Insights

24 January 2023

Investigations & Enforcement Trends 2023: A Perfect Storm for Regulatory Enforcement

Introduction

Against a backdrop of growing economic uncertainty, geopolitical instability and the ongoing readjustment to the post-pandemic world, 2022 marked a year of heightened regulatory activity in the UK from a range of regulators including the Financial Conduct Authority (“FCA”), Prudential Regulatory Authority (“PRA”) and Office of Financial Sanctions Implementation (“OFSI”).

The FCA issued 26 fines in 2022 compared with 10 in 2021, whilst the total value of fines fell from £567.7 million in 2021 to £215.8 million last year.1,2 The UK appetite, however, for boosting its enforcement grip shows no signs of abating with the FCA issuing two fines already this year. We therefore predict a challenging year ahead as regulators continue to increase the scope and breadth of their investigations reach. This article focuses on the 10 key areas which have generated attention in the past year and the trends we expect to see in 2023.  

1. AML Systems and Controls

Unsurprisingly, significant regulatory action in this area continued in 2022 with the FCA imposing its highest penalty of the year with the £107.7 million fine on Santander UK plc (following a 30% discount) for repeated AML failures, including ongoing KYC monitoring failures and failing to promptly deal with ‘red flags’ associated with suspicious activity.3 This penalty highlights the serious enforcement steps the FCA is prepared to take in dealing with AML issues following the fines imposed on HSBC Bank plc for £63.9 million in 2021, its dual-track criminal and civil investigation which led to NatWest Bank plc being fined £264.8 million in 2021 and the £102.2 million fine on Standard Chartered Bank in 2019.4 The FCA has already opened 2023 with two further fines (Al Rayan Bank (£4.02 million)5 and Guaranty Trust Bank (£7.6 million)6 ) for AML breaches, again underlining its interest in this area which we predict will continue apace this year.

2. Sanctions

Sanctions remain at the forefront of the international agenda, particularly with the expansion of sanctions against Russia following the Ukraine invasion, in addition to ongoing sanctions against Libya, Syria, Iran and Afghanistan. This has put particular strain on the UK regime.  Despite receiving at least 729 reports of potential financial sanctions breaches since April 2017, OFSI has handed out only eight fines, with only two exceeding £45,000.7 There is growing political pressure to turn this around, which we expect will be assisted by:

  • Greater enforcement powers: The Economic Crime (Transparency and Enforcement) Act 2022 gives OFSI powers to impose fines on a strict liability basis for financial sanctions breaches.8
  • Expanding resources: OFSI published its annual review for April 2021-August 2022 in November 20229 outlining its expectation of more than doubling the number of its employees in 2022, boosting its resources for 2023.
  • Closer domestic coordination: Greater OFSI activity can be expected to encourage other UK regulators to coordinate with OFSI and prioritise the consequences of sanctions breaches, with the FCA scrutinising appropriate systems and controls and the National Crime Agency monitoring criminal activity.
  • Improved international cooperation: OFSI and the US Office of Foreign Assets Control announced their intention in October 2022 to enhance their relationship and improve information sharing, as well as coordinating more closely with key international allies.10

“Sanctions remain at the forefront of the international agenda, particularly with the expansion of sanctions against Russia following the Ukraine invasion”

3. Market Abuse

Market manipulation and market abuse, including firms’ failures to ensure appropriate systems in place to detect such activity, continues to be an area ripe for regulatory scrutiny. Tough economic times often give rise to increased illegal activity and firms are expected to be in a position to detect and monitor this and ensure there is management oversight and appropriate systems and controls are in place. The FCA has invested in a significant upgrade in its market surveillance systems to enable the regulator to keep pace with evolving market abuse techniques and take advantage of advancements in big data analytics.11

In August 2022, the FCA fined Citigroup Global Markets Limited £12.6 million in August 2022 for failing to properly implement the Market Abuse Regulation (MAR) trade surveillance requirements relating to the detection of market abuse.12 In Q4 December 2022, the FCA imposed a series of fines of £0.5 million on Sigma Broking Limited for failing to make reports crucial in fighting potential market abuse, and £4.8 million on BGC Brokers LP, GFI Securities Limited and GFI Brokers Limited for failing to ensure they had appropriate systems and controls in place to effectively detect market abuse.13

A related area to look out for is enforcement action tied to personal account dealing. The FCA has observed higher levels of personal dealing since the onset of the COVID-19 pandemic. Suspicious personal account dealing is likely to continue to be probed by the FCA, leading to actions against individuals for their breaches and associated scrutiny of firms’ controls in this area, including a firm’s monitoring and response to any failure by employees to adhere to these controls.

Furthermore, the FCA also remains open to investigating any misleading statements to the market in breach of the Financial Services and Markets Act 2012 and ensuring prosecutions are taken forward (e.g., Redcentric).14

“A related area to look out for is enforcement action tied to personal account dealing. The FCA has observed higher levels of personal dealing since the onset of the COVID-19 pandemic.”

4. Resilience

Both the FCA and PRA imposed large fines in relation to operational risk management in 2022. For instance, the FCA fined TSB Bank plc £29.75 million and the PRA fined TSB Bank plc £18.9 million for operational risk management and government failures after the firm was found to have failed to plan for its IT migration properly.15 This decision highlights the need for firms to ensure there is appropriate project governance, reasonable care to organise and control a firm’s affairs responsibly and effectively and ensuring adequate risk management systems are in place.

The FCA and PRA focus on operational resilience is unsurprising given the increasing threat and impact of cyber-attacks (particularly since the Russian invasion of Ukraine) and the ongoing reliance on IT systems in conducting business particularly as work from home remains commonplace.16 Given the repeated FCA warnings about this risk and mention in the FCA’s strategy paper for 2022-2025, firms should be aware of the threat of enforcement action.

5. Affordability

Against the backdrop of the implementation of the new Consumer Duty17 and the UK’s cost of living crisis, we expect the FCA to be particularly focussed on affordability and vulnerability. This is not a new area for the FCA. In June 2022, TFS Loans Limited was fined £0.8 million due18 to deficient affordability checks in which it failed to gather sufficient information of guarantors’ financial circumstances, and which followed the penalty for Barclays Bank plc in 2020.19 However, the FCA has reemphasised its interest in this area, in 2022 publishing multiple “Cost of Living” publications and sending various ‘Dear CEO’ letters to over 3,500 firms reminding them of their obligations.20

6. Unauthorised Communication Channels

We predict greater enforcement activity in relation to monitoring record-keeping systems following high profile US enforcement penalties. This issue has been long-standing following the growing use of chat forums such as WhatsApp, Signal and Telegraph by businesses and clients, proliferating against the backdrop of sudden pandemic working from home changes.  The U.S. Securities and Exchange Commission took the lead on clamping down in 2022, with 16 major US and European financial firms, both banks and brokers including major US and European headquartered banks, setting aside a combined amount of over $2 billion to cover anticipated fines for the use of unauthorised messaging platforms to exchange confidential communications amongst employees.21 It has been reported that this has sparked the interest of the FCA, which has already been vocal about its expectations to have appropriate systems and controls in place.22

7. Cryptocurrencies

The collapse of FTX at the end of 2022 along with the high-profile arrest of the former CEO and founder, Sam Bankman-Fried, has sent shockwaves through the crypto industry which we expect will ripple into 2023. US regulators started 2023 issuing their first ever joint warning to banks over the risks associated with the cryptocurrency market, including the risk of fraud and misleading disclosures by digital asset firms.23 The incoming FCA Chair, Ashley Alder (the current chief executive of Hong Kong’s Securities & Futures Commission) due to take over in February, has also already raised concerns regarding the money laundering risk posed by crypto-firms, highlighting his belief that the cryptocurrency ecosystem creates risk that requires further regulation from government.24

Any cryptoasset business operating in the UK must now be registered with the FCA for the purposes of the Money Laundering Regulations but fewer than 40 (of the 270 applications for registration) have been approved, meaning that the vast majority of cryptoasset businesses that had been hoping to operate in the UK have shut down, moved abroad or are operating illegally.

We expect regulators to be particularly alive to this area to protect consumers and avoid further contagion. We predict a move closer to regulation of cryptoassets in 2023.

“We predict greater enforcement activity in relation to monitoring record-keeping systems following high profile US enforcement penalties.”

8. ESG

In the face of growing social and political focus on climate change and its related consequences, we expect ongoing enhanced regulatory scrutiny. For instance, the FCA ended 2022 by announcing an ESG Advisory Committee to its Board to focus on ESG priorities,25 and more is expected following the closure of their consultation in the first half of 2023 on Sustainability Disclosure Requirements and investment labelling.26

The consultation paper includes a detailed labelling, disclosure and naming, and marketing regime regarding sustainability-related products in financial markets for asset managers and investment distributors. The consultation paper makes clear that the FCA’s current attitude towards ESG and sustainability-related claims is relevant to all regulated firms, not just those directly impacted by the proposed new rules. Critically, the proposals will be accompanied by the FCA “stepping up its supervisory engagement on sustainable finance and enhancing its enforcement strategy.”27

It is the FCA’s view that the proposed new general ‘anti-greenwashing’ rule merely reiterates regulated firms’ obligations – to ensure communications are clear, fair and not misleading – which already apply in respect of sustainability claims under the FCA’s ‘Principle 7’ and section 4.2.1 of its conduct of business sourcebook (COBS). As a result, firms should not assume that the FCA will wait until 30 June 2023 to review or take enforcement action against suspected greenwashing.

We expect there to be a further clampdown on greenwashing from both the FCA and the Competition and Markets Authority, as well as greater guidance from the FCA on approaches to ESG data and monitoring ESG-related disclosures, with heightened focus on directors’ and senior managers’ accountability for any failings in their ESG duties.

“We expect there to be a further clampdown on greenwashing from both the FCA and the Competition and Markets Authority, as well as greater guidance from the FCA on approaches to ESG data and monitoring ESG-related disclosures…”

9. Non-Financial Misconduct

Whilst communicating regularly on non-financial misconduct as a topic, enforcement activity by the FCA has been low. However, a big question remains over when regulatory action is justified.

The Upper Tribunal’s decision in Frensham reinforced the FCA’s obligation to consider whether failings of personal integrity, particularly outside the workplace, also amount to failings of professional integrity which could harm market integrity and consumer protection. In this decision, the Upper Tribunal effectively reined in the FCA from making the assumption that non-work-related misconduct is relevant to an individual’s fitness and propriety to perform a regulated function.

The most recent decision by the FCA in Zahedian in November 2022 muddies the waters further in that the FCA prohibited Mr. Zahedian from working in financial services, having attacked a security guard at a bar with a machete,28 apparently not only on the basis of an assessment of Mr. Zahedian’s fitness and propriety but also on an assessment of his “character” (although “character” is not referenced in the FCA’s FIT Handbook).

What is clear is that the FCA is keen to put its stamp on this area. Further guidance is expected in 2023.

10. Culture

We also expect to see ongoing attention to improving workplace culture and outcomes on ongoing enforcement.29

While enforcement actions against individuals under the Senior Managers and Certification Regime (“SMCR”) are rare, recent FCA enforcement notices have criticised both Boards and senior managers who fail to meaningfully engage with business risks. Further, while HM Treasury may have announced a review of the SMCR as part of its deregulation package dubbed the ’Edinburgh Reforms’30 with a focus on its “effectiveness, scope and proportionality”, sweeping changes seem unlikely, particularly when prior FCA and PRA reviews concluded that the SMCR has been successful in helping ensure senior individuals take “greater responsibility for their actions”, driving up both standards of conduct and improving conduct within the financial services industry31

Conclusion

Changes are afoot which may impact the direction of our financial regulators in 2023 with changes in leadership at our regulators and the ’Edinburgh Reforms’. Some may say all bets are on in terms of the key regulatory areas which will be prioritised, but, overall, our prediction is that the economic and political landscape, both domestic and international, is creating an environment for a perfect storm of heightened regulatory activity in the UK in 2023.

Navigating this enforcement environment will continue to raise real challenges for regulated firms and their in-house legal teams in 2023 and beyond. Watch this space for updated guidance as we continue to monitor investigations and regulatory enforcement trends.

“Changes are afoot which may impact the direction of our financial regulators in 2023 with changes in leadership at our regulators and the ’Edinburgh Reforms’.”

Authors

Legal Updates Subscription Form

Back to Journal