Post a comment
Print articleEnforcement actions against compliance teams
October, 2023 - Shoosmiths LLP
In this piece, we delve into the key points made during his speech and explore their implications for financial institutions, particularly in comparison to the regulatory landscape in the United Kingdom.
Employment Terms and Regulatory Scrutiny
One of the critical areas Grewal addressed was the issue of employment terms in the financial industry. The SEC has taken action against firms for including certain provisions in their employment agreements that are against the SEC's principles. These provisions include requiring:
- employees to attest that they have not filed a complaint against the company with any federal agency;
- employees to waive their rights to financial whistleblower awards; and
- departing former employees to provide notice to the company if they received a request for information from SEC staff.
In the United States, such provisions have resulted in significant fines against firms, with the largest penalty reaching $10 million.
The law in the UK has jurisprudence and rules already in relation to these issues.
Whistleblowing in the UK differs from the US, not least as there are no bounties offered to whistleblowers. However, the law protects whistleblowers, prohibiting employers from taking action against individuals who report specific concerns (for example, breach of a legal obligation), and any provision in a UK employment agreement – or indeed any other agreement – which seeks to prevent an employee from making a protected disclosure is void.
The Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) go even further. The FCA Handbook states, in what has been described as thinly-veiled threat, that any evidence that any regulated firm had acted to the detriment of a whistleblower could call into question the fitness and propriety of the firm or relevant members of its staff. Relevant firms must also establish, implement and maintain appropriate and effective arrangements for the disclosure of reportable concerns, including breach of the firm’s policies and procedures and anything likely to harm the firm’s reputation, and cannot ask staff to warrant that they have not made a protected disclosure, or that they are not aware of anything that could form the basis of one.
The Solicitors Regulation Authority (SRA) has also issued a warning notice, warning law firms against “improper use” of NDAs, and setting out its “expectation” that NDAs clearly set what disclosures can and cannot be made and to whom. In other words, external and internal legal counsel would likely be in breach of their own regulator’s rules in advising clients that provisions of the type described by Grewal were acceptable in firm agreements.
Taken together, this results (by-and-large) in a self-policing employment market. Firms are increasingly keen to encourage a “speak up” culture, not least so they can address any concerns at an early stage – no one, let alone the compliance team, wants to be the last to know.
Compliance Officers' Role
Grewal emphasised that actions by the SEC against individuals in compliance roles are relatively rare. The SEC avoids second-guessing the good faith judgments of compliance personnel, made after reasonable inquiry and analysis. However, there are exceptions, such as when compliance personnel affirmatively participate in misconduct unrelated to their compliance function, mislead regulators, or where there is a wholesale failure in carrying out their responsibilities.
In the UK, the compliance oversight role is formally recognised as a Senior Manager Function (SMF), and the FCA's Senior Manager & Certification Regime (SMCR) holds SMFs personally accountable for their actions. While fines and penalties are more commonly imposed on firms, SMFs can be fined personally and may be restricted from future roles in the industry. This differs from the role of a general counsel, which is not a SMF. Enforcement action against general counsels is rare in the UK, but in the US, a "Chief Legal Officer" can face direct enforcement by the SEC for placing commercial imperatives above professional duties, as well as action by the general counsel’s own bar/regulator.
Engagement with Front Line
Grewal touched briefly on compliance’s interaction with the front office. He mentioned the importance of not “second-guessing” businesses on decisions reasonably made. In the UK, discussions around the “three lines of defence” and structuring compliance’s interaction with the front office have been going on for years. However, the FCA’s stance on these issues is considered by many to be confusing, as the FCA takes the approach that a compliance team which is embedded in the front-office can “go native”, while a compliance team which is too remote from the front-office may not understand how the business operates, evidence of an effective compliance team is a number of filed suspicious transaction and order reports which is in the “Goldilocks Zone” (neither too many nor too few) according the FCA’s own expectations. The “three lines of defence” is the accepted monitoring structure paradigm, although with uncertainty about separation between the first two lines of defence, there is scope for undermining the role of compliance.
Conclusion
Gurbir Grewal's speech highlights the intricate differences between US and UK regulators' agendas and requirements. These variations are of significant interest to international organisations dealing with multiple regulators. Trust in financial institutions and the delicate balance between regulatory enforcement and compliance remain key considerations for firms operating in the financial sector on both sides of the Atlantic. Understanding these nuances is crucial to navigate the complex world of financial regulation effectively.
Link to article
