Enter to open, tab to navigate, enter to select
Ian Mason's financial services and compliance column: May 2012
Practical Law UK Articles 8-519-2801 (Approx. 4 pages)
Ian Mason's financial services and compliance column: May 2012
by Ian Mason, PLC Financial Services
| Law stated as at 04 May 2012 • United Kingdom |
Ian Mason is an editor in PLC Financial Services. Previously he was a partner in the Financial Services Group of Baker & McKenzie LLP and also served as Head of the Wholesale Group in the FSA's Enforcement and Financial Crime Division. Ian was a member of the PLC Financial Services consultation board until he joined PLC in May 2012.
Ian shares his views on topical financial services and compliance issues with PLC Financial Services subscribers on a regular basis. In his May 2012 column, Ian considers:
Pottage, product intervention and protecting client money
On joining PLC in May 2012
I am very pleased to have joined the Financial Services team at PLC. I have had a long standing relationship with PLC through this column, so you can now expect to hear more from me on a regular basis.
One of my objectives in my new role is to make this column more interactive. So please let me know what topics or perspectives you would like me to cover. You can contact me at [email protected] or on 020 3423 6617.
Before joining PLC, I worked for regulators and in private practice for or (mostly) against regulators for about 20 years, so I hope to offer a perspective from both sides of the regulatory fence. One of the joys and pains of working in the financial services field is that there are always plenty of new developments to cover, whether the latest FSA enforcement case or a new European directive. So I do not think we will be bored over the next few years.
The Pottage case: risk management for firms and implications for approved persons
It is not very often that the FSA brings a senior management case against an individual in a major financial institution, and there have been even fewer such cases that have reached the Upper Tribunal, so the Pottage case was always bound to be a landmark case.
The Pottage case was essentially concerned with the following: if something goes wrong in an area for which you are responsible, is it your fault? Mr Pottage became CEO for the UBS UK wealth management business in 2006. Various compliance problems were identified between September 2006 and July 2007. In July 2007 Mr Pottage ordered these problems to be investigated, following which they were resolved. The FSA considered that Mr Pottage did not move quickly enough, and should have ordered a comprehensive review of systems and controls when he started his CEO role or following identification of warning signals. They considered that he had failed to take reasonable steps to ensure that the business of the firm complied with regulatory requirements, and decided to fine him £100,000 for breaching FSA Principle 7. Mr Pottage referred his case to the tribunal, which decided that he had not breached the FSA rules, and reversed the FSA's decision.
There are some interesting points in the tribunal decision for the operational structures of firms and approved persons.
- The FSA contended that it was a serious flaw to have virtually overlapping membership of two Executive Committees in the business, the Management Committee and the Risk Committee. The tribunal did not accept this, noting that one of the expert witnesses in the case had indicated that the overlap could be a strength rather than a weakness, as it could substantially mitigate the risk that uncertainty over each Committee’s role would lead to important matters being covered by neither committee. Firms will want to consider carefully the composition of senior level committees in the light of this decision:
- The tribunal carefully reviewed all the minutes of the various executive committees to examine the role that Mr Pottage played as Chairman and how active he was in raising and resolving issues. Members of committees (especially the Chairman) should ensure that proper and full minutes are taken of meetings, taking into account that these could come under forensic scrutiny.
- The tribunal carefully reviewed the anticipated and actual scope of Mr Pottage's role, as well as his own understanding and expectations of the role. Documents such as objectives, job descriptions and role profiles will therefore be crucial. Furthermore, if the FSA interviews an individual as part of the FSA approved person process prior to them taking up the role, then any statements made during the interview in terms of expectations or performance of the role could be taken into account in subsequent enforcement action. An individual taking on a senior operational role will be expected to review within a reasonable period the fitness for purpose of systems and controls, management information etc, and have regard to any warning signals or "red flags". In the Pottage case, the tribunal considered that as CEO he should have conducted an initial review within two to three months. The tribunal accepted that it was reasonable for Mr Pottage to have relied on the advice of senior risk, compliance and legal professionals reporting to him, and he could not be expected to review and overhaul the systems and controls by himself.
Although the FSA did not succeed against Mr Pottage in this case, it is unlikely that it will deter them (or the Financial Conduct Authority (FCA) as their successor) from bringing similar cases in the future. They have been heavily criticised for not bringing enough cases against individuals arising from the banking crisis, and they have a much greater risk appetite for this type of case compared with the early FSA years, although not yet all the tools to deliver the results.
For more information on the Pottage case, see Article, The expanding role of senior management in managing risk: FSA misses its target but succeeds in establishing wide responsibilities.
Product intervention: a more interventionist approach
On 1 May 2012 the FSA published a draft statement of policy for the FCA on making temporary product intervention rules. The FSA also included with this statement examples of previous market issues where product intervention rules might have been considered. These included single premium payment protection insurance, structured capital at risk products and certain high-risk mortgage products. These are all good examples of cases where the FSA took action "after the horse had bolted", and the products had already been sold in volume to consumers. Designers of similar products in future can expect much earlier intervention from the regulator. For example, although the FCA will normally be obliged to conduct a public consultation before making product intervention rules, there is an exemption if the delay would be prejudicial to the interests of consumers, so rules could be introduced on an emergency basis. The regulator will strangle new products before birth, rather than allowing them to come to market and having to clear up the mess afterwards through enforcement action and consumer redress tools.
Responsibility for client assets: you can delegate the task but not the responsibility (and don’t skimp on compliance costs either)
Compliance officers in general and those holding the new CF10a (CASS operational oversight) function in particular should study carefully the recent FSA enforcement action in relation to Christchurch Investment Management. Although it is a case involving only a small firm, it has broader lessons. Both the firm and its compliance officer, David Thornberry, were fined by the FSA for failings in relation to the protection of client money. The FSA fined the firm £26,600 and the compliance officer £11,550. In addition, the FSA prohibited Mr Thornberry from acting as a compliance officer or having responsibility for client assets. The failings were failings were basic: Mr Thornberry had no formal training for his compliance oversight role, was not aware of the CASS rules relating to trust status letters, and failed to review and test the existing systems and controls.
Mr Thornberry and the firm made a couple of wrong decisions which were the source of their problems:
- Mr Thornberry delegated all responsibility for client money to a compliance manager, who was responsible for all the various duties, including general support, maintaining records, monitoring and training. This involved a concentration of duties, posing an increased concentration of risk of fraud, mistakes and client loss. (In fact there were no client money losses in this case.) The FSA recognised that it is not always possible in a small firm to achieve a full division of duties, but considered that the firm had not got it right in this case.
- The FSA also noted that whilst the firm had at one time engaged external compliance consultants, they had decided to reduce expenditure on external consultants, and between 2007 and 2011 there were no external advisers providing compliance oversight of the firm’s compliance with the client money rules. The lesson here is not that external consultants must be engaged, but that suitable internal arrangements must be made if they are not.
Given the large number of FSA enforcement cases involving client money and the impact of this case, CF10a officers will want to ensure that they have been properly trained, have delegated tasks appropriately and should be under no doubt of the importance attached to the role by the FSA.
For more information on the CF10a function, see Practice note, Controlled Functions: The required functions (CF8-12B).
If you do not yet subscribe to PLC, you can request a free trial by completing this form or contacting the PLC Helpline.