Publication
Pensions Regulator launches innovation support service
On May 19, 2025, the Regulator launched a new support service which it says will “unlock” pensions industry innovation with the aim of boosting saver outcomes.
United Kingdom | Publication | November 2019
There has been a dramatic increase in regulatory reporting obligations, in step with an increase in investigations and enforcement actions. This shifting regulatory focus brings both risks and opportunities for firms: reputationally, operationally and financially. UK firms operating in the retail and wholesale sectors need to be aware of the trends and ensure that they have appropriate arrangements in place.
In order to identify market risks and institutional shortcomings, regulators need timely and accurate data from financial services firms. There has been a dramatic increase in regulatory reporting obligations, in step with an increase in investigations and enforcement actions in which firms’ governance, systems and controls that are designed to meet these obligations are being scrutinised.
This shifting regulatory focus brings both risks and opportunities for firms: reputationally, operationally and financially. There have been significant regulatory interventions and fines in both the retail and wholesale sectors, which amplify the need for UK firms operating in these areas to be aware of the trends and ensure that they have appropriate arrangements in place.
A firm’s risk culture is ultimately shaped by the core values, expectations and behaviours set by its board and senior managers. With the extension of the senior managers and certification regime (SMCR) to all authorised firms, there has been a shift to more integrated governance arrangements to ensure more effective oversight of every area within a firm. A greater emphasis on individual accountability and clear reporting lines means that the Financial Conduct Authority (FCA) is likely to continue to make investigations and enforcement action against individuals, and senior managers in particular, a top priority.
One potential unintended consequence of the SMCR is that it may foster a culture where individuals are reluctant to take personal responsibility for dealing with issues they have identified due to fear of disciplinary action. Equally, SMCR may open the floodgate to a high number of whistleblowing investigations and a general trend towards increased whistleblowing in financial services, along with a growing appetite among employees to litigate against firms.
In addition, a firm’s leadership may prioritise revenue and profit over good conduct, adopting a “wait and see” approach or weighing the cost of operationalising compliance against the cost of non-compliance, such as the cost of regulatory fines and remediating reputational damage. A lack of clear communication with respect to business purpose, strategy, vision and values means that this information can become lost and fail to reach all levels of staff (see box). This could result in inadequate, incomplete or uninformative management information being fed back up to the firm’s leadership.
Other potential issues that could negatively affect a firm in relation to culture and governance include the following:
Recent enforcement cases illustrate the FCA’s continued focus on culture and governance, and the types of issues that it has challenged. For example, on 29 May 2019, the FCA fined R Raphael & Sons plc, an independent bank, a total of £775,100 for breaches of Principle 2 (due skill, care and diligence) and Principle 3 (management and control) of the FCA’s Principles for Businesses (the Principles), and related provisions of chapter 8 of the Senior Management Arrangements, Systems and Controls (SYSC) sourcebook. The breaches related to a technology incident in which customers were unable to use prepaid and charge cards. The FCA found, among other things, that the technology incident had resulted from flaws in the firm’s governance of outsourced services and outsource service providers. The Prudential Regulation Authority also fined Raphael over £1 million in connection with this matter.
The FCA’s 29 October 2018 fine of over £5 million on Liberty Mutual Insurance Europe, an insurance underwriter, concerned similar findings in relation to the firm’s oversight of a third-party service provider which, among other things, dealt with complaints handling for the firm.
On 30 July 2019, the FCA fined Standard Life Assurance Limited over £30 million for breaches of Principle 3 (management and control) and Principle 6 (customers’ interests) in connection with shortcomings in the firm’s sale of annuities to certain non-advised customers. The FCA found, among other things, that Standard Life had failed to put in place adequate systems and controls to mitigate the risk that its financial interests were prioritised above fair customer outcomes and to monitor the quality of calls between its call handlers and non-advised customers. In addition, insufficient management information was produced to enable the firm’s senior management to identify relevant failings.
On 13 May 2019, the Upper Tribunal found that Mr Andrew Tinney, a former Chief Operating Officer of the Wealth and Investment Management (Wealth) division of Barclays Bank plc, had failed to act with integrity in breach of Statement of Principle 1 ([2019] UKUT 0227 (TCC)). Mr Tinney had received a document from an external consultancy firm which contained critical findings about the culture within a US branch of Wealth. The Upper Tribunal concluded that, when drafting a note to be sent to Barclays’ senior management in response to an anonymous email alleging that a “Wealth cultural audit report” had been suppressed, Mr Tinney had been reckless as to whether the note would give the impression that the document did not exist and whether it would provide accurate information about the involvement of the consultancy in the cultural audit. This decision underlines the need for internal transparency, especially with senior management, when dealing with potential issues raised regarding a firm’s culture.
In order to meet their regulatory reporting requirements, firms must have in place a robust reporting infrastructure of policies, processes, systems and controls. Regulators are demanding greater accuracy, alignment and consistency in regulatory filings data. Among other issues, firms may have:
The FCA has emphasised the importance of effective systems and controls, and has shown that it will take action for failings even if no misconduct or detriment has occurred. This clearly demonstrates the need for firms to get their regulatory reporting right first time, and the potential consequences if they do not.
On 28 March 2019, the FCA fined Goldman Sachs International (Goldman) over £34 million in connection with breaches of relevant provisions of Supervision Manual (SUP) 15 and 17, and Principle 3 (management and control). During a ten-year period, Goldman had failed to report accurately over 204 million transactions in accordance with SUP 17.4.1 EU and an estimated 9.5 million transactions in accordance with SUP 17.1.4R. The FCA found that the firm had failed to organise and control its affairs responsibly with adequate risk management systems in relation to its compliance with the FCA’s transaction reporting requirements implemented in accordance with the Markets in Financial Instruments Directive (2004/39/EC) (MiFID). Among other things, Goldman had failed to take reasonable care to ensure that it had sufficiently comprehensive controls and processes to detect or prevent transaction reporting errors on a timely basis, and to maintain the accuracy and completeness of relevant counterparty reference data.
A fine of over £27 million that the FCA imposed on UBS AG on 19 March 2019 concerned similar issues. The FCA found that UBS had breached various provisions of SUP 15 and 17, and Principle 3 (management and control) in connection with its failure to, among other things, have in place adequate systems and controls to manage changes affecting transaction reporting processes, and to undertake adequate testing to ensure the completeness and accuracy of transaction reports.
On 29 April 2019, the FCA fined Linear Investments Limited (Linear), a firm offering brokerage services, £409,300 for breaches of Principle 3 (management and control). The FCA found that Linear had failed to maintain an appropriate control environment to detect and report potential instances of market abuse. Among other things, Linear had only a limited manual oversight process in place internally and had relied on post-trade surveillance undertaken by brokers. When Linear’s business model changed and the volume of trading processed by the firm increased significantly, it had failed to adapt its systems and controls sufficiently quickly and effectively to ensure that it had adequate arrangements in place to identify potential market abuse.
The FCA has consistently stressed that firms must take reasonable steps to ensure that they have systems and controls in place that are tailored to their activities and designed to ensure accurate and complete data reporting. For example, Market Watch 59, published in April 2019, focuses almost entirely on recurring reporting errors under the Markets in Financial Instruments Regulation (600/2014/EU) and the importance of complete and accurate transaction reports. The FCA also highlights the fact that it has publicised enforcement actions taken by it in relation to other firms’ governance and reporting failings, which firms should use as learning points. Firms are expected to take the opportunity to ensure that they can fully detail their activities and are regularly checking their systems and controls so that any problems are detected and remedied promptly.
n practice, a strong focus on governance, regulatory reporting and individual accountability, together with increasing financial penalties, means that the onus will largely be on the board and senior managers of a firm to drive better behaviour and conduct throughout the organisation.
With the increasing complexity of regulatory reporting, firms should place great importance on developing and maintaining effective employee training and competence arrangements. There is likely to be an increased demand for more specialised skill sets to provide specific analysis, end-to-end implementation and test cycles. Firms should guard against:
On 13 March 2019, the Financial Conduct Authority (FCA) took into account inadequate training of staff in its decision to fine The Carphone Warehouse Limited over £29 million for, among other things, breaching Principle 3 (management and control) and Principle 9 (customers: relationships of trust) of the FCA’s Principles for Business. The FCA found that the firm’s training of sales consultants was inadequate to equip them properly to give suitable advice to customers.
This article first appeared in the November 2019 issue of PLC Magazine.
Publication
On May 19, 2025, the Regulator launched a new support service which it says will “unlock” pensions industry innovation with the aim of boosting saver outcomes.
Subscribe and stay up to date with the latest legal news, information and events . . .
© Norton Rose Fulbright LLP 2025