UK Regulatory Regime

The UK is the world’s preeminent financial services centre. Unsurprising given the sophistication of its financial services, its regulatory regime is complex and the sources of regulation are diverse.

Set out below is a summary of some key features of the UK regulatory regime focusing on:

  • who are the key regulators;
  • what and how do they regulate; and
  • what are their powers.
fca entrance

Overview of the UK regulatory framework

The Financial Services and Markets Act 2000 (“FSMA“) with its secondary legislation (as amended) is the principal source of law concerning financial services regulation in the UK.

Until the UK left the European Union (“EU“) on 31 January 2020, EU law determined most of the regulation to which firms were actually subject either through directly applicable regulation or via UK law implementing EU Directives. Where this regulation has not already been implemented into UK law, the European Union (Withdrawal) Act 2018 (“EUWA“) provides that it will be “onshored”, that is replicated in UK law and amended so that it is legally effective after the end of the Brexit implementation period on 31 December 2020.

In addition to FSMA, certain other UK legislation is relevant to the UK regulatory regime, including inter alia:

  • The Banking Act 2009 which most notably established a special resolution regime for UK banks and building societies in financial distress.
  • The Financial Services Act 2012 whose main effect was to amend FSMA so as to replace the Financial Services Authority (“FSA“) with two new regulators: the Prudential Regulation Authority (“PRA“) and the Financial Conduct Authority (“FCA“). It also contains criminal offences for misleading statements / impressions.
  • The Financial Services (Banking Reform) Act 2013 required larger banks to “ring-fence” core banking activities to consumers from other commercial activities; established a new Payment Systems Regulator (which regulates VISA, MasterCard, and Bacs etc); and implemented the Senior Managers and Certification Regime (“SMCR“) intended to increase individual accountability in deposit–takers (e.g. banks and building societies) and larger investment firms.
  • The Bank of England and Financial Services Act 2016 which, among other things, extended the Senior Managers and Certification Regime from deposit–takers and larger investment firms to insurers from December 2018 and all other financial services firms from December 2019.
  • Other key legislation which directly impacts the financial services sector include: the Consumer Credit Act 1974; the Building Societies Act 1986; the Criminal Justice Act 1993 (re. insider dealing); the Enterprise Act 2002 (re. competition legislation); the Proceeds of Crime Act 2002 (re. money laundering offences); the Electronic Money Regulations 2011, the Payment Services Regulations 2017 and Financial Services and Markets Act 2000 (Benchmarks) Regulations 2018.
Overview of the UK regulatory framework

The Financial Services and Markets Act 2000 (“FSMA“) with its secondary legislation (as amended) is the principal source of law concerning financial services regulation in the UK. 

Until the UK left the European Union (“EU“) on 31 January 2020, EU law determined most of the regulation to which firms were actually subject either through directly applicable regulation or via UK law implementing EU Directives. Where this regulation has not already been implemented into UK law, the European Union (Withdrawal) Act 2018 (“EUWA“) provides that it will be “onshored”, that is replicated in UK law and amended so that it is legally effective after the end of the Brexit implementation period on 31 December 2020.

In addition to FSMA, certain other UK legislation is relevant to the UK regulatory regime, including inter alia:

  • The Banking Act 2009 which most notably established a special resolution regime for UK banks and building societies in financial distress.
  • The Financial Services Act 2012 whose main effect was to amend FSMA so as to replace the Financial Services Authority (“FSA“) with two new regulators: the Prudential Regulation Authority (“PRA“) and the Financial Conduct Authority (“FCA“). It also contains criminal offences for misleading statements / impressions. 
  • The Financial Services (Banking Reform) Act 2013 required larger banks to “ring-fence” core banking activities to consumers from other commercial activities; established a new Payment Systems Regulator (which regulates VISA, MasterCard, and Bacs etc); and implemented the Senior Managers and Certification Regime (“SMCR“) intended to increase individual accountability in deposit–takers (e.g. banks and building societies) and larger investment firms.
  • The Bank of England and Financial Services Act 2016 which, among other things, extended the Senior Managers and Certification Regime from deposit–takers and larger investment firms to insurers from December 2018 and all other financial services firms from December 2019.
  • Other key legislation which directly impacts the financial services sector include: the Consumer Credit Act 1974; the Building Societies Act 1986; the Criminal Justice Act 1993 (re. insider dealing); the Enterprise Act 2002 (re. competition legislation); the Proceeds of Crime Act 2002 (re. money laundering offences); the Electronic Money Regulations 2011, the Payment Services Regulations 2017 and Financial Services and Markets Act 2000 (Benchmarks) Regulations 2018.
UK Regulators

The two key regulators of financial services in the UK are:

  • the Prudential Regulatory Authority (“PRA“), which sits within the Bank of England (“BoE“) and is responsible for the (micro) prudential regulation of banks, building societies, insurers, and certain systemically important investment firms; and
  • the Financial Conduct Authority (“FCA“), responsible for conduct regulation of all firms (including PRA-authorised firms) carrying on regulated activity as set out in the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (as amended) (the “RAO”) and the prudential regulation of non-PRA-authorised firms. 

Regulated activities include, inter alia, deposit-taking, issuing electronic money, dealing in investments, managing investments / funds, arranging transactions in investments (including, in some circumstances, making introductions), operating collective investment schemes, effecting contracts of insurance, insurance mediation, credit broking, entering into a regulated credit agreements, lending secured by a mortgage over UK residential property and other home finance activity. A definitive list of regulated activities, specified investments and relevant exemptions can be found in the RAO.

Other UK regulators and authorities in the financial services sector include:

  • the Payment Systems Regulator (“PSR“), an independent subsidiary of the FCA with its own statutory objectives and board with powers over UK retail payment systems and their direct members. Its remit covers cheque clearing systems (but not cheques), automated payments systems e.g. Bacs, the LINK ATM network, and VISA and MasterCard.
  • the Competition and Markets Authority (“CMA“), (the successor to the Office of Fair Trading) also has a role in bringing distortions in competition to the attention of the FCA (or PRA). The FCA has concurrent competition powers with the CMA (under the Enterprise Act 2002) to enforce the prohibitions on anti-competitive behaviour in the Competition Act 1998 in relation to the provision of financial services.
  • the Financial Ombudsman Scheme (“FOS“), an independent dispute resolution scheme with responsibility for resolving disputes between consumers and financial services firms, as an alternative to the civil courts. The FOS is operationally independent from the FCA and PRA but must maintain a memorandum of understanding with the FCA.
  • the Financial Services Compensation Scheme (“FSCS“), a statutory compensation scheme of last resort established under FSMA for customers of authorised financial institutions. The FSCS can pay compensation to eligible customers if a firm has failed or is otherwise unable to pay claims against it.
  • HM Treasury, to which both the FCA and the PRA report annually, and coordinate in carrying out their functions. As the government department responsible for economic and financial policy, HM Treasury has a significant influence over financial sector law and regulation.
Prudential Regulation Authority

The PRA is responsible for the (micro) prudential regulation (financial health) and supervision of around 1,500 firms falling within the following categories: banks, building societies, credit unions, insurers and certain larger investment firms. The PRA is their main supervisor, although the FCA maintains a role as conduct regulator (concerned with the behaviour of the firms and their staff) so these firms are described as “dual-regulated”.

FSMA sets out a general objective for the PRA of “promoting the safety and soundness of PRA-authorised persons”. To advance this objective, the PRA must seek to:

  • ensure that PRA firms avoid adverse effects on the stability of the UK financial system;
  • minimise adverse effects of failure of a dual-regulated firm on the stability of the UK financial system; and
  • ensure that the business of ring-fenced bodies is carried on in a way that avoids adverse effects on the continuity of provision of core services (i.e. retail deposit taking) in the UK.

As a secondary objective, the PRA must act in a way which facilitates competition.

The PRA has powers to limit systemic damage when a firm is in difficulty, including making rules requiring recovery and resolution plans (‘living wills’); responsibility for putting failing firms into the Special Resolution Regime; and powers to begin insolvency proceedings against an authorised firm.

The BoE and the Financial Policy Committee

The BoE has an overall statutory objective “to protect and enhance the stability of the financial system of the United Kingdom”. The BoE is also the UK resolution authority, playing a key role in the resolution of systemically important firms using the tools made available in the Banking Act 2009; and is responsible for supervising a range of financial market infrastructures including payment systems; settlement systems; and clearing houses (including CCPs).

The Financial Policy Committee (“FPC“), a committee of the BoE, is responsible for taking a macro-prudential view on financial stability and, through the use of various tools, addressing risk arising throughout the financial system.

Financial Conduct Authority

The FCA is the regulator of the remainder of c.56,000 firms not supervised by the PRA as well as being the conduct regulator for PRA-regulated firms. 

The regime set out in FSMA and in the RAO governing “regulated activity” (see ‘UK Regulators‘ above) is not the only basis for the FCA’s regulatory responsibilities:

  • The FCA is also the competent authority for listing (as the UK Listing Authority), which regulates the admission of securities to the UK “Official List” under Part VI of FSMA, which includes the regulation of issuers and shareholders, and making (and monitoring compliance) with the Prospectus Rules (whether a prospectus is required and what it should contain); Disclosure Guidance and Transparency Rules (“DTRs“) (on listed companies’ obligations regarding the management and disclosure of inside information and notification of transactions by persons discharging managerial responsibilities (“PDMRs“)); and the Listing Rules (and the six overarching Listing Principles) setting out requirements for listing; listed companies’ continuing obligations; and the sponsors’ regime. These rules apply to firms whether they are authorised under FSMA to conduct regulated activities or not; and, in fact, the majority of listed companies are not FCA authorised firms.
  • The FCA regulates wholesale market conduct and is responsible for the Market Abuse Regime which applies to behaviour conducted by any person irrespective of whether they are authorised by the FCA.
  • The Money Laundering Regulations 2017 (“MLRs“) specify responsibilities for the FCA which extend beyond those for authorised firms conducting regulated activities.  

The FCA is also responsible for regulating some entities or conduct under standalone legislation outside the FSMA framework altogether. The Payment Services Regulations 2017 and the E-Money Regulations 2011 set out separate regimes for registering or authorising payment service providers and e-money providers respectively, and give the FCA a separate set of responsibilities and powers. 

Further, as of 1 April 2015, the FCA became a competition regulator. The FCA has a specific objective to promote competition in the interests of consumers, and has also been given what are usually referred to as “concurrent competition powers” available to the  Competition and Markets Authority (“CMA“) and other sectoral regulators. Such powers may be exercised in respect of “financial services activity” rather than being tied to the more specific and narrower concept of “regulated activity” from the RAO.

Why and how the FCA regulates

The FCA has a single strategic objective: to ensure that the relevant markets function well. Its operational objectives are:

  • to secure an appropriate degree of protection for consumers (the ‘consumer protection objective‘);
  • to protect and enhance the integrity of the UK financial system (the ‘integrity objective’); and
  • to promote effective competition in the interests of consumers (the ‘competition objective’).

The FCA must also have regard to the importance of minimising the extent to which businesses carrying on regulated activities can be used for a purpose connected with financial crime. This includes a duty under FSMA to cooperate and share information with UK and international authorities in the prevention and detection of financial crime.

Many of the FCA’s core powers, especially the rule-making power, require that action by the FCA should be to advance one of its three operational objectives. A key concept is the meaning of “consumer” for these purposes. The definition in FSMA is broad, but it does not extend to all consumers of all products. Rather, the emphasis is upon persons who use, may use, or have used, regulated financial services or have invested, or may invest, in relation to financial investments. 

The FCA’s powers are extensive, but the availability of the powers, and how it uses them, depends on who and what it is dealing with. In particular, it will depend upon whether the person in question is an authorised firm (with permission to carry on regulated activity), an individual at such a firm, or a person subject to its criminal prosecution powers (e.g. market abuse or money laundering) or its competition law jurisdiction. 

Once a firm is authorised, the FCA can:

  • write rules governing their conduct;
  • impose requirements on individual firms that they do or do not do specific things;
  • investigate them if circumstances suggest that that they have broken its rules, and impose financial or other penalties if it concludes that they have done so; and
  • require that “skilled persons” report on aspects of the firm’s business.

The FCA has other regulatory powers set out in FSMA, inter alia, in relation to:

  • Product intervention (s.137D FSMA);
  • Misleading financial promotions (s.137S FSMA);
  • Unregulated holding companies (Part 12A FSMA);
  • Super-complaints and mass detriment references (Part 16A FSMA) – HM Treasury designated consumer bodies can alert the FCA to cases of widespread risk harmful to consumers. The FOS (and individual firms in respect of their own failings) may also alert the FCA to regular failings by specific firms harming consumers, where a remedy would be available if the consumer were to take legal action.

The FCA can also carry out market studies and make market investigation references to the CMA in relation to the provision of financial services.

The FCA outlines its strategic decision making framework and how it advances its objectives in its publication “Our Mission 2017”, which is supplemented by approach documents on the FCA’s approach to authorisation, supervision, enforcement, competition and consumers.

Co-ordination between the UK regulators

FSMA imposes a statutory duty on the PRA and the FCA to ensure the coordinated exercise of their functions. The PRA and the FCA publish and review annually a memorandum of understanding covering their cooperation on regulatory processes such as: domestic “supervisory colleges” for dual-regulated firms; applications for Part 4A FSMA permission; variations of permission; the imposition of requirements; approved persons; passporting; modifications and waivers of rules; change of control applications; and the obtaining and disclosure of information. The CEO of each regulator is also appointed to the board of the other in order to support the statutory duty of the regulators to cooperate.

Both the FCA and the PRA must also take appropriate steps to co-operate with the BoE in connection with, among other things, the BoE’s pursuit of its financial stability objective, and must both provide relevant information to the FPC on systemic risk and comply with its directions in connection to the use of macro-prudential tools. A further MoU sets out how HM Treasury, BoE, PRA and FCA co-ordinate their relationship with international bodies.

FCA and PRA rules and guidance

The PRA’s and FCA’s rules are found in the PRA Rulebook and FCA Handbook respectively. FCA-only regulated firms must comply with the provisions of the FCA Handbook, whereas dual regulated firms must comply with the provisions of both rulebooks. 

Payment Institutions and E-money Institutions also need to comply with regulations in dedicated statutory instruments; certain FCA Handbook rules; and guidance found in FCA Approach Documents (see below).

The regulators’ rulebooks contain rules and related guidance (the PRA’s guidance sits outside the Rulebook in Supervisory Statements) which have application depending on the type of firm and the activity it is carrying on. These cover matters such as regulatory capital; systems and controls; conduct of business rules; and rules as to how firms will be supervised.  

Overarching the rules and guidance are the high level eleven FCA Principles for Businesses and the eight PRA Fundamental Rules – they include requirements that firms must conduct their business with integrity, exercise reasonable skill and care, treat their customers fairly, and observe proper standards of market conduct. With three exceptions (Principles 3, 4 & 11), the FCA Principles are directed at firms’ conduct in respect of regulated activity. The FCA often invokes the Principles in enforcement action without recourse to a specific rule breach. 

Payment services regime

The FCA is the responsible regulator for the regime governing provision of payment services. Broadly, payment services involve the facilitation of, or intermediation in, a cash transaction by a “payment services provider” (“PSP“). The first Payment Services Directive (“PSD“) introduced a harmonised and liberalised EU framework for payment services. The PSD was repealed and replaced with effect from January 13, 2018 by the second Payment Services Directive (“PSD2“), which was implemented in the UK by the Payment Services Regulations 2017 (“PSRs”). The PSRs set out harmonised conduct of business rules which outline the rights and obligations of PSPs (or “Payment Institutions”) and their customers.

Credit institutions (banks and building societies) authorised under FSMA and e-money issuers authorised under the Electronic Money Regulations 2011 (“EMRs“) do not need to obtain additional authorisation under the PSRs to undertake payment services but are bound by the same rules as PSPs. At least until 31 December 2020, Payment Institutions may passport their services throughout the EEA.

As well as the PSRs, Payment Institutions must comply with certain rules in the FCA Handbook and the relevant provisions of the FCA’s approach document: “Payment Services and Electronic Money – Our Approach“. An important feature of the regulation of Payment Institutions (and E-money Institutions) is the requirement to ensure appropriate organisational arrangements are in place to protect safeguarded funds – generally with third party banks.

PSD2 recast and widened the scope of the PSD, to include payment initiation services and account information services. PSD2 also reduced the breadth of some exemptions (e.g. limited network / commercial agent), and introduced provisions enhancing consumer protection and payment security requirements.

The FCA supervises and monitors compliance with the PSRs and EMRs through a combination of:

  • periodic reporting;

  • event driven notifications;

  • complaints and other intelligence;

  • targeted information gathering and investigations using our statutory powers;

  • reporting from auditors; and

  • thematic reviews.

Smaller payment institutions operating domestically below a specific threshold do not need to seek full authorisation, and can instead seek registration as a small payment institution (“SPI“) under the PSRs. SPIs cannot passport their services.

E-money regime

The FCA is the responsible regulator for the regime governing electronic money (“e-money“) issuance. The second E-money Directive (2009/110/EC) (“EMD“) was implemented in the UK through the Electronic Money Regulations 2011 (SI 2011/99) (“EMRs“). As well as the EMRs, E-money Institutions must comply with certain rules in the FCA Handbook and the relevant provisions of the FCA’s approach document: “Payment Services and Electronic Money – Our Approach“. An important feature of the regulation of E-money Institutions (and Payment Institutions) is the requirement to ensure appropriate organisational arrangements are in place to protect safeguarded funds – generally with third party banks .

Credit institutions authorised under FSMA to carry on the regulated activity of issuing e-money do not need to obtain any additional authorisation under the EMRs to issue e-money. Other entities wishing to issue e-money must seek authorisation or (for smaller institutions) registration under the EMRs. All entities, including banks and building societies that issue e-money, must comply with the EMR requirements.

Guidance on the regulatory perimeter of the EMRs is set out in the FCA Handbook. At least until 31 December 2020, E-money Institutions may passport their services throughout the EEA.

Regulatory perimeter / Authorisation

Section 19 FSMA sets out the “General Prohibition”: prohibiting any person from carrying on a regulated activity in the UK by way of business, or purporting to do so, unless authorised or exempt. Contravention of the General Prohibition is a criminal offence and resulting agreements may be unenforceable.

A firm must obtain PRA or FCA permission, as appropriate, for each regulated activity, as set out in the RAO, it intends to carry on. The definition of these activities, and the “specified investments” to which the activity relates, is at the heart of FCA regulation. As stated above, much of the regulatory framework set out in FSMA, and most of the FCA’s powers, are targeted at regulating the conduct of such regulated activity. Persons licensed to perform such activities are “authorised persons”. It is possible to avoid the need for FCA authorisation by being an “exempt person”, such as an Appointed Representative as described in SUP 12 of the FCA Handbook.

Broadly, the authorisation process comprises the completion of a suite of application forms with information on the business, and its controllers and senior managers, appending supporting documentation, in particular, a regulatory business plan containing financial projections. FSMA and the PRA/FCA rules establish the criteria for granting permissions to carry on regulated activity. Fundamentally, a person must satisfy the FCA that they meet the “threshold conditions” set out in FSMA. These threshold conditions also apply on a continuing basis to authorised firms, and therefore are the minimum standards a firm is required to satisfy. Among other things, it looks at whether a firm’s business model is viable and the firm is suitable to carry on regulated activity. The FCA can impose requirements or restrictions on how firms carry on the relevant activity. 

The authorisation regime primarily applies to activities carried on in and from the UK, and it is not usually necessary to be authorised and to comply with the FCA rules merely because the business has customers in the UK not least because of the operation of the RAO’s Overseas Persons exclusion (although the financial promotions regime applies more widely to relevant marketing capable of having an effect in the UK if directed at persons based in the UK). Under FSMA, certain regulated activities may be deemed to be carried on in the UK where the activity in question is managed or carried on from an office in the UK (s.418, FSMA). 

An EEA firm may exercise the right to operate in any other EEA state on the basis of its home authorisation (using “passporting” rights) under a relevant EU directive (or where relying on EU treaty rights) for certain types of banking and investment business. At the time of writing, it remains unclear how passporting will apply to the UK after the Brexit implementation period which is due to last until 31 December 2020.

Change in control of PRA / FCA firms

FSMA and the PRA / FCA rules are concerned to ensure the ongoing suitability of controllers of authorised firms so it follows that they should include provisions relating to changes in the control of authorised firms. 

In summary, a person (including those acting in concert) who wishes to acquire “control” –  a 10% share or voting interest (or 20% subject to the type of firm) – or increase “control” over an authorised firm (beyond 10%, 20%, 30% and 50% thresholds — higher thresholds apply to some types over the managemenf firm) must seek approval in advance from the PRA or FCA (as appropriate). Approval must also be sought if a person will have “significant influence” ot of the authorised firm. There is also a requirement on the authorised firm to make a notification themselves – which will often be made jointly with the proposed controller. 

Further, both the firm and a controller must make a notification (but don’t have to wait for any approval) to the regulator of a reduction in control (beyond certain thresholds) or a cessation of control over an authorised firm.

The relevant regulator assesses an application for approval for a change in control with reference to the suitability of the proposed controller. Contravention of any of these requirements is a criminal offence. 

Financial promotion / marketing

The financial promotions regime regulates and restricts the marketing of financial services and products. The regime may apply even if no regulated activity is being carried on by the person communicating the promotion – so that they fall outside the regulatory perimeter. FSMA prohibits any person from communicating an invitation or inducement to engage in an investment activity (a “financial promotion”) unless:

  • they are an authorised person;
  • the content of the communication is approved by an authorised person; or
  • the communication is exempt (s.21, FSMA).

Contravention of the financial promotion restriction in s.21 FSMA constitutes a criminal offence and may affect the enforceability of ensuing contracts.

The Financial Services and Markets Act 2000 (Financial Promotion) Order 2005 (as amended) (“FPO“) contains a number of exemptions from the financial promotions restriction which, broadly, allow, inter alia, for certain promotions to high net worth / sophisticated individuals / investment professionals; those not directed at the UK; promotions by journalists; one-off promotions; and promotions in connection with the sale of a body corporate. Further guidance on the financial promotion restriction and the main exemptions from the regime are set out in PERG 8 of the FCA Handbook. 

Non-exempt “approved” financial promotions and all client communications must meet relevant FCA conduct of business rules (“COBS“), in particular the requirement that they be “fair, clear and not misleading”. The marketing of units in Collective Investment Schemes and Alternative Investment Funds is subject to more complex regulation.

COBS 4 of the FCA Handbook contains requirements applying to different types of financial promotion. In particular, a financial promotion that is likely to be received by a retail client must give a fair and prominent indication of relevant risks and the FCA has issued separate guidance on this: Financial promotions – guidance Prominence. The FCA has also issued particular guidance on financial promotions communicated by digital means: FG15/4: Social media and customer communications: The FCA’s supervisory approach to financial promotions in social media.

Senior Managers and Certification Regime ("SMCR") / Corporate governance / Remuneration

Senior Managers and Certification Regime

The effectiveness of the Approved Persons Regime (“APR“) was discredited in the wake of the financial crisis of 2008/9 and was replaced by a Senior Managers and Certification Regime (“SMCR”). The changes were phased in starting from March 2016 for PRA-authorised firms (deposit-takers (banks and building societies), large investment firms and large insurers) and were extended to all authorised firms from December 2019. The SMCR applies in a manner proportional to a firm’s size, risks, impact and complexity. In order to reflect these differences, solo-regulated firms are classified as either Limited Scope, Core or Enhanced Firms.

Under SMCR, only directors and senior managers (including AML and compliance oversight) require approval from the FCA / PRA (as appropriate) whilst those carrying on other functions, which would have required regulatory approval under the APR, are now covered by the Certification Regime (see below) and have to be determined by their firms to be “fit and proper” to carry on their Certification Functions on an ongoing basis (certified at least annually). The “fit and proper” test focuses on the individual’s honesty, integrity and reputation; competence and capability; and financial soundness. 

Senior managers

Individuals carrying on senior management functions (“SMFs“) seek approval directly from the FCA / PRA. With their application, the firm submits Statements of Responsibility setting out the Prescribed Responsibilities / areas of business it is intended that the person will be responsible for managing. Some firms must also have a comprehensive, up-to-date Management Responsibilities Map that describes its management and governance arrangements, indicating, for instance, the Prescribed Responsibilities allocated to those carrying on a SMF; and develop handover procedures to ensure that new senior managers have all necessary information from their predecessor in the role.

Non-executive directors (except those holding the Chair function) do not need approval but remain subject to the Conduct Rules, fit and proper requirements and regulatory reference rules. Criminal records checks are also mandatory for candidates for SMFs and all non-executive directorThe Government initially proposed a controversial “presumption of responsibility” on senior managers for regulatory failure by their firm which was replaced with a statutory Duty of Responsibility to take such steps as a person could reasonably be expected to take to avoid a contravention (by the firm) occurring or continuing. This means that if a firm breaches a regulatory requirement, the senior manager responsible for that area could be held accountable if it can be proven that they didn’t take reasonable steps to prevent or stop the breach.

Certification Regime

The Certification Regime applies to staff who perform a function which either regulator believes could pose “significant harm” to the firm or any of its customers. This group includes material risk takers (subject to one of the Remuneration Codes); certain prescribed functions (e.g. significant management, CASS oversight, proprietary trading and algorithmic trading functions); those in a client dealing function (expanded from the old CF30 role); other customer-facing roles subject to a qualification requirement; and anyone who supervises a certified person who is not a SMF. 

As mentioned, these individuals will not be subject to regulatory pre-approval by regulators, rather, firms themselves must, at least annually, implement an internal certification process to determine that they remain fit and proper for their roles.

There is a separate training and competence regime which requires firms to engage people with the skills, knowledge and expertise necessary for the discharge of the responsibilities allocated to them.

Code of Conduct

The SMCR Code of Conduct (“COCON“) comprises nine rules. Five of the individual conduct rules apply to all employees – “conduct rules staff” (other than prescribed ancillary staff such as secretaries, IT support, catering and security staff etc). The other four conduct rules apply to senior managers. 

The focus of COCON is on integrity; skill, care and diligence; observing standards of market conduct; and cooperating with regulators. The senior manager conduct rules additionally require senior managers to:

  • take reasonable steps to ensure that the business for which they are responsible is controlled effectively;
  • take reasonable steps to ensure that the business for which they are responsible complies with the relevant regulatory requirements;
  • ensure that any delegation of responsibilities is to an appropriate person and that the discharge of the delegated responsibility is properly overseen; and
  • disclose appropriately any information of which the FCA / PRA  would reasonably expect notice.

The application of the conduct rules is not limited to “accountable functions”, as was the case for Approved Persons, but applies to conduct in the performance of functions relating to the carrying on of regulated and unregulated financial services – including any related ancillary activities (carried on in connection with regulated activity).

Training must be provided on the Conduct Rules. Disciplinary action for a Conduct Rule breach must be notified to the FCA within 7 days for approved senior managers and annually for other individuals.

Corporate governance

A key measure of good governance – overall responsibility for the operations of a firm – will be compliance with the SMCR and, in particular,  evidencing such compliance e.g. by up-to-date Statements of Responsibility (and Management Responsibility Maps if relevant); documented delegations; management information; and minuted meetings.

General governance requirements are otherwise principally set out in the FCA’s Senior Management Arrangements, Systems and Controls (“SYSC“) sourcebook and the PRA’s General Organisational Requirements. Other areas where regulation informs governance is in matters such as remuneration; product governance; assessment of conduct risk; and the increasing regulatory focus on culture. 

Good governance will also be reflected in board composition, terms of reference, and board committees etc. Listed financial institutions must comply or explain non-compliance with the UK Corporate Governance Code (the “Code“), and directors of institutions incorporated as a company must act subject to duties codified in the Companies Act 2006. The Code was last updated in July 2018.

Remuneration

The FCA Handbook and PRA Rulebook set out six Remuneration Codes for regulated firms relating to the governance of salary, benefits and bonus awards for staff. The FCA Handbook also includes the MiFID remuneration incentives code which applies to individuals who may impact investment or ancillary services.

MiFID II governance requirements were supplemented by more detailed requirements in CRDIV and CRR, following FSB reviews of remuneration policies and risk-taking. The PRA, FCA, EBA and FSB publish additional relevant interpretative and guidance materials.

The Remuneration Codes apply to material risk takers, also known as Code staff, and Senior Managers under the SMCR. There are de minimis concessions with a €500,000 p.a. threshold per individual. The UK regulators currently apply some proportionality-based exemptions at firm level. The Remuneration Codes apply internationally across group entities, including to non-EEA groups with UK subsidiaries or branches – except where a UK branch is subject to equivalent Member State rules.

Capital requirements

Introduction

All PRA-authorised firms are subject to PRA Fundamental Rule 4, which requires a firm to maintain adequate financial resources. Principle 4 of the FCA’s Principles for Businesses imposes the same requirement on FCA-regulated firms. 

Regulatory capital is primarily designed to create a more resilient financial system. Different types of authorised firm are subject to varying regulatory capital regulation. The capital adequacy requirement is the amount of capital an institution is required to hold compared to its assets, to cover / absorb unexpected losses. The more capital a firm has, the more losses it can suffer before it defaults and becomes insolvent. 

For banks, regulatory capital is not simply determined by deducting liabilities from assets – it is more conservative than accounting capital and must at all times be freely available to absorb losses. Assets that may not have a stable value under stressed market conditions (such as goodwill) are deducted, and only gains that have been realised are recognised. 

UK authorised banks, building societies and investment firms must meet requirements on a solo and consolidated group level under PRA and FCA rules derived from the EU Capital Requirements Regulation (EU) No. 575/2013 (“CRR“) and the Capital Requirements Directive (2013/36/EU) (“CRDIV“). CRDIV and CRR lay down the capital and liquidity requirements based on the Basel III framework agreed by the Basel Committee for Banking Supervision (“BCBS“) which has the task of developing international minimum standards on bank capital adequacy. CRDIV and CRR went beyond Basel III in some areas including corporate governance and remuneration regulation.

Regulatory capital

CRDIV allows only two categories of financial resources to be used to meet regulatory capital requirements.

  • Tier 1 (Common Equity Tier 1 (“CET1”) and Additional Tier 1).
  • Tier 2 (in broad terms, this category comprises hybrid capital and subordinated debt).

Detailed provisions apply on the eligibility of instruments for CET1 (highest quality capital), Additional Tier 1 and Tier 2, and on the proportions of assets that can be held within Tiers 1 and 2. Legal advice is sometimes required as to the eligibility of instruments to constitute regulatory capital.

Tier 1 constitutes “going concern” capital which allows an institution to continue its activities and helps to prevent insolvency, while Tier 2 represents “gone concern” capital helps ensure that depositors and senior creditors can be repaid if the institution fails.

Calculating capital requirements

Banks can follow one of two approaches to calculating capital requirements in the non-trading book:

  • the Standardised Approach, which confers a pre-determined risk weighting on assets falling into a range of classes. The risk weight is set according to the type of asset and the reference is made to the credit rating of the borrower as supplied by a Credit Rating Agency (an “External Credit Assessment Institution”, or ECAI); or
  • more sophisticated institutions can, subject to obtaining regulatory approval, use the Internal Ratings Based (“IRB“) approach, which allows an institution to use its own internal models.

Regulatory capital must be held in respect of both the non-trading book (the “banking book”, containing exposures generally subject to credit risk capital requirements), and the trading book (containing exposures generally subject to market risk capital requirements).

For trading book exposures, a number of rules apply in relation to the range of risk factors that can impact the price of an asset, including market risk, interest rate risk, equity risk, commodities risk, currency risk, risks associated with derivative exposures and risks associated with collective investment schemes. As with the treatment of credit risk, institutions can use one of several calculation approaches, including using internal models, for calculating the capital charge for trading book exposures.

In order to calculate the capital an institution needs to hold, CRR defines how to weigh an institution’s assets according to their risk. Safe assets (e.g. cash) are disregarded; other assets (e.g. loans to other institutions) are considered more risky and get a higher weight. The more risky assets an institution holds, the more capital it has to hold. In addition to risk weighing on balance sheet assets, institutions must have capital also against risks related to off balance sheet exposures such as loan- and credit card commitments. These are also risk weighed.

Under the existing framework, banks and investment firms need to have a total amount of capital equal to at least 8% of risk weighted assets – CET1 must be at least 4.5%.

Adequacy of capital, additional capital requirements and buffers

Banks must assess the adequacy of their capital and their associated systems and controls using the Internal Capital Adequacy Assessment Process (“ICAAP“), including conducting stress tests and scenario analysis. The PRA will review banks’ ICAAP assessments through the Supervisory Review and Evaluation Process (“SREP“). The PRA has discretion to impose additional (“Pillar 2“) capital requirements following the SREP.

CRDIV requires that EU member states have a regime for the imposition of capital conservation and countercyclical capital buffers to preserve the resilience of the banking system. In the UK, the FPC sets the policy framework and the rates for the countercyclical buffer. As at the time of writing, banks are required to hold an additional 1 percent of capital to absorb potential losses.

CRD IV requires globally systemically important institutions (“G-SIIs“) and other systemically important institutions (“O-SIIs“) to maintain, on a consolidated basis, a buffer of Tier 1 common equity (the “SII Buffers“). As at the time of writing, the UK has 16 O-SIIs. This number includes four institutions that are also G-SIIs.

So-called “SRB Institutions” (UK Ring Fenced Bodies and large building societies holding more than GBP25 billion in deposits (where one or more of the account holders is a small business) and shares (excluding deferred shares)) must maintain an additional “systemic risk buffer” over and above minimum capital requirements. The SRB sits alongside the SII buffers, but where SRB, O-SII or G-SII buffer requirements are applicable to an institution, only the highest will apply. The application of the SRB is set out PRA Statement of Policy “The PRA’s approach to the implementation of the systemic risk buffer”, which was updated in December 2018.

MREL

Since January 1, 2020 (with final requirements coming into force in 2022), the capital requirements have been supplemented for UK banks, building societies and large investment firms which need to satisfy at all times a minimum requirement for own funds and eligible liabilities (“MREL“), as specified by the BoE, as the UK resolution authority, on a case-by-case basis. MREL partly implements in the EU the Financial Stability Board’s international standard for Total Loss Absorbing Capacity (“TLAC“).

MREL is the minimum loss absorbing capacity (in equity or subordinated debt) that a firm is required to hold to bear losses in resolution – to help ensure that if a firm fails, the resolution authority can use these financial resources to absorb losses and recapitalise the continuing business. The BoE sets MREL to reflect how it would expect to resolve a particular firm if it failed. The largest and most complex firms have the highest MRELs – reflecting that they would be more disruptive if they failed in a disorderly way.

The BoE has published indicative 2020 and 2022 MRELs for the UK’s systemically important banks. From 2021, the BoE intends to publish individual MRELs, rather than an average, for all firms with an indicative MREL above capital requirements.

Liquidity

The financial crisis demonstrated that some institutions did not hold sufficient liquidity (e.g. cash or other assets that can be quickly converted into cash with no or little loss of value) to protect themselves from collapse. Basel III introduced two new liquidity buffers:

  • a Liquidity Coverage Requirement to improve the short-term (over a thirty day period) resilience of the liquidity risk profile of financial institutions; and
  • a Net Stable Funding Requirement to ensure that an institution has an acceptable amount of stable funding to support the institutions assets and activities over the medium term (over a one year period).
Global standards

Various international fora play an important role in regulatory development. There has until recently been an increasing trend towards international regulatory alignment particularly since the financial crisis 2008/9 when the G20 mandated sweeping change that drove the regulatory reform agenda.

The Basel Committee on Banking Supervision Standards (“BCBS”) has been a key international source of minimum bank capital requirements. Other international bodies have played important roles in setting regulatory agendas and standard setting, including:

  • the Financial Stability Board (“FSB”) (e.g. on effective resolution for financial institutions); 
  • the International Organization of Securities Commissions (“IOSCO”) (e.g. work on clearing of derivatives through central counterparties; and the operation of financial benchmarks); 
  • the International Association of Insurance Supervisors (“IAIS”);
  • the International Association of Deposit Insurers (“IADI”); and 
  • the Committee on Payments and Market Infrastructure (“CPMI”). 

The output of high level standards would then be implemented by national governments – in the EU, generally through EU law although the EU had a general tendency to modify and go beyond international standards e.g. in relation to short-selling; remuneration; and funds (“AIFMD”).

Further, extra-territorial regulatory reach can be effected through intergovernmental agreements in relation to US securities laws and tax compliance e.g. the application of the U.S. Foreign Account Tax Compliance Act (“FATCA”).

The UK has its own representation within international fora, which will increase after Brexit when it will seek more mutual recognition of regulatory standards to enable the export of financial services. U.S. CFTC Chairman, Christopher Giancarlo has been particularly vocal in advocating such outcomes-based deference, through equivalence / recognition decisions or through substituted compliance orders and exemptions – particularly in connection with the CFTC’s responsibility for the regulation of the trading and clearing of derivatives.

European law / Brexit

The current European System of Financial Supervision (“ESFS“), which was introduced in 2011, includes, together with competent or supervisory authorities in the Member States:

  • the European Systemic Risk Board, which aims to detect risks to the financial system as a whole, issue early risk warnings and provide recommendations for action.
  • European Supervisory Authorities (“ESAs“) for the banking, securities and insurance and occupational pensions sectors:
    • the European Banking Authority (“EBA“);
    • the European Securities and Markets Authority (“ESMA“); and
    • the European Insurance and Occupational Pensions Authority (“EIOPA“).

The ESAs play an increasingly important role in EU financial services regulation, in particular:

  • developing “Level 2” Binding Technical Standards (in the form of Regulatory or Implementing Technical Standards) to supplement primary (“Level 1”) EU legislation;
  • issuing “Level 3” guidelines and recommendations; providing opinions to the EU institutions and national supervisors;
  • peer-reviewing and resolving disputes between national supervisors;
  • exercising direct EU-level supervision of certain pan-EU firms (e.g. credit rating agencies and trade repositories in the case of ESMA); and
  • exercising powers to temporarily prohibit or restrict products or financial activities.

While some UK regulatory requirements were wholly domestically inspired (notable examples include the UK ring-fencing requirements; the individual accountability requirements introduced by the SMCR; and the UK’s criminal regime for market abuse), much of the UK’s financial services regulation is derived from sector and product-specific legislative initiatives proposed by the European Commission and adopted by the EU institutions (although subject to significant UK influence within the EU institutions).

EU legislation (increasingly) takes the form of Regulations, which have direct effect across the EU without the need for national implementing measures; and Directives, which require transposition into national law. 

Significant relevant EU legislation affecting financial services includes:

  • CRDIV/CRR: the Capital Requirements Directive (2013/36/EU) and the Capital Requirements Regulation ((EU) 575/2013) which together provide the prudential framework for credit institutions and investment firms.
  • MiFID II/MiFIR: the revised Markets in Financial Instruments Directive (2014/65/EU) and the Markets in Financial Instruments Regulation) (EU) 600/2014), which together provide the cornerstone legislation for investment firms, covering regulated markets, multilateral trading facilities and organised trading facilities; governance and conduct of business rules for investment firms; and obligations for pre- and post- trade transparency and transaction reporting;
  • AIFMD: the Alternative Investment Fund Managers Directive (2011/61/EU) is an EU law on the financial regulation of hedge funds, private equity, real estate funds, and other “Alternative Investment Fund Managers” (“AIFMs“). The Directive requires all relevant AIFMs to obtain authorisation, and make various disclosures as a condition of operation;
  • MAR: the Market Abuse Regulation ((EU) 596/2014) which provides for an EU civil regime for market abuse;
  • PSD2: the revised Payment Services Directive on payment services in the internal market ((EU) 2015/2366);
  • EMIR: the European Market Infrastructure Regulation on OTC derivatives, central counterparties and trade repositories ((EU) 648/2012);
  • SSR: the regulation on short selling and certain aspects of credit default swaps ((EU) 236/2012);
  • Securities Financing Transactions Regulation on transparency of securities financing transactions and of reuse ((EU) 2015/2365);
  • PRIIPs Regulation: the Regulation on key information documents for packaged retail and insurance-based investment products ((EU) No 1286/2014);
  • Money Market Funds Regulation: the regulation of the European Parliament and of the Council of June 14, 2017 on money market funds ((EU) 2017/1131);
  • Benchmarks Regulation: the regulation on indices used as benchmarks in financial instruments and financial contracts or to measure the performance of investment funds ((EU) 2016/1011); and
  • Mortgage Credit Directive: the Directive on credit agreements for consumers relating to residential immovable property (2014/17/EU).

Brexit

The European Union (Withdrawal) Act 2018 (“EUWA“) repeals the European Communities Act 1972 and converts into UK domestic law the existing body of directly applicable EU law (EU Regulations). It also preserves UK laws implementing EU Directives (“retained EU law”).

The EUWA gives ministers powers to prevent, remedy or mitigate any failure of EU law to operate effectively, or any other deficiency in retained EU law, through SIs. HM Treasury has also delegated powers to the UK’s financial services regulators to address deficiencies in the regulators’ rulebooks arising as a result of exit, and to the EU Binding Technical Standards (“BTS”) that will become part of UK law. 

Subject to any agreement with the EU in the meantime, the new “onshored” law and regulation will be legally effective after the end of the Brexit implementation period on 31 December 2020. 

Examples of deficiencies in financial services legislation which have been cured under EUWA powers include:

  • Functions that are currently carried out by EU authorities would no longer apply to the UK (for example, supervision of trade repositories, which HM Treasury proposes to transfer to the FCA);
  • Provisions in retained EU law that would become redundant (for example, references to European Consumer Credit Information and Member States);
  • Provisions requiring participation in EU institutions, bodies, offices and agencies (for example, joint decision making in supervisory and resolution colleges) which would no longer work after exit.
FCA investigation / enforcement

Enforcement powers

The FCA’s enforcement powers are wide. Under FSMA 2000, the FCA has an extensive range of disciplinary, criminal and civil powers to take action against regulated and unregulated firms, and individuals for failings or misconduct. These powers include both disciplinary sanctions (such as financial penalties, public censure and suspension of (or restrictions on) permissions and banning of individuals) and certain other enforcement tools (such as own initiative variation of permissions (“OIVoPs“), private warnings and the banning of products and financial promotions). The PRA has similar FSMA enforcement powers and both regulators cooperate subject to a MoU under which, inter alia, they will decide together who should lead an investigation or whether an investigation should be joint. The PRA has a power to veto certain regulatory action by the FCA in certain circumstances where, in the PRA’s view, such action would adversely affect or threaten the stability of the financial system.

The FCA has the power to bring civil actions (seek injunctions, to freeze assets and apply for restitution orders); and criminal proceedings for insider dealing, misleading statements or impressions and market manipulation, or for a criminal offence under the Payments Services or Money Laundering Regulations.

Further, the FCA has powers to investigate and bring action against listed companies (whether they are authorised or not) and their officers for breaches of its listing regime, and concurrent powers with the Competition and Markets Authority (“CMA”) to investigate cases where it believes financial services firms might be in breach of competition law. The FCA works closely with other regulators or law enforcement agencies such as the Serious Fraud Office (“SFO”).

There are also non-FSMA enforcement powers which complement those powers granted to the UK financial services regulators under FSMA 2000. This includes powers under other pieces of legislation such as the Credit Unions Act 1979, the Consumer Rights Act 2015, the Investigatory Powers Act 2016, and the Open-Ended Investment Companies Regulations 2001, SI 2001/1228 and the Proceeds of Crime Act 2002.

Investigations

Once a matter is referred to Enforcement, they will assess whether the matter meets the criteria for investigation e.g. whether it is sufficiently serious; whether it has broader implications; whether there was a lack of fitness or propriety; and the public interest. The document, FCA Mission: Our Approach to Enforcement elaborates fiuther. Certain matters bypass these criteria including market abuse / criminal matters; civil litigation e.g. for restitution; supervisory action e.g. OIVoPs  and VREQs; and issues concerning unauthorised business, the Threshold Conditions, the CMA and the Listing Rules.

The next step is for FCA investigators to be appointed after which an initial notice of investigation would be sent to the subject (unless, for example in a market abuse investigation, that might frustrate the investigation). Limitation periods do apply to the FCA’s powers. A scoping meeting with the subject may follow explaining the reason for, and process of, the investigation.

The FCA has various investigatory powers depending on the nature of the suspected wrong-doing. These are found in ss. 97, 122, 131, 165-169, 171-173, 175-176 and 284 FSMA. The FCA will often use its powers to compel information, as opposed to requesting it voluntarily, so as to make it easier for a firm to manage data confidentiality and privacy issues – an exception to this approach would be were the subject is suspected of market abuse / criminal offence. The FCA can appoint, at the firm’s expense, a Skilled Person (s.166 FSMA) to produce a report on any aspect of a firm’s affairs on which it could then base its subsequent enforcement action.

The investigators’ powers to require the production of documents and information under FSMA are restricted in respect of two categories of documents:

  • protected items – communications made between a professional legal advisor and his client or any person representing his client. This is effectively a statutory form of legal professional privilege (s.413 FSMA); and
  • documents / information subject to banking confidentiality (s.175 FSMA). A bank is generally not permitted to disclose details of a customer’s account except in very few circumstances as set out.

To the extent that protected information is provided voluntarily to the FCA, firms should not wholly waive legal professional privilege.

FCA requests for documents can present significant logistical challenges for firms and need to be met within time limits set by the FCA (which may be subject to extension). Non-compliance with an information requirement without a reasonable excuse constitutes an offence and may be dealt with by the courts as contempt of court.

The FCA encourages firms to be proactive in undertaking their own internal investigations and they are not required to share the report with the FCA where it is legally privileged. However, a firm’s willingness to disclose the report may result in them getting credit for cooperation.

FCA interviews

As with information requests, the FCA may conduct interviews on a voluntary or compelled basis (or under caution where an individual is suspected of a criminal offence). The FCA will generally interview the subject of the investigation, in addition to witnesses who are professionals, approved persons and/or work in regulated firms, using their compelled powers. Where interviews are conducted on a compelled basis, the interviewee must attend and must answer the FCA’s questions or risk committing offences and being found in contempt of court. 

Process

The FCA’s process in bringing enforcement action against firms and individuals includes the issuing of a warning, decision and final notices by the FCA’s Regulatory Decisions Committee (“RDC“). The RDC will apply its own decision process to the information supplied by the investigatory team and determine whether or not a warning notice is justified. The giving of a warning notice marks the formal beginning of enforcement proceedings. 

When the FCA has conducted sufficient investigatory work to determine that breaches have occurred which warrant a sanction, it will, if it is prepared to consider a settlement, send a ‘stage 1 letter’ to the subject of the investigation (which may be sent before or after a preliminary findings letter / investigation report).

The FCA may at any stage decide to close the investigation and take no action or to issue a non-statutory private warning rather than bring formal disciplinary action. 

To challenge decisions taken by the FCA or PRA, a person may refer their case to the Upper Tribunal (Tax and Chancery Chamber) to be heard afresh, although where a supervisory, as opposed to a disciplinary, decision is being appealed, the Upper Tribunal cannot substitute its own opinion but can only remit the matter back to the regulator with a direction to reach a decision in accordance with the findings of the Tribunal. From March 1, 2017, it has been possible to “fast-track” cases to the Upper Tribunal without first completing the FCA’s or PRA’s usual settlement process.

The FCA is required to make information public, if appropriate, when they issue a decision notice or final notice. . However, in some circumstances, the FCA may disclose at an earlier stage that it is (or is not) investigating a matter e.g. where the matter under investigation has become the subject of public concern, speculation or rumour, and it considers such an announcement is desirable to maintain public confidence in the financial system or the market; protect consumers or investors; prevent widespread malpractice, or help the investigation itself, for example by bringing forward witnesses, or maintain the smooth operation of the market.

If an investigation is to be conducted into a matter which could be dealt with as a criminal or regulatory offence (e.g. market abuse or a related criminal offence), the investigators will be appointed to look into both possibilities (‘dual track’ investigations).  Once the investigation has concluded, a decision will be taken as to which track to pursue, applying, inter alia, the two-stage test set out in the Code for Crown Prosecutors, which takes into account whether there is sufficient evidence and the public interest in prosecuting.

General guidance on the FCA’s powers and the enforcement process is outlined in the FCA’s Decision Procedure and Penalties Manual (“DEPP“) and the FCA’s Enforcement Guide (“EG“). DEPP also provides guidance on the nature and procedure of the RDC and on the FCA’s executive decision-making process. The PRA has similarly outlined its approach to enforcement in a series of Statements of Policy and Procedure covering: the PRA’s policy on statutory notices and the allocation of decision making; its policy on the imposition and amount of financial penalties; its policy on the imposition (and duration) of suspensions or restrictions; its settlement decision-making procedure; its policy on the conduct of interviews; and its approach to publicity of regulatory action.

A number of key strategic considerations apply in dealing with the regulator in connection with an investigation – not least, the extent to which a firm / individual pro-actively co-operates with the regulator in relation to the potential breach particularly given the duty to deal with the FCA in an open and co-operative way pursuant to Principle 11 of the Principles for Businesses and Rule 3 of the Individual Conduct Rules;  and to disclose any information of which the FCA would reasonably expect notice under the Rule 2 of the Senior Manager Conduct Rules and PRA Fundamental Rule 7.  The risk of self-incrimination, particularly where a decision is made to self-report, must be set off against these positive obligations to co-operate, as well as the fact that the likelihood of a recommendation of enforcement action will be lessened by an open and communicative engagement with the FCA, and any ultimate sanction would be more lenient.

In order to further gain  ‘credit’ with the regulator, it would expect the firm to be taking remedial action such as addressing any systems and controls issues and compensating any consumers who have suffered harm for example, by way of a voluntary redress scheme. The FCA’s Enforcement Guide expands on these factors.

Complaints and redress

Other than an individual’s right to take legal action in the civil courts, the FSMA regime provides various routes for individual redress and compensation:

  • The statutory arbitration scheme, the Financial Ombudsman Service (“FOS“), which operates independently of the FCA to adjudicate individual complaints against authorised persons. It is generally binding on financial institutions in respect of the core areas of business covered by the FSMA regime including consumer credit; 
  • The statutory compensation scheme, the Financial Services Compensation Scheme (“FSCS“), compensates customers who suffer financial loss as a consequence of the inability of a regulated firm to meet liabilities arising from claims made in connection with regulated activities. The scheme is only open to a range of specified categories of claimant. The maximum amount of compensation available is subject to limits which depend on the type of business concerned;
  • In serious cases, the FCA may take action itself and seek restitution orders under sections 382-384 of FSMA and require a firm to compensate investors;
  • The FCA may vary a firm’s permission to require the firm to establish and operate a scheme which “corresponds to, or is similar to, a consumer redress scheme” (which is an industry wide consumer redress scheme that can be established pursuant to section 404 FSMA) (s.404F(7) FSMA); and
  • Breach of certain (but not all) FCA rules gives “private persons” suffering losses the right to take proceedings in the civil courts (s. 138D FSMA).

The PRA is responsible for setting deposit protection requirements, under the recast Deposit Guarantee Schemes Directive (2014/49/EU), implemented by the Deposit Guarantee Scheme Regulations 2015 (SI 2015/486). These protections include: wide eligibility for deposit protection, including for companies that are not financial institutions; disclosure requirements to help customer awareness of deposit guarantee arrangements and restrictions on references to the regime in advertising materials; and extended protection for temporary high balances. With a view to achieving the quick return of deposits to customers or continuing access there are PRA requirements on deposit-takers as regards single customer view (“SCV“) and extended continuity of access (“CoA“) rules.

Proposals for EU Banking Union from 2019 included a draft Regulation to establish a European Deposit Insurance Scheme (“EDIS“) applying to those Member States participating in the EU Banking Union. The European Commission aimed to secure political agreement by the end of 2018, however, at the time of writing, the scheme is still awaiting finalisation.

Market Abuse

The EU Market Abuse Regulation

The Market Abuse Regulation (596/2014), known as MAR, mostly applied directly across the EU from July 3, 2017, and took effect fully on January 3, 2018, the date on which the MiFID II/MiFIR legislative package (on which the operation of certain provisions of MAR depended) came into force.

Market abuse is “a concept that encompasses unlawful behaviour in the financial markets” (Recital 7, MAR). There are 3 principal types of market abuse:

  • insider dealing: dealing while in possession of inside information (inter alia, information of a precise nature, which has not been made public, relating, directly or indirectly, to one or more issuers or to one or more financial instruments, and which, if it were made public, would be likely to have a significant effect on the prices of those financial instruments or on the price of related derivative financial instruments);
  • unlawful disclosure of inside information; and
  • market manipulation:
    • entering into a transaction, placing an order to trade or any other behaviour which (in the absence of legitimate reasons, and / or conformance with an accepted market practice):
      • gives, or is likely to give, false or misleading signals as to the supply of, demand for, or price of, a financial instrument, a related spot commodity contract etc; or
      • secures, or is likely to secure, the price of one or several financial instruments, a related spot commodity contract etc. at an abnormal or artificial level;
    • entering into a transaction, placing an order to trade or any other activity or behaviour which affects or is likely to affect the price of one or several financial instruments, a related spot commodity contract etc, which employs a fictitious device or any other form of deception or contrivance;
    • disseminating information through the media, including the internet, or by any other means, which gives, or is likely to give, false or misleading signals as to the supply of, demand for, or price of, a financial instrument, a related spot commodity contract etc. or secures, or is likely to secure, the price of one or several financial instruments, a related spot commodity contract etc. at an abnormal or artificial level, including the dissemination of rumours, where the person who made the dissemination knew, or ought to have known, that the information was false or misleading;
    • transmitting false or misleading information or providing false or misleading inputs in relation to a benchmark where the person who made the transmission or provided the input knew or ought to have known that it was false or misleading, or any other behaviour which manipulates the calculation of a benchmark.

There are “accepted market practices” and safe harbours which will protect a market participant from an allegation of market abuse, not least for unlawful disclosure of inside information where a firm has disclosed information in compliance with the MAR provisions on “market soundings”.

The previous regime under the Market Abuse Directive (2003/6/EC) applied to financial instruments admitted to trading on an EU regulated market or for which a request for admission to trading had been made. MAR is  directly applicable across the EU, better aligns with MiFID II and significantly extends the scope of the EU regime from the earlier Directive, to capture:

  • financial instruments admitted to trading on an EU regulated market or for which a request for admission to trading has been made;
  • financial instruments traded on a multilateral trading facility (“MTF“), admitted to trading on an MTF or for which a request for admission to trading has been made;
  • financial instruments traded on an organised trading facility (“OTF“), a new category of venue introduced by MiFID II); or
  • financial instruments not falling into the categories above, the price or value of which depends on or has an effect on the price or value of a financial instrument traded on a regulated market, MTF or OTF.

MAR’s market manipulation provisions also apply to any spot commodity contract having, likely to have, or intended to have an effect on the price or value of a financial instrument, and any type of financial instrument having, or likely to have, an effect on the price or value of a spot commodity contract whose price of value depends on the relevant financial instrument.

MAR also makes specific provision that any transaction, order or behaviour concerning any financial instrument as referred to in MAR Article 2(1) and (2), will fall within the market abuse regime irrespective of whether or not such transaction, order or behaviour actually takes place on a trading venue.

The definition of inside information was widened by MAR and a new offence of “attempted market manipulation” created. The FCA got new powers to monitor financial markets and for information gathering, to order publication of corrective statements, and to suspend trading of financial instruments.

Given that the main requirements in respect of market abuse are now contained in MAR and its implementing measures, the FCA Handbook is limited to providing guidance on and signposts to provisions in MAR.

In accordance with criteria in its Enforcement Guide, the FCA decides whether a matter is treated as market abuse or is prosecuted in the criminal courts as criminal insider dealing or market manipulation (see below). 

Market abuse is investigated and prosecuted by the FCA through an internal administrative process. An internal FCA committee, the Regulatory Decisions Committee (“RDC“) decides whether misconduct has taken place and considers whether to impose sanctions. Enforcement powers include financial penalties and administrative sanctions such as prohibiting trading in financial instruments or employment restrictions. Those subject to enforcement may refer the matter to the independent Upper Tribunal (Tax and Chancery Chamber) for a new hearing.

Brexit

Pursuant to powers under the European Union (Withdrawal) Act 2018 (“EUWA“) MAR will be “onshored” – replicated in UK law and amended so that it is legally effective after the end of the Brexit implementation period on 31 December 2020. On 19 February 2019, the Market Abuse (Amendment) (EU Exit) Regulations 2019 (SI 2019/310) were published with an accompanying explanatory memorandum (“MAR Exit SI”). The amendments reflect the UK’s new position outside the EU. The key amendment is to provide that financial instruments admitted to trading or traded on UK venues continue to be within scope of regulation in the UK following the transition period. The government also decided to keep instruments admitted to trading or traded on EU venues, within scope given how interconnected our markets are. MAR Exit SI also removes the obligation for UK regulators to share information or co-operate unilaterally with EU authorities without any guarantee of reciprocity.

Criminal insider dealing

Insider dealing pursuant to the Criminal Justice Act 1993 Part V is committed where a particular type of “insider”:

  • deals in certain price-affected securities when in possession of inside information;
  • encourages another to deal in price-affected securities when in possession of inside information; and
  • discloses inside information otherwise than in the proper performance of their employment, office or profession.
  • An individual found guilty of insider dealing is liable to a maximum period of imprisonment of seven years and/or unlimited fines.

Criminal offences of misleading statements and impressions

The Financial Services Act 2012 contains three separate offences:

  • two offences relating to the making of misleading statements and impressions (s. 89 & 90, the 2012 Act); and
  • an offence for misleading statements and impressions in relation to benchmarks (at the time of writing, the benchmarks specified for this purpose are: the London Interbank Offered Rate (“LIBOR“); ISDAFIX; Sterling Overnight Index Average, also known as SONIA; Repurchase Overnight Average, also known as RONIA, WM/Reuters London 4pm Closing Spot Rate; London Gold Fixing; LBMA Silver Price; and ICE Brent Index) (s. 91, the 2012 Act).

The penalties on conviction for any of the three offences are imprisonment of up to seven years and/or unlimited fine.