- The principles
Regulated firms in the UK are under a duty to deal with the financial services regulators in an open and cooperative way and report matters of which the respective regulator would reasonably expect notice. This obligation is found within the rules of both the Financial Conduct Authority (FCA) (Principle 11) and the Prudential Regulation Authority (PRA) (Fundamental Rule 7). It applies to unregulated and regulated activities and takes into account the activities of other members of a group.
This obligation to report to the FCA and PRA, and to be open and cooperative in dealings with the regulators, also extends to individuals personally if they are “approved persons”, performing controlled functions, or are subject to the Senior Managers and Certification Regime.
These notification obligations enable the regulators to monitor firms’ and responsible individuals’ compliance with the rules and to react quickly to matters which require a regulatory response (for example, action to protect consumers from detriment).
It is a matter of judgement for a regulated firm or individual to assess whether the duty to notify the respective regulator has been engaged. The FCA provides guidance on what matters must be reported by firms in Chapter 15 of the Supervision Handbook, including:
- immediate notification of matters which have (or may have) serious regulatory impact, including matters that could have a significant adverse impact on the firm’s reputation, serious financial consequences for the UK financial system or other firms, or could result in serious detriment to a customer (SUP15.3.1R)
- notification of significant breaches of rules (including Principles, Statements of Principle and the Code of Conduct for Staff rules); whether a breach has occurred or may occur in the foreseeable future (SUP15.3.11R(1))
- notification of any significant breach or potential breach of competition law (SUP15.3.32R), and)
- notification of other key matters including civil, criminal or disciplinary proceedings against the firm (SUP15.3.15R), fraud, errors and other irregularities (SUP15.3.17R) and insolvency, bankruptcy and winding up (SUP15.3.21R).
- Recent developments
- The importance of the duty to be open and cooperative with the regulator continues to be an area of focus for FCA and PRA enforcement actions. Recent cases have arisen from a variety of factual scenarios, including failures to provide factually correct information or to correct factual inaccuracies, the failure to notify intended changes in senior management and unreasonable reliance on others to notify the regulator of certain issues.
- On 09 February 2017, the PRA imposed fines on Bank of Tokyo Mitsubishi (BTM) and MUFG Securities of £17.8m and £8.9m respectively for failure to be open and cooperative with the regulator, in relation to enforcement action by the New York Department of Financial Services (DFS). The PRA found that BTM failed to consider the UK regulatory implications of the DFS’s investigation into its conduct in the United States, which ultimately lead to a settlement and payment of a US$315m penalty (announced on 18 November 2014). The PRA concluded that it was not notified in a “timely fashion” and was unable to “consider the implications for the safety and soundness of BTM”. The breach therefore impacted the PRA’s ability to “advance its statutory objectives”.
- Practical tips in an investigation
- Regulatory notifications should contain clear and factually accurate information and detail the steps being taken to investigate and/or remedy the identified issue. The information provided must enable the regulator to ask questions and reach its own assessment on the issues. It is important to resist the urge to gloss over difficult messages.
- Notifications should be timely and proactive. Make good use of scheduled meetings or request a specific time to discuss an issue with the regulator. If the issue is urgent, say so and make sure the regulator understands the reason for the request.
- A report can be made orally to the regulator and followed up in writing. Complete records should be kept of all communications with and information submitted to the regulator. Take detailed notes of any calls and meetings and consider circulating these for comment and approval by attendees. Consider sending a summary email to the regulator to confirm your understanding and set out any action points arising from an interaction.
- Ensure appropriate senior management oversight of interactions with the regulator. This should ensure consistent messaging and demonstrate that issues are receiving the right level of attention.
- In many circumstances, the notification obligation is triggered by an event that has disciplinary consequences for one or more employees. Compliance and HR should work together to manage expectations and provide consistent information to the regulator and affected employees.
- The health of the regulatory relationship is often seen as an indicator of culture. This does not mean that a regulated firm or individual must always say yes to a request from a regulator (requests should be proportionate and any deadlines should be reasonable). Nonetheless, it should prompt regulated entities to report matters as early as possible - timing being “absolutely critical to the overall outcome” in the FCA’s view. Clear, timely communication sets the tone for an open and respectful engagement.
- International perspective
- Be mindful that information reported to one regulator may be shared with other law enforcement agencies in the UK or overseas for further investigation. Where there are wider issues of fraud or money laundering, or issues that cross multiple jurisdictions, careful thought should be given to proactive self-reporting to other authorities.
This document (and any information accessed through links in this document) is provided for information purposes only and does not constitute legal advice. Professional legal advice should be obtained before taking or refraining from any action as a result of the contents of this document.