Stay in the know
We’ll send you the latest insights and briefings tailored to your needs
June 2023. An audience perches on the edge of their seats waiting for the first public words from the UK FCA's new Co-Head of Enforcement. The regulated community, and those who advise them, want to know what to expect from the new leadership and, importantly, what the new leadership expects from them.
As the speech begins, the headline message forms: Do the right thing. The audience relaxes – that's eminently reasonable, they can get on board with it. After all, who sets out to do the wrong thing?
But – not so fast – sure, it may sound straightforward, but what does it actually mean?
The concept of fairness has featured heavily in financial services regulation globally for a while, and certainly the challenge of interpreting fuzzy law isn't unique to firms in the UK. Admittedly, if regulatory expectations were clear-cut, there may be less for those of us who advise the financial sector to do! And, of course, it's impossible – and not necessarily desirable – to regulate for every eventuality.
Let's look at three areas where some regulators are currently doing a better job than others at making their expectations clear and at incentivising doing the right thing.
Credit for co-operation has long been a feature of financial services regulatory enforcement. In many jurisdictions, firms are expected to assist regulators as well as proactively report, investigate and remediate potential issues themselves. However, what constitutes sufficient co-operation, and how credit is calculated, is not always clear.
In the UK, the FCA's recent enforcement announcement in respect of Equifax Limited highlighted a 15% credit for "high level of co-operation during the investigation, the voluntary redress it offered to customers and the global transformation programme it instituted after the incident". The FCA also recently praised another firm for its voluntary steps to pay redress; referring to "very high levels" of co-operation, the FCA made a rare decision not to impose a financial penalty. The common thread in these decisions seems to be doing more than what is strictly required, but precisely what distinguishes "high level" from "very high levels" remains unclear.
In the US, CFTC Director Ian McGinley has made similar remarks with respect to co-operation credit: "If you self-report, fully co-operate, and remediate, it is likely you will receive a substantial reduction in the penalty that would otherwise be appropriate." The US SEC echoes the sentiment; commenting on its track record over 2023, SEC Director of the Division of Enforcement Gurbir S. Grewal said the SEC had "aggressively rewarded meaningful co-operation". Helpfully, recent SEC settlements have highlighted the type of action considered for credit for co-operation, and some useful themes emerge: prompt self-reporting; substantial assistance to SEC staff; and taking proactive, voluntary remedial measures. Nonetheless, there is still a lack of clarity on how co-operation credits are calculated.
In Hong Kong, regulated entities are given credit for proactively co-operating with regulatory investigations which allow regulators to allocate resources more efficiently and facilitate timely conclusion of investigations and enforcement. The Hong Kong regulators, including the Hong Kong Monetary Authority (HKMA) and the SFC, strive to enhance transparency of their enforcement process and provide specific guidance on what amounts to "substantial co-operation" which warrants reduced sanctions, how they measure co-operation, and the general principle for reducing the sanction imposed.
In Australia, 'doing the right thing' has also emerged as an important consideration in remediation programmes. ASIC Deputy Chair, Karen Chester, has recently called on licensees to be "proactive, timely and fair" in consumer remediation, flagging that ASIC will "consider regulatory action where licensees fail to deliver fair and timely remediation to affected consumers".
Although there is room for improvement around transparency, it is clear that, in the enforcement context, credit is given for co-operation. However, in other areas, 'doing the right thing' is not always rewarded. Take the example of the global fight against fraud.
We traversed the global regulatory landscape relating to scams in our recent publication Trust Matters. But it is particularly interesting to contrast the current positions in the UK and in Singapore.
In 2019, the UK's largest banking groups established a voluntary code under which they committed to reimbursing victims of authorised push payment fraud where the customer met the standards expected of them under the code. The voluntary code has been co-opted by the UK payments regulator and is due to become obligatory in 2024. However, in placing all liability and responsibility on firms in the financial sector, the statutory formalisation of the code risks letting other sectors and consumers off the hook.
Hardly an incentive for others to do the right thing.
In Singapore, while the proposed new regime for fraud reimbursement (the Shared Responsibility Framework for Phishing Scams) is not equivalent in scope to the UK regime, it recognises an ecosystem of fraud whereby others in the chain of a fraud, such as telecoms providers and even consumers, may have a share of responsibility. The proposed regime provides clarity on respective duties.
Global Head – Financial Services Regulatory, London
Partner, New York
Senior Consultant, Hong Kong
Senior Associate, Prolegis LLC, Singapore
Senior Associate, Sydney
Associate, Hong Kong
The contents of this publication are for reference purposes only and may not be current as at the date of accessing this publication. They do not constitute legal advice and should not be relied upon as such. Specific legal advice about your specific circumstances should always be sought separately before taking any action based on this publication.
© Herbert Smith Freehills 2024