RegTech Intelligence 
2013 has been a year for record-breaking fines; record-breaking not just in terms of their size but also who was fined and why. JP Morgan’s $13 billion penalty marks the high-point of what has been regulators’ enforcement policy to date: ex post, broad brush example-making. In this way, though the size of it was shocking in some circles, it was by-and-large unsurprising – inadequate controls was the reasoning, but specific practices or individuals went mostly unnamed.
However, two other fines in particular caught our attention this year: TD Bank’s $900 million AML fine, for breaches of the 1970 Bank Secrecy Act, raised eyebrows in that it marked a significant penalty for a non-Tier 1 bank. The bank’s alarms had been triggered a number of times, which turned out to be evidence of a large Ponzi scheme, but staff had taken no action to alert regulators. Not only did this show that compliance has to be a positive act, and that doing nothing is no longer an option where controls are required, but also that regulators are keen to look tough on institutions at all levels, not just the large sell-side.
This trend continued with the €6.2 million fine of a French trader in October. The offence was a fairly standard case of insider trading, on a takeover by SNCF, but the fine was the largest ever handed out by the AMF. Again, this demonstrates how regulators are getting more micro and more targeted with their historical supervision tactics, which is bad news for the corporates newly enfranchised under EMIR.
But what firms really want to know is how tactics will change in the future and when new rules will be enforced? The most immediate question surrounds EMIR enforcement. The passage of several recent deadlines has gone relatively quietly, despite the fact that many are still struggling to achieve compliance.
Here we have a degree of certainty as to the size of fines, but less as to when fines will be levied. The Commission maintains a list of notifications from national regulators under EMIR Article 12. This shows that there is a huge variation in the levels fines are set at. For instance, while Italy can only levy up to €250,000 in a single fine, Sweden can levy the equivalent of €5.5 million. Meanwhile, other regulators, including the FCA, are keeping their cards close to their chest as far as the amount of fines goes: The amendments to the Decision Procedure and Penalties manual (DEPP) only say that the FCA will impose a financial penalty ‘of such amount as it considers appropriate’ for breaches of EMIR, meaning that firms are left in the dark.
On the question of when fines are likely to start hitting, the FCA conceded at a recent conference that, partly based on the US’ experience, it did not expect firms’ compliance with new trade reporting requirements to be seamless from day one. However, as always, it caveated this comforting statement with a warning that only where non-compliance occurred in good faith, and the regulator had been alerted in advance, would it allow transgressions in this area. This suggests that the FCA will be looking for non-compliance from as early as February and firms would do well to beware that, though fines may not be forthcoming any time soon, the case against them could already be being built.
But possibly more disturbing for firms is the move away from financial penalties to the much-talked-about regime of individual accountability. In the UK this has taken three main forms: Firstly, the new practice of seeking attestations from senior managers, personally certifying that their particular domain within the firm is compliant. This creates a map for the FCA whereby they can tie individuals to particular instances of non-compliance, which is clearly dangerous for the individuals providing the attestations.
Secondly, the move from the approved persons regime to a licensing regime for deposit-taking institutions, following the recommendations of the Parliamentary Committee for Banking Standards, will require additional paperwork and possibly more time spent on professional development. Finally, potentially the biggest change in terms of individual accountability is the introduction of the offence of ‘reckless misconduct’. This is being introduced as part of the Banking Reform Bill, to which amendments are still being made, but we will soon have greater clarity as to who this charge can affect and when.
At the European level, there has been significant development in the market abuse regime, with the adoption of MAR (MAD is being held back pending the finalisation of MiFID II). MAR extends individual liability for market abuse offences in a number of different ways, including bringing more instruments into scope (which instruments depends on MiFID II) and more activities, including: manipulation of benchmarks, attempted insider dealing and cancellation/amendment (rather than just the placing) of orders on the basis of insider information. It also places an onus on back office professionals to prevent market abuse through in-built controls and so greatly expands liability in that part of the business.
Based on all of this, we are seeing a much greater push towards individual liability in the New Year. How this approach will dovetail with broader enforcement action against firms is ambiguous, and has to be read from between the lines of regulators’ statements. What we do know is that the stick is bigger than ever, and woe betides the firm that tries its luck first.