Directors’ and Officers’ Liability Survey 2023

The FCA tackle unauthorized business to improve consumer protection

In GB, the Financial Conduct Authority (FCA) enforcement activity continues to be a substantial exposure for companies and D&Os. Specific target areas for the FCA are tackling unauthorised business and unsuitable advice (especially in the pensions arena) in its general push to improve consumer protection ahead of the incoming Consumer Duty. In addition, actions relating to failures in systems and controls are increasingly common, with significant penalties imposed on both companies and senior management for a range of failures.

Financial crime continues to be a priority, with the FCA utilising all powers at its disposal, including its criminal powers, successfully securing a prosecution against a large bank and imposing a substantial fine, in addition to announcing that it has charged directors who were allegedly operating a scheme to defraud investors (trial is imminent). Corporate criminal liability reforms are also being debated, though whether these will result in more actions against directors remains to be seen.

Crypto climbs up the regulatory agenda

As with other jurisdictions, ESG (which will be discussed in more detail in a separate article) and crypto regulation have moved up the regulatory agenda. In the latter regard, in February 2023, HM Treasury published a consultation paper on the UK regulatory approach to cryptoassets, looking at the risks and opportunities and how the sector could be regulated. The market is still in its infancy and many concerns have been noted, not least of which is the potential use of crypto exchanges to launder money and finance sanctioned entities (the FCA is proactively applying its powers to refuse or withdraw applications for authorisations of such exchanges). Risks for D&Os will likely lie in disclosures, making sure the risks are adequately captured and reported on. There may also be risks in accepting crypto as payment, especially given its notorious volatility. In the M&A space, due diligence must be conducted carefully to understand the potential risks the company is taking on which could expose the company and its D&Os to a range of actions, including regulatory investigations.

Download the full article

With the GDPR having been in force for a few years now, companies and D&Os have witnessed the significant fines that can be levied by data protection authorities following a breach and the law is still developing on claims from data subjects. In addition, the first party costs following a breach can be considerable and there is the prospect of third-party claims. Cybersecurity is, of course, of paramount importance but it can be very challenging to keep pace with the ways and means that attacks are perpetrated, meaning that regulatory actions for systems and controls failures (which have been a keen focus for financial regulators in recent years) can be added to the risk landscape.

Regulatory risk, more generally, continues to be of concern, and with good reason. In recent years there has been heightened scrutiny by more proactive and aggressive regulators (whose enforcement activity has largely rebounded following the pandemic), ever increasing regulatory requirements and a keen focus on holding wrongdoers to account. Regulators continue to focus on tackling financial crime and market abuse, improving consumer protection, as well as having an increasing emphasis on ESG, including climate related risks, and crypto regulation. We can expect to see regulators flexing their powers in due course in relation to these emerging risks.

It is clear from the survey that D&Os are also apprehensive about criminal risks – both falling foul of criminal laws and organisations being a victim of crime, such as cybercrime. The risk of health and safety prosecutions came fifth on the top seven list. Companies are under a duty to do all that is reasonably practicable to protect the health and safety of their employees and to provide a safe workplace. Failures in this regard can lead to significant fines being imposed and, in some cases, prison sentences handed out where there has been a particularly egregious failure. In England and Wales, D&Os can face prosecution if the offence has been committed with the consent, connivance, or neglect of the director(s) in question and many other jurisdictions carry similar provisions. Like most other public sector bodies, prosecuting authorities built up a backlog of cases during the pandemic which are now being brought to fruition, leading to high levels of activity. We shall have to see if these levels will be sustained or will taper off once there is some distance from the pandemic.

Bribery and corruption investigations are costly and often cross border, and prosecutors have been cooperating on an international level to stamp out the behaviour. In addition to direct offences, some jurisdictions, such as the UK, have enacted “failure to prevent” criminal offences for corporations, which could result in follow-on prosecutions for D&Os in the pursuit of a deferred prosecution agreement.

What the top seven list clearly show is that D&Os are faced with a range of challenging exposures, which could lead to significant consequences. Risk management and the implementation of adequate systems and controls are key to preventing and mitigating these risks.

Download the full article

Navigating an ever-changing sanctions landscape can be challenging for companies and their D&Os and it is no surprise that the risk of breaching sanctions has leapt into the top seven risks for those in financial services, especially the largest of companies within that sector.

Whereas trade sanctions target particular goods, a major component of financial sanctions are asset freeze measures, which freeze the assets of designated individuals and entities determined to have engaged in malign conduct. These measures will typically contain a prohibition imposed on all natural and legal persons within the relevant jurisdiction from making funds or economic resources available to, or for the benefit of, designated individuals and entities. Such prohibitions generally also apply to entities that are owned and/or controlled by designated persons despite such entities not themselves being expressly designated. Violation of asset freeze prohibitions can result in significant fines, unfavourable press and, in some cases, the violator itself becoming designated. 

Download the full article