Investigations and enforcement column - November 2015


Why the change?

The reversal of the burden of proof was recommended by the Parliamentary Commission on Banking Standards (PCBS) when it published its "Changing Banking for Good" report in June 2013 in which it accused the current approved persons regime of being "a complex and confused mess". This recommendation was subsequently adopted by the Government when it introduced the Banking Reform Act 2013 and, since then, the banks have been busily preparing their staff for the introduction of the new regime before it comes into force in March 2016.

This measure was seen as the most controversial aspect of the new senior managers' regime and one that many found difficult to reconcile with well-established English legal principles. Quite rightly, human rights concerns were raised over the fairness of a presumption of guilt for senior individuals at banks, particularly when coupled with the procedural steps they face in the enforcement process. Individuals would have come under considerable pressure to accept liability rather than face the significant costs and publicity of fighting a case through the full administrative process to the Upper Tribunal. It is also likely that, when enforcement cases were fought, legal challenges would have been made to the basis of a presumption of responsibility. I certainly found in advising on the new regime that it was this aspect that caused the most concern with senior management. While I would reassure management that it would not allow actions to be brought against competent management who had taken reasonable steps, a feeling remained amongst senior managers that they would be singled out as scapegoats to satisfy public pressure for action against bankers.

In defending the last minute change and seeking to play down its significance, Andrew Bailey, Chief Executive Officer of the PRA, told MPs at a Treasury Select Committee hearing, that he did not want it to become a "tick-box regime with legal questions around it over human rights". In a similar vein, Tracey McDermott, Acting CEO of the FCA, said in a statement:

"While the presumption of responsibility could have been helpful, it was never a panacea. There has been significant industry focus on this one, small element of the reforms, which risked distracting senior management within firms from implementing both the letter and spirit of the regime."

While it was certainly true that it had caused particular concern to senior managers at banks who were worried about what it would mean in practice, there is no doubt that this is a setback for the regulators who had seen this as a way of overcoming the difficulties they faced in proving individual misconduct at the senior manager level.

As well as the issues it created over management distraction, the impact it might have had on recruitment to senior positions and the legal concerns, its abolition could also be seen as a mellowing of the tougher enforcement approach towards the banking sector which has suffered an onslaught of regulatory actions over the past few years. It was notable that the reversal of the burden of proof was only ever intended to apply to the banking sector despite a similar individual accountability regime being applied to the insurance sector in 2016 and plans for the entire regulated sector for 2018.

What does this change mean in practice?

While it is a striking late change in approach from the authorities, it says more about deficiencies in their consideration and rush to implement the PCBS' recommendations than evidencing any fundamental change to the senior managers' regime and the regulatory requirements senior management are expected to fulfil. The individual responsibilities remain the same and, rather, it is the ease of the enforcement process that has changed. The presumption of responsibility received a lot of attention from bankers, lawyers and the media alike, and indeed from the regulators themselves, but in reality it only formed a small part of the regime.

A senior manager can currently be disciplined for misconduct in two circumstances:

  • For breaching a statement of principle for approved persons (which will become a code of conduct rule under the new regime).
  • For being knowingly concerned in the firm's breach of principle or rule.

The new third ground being introduced as a result of the statutory duty of responsibility is:

  • Where the firm has breached a regulatory requirement in an area where a senior manager is responsible and he/she did not take reasonable steps to prevent that breach.

In reality, this third ground differs little from the first or second grounds in that, if something goes wrong in an area for which a senior manager is responsible, the current regime provides that a senior individual may be liable for breach of APER 5 to 7 (failing to take the requisite reasonable steps to ensure that his area was run compliantly) or for being knowingly concerned in the firm's breach, as in the case of Mr Cummings, a former HBOS director, who was issued with a final notice by the FSA in September 2012, fining him £500,000 and banning him from holding a significant influence function (SIF) in a UK bank, building society, investment or insurance firm, on the grounds that he lacked competence and capability to perform such functions. It therefore does little more than codify within statute the current burden of proof and the regulators' ability to hold senior management to account for a firm's failings in their area of responsibility. Regulators will, as before, have to demonstrate that a senior manager did not take reasonable steps to prevent a regulatory breach, rather than the individual having to demonstrate that they did. It does not change the level of competence required.

It does, however, publicly emphasise the attention that the regulators are placing on senior management responsibility. This is an emphasis that has been apparent for some time to those dealing with enforcement investigations, through the way in which FCA enforcement now routinely looks to see if an individual can held to be responsible when investigating a firm for misconduct. What is different under the new regime is that all senior managers will in future have very clear statements of responsibilities so it will be difficult for an individual to deny responsibility and the focus of the case will move to the requirement to take reasonable steps.

The PRA's supervisory statement on strengthening individual accountability in banking (SS28/15), published in July 2015, which includes a general statement of policy in relation to the reversed burden of proof, remains valid as setting out the general level of regulatory expectation.

Three key points are:

  • A senior manager can be held accountable for his/her individual contribution to collective decisions and their implementation.
  • Liability may be joint and it is possible that more than one senior manager could be held responsible in relation to a bank's misconduct.
  • The importance of having an accurate and comprehensive statement of responsibilities and management responsibility map is emphasised as the PRA confirms that they will be relevant (but not the only) evidence in determining whether a senior manager was responsible for the area where the misconduct occurred.

Reasonable steps

While the burden of proof is now back on the regulators, senior managers must not underestimate the continued importance of being able to demonstrate that they took reasonable steps in the areas for which they are responsible. If they cannot do this, they will remain liable and subject to significant sanctions. In SS28/15, the PRA helpfully gives examples of what could be relevant steps:

  • Pre-emptive actions to prevent a breach occurring, including any initial reviews of the business on taking up a function.
  • Implementing, policing and reviewing appropriate policies.
  • Awareness of relevant requirements and standards of the regulatory system.
  • Investigations or reviews of the senior manager’s own areas of responsibility.
  • Where a breach is continuing, the response to that breach.
  • Structure and control of day-to-day operations, including ensuring any delegations are managed and reviewed appropriately.
  • Obtaining appropriate internal management information, and critically interrogating and monitoring that information.
  • Raising issues, reviewing issues, and following them up with relevant staff, committees and boards.
  • Seeking and obtaining appropriate expert advice or assurance, whether internal or external.
  • Ensuring that the firm and/or relevant area has adequate resources, and that these are appropriately deployed, including for risk and control functions.
  • Awareness of relevant external developments, including key risks.

These elements point to the importance of keeping adequate records to establish what the senior manager knew, what information and reports they received and why they acted as they did. This cannot just apply to major decisions or extraordinary events as experience shows that the regulators frequently take enforcement action in relation to failure of routine controls.

The steps bear a striking resemblance to the steps taken by Mr Pottage, a senior UBS executive, that the Upper Tribunal found in its April 2012 decision in John Pottage v FSA were reasonable steps to discharge his managerial responsibilities, and so defeat an enforcement case brought against him by the FSA. Accordingly, every senior manager should consider whether their business is structured to enable them to take these, or analogous, steps and whether they possess adequate authority to take them, and if not, do something about it.

Records to keep

Evidence that the regulators may seek to obtain in respect of these kinds of matters include:

  • Board and board committee minutes.
  • Minutes of other internal meetings.
  • Statements of responsibilities and management responsibility map.
  • Organisation charts and information on reporting lines.
  • Any other internal materials (for example, emails or telephone recordings).
  • Regulatory correspondence and interviews.

This further emphasises the importance of keeping orderly and adequate records and, in particular, ensuring that board, committee and internal meetings are adequately minuted, recording individual contributions when necessary.

Enforcement action

Despite this late change of plan, which will no doubt make life a little harder for the regulators' investigation teams when bringing action against senior managers within the banks, I do not believe that it represents any fundamental change for the senior managers themselves and the standards to which they are currently, and will continue to be, held. The level of proof required in enforcement proceedings will remain the same. Whether in banking or in other regulated sectors, both the FCA and the PRA will continue with their increased focus on personal responsibility and look to hold senior managers to account for failings in their areas of responsibility. The introduction of the new individual responsibility regimes only serves to support that objective and help to ensure responsibilities are clear and documented which will provide less wriggle room for individuals seeking to evade responsibility. However, perhaps it does signal the end of bankers being singled out for special treatment.