Investigations & Enforcement Trends 2023: A Perfect Storm for Regulatory Enforcement

1. AML Systems and Controls

Unsurprisingly, significant regulatory action in this area continued in 2022 with the FCA imposing its highest penalty of the year with the £107.7 million fine on Santander UK plc (following a 30% discount) for repeated AML failures, including ongoing KYC monitoring failures and failing to promptly deal with ‘red flags’ associated with suspicious activity.³ This penalty highlights the serious enforcement steps the FCA is prepared to take in dealing with AML issues following the fines imposed on HSBC Bank plc for £63.9 million in 2021, its dual-track criminal and civil investigation which led to NatWest Bank plc being fined £264.8 million in 2021 and the £102.2 million fine on Standard Chartered Bank in 2019.⁴ The FCA has already opened 2023 with two further fines (Al Rayan Bank (£4.02 million)⁵ and Guaranty Trust Bank (£7.6 million)⁶ ) for AML breaches, again underlining its interest in this area which we predict will continue apace this year.

3. Market Abuse

Market manipulation and market abuse, including firms’ failures to ensure appropriate systems in place to detect such activity, continues to be an area ripe for regulatory scrutiny. Tough economic times often give rise to increased illegal activity and firms are expected to be in a position to detect and monitor this and ensure there is management oversight and appropriate systems and controls are in place. The FCA has invested in a significant upgrade in its market surveillance systems to enable the regulator to keep pace with evolving market abuse techniques and take advantage of advancements in big data analytics.¹¹

In August 2022, the FCA fined Citigroup Global Markets Limited £12.6 million in August 2022 for failing to properly implement the Market Abuse Regulation (MAR) trade surveillance requirements relating to the detection of market abuse.¹² In Q4 December 2022, the FCA imposed a series of fines of £0.5 million on Sigma Broking Limited for failing to make reports crucial in fighting potential market abuse, and £4.8 million on BGC Brokers LP, GFI Securities Limited and GFI Brokers Limited for failing to ensure they had appropriate systems and controls in place to effectively detect market abuse.¹³

A related area to look out for is enforcement action tied to personal account dealing. The FCA has observed higher levels of personal dealing since the onset of the COVID-19 pandemic. Suspicious personal account dealing is likely to continue to be probed by the FCA, leading to actions against individuals for their breaches and associated scrutiny of firms’ controls in this area, including a firm’s monitoring and response to any failure by employees to adhere to these controls.

Furthermore, the FCA also remains open to investigating any misleading statements to the market in breach of the Financial Services and Markets Act 2012 and ensuring prosecutions are taken forward (e.g., Redcentric).¹⁴

6. Unauthorised Communication Channels

We predict greater enforcement activity in relation to monitoring record-keeping systems following high profile US enforcement penalties. This issue has been long-standing following the growing use of chat forums such as WhatsApp, Signal and Telegraph by businesses and clients, proliferating against the backdrop of sudden pandemic working from home changes.  The U.S. Securities and Exchange Commission took the lead on clamping down in 2022, with 16 major US and European financial firms, both banks and brokers including major US and European headquartered banks, setting aside a combined amount of over $2 billion to cover anticipated fines for the use of unauthorised messaging platforms to exchange confidential communications amongst employees.²¹ It has been reported that this has sparked the interest of the FCA, which has already been vocal about its expectations to have appropriate systems and controls in place.²²

7. Cryptocurrencies

The collapse of FTX at the end of 2022 along with the high-profile arrest of the former CEO and founder, Sam Bankman-Fried, has sent shockwaves through the crypto industry which we expect will ripple into 2023. US regulators started 2023 issuing their first ever joint warning to banks over the risks associated with the cryptocurrency market, including the risk of fraud and misleading disclosures by digital asset firms.²³ The incoming FCA Chair, Ashley Alder (the current chief executive of Hong Kong’s Securities & Futures Commission) due to take over in February, has also already raised concerns regarding the money laundering risk posed by crypto-firms, highlighting his belief that the cryptocurrency ecosystem creates risk that requires further regulation from government.²⁴

Any cryptoasset business operating in the UK must now be registered with the FCA for the purposes of the Money Laundering Regulations but fewer than 40 (of the 270 applications for registration) have been approved, meaning that the vast majority of cryptoasset businesses that had been hoping to operate in the UK have shut down, moved abroad or are operating illegally.

We expect regulators to be particularly alive to this area to protect consumers and avoid further contagion. We predict a move closer to regulation of cryptoassets in 2023.

8. ESG

In the face of growing social and political focus on climate change and its related consequences, we expect ongoing enhanced regulatory scrutiny. For instance, the FCA ended 2022 by announcing an ESG Advisory Committee to its Board to focus on ESG priorities,²⁵ and more is expected following the closure of their consultation in the first half of 2023 on Sustainability Disclosure Requirements and investment labelling.²⁶

The consultation paper includes a detailed labelling, disclosure and naming, and marketing regime regarding sustainability-related products in financial markets for asset managers and investment distributors. The consultation paper makes clear that the FCA’s current attitude towards ESG and sustainability-related claims is relevant to all regulated firms, not just those directly impacted by the proposed new rules. Critically, the proposals will be accompanied by the FCA “stepping up its supervisory engagement on sustainable finance and enhancing its enforcement strategy.”²⁷

It is the FCA’s view that the proposed new general ‘anti-greenwashing’ rule merely reiterates regulated firms’ obligations – to ensure communications are clear, fair and not misleading – which already apply in respect of sustainability claims under the FCA’s ‘Principle 7’ and section 4.2.1 of its conduct of business sourcebook (COBS). As a result, firms should not assume that the FCA will wait until 30 June 2023 to review or take enforcement action against suspected greenwashing.

We expect there to be a further clampdown on greenwashing from both the FCA and the Competition and Markets Authority, as well as greater guidance from the FCA on approaches to ESG data and monitoring ESG-related disclosures, with heightened focus on directors’ and senior managers’ accountability for any failings in their ESG duties.

9. Non-Financial Misconduct

Whilst communicating regularly on non-financial misconduct as a topic, enforcement activity by the FCA has been low. However, a big question remains over when regulatory action is justified.

The Upper Tribunal’s decision in Frensham reinforced the FCA’s obligation to consider whether failings of personal integrity, particularly outside the workplace, also amount to failings of professional integrity which could harm market integrity and consumer protection. In this decision, the Upper Tribunal effectively reined in the FCA from making the assumption that non-work-related misconduct is relevant to an individual’s fitness and propriety to perform a regulated function.

The most recent decision by the FCA in Zahedian in November 2022 muddies the waters further in that the FCA prohibited Mr. Zahedian from working in financial services, having attacked a security guard at a bar with a machete,²⁸ apparently not only on the basis of an assessment of Mr. Zahedian’s fitness and propriety but also on an assessment of his “character” (although “character” is not referenced in the FCA’s FIT Handbook).

What is clear is that the FCA is keen to put its stamp on this area. Further guidance is expected in 2023.

10. Culture

We also expect to see ongoing attention to improving workplace culture and outcomes on ongoing enforcement.²⁹

While enforcement actions against individuals under the Senior Managers and Certification Regime (“SMCR”) are rare, recent FCA enforcement notices have criticised both Boards and senior managers who fail to meaningfully engage with business risks. Further, while HM Treasury may have announced a review of the SMCR as part of its deregulation package dubbed the ’Edinburgh Reforms’³⁰ with a focus on its “effectiveness, scope and proportionality”, sweeping changes seem unlikely, particularly when prior FCA and PRA reviews concluded that the SMCR has been successful in helping ensure senior individuals take “greater responsibility for their actions”, driving up both standards of conduct and improving conduct within the financial services industry³¹