UK: Supervision And Enforcement Trends

The regulatory landscape is constantly developing. Whilst the US remains the most active and aggressive landscape and still outstrips any other nation in respect the scale and breadth of regulatory activity, the UK is catching up and the increased burden regulation represents has been little short of transformative.


Financial regulators across the globe continue to focus on a firm's culture and governance, combatting corporate fraud and market abuse (recently strengthened in the EU by the Market Abuse Regulation (MAR)) and clamping down on bribery and corruption. The UK is no exception, with the cross-sector priorities for the FCA in its Business Plan 2018/19 including these familiar themes, along with a focus on the impact of Big Data and technology, and the need for adequate data security and resilience. In addition, the plan highlights an increased commitment to the protection of consumers, with priorities including the treatment of existing customers, high-cost credit and long-term savings and pensions and intergenerational differences.

Financial crime & anti-money laundering (AML)

Combatting financial crime and money laundering is key to the FCA's main statutory objective to improve market integrity and protect consumers. The FCA has been active in this area for some time and, with the expansion of the transaction reporting regime under the Markets in Financial Instruments Directive II (MiFID II), the FCA is able to access a greater wealth of information on regulated firms in order to monitor activities in the market and to uncover, investigate and enforce against unlawful behaviour. The FCA notes in its plan that it will increasingly focus on fixed income, commodity and non-standard derivative markets in addition to equity markets.

Part of combatting financial crime is tackling market abuse. There was a 50% increase in investigations opened as at 31 March 2017 (122) compared with the position as at 1 April 2016 (54). The FCA secured six criminal convictions for market abuse offences during this period and firms are also in the firing line. In August 2016, a sponsor firm was fined GBP 530,500 for representing that a client was eligible for a Premium Listing when it had not carried out the requisite due diligence (in addition to being found in breach for systems and controls failures). In another example, the FCA, for the first time, used its powers under section 384 FSMA to require Tesco to pay compensation to investors following inflated share prices as a result of trading data published in 2014 which gave a false or misleading impression about the value of publicly traded shares and bonds.

We can expect the FCA to continue to focus on market abuse and the extension in scope of the reporting regime for firms, brought about by the MAR, is likely to provide the FCA with more information on practices going on in the market, potentially leading to more cases being selected for investigation.

The issues identified by the FCA in relation to financial crime have at their heart a firm's systems and controls; financial institutions and their insurers should be aware that investigations into specific issues may also, and often do, lead into a broader investigation into a company's systems and controls. Investigations into breaches of AML, for example, frequently lead also to the identification of a breach of Principle 3 (PRIN 3) of the FCA Handbook ("A firm must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems").

The FCA is focusing increasingly on all financial crime systems and controls, not just AML processes, including sanctions and transaction screening, the treatment of politically exposed persons and a firm's cyber security.

Culture and governance

The FCA recently published (in March 2018) a discussion paper "Transforming Culture in Financial Services", the foreword of which begins: "Culture in financial services is widely accepted as a key root cause of the major conduct failings that have occurred within the industry in recent history, causing harm to both consumers and markets.... Given its impact and the role it needs to play in re-building trust in financial services, firms' culture is a priority for the FCA. We expect firms to foster cultures which support the spirit of regulation in preventing harm to consumers and markets."

The discussion paper (which does not invite feedback) contains essays from leading academics and market practitioners which broadly postulate that formal processes and procedures need to align with belief systems within firms to achieve a productive and good ethical culture. The paper notes that regulation can only play a role in improving culture; firms (and each individual therein) play an important role in developing and improving culture.

However, as Andrew Bailey, Chief Executive of the FCA, put it in a recent speech "There is no single 'right' culture. It depends on circumstances, and there are certainly cultural characteristics which are highly suggestive of good outcomes..." Both the speech and the discussion paper stress that the Senior Managers and Certification Regime (SM&CR) sets out minimum standards of behaviour and that the FCA expects firms to promote cultures that support the spirit of regulation in preventing harm to consumers and markets. It will be necessary for senior managers to continually assess their behaviour and that of those in their teams to ensure that processes flex and improve over time. Firms should expect that the FCA will be stepping up supervision and enforcement activity to incentivise a good culture.

This focus on a firm's culture is not new to the FCA and Andrew Bailey stated "I can safely predict that the issue of culture and its role in the conduct of firms will run and run, as it should, because it should not stand still" and, as expected, it was featured as a priority in the recently published FCA Business Plan for 2018/19. As part of this plan, the FCA has announced that it will be looking at the remuneration policies of firms that fall outside of the Remuneration Codes in order to assess the risks that staff incentives, remuneration and performance management policies may pose to consumers.

Innovation and resilience

The line between fostering innovation and prudent regulation is difficult for regulators to walk. There is no doubt that technology plays a very important role in developing financial products and enhancing and improving business processes. Innovation is key to this development. However, the rate that such technologies are coming through leads to the potential for harm to the industry and its consumers, and places strain on regulators to set rules appropriate to their use. The FCA's work in this area focuses on ensuring that firms are more resilient and, as noted in the business plan for 2018/19, they intend to achieve this by strengthening their supervisory assessments of firms "to better understand their current and planned use of technology, resilience to cyber-attacks and staff expertise". This is with the aim of setting out clearly what the FCA expects of firms in this regard, with specific issues addressed with enforcement, where appropriate.

Cyber risk

Regulators are increasingly looking to companies and their directors to ensure that the proper systems and controls are put in place to manage and reduce the risk and to be more resilient and the FCA's business plan has it as a priority. The FCA intends to work with firms to achieve this aim and this includes assessing a firm's risk due to outsourcing and the use of third party providers.

To emphasise the importance with which boards should view cyber security, in mid-February 2018, the FCA published a joint update with the Information Commissioner's Office (ICO) on the incoming General Data Protection Regulation (GDPR), demonstrating their partnership in preparation for the GDPR. It was emphasised in the update that compliance with the GDPR is now a board level responsibility, and firms must be able to produce evidence to demonstrate the steps that they have taken to comply. Given that the fining powers of the ICO have increased significantly, this should be a concern for directors and their insurers.

Enforcement activity

FCA enforcement activity continues apace in the UK. A record number of investigations were opened during the 2016/17 period, perhaps in part due to the FCA's more open-minded approach to fact finding and information gathering. Andrew Green QC, in his report into the failure of HBOS, commented that the Financial Services Authority (FSA) (as it was then) took the view that any investigations it opened into HBOS would not result in a successful outcome so they were not started. Mark Steward, the FCA's Director of Enforcement and Market Oversight, said in a speech in September 2017 "...the function of an investigation is essentially diagnostic, to enable us to understand, when serious misconduct may be in issue, what has really happened and what we need to do about it... while all litigation we conduct should be premised on a proper investigation of the evidence, an investigation does not mean litigation is inevitable."

Whilst it should be noted that a higher percentage of investigations were concluded with no action being taken than in the previous period, the very fact of an FCA investigation presents a risk of subsequent enforcement action, regardless of how serious any misconduct uncovered is, and exposes insurance policies to claims for investigation costs in turn.

Any investigation into a firm also presents a risk to individuals working for that firm, particularly in light of the SM&CR, triggering claims to D&O policies as well. In theory, a comprehensive D&O policy should already cover SMRs - definitions of insured persons are quite broad under D&O policies and so would arguably already include those in an SMR function. Similarly, if the policy provides for investigation costs, then this should already address the potential actions against SMRs. Insurers may nevertheless receive broker requests to amend policies to expressly refer to SMR functions being covered.

Of course, whether the investigations in fact trigger investigation costs cover is policy and fact dependent. The FCA's ability to require information and documents is broad and is central to all of its investigative powers; there is little that the regulator cannot ask a firm for even where there is no exercise of compulsory or formal powers, and the FCA expects a high level of co-operation. It is not easy to challenge such requests and often counterproductive to do so. A frequently utilised tool is the Skilled Persons Report (section 166 reports). They can be burdensome on companies due to the level of cooperation required and the costs of these, which can be substantial, fall on the target company.

Factors impacting regulatory supervision and enforcement


Regulators increasingly have political agendas and one manifestation of that is that we see regulators getting expressly pressured by politicians, or political bodies, to open enquiries against people or entities they regulate.

Section 166 reports, for example, have been subject to numerous headlines recently as MPs mounted intense pressure on the FCA to account for its handling of a section 166 report into RBS's alleged mistreatment of struggling small businesses, whose accounts were moved into its restructuring unit. In February 2018, the Treasury Committee decided to make the un-redacted report public after months of public wrangling with the FCA, who had received the report in September 2016 but refused to publish it. These section 166 reports are usually confidential but Ms Morgan, Chair of the Treasury Committee, said there was "overwhelming" public interest in bringing transparency to this case and invoked parliamentary privilege.

Often times, this pressure is coupled with open criticism of the regulator. Both the FCA and the FRC were criticised in relation to their enforcement activity, or lack thereof, in relation to the collapse and state bailout of banking group HBOS which led to enquiries being initiated. The Treasury Committee's report stated "The regulators failed, both before and after the HBOS crisis...the HBOS experience calls for the FCA and the PRA to exhibit greater vigilance and energy if they are to win public confidence."

This increasing pressure placed on the FCA and other regulators to act could potentially lead to more enforcement action being taken in the future.

The UK's withdrawal from the EU

The FCA's business plan is littered with references to the impact of the UK's withdrawal from the EU with the foreword noting "The priorities in this year's Business Plan reflect the high level of resource we need to dedicate to EU Withdrawal, given its impact both on our regulation and on the firms we regulate. This inevitably affects the amount of work we can undertake in other areas. As a result, agreeing our 2018/19 priorities has involved particularly rigorous scrutiny and challenge." Brexit is costing the FCA a total of GBP 30m this year; the decision to leave the European Union will have a "substantial impact" on the way it works.

Cross-border collaboration

The past few years have seen an increase in global anti- corruption collaboration and enforcement, resulting in companies being sanctioned in more than one jurisdiction. This closer co-operation and intelligence sharing only increases the chances of a company and its directors being caught. By way of example, three ex-employees of Rolls- Royce's former Energy division have pleaded guilty to bribery and corruption offences in the United States District Court for the Southern District of Ohio Eastern Division. This followed parallel investigations by the US authorities and the UK's SFO into corruption and failure to prevent bribery in relation to the sale of energy systems and related services. It can be expected that such collaboration and cooperation between regulators will increase and firms and individuals may find themselves exposed in multi jurisdictions.


It is a challenging environment for financial institutions and their directors and officers; regulatory scrutiny and enforcement activity is only going in one direction. Whilst the UK is still some way behind the US, in terms of the level of enforcement activity and scale of penalties, the FCA is by no means a passive regulator but a force to be reckoned with.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on

Click to Login as an existing user or Register so you can print this article.

Similar Articles
Relevancy Powered by MondaqAI
In association with
Related Topics
Similar Articles
Relevancy Powered by MondaqAI
Related Articles
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Mondaq Free Registration
Gain access to Mondaq global archive of over 375,000 articles covering 200 countries with a personalised News Alert and automatic login on this device.
Mondaq News Alert (some suggested topics and region)
Select Topics
Registration (please scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of

To Use you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.


The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.


Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions