Financial Markets Disputes View - November 2023

Welcome to the November edition of Disputes View.

There has been a lot going on over the last few weeks. The FCA has issued several significant final notices. The Supreme Court has handed down an important judgment on limitation. The Economic Crime and Corporate Transparency Bill received Royal Assent and is now an Act. The government has confirmed that it intends to proceed with its implementation of the cryptoassets market abuse regime and we have published our own global survey of 700 senior executives and investors identifying where the opportunities in sustainability lie. As ever, please let us know if you have any comments or questions.

What's Coming Up...

Contract masterclass webinar series - Our annual contract masterclass series has now come to an end, the concise 30-minute sessions are tailored to equip you with practical guidance. They covered the most recent legal developments and essential considerations, particularly crucial as contractual relationships face challenges stemming from dynamic global economic and political shifts. You can watch all eight sessions on-demand here.

FCA - Final Notices -- there's a few!

We cover 3 notices this month. Two of the notices highlight management information failings amongst others. The third contains a censure for misleading the market. They are all significant from the FCA's perspective.

• The FCA has published a Final Notice fining Equifax Limited £11,164,400 for breaching Principle 3 (organise and control affairs responsible and effectively), Principle 6 (pay due regard to the interests of customers) and Principle 7 (pay due regard to the information needs of clients) due to failures in relation to the risk management of outsourcing of data processing, amongst other things. This is particularly interesting because it involves intragroup outsourcing (and in particular a UK regulated entity's reliance on a US parent) and highlights the importance of regulated firms ensuring that there is appropriate risk management of intra-group outsourcings. It highlights failures in management information and the fact that the Board was presented with information that was too high-level and unstructured meaning they couldn't exercise meaningful oversight of information/data security matters. We'd suggest the SMF responsible for outsourcing framework (often the SMF 24) and SMFs responsible for overseeing specific outsourcing arrangements take note of this. The Final Notice provides a textbook example of what not to do in a cyberattack. Read more here or speak to Rob Allen about the data protection aspects of this notice.

• This Final Notice fined ADM Investor Services International Limited £6,470,600 as a result of inadequate risk management frameworks. The FCA originally conducted a Periodic Assessment and required the firm to complete a Risk Mitigation Programme, but two years later a number of issues remained. Again, this Final Notice highlights the importance of clearly delineating responsibilities for matters between different teams and lines of defence, record keeping and ensuring that the MI provided actually allows those receiving it to effectively oversee and assess particular matters. It also highlights the importance of effectively remediating matters once an issue has been identified.

• The FCA has published a Final Notice censuring NMC Healthcare for misleading the market about its debt. The FCA's investigation found that NMC had been operating dual sets of accounting records and that the publicly disclosed statements misled investors by understating its debts by as much as USD 4 billion. As no funds are likely to remain after creditor claims have been met, the FCA decided not to impose a financial penalty.  However, its censure explains how and why investors were misled and it expects "lessons to be learned". So, worth a read.

If you have any questions, please contact Emma Sutcliffe.

PRA and FCA - Feedback Statement on Artificial Intelligence and Machine Learning

Remember DP 5/22? We'll forgive you if you don't, but effectively the PRA and FCA asked stakeholders whether existing regulatory requirements and guidance are sufficient to address the risk and harms associated with AI. The regulators have now published their Feedback Statement, summarising the responses received. Amongst other things, the feedback highlighted most respondents' view that no new "AI SMF" role or "AI prescribed responsibility" is required given there are so many possible applications of AI within businesses and rather responsibilities can be reflected in existing Prescribed Responsibilities and statements of responsibilities. Of course there were dissenting voices too, so we will need to see where the regulators land. Many respondents believed existing regulatory requirements (including SMCR) and firm governance structures are sufficient to address AI risks but asked for further guidance, e.g., as to how to interpret "reasonable steps" in the context of AI. Some respondents noted that there may not be sufficient skills and experience within firms, including among senior management, to support the level of oversight required to ensure technical (e.g. data and model risks) and non-technical (e.g. consumer and market outcomes) risk management. We know that the collective suitability and skills of the Board in relation to AI has been something that firms and the regulators have been thinking about for some time.

Another thing to note, the Corporate Governance Institute UK & Ireland have also issued a warning for UK corporate boards regarding their governance approach to AI, which is a helpful read and might be helpful for firms considering how they build out their AI governance frameworks.

To discuss AI further, please contact Minesh Tanna or Angus Brown. 

ICO's £7.5m Clearview AI fine overturned

Despite the overturning of the ICO's fine for data scraping from the web and social media, there is no green light for this practice in the UK. Read more here or speak to Robert Allen. 

ESG litigation funding receives US hedge fund boost (multi-sector)

Gramercy, a US hedge fund who manages over USD 6bn in assets, has committed over USD 550m in the form of a secured loan to a litigation specialist law firm to fund claimants in environmental litigation. This includes those pursuing the largest opt-in class action lawsuit in England and Wales against two mining firms (BHP and Vale) at the centre of a dam collapse in Brazil. The loan, which forms part of Gramercy's litigation funding offering and promises returns notwithstanding broader market movements, includes co-investments from some of its clients.

The news will be a welcome boost to potential ESG claimants, particularly following the blow suffered by the litigation funding market earlier in the summer when the English Supreme Court's ruling in R (on the application of PACCAR Inc) v The Competition Appeal Tribunal rendered many litigation funding agreements unenforceable (see our article here). Gramercy's arrangement exemplifies a workable alternative to litigation funding agreements that entitle the funder to recover a percentage of damages.

If you would like to discuss any contentious ESG issues please contact Robert Allen or Emily Blower. Remember, you can keep up to date with contentious ESG news as and when it happens by signing up to our ESG Disputes Radar. 

A new mindset among corporate executives and investors is revealed...

Sustainability is no longer seen as an obligation; it's now recognised by the major players in the global economy as the best route to future financial performance.

But this mindset shift is just the start. It's no longer just a race for capital; it's a battle for the brightest minds, the most eco-conscious suppliers and the most loyal customers.

Our global survey of 700 senior executives and investors identifies where the opportunities in sustainability lie, the barriers that stand in the way, and how they can be overcome. Discover the results - read our report here.

Crypto - market abuse

The government has confirmed that it intends to proceed with its implementation of the cryptoassets market abuse regime in line with the consultation and call for evidence on the future financial services regulatory regime for cryptoassets. We, among many, have doubts as to the effectiveness of the regime when considering the global nature of the cryptoasset industry - to remind readers, HMT intends that market abuse offences would apply to all persons committing market abuse related to a cryptoasset that is requested to be admitted to trading on a UK trading venue. This would apply regardless of where the person is based or where the trading takes place. This means that if the market abuse is carried out by someone in Japan, on a venue in the Seychelles, providing that the asset is also listed on a UK venue (or requested to be admitted), then it would be in breach of the UK Market Abuse regime.

HMT says that it disagrees with the position that the overall scope of the regime should be more narrowly defined as this would not deliver adequate protection to UK consumers, and that UK financial services regulation already affects firms based overseas in many areas such as consumer credit, market abuse and financial promotions. It suggests it will work with the FCA to devise ways to mitigate the risks posed by overseas firms in this context. We are interested to see what steps will be taken.

Helpfully the government also confirmed that additional guidance will be made available by the FCA to provide clarity on what constitutes market abusive behaviour (including a non-exhaustive list of examples).

For more on the government's response to the consultation click here or speak to Doug Robinson. 

The brand new Economic Crime and Corporate Transparency Act

The Economic Crime and Corporate Transparency Act received Royal Assent on 26 October 2023 and contains two important changes for corporate criminal liability.

The first is the introduction of a new offence of "Failure to prevent fraud", which makes companies and partnerships liable for failing to stop employees or agents committing fraud for the benefit of the organisation or its customers.  This is likely to come into effect during 2024.

The second change is to the way in which companies can be held liable for any economic crimes, so that the involvement of a "senior manager" will suffice to convict the company.

Firms will need to consider where the risks of fraudulent conduct lie in their operations in order to design reasonable policies and procedures to manage this risk. Guidance which is due to be produced by the Ministry of Justice is likely to provide a framework but is not expected any time soon.

The change to the identity principle offers a less immediate need for action, but it may still be sensible to analyse who within the organisation will fulfil the definition of a senior manager and whose actions might therefore create criminal liability for the organisation.

Over the coming weeks we will explore these changes in a series of videos and podcasts. Episode 1 is an interview with one of the architects of the legislation, Lord Garnier KC. Episode 2 examines the reforms to corporate criminal liability. Future episodes will examine......

If you would like more information, please speak to Camilla de Silva or Jon Malik.

Focus on limitation: this month's developments

In Canada Square Operations Ltd -v- Potter the Supreme Court held that a claimant can bring a claim, even after the usual six-year time limit has passed, if the defendant has "deliberately concealed" facts essential to the pleading of a claim, so that the claimant is unable to bring proceedings within the usual time limit.

The Court considered the wording of section 32(1)(b) of the Limitation Act 1980 and held that the term "concealed" means that the defendant has "kept a secret from the claimant, either by taking active steps to hide it or by failing to disclose it". "Deliberate" requires an intention to conceal. Recklessness is not sufficient.  The Court also considered section 32(2) of that Act and held that where the claimant relies on a deliberate breach of duty to extend a limitation period, recklessness is not sufficient. Furthermore, a claimant would need to establish the defendant had a legal duty, as opposed to a moral or social duty, to disclose the relevant facts, and had deliberately failed to do so. The Court expressly excluded from its consideration the issue of whether the claimant in that case “could with reasonable diligence have discovered…the concealment” under section 32 of the Act since no issue of diligence had been raised. Furthermore, it is not necessary to establish a legal, moral or social duty to disclose the fact.

This case was focussed on PPI “unfair commissions” claims but has implications for all cases involving limitation and a potential concealment of relevant facts or a deliberate commission of a breach of duty.  

The Privy Council's judgment in Primeo Fund v Bank of Bermuda (Cayman) Ltd & Anor (Cayman Islands) which was delivered on the same day as Potter, follows it with regard to the meaning of "deliberate".    

For more information about the Potter judgment please read our article or speak to Robert Allen, Katrina Allison, Elizabeth Chittenden or Frances Gourdie. 

Focus on tort; this month's developments

Mrs Justice Cockerill's judgment in Loreley Financing (Jersey) No 30 Ltd v Credit Suisse Securities (Europe) Ltd is an impressively long and detailed piece of work. The case arose out of a financial crisis-era synthetic CDO transaction. Credit Suisse successfully defeated misrepresentation and conspiracy claims. For these purposes we focus on two small aspects of the judgment.

The issues were (i) whether it is possible to found a claim for unlawful means conspiracy on acts that are a breach of foreign law and (ii) if the breach in question is not directly actionable under that foreign law, it is capable of supplying the relevant unlawful means for unlawful conspiracy.

The judge concluded, in line with earlier authorities, that a breach of a foreign law may give rise to a claim in conspiracy. However, she tempered this by suggesting what she referred to as public policy/comity filter effectively meaning that the breach would have to be capable also of amounting to a tort or a crime in England if committed here.

She was less willing to put forward a general principle in response to (ii). She concluded that the authorities were not entirely clear on the point requiring her to draw a conclusion based on the facts of the case in front of her. The breach relied on was of Irish prospectus disclosure regulations. Although these were intended to protect investors, investors could not themselves action any breach and had a separate mechanism for seeking compensation. In these circumstances, a remedy in conspiracy was unnecessary and the breach was therefore not capable of supplying the relevant unlawful means.