Hell hath no fury: banks irk regulators at their peril

If there is one thing that's got easier for banks since the financial crisis, it's this: incurring regulators' wrath. Forgot to mention a big new hire? Your life will be made more difficult. Prefer not to sign anything unless required by law? You will be punished. And if one of your star traders has done something debatable, accepting supervisors' point of view as early as possible may be the smartest – if not the most dignified – option.

The growing number of investigations, debarments and sizeable fines faced by financial firms on both sides of the Atlantic reflects the rise of much more hands-on regulation. Last year, BNP Paribas paid $9 billion in a settlement with the US Department of Justice for violating US sanctions – one of the biggest bank penalties in history. Most of the other record fines have likewise been levied after 2007.

Although enforcement tends to attract most attention, the more fundamental change has taken place in regulators' day-to-day dealings with companies. In the course of its supervision of the largest firms, the UK's Financial Conduct Authority (FCA) expects to be briefed by the chief executive about a firm's strategy, personnel changes, developments in business lines and governance problems.

"The regulator needs to understand every part of a business's activity, especially if it has systemic applications. He wants to know where it is making its money and how. He insists on having access to the CEO," says Jonathan Herbst (pictured), a partner at UK law firm Norton Rose Fulbright.

"It is a very different world. The FCA is a quite different regulator to the FSA," he adds, referring to the previous watchdog disbanded in the wake of the financial crisis.

Tony Woodcock of law firm Stephenson Harwood gives an example of this new approach. One bank was preparing a major cross-border takeover of another financial institution before it informed the FCA. The media got wind of the acquisition and the regulator hauled the bank in and gave it a black mark for not informing it. The firm knew that it was now on notice that future breaches would be viewed particularly seriously. "They got slapped over the wrists," says Woodcock.

In addition to continuous contact with firms, the FCA and the US Securities and Exchange Commission (SEC) carry out ad hoc inspections to explore specific areas of compliance. The regulators will likely inform the firm of the subject for discussion in advance, the material they expect to be provided with and the people they would like to meet. The firm is well-advised to clear diaries to ensure the meeting goes well.

FCA supervisors will be well-briefed when they attend meetings with firms, says Simon Firth, a partner at Linklaters. "They will have a large amount of information at their fingertips, and they will expect the firm to have as much or more." Firth points to the need to understand the regulator's biggest concerns about a sector or a firm. These so-called 'pressure points' are likely to have come to the regulator's attention in the course of routine scrutiny.

Arm twisting

Tactics used by the FCA to monitor and police behaviour include detailed demands for evidence of compliance. The regulator has the scope to put pressure on the manager responsible for an area under scrutiny by requesting him or her to sign an 'attestation letter'. This details the changes the firm has made in response to earlier requests for action by the regulator and the controls it has in place. Firms are not required by law to sign such a document, but reluctance to sign it will be interpreted as lack of compliance.

"This is a typical example of the soft power used by the regulator," Herbst says. "Every firm knows that if you don't do it, the regulator will follow you up and hold you responsible for whatever is going wrong. While they are not placing a requirement on a firm to sign off on something, in reality it is a requirement."

Michael Ruck of law firm Pinsent Masons, who worked in the enforcement department at the FCA until the end of 2013, predicts that the supervisor will increasingly use attestation letters to hold individuals to account.

The FCA will probe its concern that controls are failing or completely absent with a 'skilled persons review'. This is ordered by the regulator and conducted by an independent firm, but paid for by the firm being examined. The regulator receives a draft of the review before the target firm is shown it. Nathan Willmott of law firm Berwin Leighton Paisner says one review was prompted by a firm's failure to report an appointment to the board to the FCA, although it had no statutory duty to do so.

"These are arm-twisting tactics," he says. "They can make life pretty miserable for the firm. A huge amount of management time is required to handle the review." He adds that these reviews cost the firm under examination on average over £2 million ($3 million).

The firm under review will be required to implement the review's recommendations. Willmott says the regulator can threaten to withdraw permissions to sell certain products and services, "which can be very painful for the firm".

The findings of a skilled person review – if of sufficient concern – can be referred to the FCA's enforcement team, which carries out a fuller investigation. If this discovers that the firm is in breach of the FCA's rules, it could be fined, publicly censured or have its permissions withdrawn.

The regulator makes no secret that it wants to be interventionist. It categorises firms according to their chances of misconduct, which can be defined by the size of the balance sheet or the number of customers. The highest-risk companies are then given a named supervisor "whose role it is to really get into what is happening within the firm", says Karina McTeague, the FCA's director of retail banking supervision.

But this new intense relationship does not have to be seen simply as a burden on financial companies. Being transparent with the FCA and reporting concerns early can earn them leniency in case of violations.

"If a firm has been open with us over a long period and has been responsive to us, we would be more willing to consider the motives for some aberration and give it the benefit of the doubt," McTeague says.

Repent of your sins

If misconduct has been established, the FCA can discount fines by up to 30% if the firm accepts its fault at an early stage. Those seeking to minimise the effect of a damaging outcome will agree to waive legal privilege, i.e. to provide the regulator with confidential documents. The FCA cannot require this but if it requests it and the firm agrees, a further discount may be on the cards. Willmott says: "There is a huge amount of pressure to give up privileged materials. We routinely find supervisors asking to see documents that they know are privileged and effectively asking a firm to waive privilege."

Likewise, the US authorities often reduce a penalty when the company co-operates from the start of an investigation.

Conversely, a failure to be accommodating can have dire consequences.

"Banks that go out of the way to co-operate with the regulators will be rewarded with lesser fines," says Ali Sallaway of UK law firm Freshfields. "Regulators expect supine behaviour. There is absolutely no advantage to be gained by non-cooperation."

The severity of BNP Paribas's 2014 fine arose in part from the view that the bank was not treating its US regulators with due seriousness, according to one lawyer close to the case. They reached this conclusion because the bank was slow to respond to regulators' demands for documentation.

"They were not as helpful as they should have been. Regulators no longer have an implicit trust of banks and they immediately suspect that the bank has something to hide, whether it was the case with BNP or not," says the lawyer.

Lawyers wishing to be more charitable to the bank see a cultural breakdown, with French values of privacy overriding those of openness, expected by the US authorities.

"It is not natural for a proud business executive to co-operate with outside regulators. They are at the top of their profession, they are contributing disproportionately to the economies of their country," says Scott Maberry of US law firm Sheppard Mullin. "Their own counsel don't always understand that and they need a lawyer to bridge the clash of cultures. Foreign banks working in the US do not grasp the leverage situation. They tend to overestimate their own leverage, that is their own ability to say to the US investigator 'get lost'. They will do that and that will set them down the path of non-cooperation which leads to adversarial decisions and compromise their ability to settle the case."

The intervention of the French finance minister in the case, attacking the expected size of the fine, was seen as intruding on the US regulators' autonomy. James Odell (pictured) of US law firm Blank Rome says: "It is critical to understand the aggressive mentality of some US enforcement regulators and to deal with them directly."

BNP Paribas told Risk.net that the "matter was settled and in the past".

It's not me, it's you

Regulators' renewed zeal extends not only to offending firms but also to the individuals identified as responsible for a corporate breach. Here, the FCA has become more tactical over the past year, says Ruck of Pinsent Masons. "They used to investigate the firm and the individual at the same time, and this gave the firm the chance to settle the matter, on the understanding that the individuals were not pursued. Now they investigate the firm without the individuals, only to go after the individuals when the firm has settled. It is a new tactic and one that underpins the view that accountability is going straight to the top of the firm."

The FCA's capacity to hold individuals accountable will be enhanced further when the senior managers regime (SMR) comes into force next year. Senior managers at UK banks and local branches of foreign banks will face the risk of personal fines if a regulatory violation happens on their watch, unless they can demonstrate that they took all reasonable steps to prevent the wrongdoing, reversing the burden of proof in regulatory procedures. If a top executive is found to have behaved "recklessly" leading to the collapse of a bank, he or she could be jailed for up to seven years and ordered to pay an unlimited fine.

Senior management in the US has long been in the sights of the authorities, thanks to criminal statutes and the SEC's civil prosecution powers, says Maberry of Sheppard Mullin (pictured).

But since the crisis, US regulators' determination to go after individuals has grown.

In the BNP Paribas case, the New York State Department of Financial Services (NYDFS) – which does not have criminal prosecution powers – demanded that its chief operating officer stand down. And as part of its March 12 settlement with the NYDFS over violating US sanctions and allowing money laundering, Germany's Commerzbank agreed to fire several employees.

"We have sought increasingly to move toward individual accountability in the resolution of these settlements," said NYDFS superintendent Benjamin Lawsky. "And it is our hope that it will help spur others to do the same."