also had the CF28 Oversight function. Among numerous other things, he was held responsible for the fact that there was no appropriate oversight of the activities of the broker’s Appointed Representatives and therefore a failure to meet the requirements and standards of the regulatory system.
In our view this case would easily fall within ICR 2 in the event that an individual was responsible for Appointed Representative oversight, but that individual was not a Senior Management Function holder. Evidence of this comes in the form of a fine levied against Wayne Redgrave who operated the binders at the broker. He was fined £38,600 for a failure to take due care, skill and diligence in overseeing the operation of the binders.
- We have looked mainly at individuals but will digress for one moment to mention the case of CT Capital which was embroiled in the PPI scandal. They received a significant fine for failing to properly deal with complaints. While the fine included a finding of a breach of TCF principles it also included a failure to effectively control its affairs properly in line with PRIN 3 – “A firm must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems.”. The firm had a complaints policy, but it was out of date and did not follow FSCS Guidance on handling PPI complaints and the staff had not been properly trained leading to customer detriment. We mention this case because PRIN 3 for firms is analogous to SMR 1. Had SM&CR been in place at the time no doubt any Senior Management Function holder responsible for oversight of Complaints would have been subject to personal proceedings and sanction and in the event that none existed the employee responsible for the Complaints handling and/or their manager, would likely have been found responsible under ICR 2 for a failure to exercise due care, skill and diligence.
- Charles Palmer was fined £86,000 and banned for failings in relation to oversight of Appointed Representatives. The case is interesting because Mr Palmer was the CF1 and can be contrasted to the case of Mr Smith above. Mr Palmer applied a “not me Guv” defence. He argued that the oversight failures were the responsibility of the Risk Officer and the Board of Directors collectively. In his view, the Risk Officer was responsible for ensuring the controls were effective and operating appropriately and it was the responsibility of the Board to oversee the risk officer, who reported to Mr Palmer. The FCA and on Appeal, the Tribunal, disagreed. Mr Palmer had designed the firm’s operating model and was overall responsible for overseeing it. His control may not have been absolute, but it was significant. The case is therefore instructive in several ways despite having been decided before SM&CR applied to insurance brokers. First, it evidences how SMR 3 might operate and second, it shows that the FCA will look at the substance of the arrangements to determine where responsibility should lie. The FCA will only be helped in all of this by SM&CR requirements for individual’s responsibilities to be very clearly set out in the firm’s documents. If they are not sufficiently set out as between individuals within the firm so that the FCA may easily identify culpable individuals, you can expect that the individual with the prescribed responsibility for compliance with SM&CR to be held responsible.
Delegation of Responsibilities (SMR3)
The best current example of an outcome in failing to oversee a delegation of responsibility is the case cited above of MR Palmer. Although he had a Risk Officer he remained responsible not only because he designed the system of governance operated by the firm but also because the Risk Officer reported to him.
With Statements of Responsibility in place under SM&CR and clear expectations that reporting lines will be better evidenced it is likely we will see more examples of senior individuals finding themselves in difficulty for poor oversight of their next level of management. The response is to ensure that as a senior manager you are supporting but also challenging your team to ensure that they are operating to best practice and have the necessary resources available to achieve what is required.
Proper Standards of Market Conduct (ICR 5)
We are unaware of any cases in the insurance sector relating to a breach of these requirements for an individual or firm.
The case of Paul Stephany who was fined £32,200 is however instructive. He was a portfolio fund manager who was held in breach of ICR 5 because he sought to influence the decisions of other fund managers so as to influence the price of an IPO listing by emailing others in the market about the price he was prepared to buy shares in the listing at and the size of investment he was prepared to make.
In the insurance market a similar situation might arise if a leader were to engage in discussions with the following market over the price that subscribing following underwriters (or perhaps a co-leader) may wish to subscribe to a risk for.
An individual’s behaviour does not need to relate to the performance of their role at work to result in a fine or ban.
SM&CR provides a clear and effective tool to the PRA and FCA to hold individuals accountable for the activities they are responsible for:
- The rules require responsibilities to be apportioned so as to identify which individual is accountable for the key activities within the firm; and
- The SMR and ICR are widely drafted and often overlapping as between the SMR and ICR to cover most circumstances in which an issue may arise – there are few obvious gaps.
In general, the most effective way that a Senior Manager or other individual within a firm subject to the Senior Managers Rules or Individual Conduct Rules can protect themselves is to ensure that:
- There is a good system of governance and oversight in place;
- The firm has appropriate and up to date policies and processes for the control of the firm’s activities which will mitigate any risks the firm may pose;
- There are sufficient resources, both human and otherwise, to permit the controls to be effective;
- That employees are properly trained on the purpose of the policies and how to comply with them; and
- That they do not take matters into their own hands and ignore or over-ride those policies or processes.
It isn’t rocket science! Don’t cut corners. Make sure you invest in the necessary resources a business needs to develop its’ internal governance, systems and controls. As history has shown, a failure to do so is likely to lead to action by the Regulators!