The United Kingdom doesn’t have a strong track record for bringing executives to book. Very often, boardroom culprits have usually fallen on their swords, taken their pensions, and sometimes even moved to greener pastures long before any regulator comes knocking.
The latest nonenforcement notice occurred Aug. 26, when the U.K.’s main financial regulators—the Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA)—ended their six-year investigations into former senior managers at HBOS and announced they would take no further action against the individuals for their role in the bank’s financial failure in 2008.
During the probes, the regulators said they gathered more than two million documents, conducted interviews, and pored through reams of contemporaneous evidence as part of their “forensic” and “rigorous” investigations to assess whether these senior managers failed in their roles and responsibilities. The result called for no enforcement action.
A decade ago, one of the bank’s former executives was sanctioned. The FCA’s predecessor, the Financial Services Authority, fined Peter Cummings, the chief executive of HBOS’s corporate division, £500,000 (then-U.S. $805,000) in 2012 and barred him from taking on any senior role in financial services due to a lack of competence.
Neither the bank’s former CEO nor chairman at the time of the collapse faced any action. Cummings believed he was scapegoated and blamed for a lack of collective responsibility within the bank and failed regulation and oversight by the government and industry watchdogs for enabling a system where bankers were unduly incentivized to take massive risks to earn bonuses.
The issue of collective responsibility in the United Kingdom can be a touchy subject. Campaigners who push for greater corporate accountability favor having nominated directors be responsible for particular issues, such as health and safety, while directors—rightly sensing they would be more easily identifiable and therefore culpable—have so far succeeded in maintaining the line it is better if the board as a whole takes responsibility.
Indeed, risk managers and compliance professionals like to point out ultimate responsibility for risk management and corporate governance rests with the board and senior management, who set “tone from the top” about corporate behavior and risk appetite.
James Alleyne, legal counsel in the financial services regulatory team at law firm Kingsley Napley, said regulatory cases against senior individuals are notoriously difficult for the FCA, “particularly against those operating in large complex organizations, with multiple layers of management and oversight and where the lines of individual accountability may not always be clearly drawn.”
Trying to hold individuals accountable for years of alleged misconduct is further complicated by the fact the FCA has a statutory limitation period in which it can act. The regulator also needs to account for the interaction of different rules in place at different points of time. Further, said Alleyne, regulatory standards for senior executives typically require them to merely take “reasonable steps”; they do not impose specific standards or strict liability, which means the execs’ actions are inherently open to challenge and interpretation.
Alleyne said the FCA has sufficient regulatory and legal tools to act against executives. The Senior Managers and Certification Regime (SMCR), which has applied to most firms since 2019, was intended to enhance the individual accountability of those operating in regulated financial services and should, by extension, make it easier for the FCA to take enforcement action against senior individuals.
However, said Alleyne, the SMCR came into effect after HBOS’s collapse and is not retrospective.
To date there have been relatively few outcomes under the SMCR. This is not surprising, he added, as “we would always expect there to be a time lag between new rules coming in and corresponding enforcement action, but we certainly anticipate there being numerous cases in the enforcement pipeline.”
The U.K.’s financial regulators are not the country’s only agencies to have checkered enforcement records where companies—and not individuals—commit crimes. A look at the Serious Fraud Office’s (SFO) recent case history includes allegations of a company committing accounting fraud on its own volition (Tesco), defrauding a U.K. government department by claiming cash for tagging some criminals who happened to be dead (Serco), and paying bribes to secure overseas contracts (Sarclad). In each of these cases, the SFO failed to secure charges brought against individuals relating to conduct for which the company had accepted a deferred prosecution agreement.
It is evident the United Kingdom has a problem investigating and prosecuting complex white-collar crimes. The situation looks unlikely to change anytime soon as government priorities appear to be freezing or cutting regulators’ resources while also shedding “burdensome” rules to attract investment and talent as the United Kingdom seeks to position itself away from the European Union.