Reversing the Burden: Preventing Malfeasance in the Financial Services Industry by Presuming Fault.

• Author: Kinghorn, Ian
• Position: United Kingdom

1. INTRODUCTION II. BACKGROUND A. The Approved Persons Regime B. Criticisms of the Approved Persons Regime C. Remedy: Extension of the Senior Managers and Certification Regime D. Comparisons to Compliance Management Systems III. ANALYSIS A. Removing the Presumption of Responsibility: A Changing Ethos of the SMCR? B. SMCR as a Toothless Tiger: What is a "Reasonable Step"? C. Removing the Need to Report Suspect Breaches: Undermining the Conduct Rules and Proof that Reasonable Steps End at Delegation? IV. RECOMMENDATION A. Recommendation for the UK Government: Reinstate the Presumption of Responsibility. B. Takeaways for Financial Service Providers Regulated in the United States V. CONCLUSION I. INTRODUCTION

   During the early 2000's, the United Kingdom enacted the Approved Persons Regime (APR) in an effort to regulate the financial services market. (1) The APR was long criticized for its inability to effectively regulate the market, and its vulnerabilities were revealed in the wake of the 2007-2008 market crash. (2) Not only did these regulations not prevent the crash, but because of the manner in which the Regime operated, those who were responsible for the crash simply could not be identified. (3) This was largely due to the fact that the APR really only served as a regulatory barrier to individuals holding particular roles in the financial services market, but once the barrier was passed, the APR lacked any teeth. (4) Thus, once an individual was approved for their role, there was no way to regulate their conduct to prevent malfeasance. (5) Another key problem with the APR was that it was nearly impossible to tell which individuals in which firms were responsible for specific tasks, so when the time came to penalize those responsible, regulators had no idea who they were. (6)

   The Senior Managers and Certification Regime (SMCR) has since been chosen to replace the APR and its many defects. This SMCR still operates as a regulatory barrier to individuals who wish to hold key roles within a firm, requiring the relevant regulatory agency to approve or deny the individual based on a number of criteria. (7) Most importantly, however, is that the SMCR goes further than just serving as a barrier to entry. The SMCR purports to impose a continuing duty for the highest levels of management to diligently supervise all of their subordinates in an effort to prevent any future malfeasance. (8) The SMCR also requires individual firms and those at the highest levels of management to specifically map out the delegation of duties within the firm, so that if malfeasance does occur, the regulatory agencies know exactly who to hold responsible. (9) These changes have essentially turned each private firm into a regulator of itself, and comparisons to the Compliance Management Systems ("CMS") required for financial firms in the United States are particularly salient. (10)

   While the SMCR should be a vast improvement over the APR, several changes to the SMCR have taken shape since it was originally proposed. (11) Most notably, the original SMCR implemented a reverse-burden of proof, requiring individuals at the highest levels of management to actually prove that they took reasonable steps to prevent and mitigate any malfeasance that occurred under their watch. (12) This requirement has since been removed. (13) In addition, the original SMCR imposed a duty on those managers to report any actual or suspected breaches of specific rules of the SMCR within seven days, but now those managers have no specific duty to report actual or suspected breaches. (14)

   This Note will explore how these two changes in tandem may affect the efficacy of the SMCR as a whole. Part II will delineate the history of the APR and the SMCR, first looking at the APR and how it specifically operated, second looking at the problems associated with it, and finally looking at how the SMCR is supposed to operate and how that may improve upon the APR. Then, this analysis will include comparisons to the Compliance Management Systems required for U.S. financial firms. Part III will then analyze the ramifications of the removal of the reverse-burden of proof and the reporting requirement, specifically the isolated effects of removing each of them individually, and as the tandem effect of removing them together. This analysis might demonstrate how that SMCR could work in practice. Part IV will then recommend the reinstatement of the reverse-burden of proof. It will first look generally at the benefits of the reverse-burden, then specifically at how it would help cure the absence of the reporting requirements. Finally, it will recommend that U.S. firms looking to properly implement CMS look to portions of the SMCR for guidance.

2. BACKGROUND

   In response to the 2007-2008 financial crisis, the United Kingdom (UK) passed a number of reforms aimed at restoring public confidence in the private banking sector. (15) Specifically, the aftermath of the financial crisis revealed an open culture devoid of individual accountability, which not only led to the financial crisis, but also has resulted in very few of those responsible for the crisis from facing any real consequences. (16) In an effort to promote individual accountability, individuals working in the financial services industry have been regulated through the APR, but the program has long been criticized for its ineffectiveness. (17) In response, the UK has recently decided to extend the SMCR to the Financial Services Industry as a whole. (18)

   1. The Approved Persons Regime

      The APR prohibited financial service firms from allowing any employee to perform a "controlled function" without the pre-approval of the Financial Services Authority (FSA). (19) Essentially, the APR required an employer to submit an application to the FSA on the employee's behalf for each controlled function they were to perform. (20) The FSA would then assess whether the employee was "a fit and proper person" to perform the controlled function that the application concerned. (21) Assuming pre-approval was granted, the FSA was still capable of withdrawing their approval of an employee at any time if it felt that the employee was no longer fit and proper to perform that function. (22) The FSA was also able to preemptively prohibit any person from performing controlled functions, regardless of whether an application had been submitted, based on the FSA's determination that the individual was not fit and proper to perform the function(s). (23)

      Controlled functions were not necessarily specifically defined, but rather fell under any one of three broad "conditions." (24) The first condition was whether the function was likely to enable the employee to exercise a significant influence on the conduct of the employer's affairs. (25) The second condition was whether the function would involve the employee dealing with customers of the employer in a manner substantially connected with regulated activities. (26) The third condition was whether the function would involve the employee dealing with property of customers of the employer in a manner substantially connected with regulated activities. (27)

      In assessing whether an employee was fit and proper to perform the specific function, the FSA looked at three broad criteria: (1) honesty, integrity, and reputation of the employee (28); (2) "competence and capability" of the employee "to perform the controlled function" (29); and (3) the "financial soundness" of the employee. (30) In assessing the first factor, the FSA considered not only criminal offenses and prior contraventions of FSA rules, but also any adverse findings in civil proceedings, any involvement in investigations or disciplinary proceedings by any regulatory body, any complaints against the employee, and prior dismissals and resignations. (31) The employee's candor and truthfulness throughout the process was also a relevant consideration to the first factor. (32) In assessing the second factor, the FSA looked at whether the employee had the experience and training necessary to perform the specific function. (33) In assessing the third factor, the FSA considered whether the employee was subject to an outstanding debt or had not satisfied previous debts within a reasonable period of time, as well as any prior arrangements with creditors, bankruptcies, or sequestration of assets. (34)

   2. Criticisms of the Approved Persons Regime

      The APR has been continually criticized for its inefficacy in regulating the financial services industry. (35) One of the principle criticisms of the APR is that it simply did not regulate enough individuals within the financial services industry. (36) In other words, the "controlled function" test was far too narrow to include the bulk of employees who ought to be regulated more closely. (37) As Parliament itself noted, this perceived under-inclusivity was mainly due to the nature of the APR. (38) Pre-approval mechanisms require a process of heavy factual investigation, which can be both extremely difficult and costly. (39) Thus, these practical limitations imposed a serious limitation on how inclusive the APR could be. (40)

      Another principal criticism of the APR was that, even for those who were regulated under the APR, they still often went unpunished after violations occurred because of the front loaded--one-shot--approach that the APR took. (41) Violations often went unpunished under the APR because it was unclear who was responsible for specific violations. (42) This problem was largely due to the fact that the controlled functions test did not look at specific responsibilities, but rather created broadly-defined roles which the FSA then considered to determine if the employee was suitable to perform. (43) Because the controlled functions test did not inquire as to the specific responsibilities of employees, it was extremely difficult to identify which employees were responsible for specific violations when they...