|
The UK’s Upper Tribunal (the “Tribunal”) recently has overturned the decision of the Financial Services Authority (“FSA”) to fine John Pottage £100,000 for failing to comply with his regulatory obligations while he was chief executive and compliance officer of two FSA regulated UBS companies (“UBS”).
The Tribunal found that Pottage did not commit regulatory misconduct and directed the FSA to discontinue its action. The FSA complied with this direction on 23 April 2012 when it made a public announcement, which has the effect of exonerating Pottage.
The Tribunal’s decision is a welcome one for individuals who perform senior roles in UK-regulated financial services businesses. The Tribunal required clear evidence from the FSA that it was reasonable to have expected Pottage, upon his appointment in September 2006, to launch an immediate review of the effectiveness of the relevant business area’s risk and governance standards. The Tribunal decision shows that Pottage did all he reasonably could to assess the situation and then order a review in July 2007, several months after his appointment.
Senior individuals working in business and risk management functions frequently have tough calls to make on the timing of reviews and the appropriate responses to business issues. The Tribunal’s decision makes clear that they are expected to act reasonably and should not be held personally culpable in the absence of clear evidence to the contrary.
Nevertheless, the FSA has said that the Tribunal’s decision will not deter it from pursuing similar actions against senior managers in the future. Senior managers will want to take appropriate steps to protect themselves from the possibility of an FSA investigation. Therefore, we expect that more senior managers will take advice on how they should be seen to be dealing with business and compliance issues and how they should paper their resulting decisions. Although it may be burdensome, it is advisable for senior managers and compliance officers to ensure that they document the considerations that accompanied their decisions on important regulatory issues.
The FSA Findings the Tribunal Overturned
The FSA alleged that Pottage failed “to take reasonable steps to identify and remediate the serious flaws in the design and operational effectiveness of the governance and risk management frameworks”. This was argued to be a breach of Statement of Principle 7 of the FSA’s Statements of Principle for Approved Persons (“APER”) which requires “an approved person performing a significant influence function to take reasonable steps to ensure that the business of the firm for which he is responsible complies with the relevant requirements and standards of the regulatory system”. The FSA argued that upon becoming chief executive in September 2006 Pottage should have initiated a “comprehensive bottom-up review of systems and controls across the whole business” because there were “serious flaws” in the governance and risk management frameworks. The review that took place in July 2007 was too late because by then a series of new compliance failings was emerging. These included allegations of payment fraud, breach of client money rules, noncompliance with withholding tax obligations and unauthorised trading.
In order to comply with his regulatory obligations, the FSA argued that Pottage should have:
-
carried out an adequate initial assessment of the business as soon as he became CEO;
-
questioned the assurances he received that there were no fundamental deficiencies with the design and operation of risk management and governance procedures. The FSA said that he should not simply have accepted what he was told and should have verified the sources of information and assurance;
-
carried out a continuous process of monitoring that would have allowed him to appreciate sooner than he did, in the face of a series of “warning signals,” that there were serious flaws in compliance risk frameworks; and
-
recognised that there were fundamental deficiencies and implemented an operational risk review sooner.
Pottage’s meetings and discussions with risk and compliance staff, group internal audit, the COO and regional head of risk and compliance functions were believed by the FSA to be insufficient.
The Tribunal’s Decision
The Tribunal found that the FSA did not establish its case of regulatory misconduct against Pottage, although it accepted that there were “serious flaws” in the operational effectiveness of UBS’ risk management systems, which had led to UBS itself being fined.
FSA rules provide that an approved person only will be in breach of a Statement of Principle where he is personally culpable, i.e. his conduct was “deliberate” or below that which is reasonable in all circumstances. However, the FSA did not allege that Pottage’s conduct was deliberate or that simply because matters went wrong while Pottage was CEO, there had been a failure to take “reasonable care.” The FSA had to prove to the Tribunal that the appropriate time for instituting the operational review was before the time that Pottage initiated it in July 2007.
The Tribunal’s view was that:
-
on the basis of the evidence, Pottage did take an active role in meetings with the risk and management committees and reasonably accepted the assurances he received;
-
there was insufficient evidence apparent to Pottage that there were flaws that needed him to “dig deeper” in challenging his team; and
-
there was insufficient evidence apparent to Pottage that called for a major systematic overhaul of UBS’ systems and controls — the “warning signals” should not have prompted, as a reasonable response, the institution of a systematic overhaul.
-
Although Pottage was in a position of influence, the Tribunal accepted that he “did not have the authority to make changes to the governance and risk management frameworks”. The Tribunal also noted that no one else in UBS risk or compliance had suggested that it was necessary to carry out a wider review of systems and controls.
|
