On 12 October 2023, the UK Financial Conduct Authority (FCA) published a decision notice under which it proposes to impose a £1,812,800 penalty on James Staley (the former CEO of Barclays Bank) and ban him from the financial services industry. Mr. Staley has appealed.
Therese Chambers, joint Executive Director of Enforcement and Market Oversight at the FCA, said in respect to the decision: 'A CEO needs to exercise sound judgement and set an example to staff at their firm. Mr Staley failed to do this.’
In 2018, Mr Staley had been found to have breached the Conduct Rules under the UK Senior Managers and Certification Regime. This latest action by the FCA means that Mr Staley is the first individual found to have breached the Conduct Rules twice by the FCA, subject to his appeal.
This is an interesting international development that goes to show how breaches of the accountability obligations under Financial Accountability Regime could be enforced by the Australian Securities and Investments Commission (ASIC) and the Australian Prudential Regulation Authority (APRA).
Australia’s financial accountability regime
The Financial Accountability Regime (FAR) is designed to strengthen responsibility and accountability in the banking, insurance and superannuation industries. Senior individuals across these sectors who are subject to FAR are defined as "accountable persons" and are required to comply with conduct obligations, including to act with honesty and integrity and with due skill, care and diligence.
FAR will replace the Banking Executive Accountability Regime (BEAR) for authorised deposit-taking institutions (ADIs) from 15 March 2024.
FAR will apply to general insurers, life insurers, private health insurers, registrable superannuation entity licensees from 15 March 2025.
In early October 2023, ASIC and APRA published an information package on the application of FAR containing regulatory guidance for authorised ADIs, an accountability statement template, an implementation timeline and the ASIC/APRA Joint Administration Agreement.
Our article detailing this latest information package may be found here: 'Long-awaited regulatory guidance for ADIs on the transition to FAR'.
FAR accountability obligations
Under section 21(1) of the FAR Act, accountable persons must (among other obligations) conduct the responsibilities of their position as an accountable person:
- by acting with honesty and integrity, and with due skill, care and diligence;
- by dealing with the Regulator in an open, constructive and cooperative way.
It remains to be seen what action APRA and ASIC will take to enforce these accountability obligations.
There has certainly been criticism that APRA failed hold any bankers to account under the BEAR regime.
This criticism was repeated by the Greens in their (failed) attempt to reinsert civil penalty provisions into the FAR Bill.
UK conduct rules
There have been relatively few examples of successful regulatory enforcement action in the UK under the equivalent of the accountability obligations.
The UK Senior Managers and Certification Regime (SMCR) includes Individual Conduct Rules requiring all staff at in-scope firms to (among other obligations):
- act with integrity;
- act with due skill, care and diligence; and
- be open and cooperative with the FCA, the PRA and other regulations.
In addition, Senior Managers under the SMCR are required to comply with certain Senior Manager Conduct Rules including:
- disclose appropriately any information of which the FCA or PRA would reasonably expect notice.
The first matter: failed to act with due care, skill and diligence
In 2018, Mr Staley was the first individual to be subject to an FCA enforcement action for breach of the Conduct Rules. Mr Staley was a regulator-approved “Senior Manager” under the SMCR. This is the equivalent of being an Accountable Person under FAR.
The FCA and Prudential Regulation Authority fined Mr Staley £642,430 having found that he failed to act with due skill, care and diligence. He breached Individual Conduct Rule 2 by trying to uncover the identify of a whistleblower who had sent numerous anonymous letters to the Barclays Board. The FCA Final Notice may be found here.
Commentators at the time noted that UK regulators only pursued Individual Conduct Rule 2 and not Individual Conduct Rule 1. As this was the first Individual Conduct Rule breach, it was thought that UK regulators locked in a successful action that was less likely to be appealed.
Mr Staley’s approximate annual compensation package at the time was £4.5 million.
The second matter: failed to act with honesty/integrity and to be open with regulators
On 12 October 2023, the FCA published a Decision Notice against Mr Staley finding that he had again breached the Conduct Rules under the SMCR, this time in respect to different matters.
This makes him the only individual to have been found to have breached the Conduct Rules twice (subject to the appeal).
The Decision Notice sets out the FCA decision to impose a £1,812,800 penalty and ban Mr Staley from the financial services industry.
Mr Staley was found to have misled both the FCA and the Barclays Board about the nature of his relationship with the late Jeffrey Epstein. In particular, questions were raised by the FCA to the Barclays Board as to the nature of Mr Staley’s association with Mr Epstein.
Following internal discussions with Mr Staley, the Barclays Board sent a letter to the FCA stating that he:
“has confirmed to us that he did not have a close relationship with Mr Epstein, and he is resolute that at no time did he see anything that would have suggested or revealed any aspect of the conduct that has been the subject of recent allegations.”
In reality, it transpired that Mr Staley had a long friendship with Mr Epstein. In email correspondence, Mr Staley described Mr Epstein as one of his 'deepest' and 'most cherished' friends. It also was the case that Mr Staley travelled to Florida to visit Mr Epstein during his prison sentence whilst he was on work release in January 2009. Mr Staley visited various of Mr Epstein’s properties, including Mr Epstein’s island in the US Virgin Islands on three separate occasions, in addition to two further visits to a private marina owned by Mr Epstein nearby his island, and Mr Epstein’s ranch in New Mexico. The FCA Decision Notice states that these visits were for no obvious business or professional purpose.
The FCA has acknowledged that it has seen no evidence to suggest that Mr Staley saw, or was aware of, any of Mr Epstein’s alleged crimes, but has found that by failing to correct the misleading statements in the letter, Mr Staley recklessly misled the FCA and acted with a lack of integrity.
The FCA found that Mr Staley had breached Individual Conduct Rule 1 (integrity) and Individual Conduct Rule 3 (be open and cooperative with regulators).
The FCA also found that Mr Staley had breached Senior Manager Conduct Rule 4 (disclose appropriately any information that the regulators would reasonably expect notice).
Mr Staley has appealed the FCA Decision Notice to the UK Upper Tribunal both in respect to the financial penalty and to the prohibition order.
Reputational impact of findings on integrity
It is typically much more likely that an individual will appeal regulatory enforcement decisions going to their integrity given the reputational (usually career limiting) impact of such a finding (even when they are not banned from the industry).
Individuals may be less likely to appeal a regulatory enforcement outcome when it is seen as an arguably less serious failure to act with due skill, care and diligence.
Both findings against Mr Staley relate to misconduct in circumstances where there is no obvious detriment to customers.
It remains to be seen whether ASIC and APRA will adopt a similar approach and use the accountability obligations under FAR to take action where individuals fail to act with integrity and/or fail to deal with regulators in an open, constructive and cooperative way.
Start your FAR journey with us
We have implemented BEAR and FAR for in excess of 30 institutions in the banking, insurance and superannuation industries.
Our experience extends to post implementation reviews of the regime, providing strategic advice to boards and executives on potential exposures under BEAR, internal investigations into potential breaches and breach reporting, as well as the review and uplift of remuneration frameworks for FAR and CPS 511 compliance.
If you need assistance with any aspect of the regime, don't hesitate to contact us.