A fireside chat with Tim Dolan

Radar talks market abuse, SM&CR, culture and enforcement with regulatory expert, Tim Dolan.

What general trends are you seeing more of at the moment? Are there any particular messages you’re hearing from the regulators?

One trend we have noticed is that the FCA is focused on firms that have an over-reliance on individuals. It suggests the regulator feels they would be better served by the use of more automated compliance systems. We are seeing this in particular in relation to transaction monitoring, post-trade reporting, and filing STORs or SARs.

Many of these firms do not have an abundance of customers and have therefore opted to monitor transactions manually, usually through their compliance team. The FCA is often of the view that even in these instances, that is not “good enough” and more automated compliance systems should be put in place instead.

So are they saying you have to have a system? You’ve got to automate?

While the FCA is not saying this in so many words, we have noticed that those who have a system in place are finding the process easier in comparison to those firms that are solely reliant on people. Part of the FCA’s concern is likely that if a firm is reliant on a handful of people and a day arises where they are sick or on leave, there is a large gap between what is expected and what the firm has actually done.

On enforcement trends, we’ve noticed that there have already been 10 enforcements this year. Your view on any trends so far?

What is interesting to me is that shortly after Mark Steward became the director of enforcement in 2016, the FCA opened a lot of new enforcement investigations on the basis that it would shut cases if there had been no wrongdoing. The problem with that approach is that the FCA still has to investigate each case; generally in the enforcement division of the FCA, each staff member has about three or four investigations at any time. It seems that this approach has essentially resulted in a backlog of cases. Instead of being able to push on with the really clear breaches, the FCA still has to follow the set process on all cases, even those that are unlikely to be successful.

What I believe the FCA should consider doing is publishing details of cases they have investigated, perhaps on a no-names basis, but did not pursue. I think this would help the financial sector as a whole understand more about other areas of regulation that FCA is concerned about, even though they may not have resulted in a public enforcement action being taken.

Do you think there’s a swing towards them going after individuals more than firms?

Yes. The FCA is certainly focusing on individuals and that focus will increase with SM&CR.

When a firm is being investigated, early on in the process there is often an internal conversation about who will take the blame for the perceived failing. In general, the larger the institution, the more likely they are to try and find a scapegoat.

So with regard to market abuse, there have been a number of important cases recently. There’s Linear, the Interactive Brokers enforcement and the Paul Stephany case, which FCA didn’t really define as market abuse. Any insights?

A key lesson arising from these cases for in-house compliance at financial services firms is to continue to wonder “what else could be going on at our firm and what is unusual?” In particular, if a team or desk is very successful, compliance must question why and explore whether there is anything untoward going on.

There’s also an interesting play from the FCA on the new movement towards financial crime blending into the market abuse arena. There was obviously the Financial Crime Guide that came out, and then you look at some of the things in the background like the Deutsche mirror trades and the money laundering activity in Nordic banks. There’s a feeling that financial criminals are very sophisticated, not only in how they get the money into the system but what they do with it once it’s there. Is that how you would define it?

The whole push on financial crime was around the time of the Financial Action Task Force (FATF) Review in the UK in 2018. Leading up to that, if you go back two years before, the press was buzzing with stories on how the UK was very susceptible to money laundering and I think statistically the FCA only had a handful of investigations open in relation to financial crime at that time. If nothing else, I think the increase in financial crime investigations has been to force firms to think about their susceptibility to it.

From talking to firms, the impression we get is that the financial crime teams have traditionally been a separate unit. Distinct from front-office supervisory or second-line compliance advisory, they are completely siloed from the financial crime teams. Whereas now it feels like they’re being asked to cooperate and work together?

Yes – financial crime teams are often a separate unit and they should not be siloed. They need to have as much autonomy and say as the compliance and legal teams as they perform a critical role.

On SM&CR, I’m sure your clients are talking about it, but are you actually doing any advisory or implementation?

Of course. The stages are all different though. We have clients who have been preparing for more than a year because they knew they would need to plan a big restructuring or make fundamental changes to their organisation, or perhaps they had heard about how painful the process had been for banks and wanted to be ahead of the curve. We also have clients who only started their work a couple of months ago and others who have not started yet – but they know about it, are quite well-read on it and are planning on getting on with it in the early autumn.

From my experience, the mapping piece – working out who is actually responsible for what – is the key point to focus on early on. It is often more work than firms realise because for it to be done properly the process has to be led by the firm, in my view, rather than external advisers.

We’ve had a few roundtables with firms who have already done it and firms that are about to do it for 9 December. Generally people are really positive about it. They’re acknowledging that it’s extra work but that actually it’s been really useful. There have obviously been some politics around people acclimatising to actually having their responsibilities specified, but generally they say it’s been beneficial.

It is beneficial for it to be clear what the roles are and who is responsible for each piece. It will be interesting when we eventually come to see enforcement proceedings relating to SM&CR in coming years. There will undoubtedly be instances where you have an individual who is responsible for something but has nevertheless relied on other people to fulfil their responsibility because people naturally sometimes have to rely on others. In actuality, the most powerful part about SM&CR is to make sure that the individuals that hold those roles of responsibility are getting the information they need to ensure their responsibilities are being performed, even when delegated.

On the cultural side of things, the threat coming out of some of the FCA’s speeches seems to be that if they find a firm’s culture or approach to be wrong then they might infer that there is more inappropriate activity going on throughout the rest of the organisation. And if you’re in that position you may get more visits from the regulator and they’ll keep digging until they find those things. Do you agree?

Yes, the FCA is particularly focused, rightly or wrongly, on firms that it perceives to have a poor culture. However, it is good to remember that when we speak of culture in that regard what we are actually referring to are the incentives behind people doing certain things.

Looking ahead to the rest of 2019, what are your clients focussing on?

Remarkably, compliance with CASS continues to be a recurring theme, along with SMCR preparation.

While I have managed to avoid the topic up to this point, there is of course the elephant in the room – Brexit. The important point to remember is that this is not just an issue for UK firms looking out to Europe or beyond but also let us not forget those European businesses that have passported here who, in the event of a no-deal Brexit, while they will have a temporary window from the FCA and PRA (provided they have notified them in time), will have to submit a timely application for full authorisation at some point next year. I very much hope that the FCA will employ appropriate numbers of staff to deal with these applications promptly.

As a native New Zealander did you get to see any of the Cricket World Cup in the summer?

I am a proud Kiwi and was delighted to get a ticket for the final at Lord’s. I am still traumatised by what transpired and am getting regular therapy.

Tim has been practising financial services law for 20 years. During that time, he has worked for financial services regulators including the UK Financial Services Authority (the predecessor to the FCA); he successfully appeared before the Regulatory Decisions Committee and the Upper Tribunal, and helps clients understand and respond to UK and European regulatory issues, such as Brexit. Tim is now Partner at Reed Smith.