Welcome to the post Easter edition of Disputes View.
Since our last View, we have been focussing on the FCA’s enforcement consultation and, in particular, its proposal to publicly name firms as soon as it opens a new investigation. This View comes hot on the heels of our webinar on the consultation with FCA enforcement director, Therese Chambers. This was particularly interesting as the FCA is obviously developing its thinking as the consultation progresses and it was useful to be able to share that early insight with over 400 of you. We examine the consultation in more detail below. By way of an aside, we sense a wider trend here towards perceived openness with the Civil Procedure Rules Committee consulting on its own proposals to broaden public access to court documents.
Other issues covered below include the FCA’s annual report, the ICO’s new data fining guidelines, the work of the Advertising Standards Authority, some recent sanctions cases and a Bill to end the confusion caused in the funding world by the PACCAR decision. As ever, please contact us if you would like to discuss any of the issues raised.
What’s Coming Up...
Our ECCTA Fraud Prevention Toolkit to tackle the increased corporate criminal risks arising from the Economic Crime and Corporate Transparency Act is now live! The toolkit provides a range of resources to help organisations understand, assess and mitigate the risks created by the reforms and to develop reasonable anti-fraud procedures. Click here for more information on the reforms and Toolkit, or speak to Camilla de Silva (Partner) or Jon Malik (Supervising Associate).
The FCA's enforcement consultation
Last month we provided a brief introduction to the FCA’s enforcement consultation. This month we take a slightly more in depth look at the key proposals and our initial thoughts on them, having spoken with Therese Chambers in our webinar (available on demand here)
In essence, the FCA’s proposed changes would involve:
Public announcements that the FCA has opened an investigation into a firm with one day’s notice;
Subsequent publication of updates on an investigation, including closure; and
Amendments to the Enforcement Guide to remove duplication with other parts of the FCA Handbook and related legislation.
Of these, the first is by far the most important. The FCA proposes to consider whether to issue a public announcement on a case-by-case basis. It will (usually) do so only in relation to firms and not individuals. In deciding whether or not to announce, the FCA suggests using a ‘public interest framework’ applying various factors for and against including whether early publication will: enable consumers to be protected; encourage whistleblowers to come forward; provide reassurance that the FCA is doing something; and deter future breaches of FCA rules. There is no mention of any thresholds or concrete examples to suggest how this will be used in practice and the framework expressly excludes the impact on firms. Given that 65% of all FCA investigations are closed without formal action being taken, the regulator will necessarily be (effectively) punishing innocent firms. It is unclear what the FCA’s internal decision-making process will be and what checks and balances will be put in place beyond decisions being made at an “appropriately senior level” with oversight from a legal function outside of FCA Enforcement.
Content may vary, but announcements are likely to include: the identity of the firm; a high-level summary of the suspected breaches or type of alleged misconduct; and a statement that the investigation should not be taken to imply that any conclusions of a breach, or other misconduct or failing have been made, or that a determination has been made that enforcement action is appropriate. When we spoke with her, Therese Chambers suggested that a backward looking review of the FCA’s enforcement book over the past nine months would have resulted in two-thirds of cases being publicly announced(!)
Updates on announced investigations will be published, including where an investigation has been closed without action. These could be by way of additional publication and/or an amendment to the original announcement (though we’re told that there will always be sufficient publicity on the closing of the investigation in light of the initial announcement).
The proposals are, in our view, unlikely to increase deterrence or enable the FCA to expedite investigations as they anticipate and will inevitably make the UK less attractive to firms with options. Furthermore, this aggressive approach may have unintended consequences. For example, firms are more likely to challenge FCA enforcement actions to the Upper Tribunal because the benefit of a ‘one and done’ publicity hit on settlement will be removed. Less well capitalised firms are likely to find that the announcement of an investigation into some issues (e.g. market abuse or financial crime issues) is existential as clients and investors leave. That cannot be what is intended. A sensible alternative might be a publication setting out the enforcement investigations that the FCA has opened on a periodic basis (equivalent to Market Watch) – but only if it is anonymised. We believe that many firms would regard this as a helpful tool.
The consultation has been extended until 30 April 2024 and we will be responding on this hot topic. It is generating a great deal of strong feelings within our regulated clients and we are exploring if there would be a basis upon which to judicially review any decision to publish. What the industry would support as an alternative is periodic update on the topics of the FCA’s newly opened enforcement investigations without naming firms. This would give the market tangible information to assist with their management of risk. To enable us to give a tangible assessment of the impact of the FCA’s proposals in our response, we are running a short survey (5 min) and we welcome further market views. The current indicates that 91% of our clients have issues with the proposals. Complete survey here. If you would like to discuss our response, please contact Caroline Hunter-Yeats (Partner), Thomas Makin (Managing Associate) or Emma Sutcliffe (Partner).
The FCA's annual report
The FCA published its 2024/25 Business Plan last month, which sets out the work that it is planning to do over the next year. The plan details how the FCA will continue to deliver the commitments in its 3-year strategy, which focus on (i) reducing and preventing serious harm; (ii) setting and testing higher standards; and (iii) promoting competition and positive change. There is nothing particularly new and surprising in the plan, but there are a few things that stood out to us as interesting from a disputes and enforcement perspective:
One of the FCA’s top priority commitments is reducing and preventing financial crime. The FCA say that they will continue to take a data-led approach to identify potential harm for supervisory and/or enforcement action. This will include continuing to take assertive action to tackle scams and fraudulent websites, and the FCA expects the financial services sector to take the lead here. The FCA also continues to be focused on slowing the growth in APP fraud.
Putting customers’ needs first is another of the FCA’s key commitments, which is focused this year around implementing and embedding the Consumer Duty. The FCA plans to continue to focus its interventions where there is greatest risk of harm or where more work is needed by firms to identify and address gaps and to meet the higher standards of the Duty. The FCA will be continuing its supervisory work to test firms’ implementation of the Duty and to improve firms’ delivery of good consumer outcomes, which includes complaints-handling and root cause analysis, consumer support journeys, consumer understanding, fair value and closed products and services. Multi-firm work and market studies across different sectors will also be starting.
The FCA has committed to improving the redress framework with the view to ensuring that consumers receive appropriate and efficient redress where things go wrong, that the CMC sector delivers fair value, and that firms that cause harm bear more of the cost of redress. Linked to this, the FCA will be continuing its work around historic discretionary commission arrangements in the motor finance market.
Finally, the FCA has committed to improving oversight of Appointed Representatives, which will involve continuing its assertive supervision of high-risk principals, through our regulatory tools and appropriate enforcement action.
If you would like to discuss further, please contact Amy Cook (Supervising Associate) or Caroline Hunter-Yeats (Partner).
The perils of twin track investigations
News of a twin track (criminal and civil) investigation by the FCA is always unwelcome. Concurrent civil and criminal investigations increase the complexity of responding to regulatory intervention and need careful planning and handling. For example, do individuals need separate legal representation? How does responding to both criminal and civil proceedings affect document disclosure? However, we are often be comforted by the fact that the FCA rarely uses its criminal powers.
The recent court decision allowing a 12-month pause to civil proceedings brought by the FCA against WealthTek LLP and its principal director Jonathan Dance to allow FCA investigators to prioritise work on bringing criminal charges, serves as a timely reminder that while, seemingly a reluctant prosecutor, the FCA will bring criminal proceedings where it thinks it has sufficient evidence to do so.
In 2023, the FCA shut down wealth manager WealthTek and director Jonathan Dance was arrested after it uncovered serious potential regulatory breaches relating to client money and custody assets, and criminal offences of fraud and money laundering. The FCA initially brought civil proceedings but appears to have concluded that it also has good grounds to bring criminal charges against Mr Dance for fraud by false representation, fraud by abuse of position and other dishonesty offences that meet the criminal burden of proof.
The risk of criminal investigations by the FCA into serious and deliberate breaches of regulation may rise as the FCA recognises in its 2024/2025 business plan the part it plays in the national ambition to reduce and stop financial crime. The appointment of former NCA executive, Steve Smart as joint executive director of enforcement and market oversight may also lead to a greater focus on potential criminal activity.
For more on this, please contact Caroline Hunter-Yeats (Partner).
The Advertising Standards Authority – a regulator with impact
On the 3 April 2024 the Advertising Standards Authority (‘ASA’) published its ruling in relation to complaints received about TV, radio and press advertisements for Nationwide Building Society (‘Nationwide’). The ASA received 282 complaints (including one from a major high street bank) in relation to the advertisements which focussed on a claim that, unlike ‘the big banks’, Nationwide was not closing its branches. In essence, the complaints suggested that the advertisements were misleading because Nationwide had closed a number of its branches or had reduced opening hours.
Nationwide mounted a robust defence of the advertisements, which is summarised in the ASA’s ruling. Amongst other points, its key contentions were that all of its branches closed within the last 18 months, had been in line with its ‘Branch Promise’ and that in comparison with ten high street banks, over the last ten years Nationwide had the largest remaining number of branches and had closed the smallest percentage of its estate. In addition to this, the building society argued that the claims in the advertisement were intended to be forward looking and related to a new version of its Branch Promise, which committed not to close any branch, irrespective of location, until at least 2026.
Despite the defence, the ASA upheld the complaints, in the main because it considered the 2026 long stop date for not shutting branches was likely to be missed by consumers. As a result the advertisements would be likely to mislead consumers when it came to the longevity of the claim. In addition, it observed that Santander (the bank that had been amongst the complainants) had closed fewer branches than Nationwide in the year prior to the advertisements, meaning the comparative claims, so far as they related to Santander, were also misleading.
The ASA, lacking fining power and producing rulings long after an advertising campaign has concluded, is often overlooked as an impactful regulator. However, the potential reputational issues that come with an ASA ruling shouldn’t be underestimated. ASA rulings command popular attention in a way that other regulatory enforcement doesn’t, perhaps because their content is often easier to engage with. For this reason, media platforms give ASA prominence. On the morning of 3 April, a report of the Nationwide ruling was the ‘most read’ item on the Guardian website and featured high up on the BBC News UK reports. Many customers and potential customers (the majority of whom may not have seen the original websites) will be left with an impression that Nationwide is closing branches (which it is not) and is not transparent about it. Firms would do well to remember this as the FCA’s Anti-Greenwashing Rule comes into force (on 31 May) with the ASA likely to play a role in highlighting potential greenwashing which may then be investigated by the FCA.
For more information, please contact Robert Allen (Partner).
Sanctions
The courts have been quite busy with sanctions issues and two developments in particular have caught our eye.
You will recall that in a much publicised judgment handed down in October last year (Mints v PJSC National Bank Trust) the Court of Appeal indicated (albeit obiter) that the "control" test in Russian sanctions legislation cannot be read restrictively to exclude political or corporate office. Rather the test had a "clear and wide meaning" which the Court summarised as requiring a designated person who is capable of "calling the shots”. In this case, the court held that it was "sensible and realistic" to treat PJSC National Bank Trust, a subsidiary of the Russian Central Bank, as controlled by either Vladimir Putin or Ms Elena Nabiullina (the Governor of the Central Bank).
The judgment suggested that going forward, it would be reasonable to treat the Russian Central Bank and its subsidiaries as frozen. That has significant implications, for instance in relation to payment of taxes in Russia. However, as expressly accepted by the Court, the implications are potentially far broader. The Court stated that if giving the sanctions legislation its proper wide meaning meant as a result that all Russian economic entities may ultimately be considered controlled by Vladimir Putin and thus subject to asset freezing sanctions, this was a matter for Parliament.
The Courts have rowed back a little from Mints. In Litasco SA v Der Mond & Another, the court concluded that the Claimant (a company wholly owned by Lukoil, a Russian company) was not under the de facto control of Putin for the purpose of the sanctions regulations. Distinguishing from Mints, unlike the Central Bank, Lukoil was not a state-owned entity and the Defendants had offered no evidence to suggest Lukoil functioned as an organ of the Russian state or to suggest that Litasco was under the de facto control of President Putin. While it was accepted to be strongly arguable that President Putin may be able to take action to put Litasco and/or its assets under his control if he chose to, this was not sufficient. What was required was existing influence.
It cannot have been the intention of the Government that imposing an asset freeze on Mr Putin on 25 February 2022 would have the effect of imposing, essentially, comprehensive sanctions on Russia, and Litasco – together with helpful Guidance from OFSI to the effect that it does not consider this to be the case – go a significant way to mitigating the risk arising from the Mints judgment in connection with all Russian entities. Nevertheless, the Mints judgment constitutes the most authoritative guidance we currently have in the UK as to the appropriate interpretation of control more generally: i.e. does the designated person “call the shots”?
The Supreme Court has now given permission for an appeal in Mints. In the absence of legislative action to provide certainty over the scope of the test, it can be hoped that the court will do the job for them.
The second development concerns the Court of Appeal’s judgment in Unicredit Bank GMBH v Ruschemalliance LLC. The underlying dispute centred on non-payment by UniCredit under bonds issued to RCA on the grounds that it was prohibited from making payment because of EU Russia sanctions. The issue before the Court of Appeal was whether the English court had jurisdiction to grant an anti-suit injunction to restrain the pursuit of proceedings in Russia when the parties' contract was governed by English law but provided for arbitration in Paris in accordance with ICC rules. Overruling the first instance decision, Lord Justice Males said he had no hesitation in concluding that England was the proper forum for the claim. He also accepted Unicredit’s submission that it was abusive for RCA to rely on the availability of substantial justice in France as the seat of arbitration while simultaneously seeking to pursue proceedings in Russia on the basis that the arbitration clause was unenforceable. The court granted the anti-suit injunction ordering the defendant to terminate the Russian proceedings.
This case too has been appealed to the Supreme Court with a hearing fixed for 17 April. We await the result with interest.
For more information about these developments, or about sanctions issues more generally please contact Cherie Spinks (of Counsel) or Tom Bowen (Managing Associate).
Dicta around the allocation of Senior Manager responsibilities
It has taken many years for the regulators to give further clarity on their expectations of senior managers, but now we are starting to see a (small) body of decisions build up, with the PRA definitely taking the lead.
The PRA has fined HSBC Bank plc (“HBEU”) and HSBC UK Bank plc (“HBUK”) £57,417,500 for violations of various PRA Fundamental Rules and certain Depositor Protection rules (“DP Rules”). We have written up our thoughts on this here. Key points from a senior manager perspective are (i) the expectation that there will be a Senior Manager with overall responsibility of the end to end process with cross business lines and functions and (ii) where a significant remediation exercise is being conducted, consider if a Senior Manager should be allocated overall responsibility for it.
There are also two Final Notices against individuals to bring to your attention this month:
The FCA found Nicholas Andrew McNeil (previously an SMF 3) to lack honesty and integrity and has prohibited him from performing a role within financial services. This follows his conviction for possessing a false instrument (being a guarantee bond worth £1.7 million, which was false), with the intention of inducing others to accept it as genuine. He received an 18-month suspended prison sentence and a significant financial penalty.
Floris Jakobus Huisamen has also been prohibited from performing a role within financial services due to a lack of integrity, and received a £31,800 financial penalty due to his role in disseminating misleading financial promotions at London Capital & Finance plc (“LCF”). Mr Huisamen was approved as a CF1 Director and CF10 Compliance Oversight and played a key role in the drafting and approval of LCF’s financial promotions, including confirming that they complied with the financial promotion rules. In reality, the financial promotions in question presented a misleading picture of LCF’s mini-bonds, failing to give investors the full picture about the risks of the product. Aside from demonstrating a lack of integrity, Mr Huisamen was considered to pose a risk to consumers and the integrity of the UK financial system.
Please do reach out to Thomas Makin (Managing Associate) if you have any specific questions.
The ICO’s new data protection fining guidance
The Information Commissioner’s Office (‘ICO’) new data protection fining guidance, published on March 18, 2024, might sound familiar to veterans of other regulatory fining guidelines. While this guidance doesn’t apparently represent a change of approach by the ICO, it is designed to offer transparency and clarity about how it uses its fining power, and indeed within the guidance there are some important clarifications worth noting. This guidance is a result of a consultation process and replaces previous sections on penalty notices in the ICO Regulatory Action Policy from November 2018.
If you are interested, reading the guidance in full will be valuable, but until you get around to doing that, our main observations are:
Penalty Issuance Criteria: The ICO will assess the seriousness of an infringement based on its nature, gravity, duration, whether intentional or due to negligence, and the categories of personal data affected. Other considerations include any mitigating actions taken, previous infringements, cooperation with the ICO, and the effectiveness, proportionality, and dissuasiveness of a fine.
Fine Calculation Methodology: A five-step approach will be used, starting with assessing the infringement’s seriousness, considering the organization’s turnover (especially for larger entities), determining a starting point for the fine based on seriousness and turnover, adjusting for aggravating or mitigating factors, and ensuring the fine meets the objectives of effectiveness, proportionality, and dissuasiveness.
When assessing seriousness and the categories of personal data affected, as well as UK GDPR mandated special category and criminal offence data, the ICO will also pay particular attention to data included in private communications, state issued ID, location data and financial data (amongst other things).
As well as fines arising out of data breaches, the ICO may also fine in circumstances where a business has not responded adequately to an information request or has not complied with an enforcement notice. The level of fine may also be affected by other types of interaction with the ICO: if action is taken by a business to address and ameliorate any damage done as a result of a data breach before the ICO starts its investigation, this may reduce the level of fine. Similarly, an aggravating factor is likely to be if the ICO finds out about a breach other than from the data controller / processor.
The ICO emphasizes the importance of organisations prioritising data protection, staying informed about regulation updates, conducting regular risk assessments, investing in employee training, implementing robust security measures, engaging legal counsel when necessary, and maintaining thorough documentation of compliance efforts.
If you would like to discuss further, please contact Robert Allen (Partner).
ICO publishes guidance for platforms when moderating online content
The ICO has published its first piece of guidance on content moderation, which sets out the data privacy obligations that organisations need to consider. Read more here.
FCA – Dear CEO letter on AML framework failings
This letter from the FCA outlines actions required in response to common control failings identified in AML frameworks. Common weaknesses related to (i) discrepancies between firms’ registered and actual activities, and lack of Financial Crime controls to keep pace with business growth, (ii) weaknesses in Business Wide Risk Assessments and Customer Risk Assessments, (iii) lack of detail in policies creating ambiguity around actions staff should take to comply with their obligations under the MLRs, and (iv) lack of resources for Financial Crime, inadequate Financial Crime training and absence of a clear audit trail for Financial Crime-related decision-making. The FCA clearly state, amongst other things, their expectation that senior management take clear responsibility for managing Financial Crime risks and that Financial Crime should be a standing agenda item at senior management meetings rather than considered on an exceptions-only basis.
There is an expectation that senior management of relevant firms carefully consider the letter and complete a gap analysis against each of the common weaknesses we have outlined within six months. The FCA say they’re likely to ask firms to provide this in the future as well as evidence of any remedial actions/enhancements made as a result of the analysis. This will be of particular relevance to CEOs, SMF 17s and those holding prescribed responsibility for Financial Crime, as well as senior management more broadly.
Farewell to PACCAR?
As we predicted, the Government has introduced a short Bill to Parliament with the intention of reversing the effect of the Supreme Court judgment in R (on the application of PACCAR Inc) v The Competition Appeal Tribunal. This held that all Litigation Funding Agreements where the funder's return is potentially based on the damages recovered are Damages Based Agreements and subject to the 2013 DBA Regulations. No funders had worked on this basis and so many LFAs did not comply, with the effect that they became unenforceable.
The Litigation Funding Agreements (Enforceability) Bill would amend the Courts and Legal Services Act 1990 to simply state that no agreement is a DBA if it is a LFA. This will apply to LFAs in all manner of proceedings. Unusually, this is stated to be retrospective.
For more on the Bill and its potential implications for funders, please read our article here.
_(1)_11zon.jpg?crop=300,495&format=webply&auto=webp)
.jpg?crop=300,495&format=webply&auto=webp)
