July 9, 2015

Credible deterrence: Enforcement trends in MENA and the exposures for regulated individuals

Following the 2008-09 financial crisis and scandals including PPI mis-selling and LIBOR manipulation, an enhanced focus has emerged from the UK regulator, the Financial Conduct Authority (“FCA”) on the behaviour and culture within financial institutions. The FCA is paving the way for a new regime, which uses "credible deterrence" by focusing on the responsibility of individuals in order to change compliance culture. In essence, the FCA has recognised that even large fines have failed to change the culture within banks so has shifted its focus to the senior individuals.

Financial institutions, senior management individuals within them (and their D&O Insurers) need to be alive to the shift in focus on individual conduct and the regulatory changes occurring under the FCA regime, monitor developments and be aware of the possibility that similar changes will occur in the near future within the Middle-Eastern regulatory regimes.

In this article, we look briefly at the changes underway in the UK and expected to be in force by March 2016. We look at the impact that this is likely to have within regulatory regimes in the Middle East international financial centres, such as the DFSA, the QFC and forthcoming Abu Dhabi Global Market, which are to an extent modelled on, and share information with, the FCA and other international regulators.

Changes in the UK

Following several recent scandals impacting consumers in the UK, the Parliamentary Commission on Banking Standards was appointed to carry out an inquiry into professional standards and culture within the UK banking sector. This resulted in a report published in 2013, which, in short, recommended an overhaul of the current FCA Approved Persons Regime and its replacement with a Senior Persons Regime whereby key responsibilities within banks would be assigned to specific individuals.

Last month, a consultation paper was published by the FCA setting out their proposals for a new Senior Manager's Regime in banking. This will focus on senior individuals who hold key roles, so that individual accountability will be clearer.

In order to have clear management and governance arrangements in place, an FCA-authorised firm will need to submit a "Management Responsibilities Map" detailing reporting lines and responsibilities, as well as identifying the relevant individuals with responsibility.

Authorised firms will need to prepare and submit a document called a "Statement of Responsibilities", setting out exactly what each senior manager is responsible for.

There will be a fit and proper certification process for more junior employees who have a direct relationship with customers and who could pose harm to them. It will be the responsibility of an authorised firm to assess the fitness and propriety of individuals.

Burden of proof – individual responsibility

Crucially, the proposals set out a change of approach by presuming the responsibility of senior management; it is proposed that when an authorised firm contravenes a relevant rule or requirement, the senior manager with responsibility (with reference to the submitted Statement of Responsibilities) in respect of which the contravention occurred will be guilty of misconduct, unless he/she can satisfy the regulator that he/she took such steps as a person in their position could reasonably be expected to have taken. This is a major change from the usual approach whereby the onus is on the regulator to prove that an individual’s conduct fell below the standard reasonably expected.

The above are some of the key changes proposed. Once this new regime comes into place, by 7 March 2016, there will be an increased focus on "leading from the top", management responsibility, and a focus on effective corporate governance.

The likely impact on regulatory regimes in the Middle East

We have seen an increased focus by the regulators in this region on the activities of financial institutions.

Regional regulators in the Middle East are increasingly focussed on the culture within those institutions and the conduct of management in nurturing effective governance and compliance.

Both the Qatar Financial Centre Regulatory Authority and the Dubai Financial Services Authority are, broadly, modelled on the UK (and European) regulatory authorities and regularly liaise, share know-how and best practice methods with them.

When bringing enforcement action against individuals, these regimes currently place the onus on the relevant regulator to prove how an individual's actions or conduct fell below the standard reasonably expected. This is in contrast to the new regime expected to come into place in the UK whereby the presumption of responsibility will shift the onus upon the individual. However, regional regulators will be watching the UK developments closely.

In September 2014, the DFSA carried out a thematic review of corporate governance amongst its regulated firms. The DFSA generally found a good level of compliance with statutory obligations, and that governance structures and arrangements generally reflected the nature, scale and complexity of businesses reviewed.

However, the DFSA noted that governance arrangements and responsibilities did not always align with business plans and strategy and that authorised firms often did not carry out structured, periodic reviews of their governing bodies and their committees, or their effectiveness.

There is already an increased focus by regional regulators on the responsibility of management individuals and implementing credible deterrence by attributing responsibility not just on firms, but also on individuals.

In contrast to early enforcement decisions issued by the DFSA, which focussed primarily on the conduct of the institutions, the recent (April 2015) decisions against Abdul Rahman Al Ansari and Anthony Robert D'Aniello and, separately, against Hany Abdelwahab are cases in point.

Ansari and D'Aniello were both banned for knowingly providing false, misleading and/or deceptive information and failing to deal openly with the DFSA. That was despite the fact that the firm had been sanctioned during an earlier investigation and was no longer operating in the DIFC. The DFSA referred to "the fundamental issues of unalienable responsibilities of the firm and the senior management" in rejecting a defence that relevant tasks had been delegated to junior staff. A fine and a three year ban was imposed on Abdelwahab for providing false, misleading and deceptive information to the DFSA and obstructing the DFSA's investigation. The DFSA concluded that this individual was not "fit and proper" and that he failed to act with integrity. A finding that these individuals are not "fit and proper" based on integrity issues will likely have an impact on their careers in any highly-regulated environment around the world.

Financial institutions, senior management individuals within them (and their D&O Insurers) need to be alive to the shift in focus on individual conduct and the regulatory changes occurring under the FCA regime, monitor developments and be aware of the possibility that similar changes will occur in the near future within the Middle-Eastern regulatory regimes. As the regimes develop, senior management individuals will need to ensure that they are taking an active role in managing their personal regulatory risk.