In an attempt to improve conduct, global financial regulators have switched their focus from imposing large fines against firms, to making individuals more accountable and improving their ability to detect misconduct earlier through data and technology.
That’s according to the annual Global Enforcement Review, now in its fifth year, published by the Compliance and Regulatory Consulting Practice of Duff & Phelps.
Duff & Phelps’ analysis of large enforcement cases collated by Corlytics, a world leader in calculating and analysing regulation as a risk, shows that total penalty amounts globally climbed by 30 per cent between 2015 and 2017 to USD26.5 billion. However, total penalty amounts globally are forecast to be lower this year, reaching just USD8.1 billion in the first six months of 2018 compared to USD18.35b over the same period in 2017. This decline is particularly evident in the US, UK and Europe.
Of the total global penalties in 2017, the US remains the dominant force, levying penalties accounting for 94 per cent (USD24.4 billion) of the global total against firms and 99 per cent (USD621.3 million) against individuals. In the US, total penalty amounts against firms and individuals rose by 2 per cent and 23 per cent respectively from 2016 to 2017.
In the UK, total penalty figures rose markedly to GBP866 million in 2017 from GBP71 million in 2016, though this can be explained in part by two large penalties issued separately by the Serious Fraud Office and Financial Conduct Authority totalling GBP673.3 million. However, penalties against individuals dropped significantly from GBP18.8m to GBP970,000 over the same period, the lowest amount on record since the financial crisis in 2008.
In line with the global picture, total penalty amounts in the UK are forecast to be lower this year, having reached just GBP175 million in the first six months of 2018. With the introduction of the Senior Managers and Certification Regime (SMCR) for banks in 2016, which is being rolled out to all firms by December 2019, enforcement cases and penalties against individuals can reasonably be expected to rise in the UK over the next few years.
In Europe (excluding the UK), total penalty amounts from enforcement action against firms decreased significantly from EUR527.5 million in 2016 to EUR109 million in 2017, although the 2016 total is skewed by three large benchmark cases totalling EUR485 million. Activity in Europe was bolstered by more active enforcement by regulators such as the European Commission, Central Bank of Ireland and France’s Autorité des Marchés Financiers. Penalty amounts against individuals in Europe, whilst still modest, grew from EUR1.6 million in 2016 to EUR2.9 million in 2017.
Globally, the trend from 2013 to 2017 shows on average a notably larger proportion of total penalty amounts being levied against individuals in southern hemispheres compared to northern hemisphere jurisdictions: Hong Kong (34 per cent), Singapore (62 per cent) and Australia (32 per cent) all recorded higher proportions than the United States (2 per cent), UK (7 per cent) and Europe (1 per cent).
Nick Bayley, Managing Director of Regulatory and Compliance Consulting at Duff & Phelps, says: “Massive fines on firms have lost their power to shock, not just in the industry but also among the public. The declining penalty amounts from previous years in the UK point to the end of the big benchmark manipulation cases, and also potentially suggest a change in regulators’ enforcement approach and their faith in the ability of big fines alone to change culture. Regulators globally are also using a wider range of enforcement tools in an attempt to improve conduct.”
“The UK regulators have led the way in promoting the importance of individual accountability through the SMCR, something which has been subsequently mirrored in Australia (‘BEAR’), Hong Kong (‘MIC’) and Singapore (‘Individual Accountability and Conduct’). As a result, we can expect the FCA to increasingly focus on enforcement action against individuals as it seeks to make the new regime bare its teeth. However, as the majority of UK financial services firms will not be in scope of the SMCR until 2019, combined with the time for regulators to investigate and conclude cases, we expect it could be up to three years before a significant increase in penalties against individuals start to come through.”
“While regulators are revising and updating their priorities, we saw the potential for unforeseen issues such as the LIBOR and FX cases to arise or new market developments and risks emerge, which inevitably will shift regulators’ attention and their resources. Regulators globally are investing in their technology capabilities, which in conjunction with more granular regulatory reporting, should enable them to detect misconduct more quickly and greater use of early intervention and disruption techniques.”
John Byrne, CEO at Corlytics, says: “Conduct of business concerns and specifically the costs of persistent misconduct remain key regulatory priorities. Regulators are tackling the issues arising through a variety of means including policy changes to enhance the potential for personal liability when a breach occurs.
“Individual accountability regimes are being rolled out around the world. In order to address persistent misconduct by financial services firms, regulators are looking to increase senior manager accountability and liability to drive better risk-aware behaviours. Even though it is its relative infancy, the UK regime has been deemed a success and is being used as a model for similar regimes in other jurisdictions. “
“Firms need to stay ahead of the regulatory curve by using high quality relevant data to not only analyse the key regulatory risks, lessons and priorities from past enforcement actions and key regulatory publications but to also act as a guide to where to prioritise resources and focus for future risk management. In an increasingly data driven and technologically enabled world senior managers that do not make use of relevant data and analytics will not only find conduct of business issues increasingly challenging but may well be asked by their regulators why they have not deployed appropriate solutions to aid both compliance and evidence of compliant activities.”
