Final Notice
FINAL NOTICE
To:
Barclays Bank plc
E14 5HP
1
ACTION
1.1
For the reasons given in this Notice, the Authority hereby imposes on Barclays
Bank plc (“BB PLC” or “the Firm”) a financial penalty of £37,745,000.
1.2
BB PLC agreed to settle at an early stage of the Authority’s investigation. BB PLC
therefore qualified for a 30% (stage 1) discount under the Authority’s executive
settlement procedures. Were it not for this discount, the Authority would have
imposed a financial penalty of £53,921,619 on BB PLC.
2
SUMMARY OF REASONS
2.1
It is of fundamental importance that firms providing safe custody services ensure
that they:
a)
take reasonable care to organise and control their affairs responsibly and
effectively, with adequate risk management systems;
b) arrange adequate protection for clients’ safe custody assets when they are
responsible for them; and
c)
maintain books and records and perform regular reconciliations of those safe
custody assets.
2
2.2
BB PLC failed to do so in relation to £16.5 billion of safe custody assets belonging
to its clients, the majority of which belonged to its Affiliates (£13.5 billion) and its
Affiliates’ clients (£2.7 billion). On the basis of the facts and matters set out below,
BB PLC breached Principle 3 (Management and Control) and Principle 10 (Clients’
Assets) of the Authority’s Principles for Businesses (“the Principles”) and associated
CASS Rules between 1 November 2007 and 24 January 2012 (“the Relevant
Period”) by failing to:
a)
take reasonable care to establish adequate and effective organisational, control
and risk management systems in relation to the opening, on-going operation
and monitoring of external accounts in which safe custody assets were held
with sub-custodians outside the Barclays Group (“third-party sub-custodians”)
(Principle 3); and
b) arrange adequate protection for, maintain its own books and records and
perform its own reconciliations in relation to approximately £16.5 billion of safe
custody assets for which it was responsible as custodian and/or sub-custodian
(Principle 10).
2.3
The failings in this case occurred within BB PLC’s Investment Banking Division. No
customers of BB PLC’s other business operations, including Personal and Corporate
Banking (including Wealth) and Barclaycard, were impacted by the breaches or
failings in this case.
2.4
BB PLC’s breaches arose from significant weaknesses in its systems and controls
and a historical focus on business lines and products traded, rather than giving
adequate consideration to which legal entity was conducting the relevant business.
Specifically, during the Relevant Period BB PLC, in relation to its Investment
Banking Division, failed to:
a)
ensure that it implemented and maintained adequate policies, procedures,
monitoring and controls in relation to the opening and naming of external
custody accounts;
b) make adequate arrangements to ensure that it maintained a complete and
accurate record of its role in the custodial chain and of external custody
accounts;
c)
ensure that account details were captured in BB PLC’s static data and sub-
ledgers accurately and in a manner consistent with the way in which the assets
were held;
3
d) in respect of approximately £16.5 billion of safe custody assets held in 95
external accounts with third-party sub-custodians:
i.
make adequate arrangements so as to safeguard clients’ ownership rights;
ii.
ensure adequate protection for the safe custody assets;
iii.
ensure all necessary legal agreements were in place;
iv.
adequately consider the arrangements for the holding and safekeeping of
the safe custody assets, in particular, restrictions over the third-party sub-
custodian’s right to claim a lien, rights of retention or sale over the assets;
v.
ensure that all the accounts were appropriately named;
vi.
maintain its own records and accounts in a way that ensured they
corresponded to how the safe custody assets were held; and
vii.
conduct its own internal and external reconciliations in relation to those
accounts.
2.5
As a consequence of these failings BB PLC also failed to submit:
a)
an accurate valuation to the Authority in January 2011 of the highest total
value of safe custody assets held during 2010; and
b) accurate Client Money and Assets Returns (“CMAR”) from their inception in
October 2011 until the end of the Relevant Period.
2.6
Details of the relevant Principles and Rules breached by BB PLC (and other relevant
regulatory provisions) are set out in Annex A to this Notice.
2.7
BB PLC did not detect that it was in breach of the Authority’s Rules for over three
years. During this period the Authority repeatedly stressed in its publications,
including Final Notices, the importance of protecting clients’ safe custody assets
and complying with the CASS Rules.
2.8
Following discovery of the breaches, BB PLC promptly notified the Authority, but it
took around eight months and the application of significant resource for it to
identify how many accounts were in breach. This was despite the fact that BB PLC’s
Affiliates maintained books and records and conducted reconciliations directly with
the third-party sub-custodians in relation to the safe custody assets held in the 95
external safe custody accounts.
2.9
BB PLC had a responsibility to manage and protect safe custody assets, but its
failings meant that safe custody assets within the 95 external accounts were not
adequately protected in accordance with the Authority’s Principles and CASS Rules.
There was no record in BB PLC’s own sub-ledgers of the fact that it held the assets
and often no written agreement setting out the basis on which the assets were
held. There was also inadequate consideration of whether it was appropriate to
restrict a third-party sub-custodian’s right to claim a lien, right of sale or right of
set off. These failings were often compounded by other weaknesses such as the
lack of clarity in relation to some account names which did not always clearly
reflect the use of the account or BB PLC’s static data which suggested that the
assets belonged to BB PLC when in fact they were BB PLC’s clients’ assets.
2.10 As a result of the matters described above, had BB PLC become insolvent at any
point during the Relevant Period, it is likely that an Insolvency Practitioner would
have had to seek the resolution of a court before assets in the 95 external
accounts could be distributed. This would have exposed BB PLC’s clients, including
its Affiliates and BB PLC’s Affiliates’ clients, to a risk of delay in the return of their
safe custody assets, costs associated with the delay and a possible risk of loss of
their safe custody assets over and above that which might otherwise have been
expected in an insolvency of the size and complexity of BB PLC.
2.11 The Authority has taken into account that:
a)
it has not found that BB PLC acted deliberately or recklessly;
b) BB PLC promptly reported the breaches and failings to the Authority before it
was aware of the full extent of those breaches;
c)
BB PLC has committed significant resources to investigating the extent of the
failings and to remediating them and the control weaknesses which led to
them;
d) although safe custody assets were at risk there was no actual loss of any
assets;
e)
BB PLC’s Affiliates maintained books and records and conducted reconciliations
in relation to the safe custody assets held in the 95 accounts;
f)
the assets held in the 95 accounts were segregated from BB PLC’s own assets,
and Affiliates’ assets were held with the third-party sub-custodians in separate
accounts to Affiliates’ clients’ assets;
5
g) the Authority has previously taken Enforcement action against BB PLC and an
Affiliate in relation to misconduct, including action for client money failings,
which whilst not directly related to the failings in the current case occurred
within the same division of the Barclays Group’s business, the Investment
Banking Division; and
h) this action supports the Authority’s operational objective of securing an
appropriate degree of protection for consumers and maintaining confidence in
and protecting and enhancing the integrity of the UK financial system.
3
DEFINITIONS
3.1
The definitions below are used in this Final Notice:
“the Act” means the Financial Services and Markets Act 2000;
“Affiliate” means a wholly owned subsidiary of BB PLC;
“the Authority” means the body corporate previously known as the Financial
Services Authority and renamed on 1 April 2013 as the Financial Conduct
Authority;
“BB PLC” or “the Firm” means the legal entity Barclays Bank plc;
“Barclays Group” means the global financial services group of companies of which
BB PLC is a member;
“CASS” means the Authority’s Client Assets Sourcebook;
“CMAR” means the Client Money and Assets Return;
“DEPP” means the Authority’s Decision Procedure & Penalties Manual;
“the Investment Banking Division” means the division of the Barclays Group
formerly known as Barclays Capital;
“MiFID” means the Markets in Financial Instruments Directive;
“no–lien letter” means a letter which makes clear that a third-party sub-custodian’s
right to claim a lien and/or right of retention and/or sale over the assets in an
account is restricted;
“the Principles” means the Authority’s Principles for Businesses;
6
“the Relevant Period” means the period between 1 November 2007 and 24 January
2012; and
“third-party sub-custodian” means a custodian outside the Barclays Group.
4
FACTS AND MATTERS
4.1
BB PLC is a full service bank, headquartered in London, with a strong market
presence both in the United Kingdom and globally. It has been authorised by the
Authority since 1 December 2001 to perform a number of regulated activities,
including the safeguarding and administration of assets and/or arranging the
safeguarding and administration of assets.
4.2
BB PLC provides safe custody services to its Affiliates, eligible counterparties, and
its professional clients in connection with its product offerings within its Investment
Banking Division. In addition to its international branch network, BB PLC contracts
from the United Kingdom with a global network of agents or third-party sub-
custodians to enable it to provide custody services in respect of securities traded
and settled in markets in which it does not operate and as such acts as a global
custodian for its clients.
4.3
The assets received on behalf of clients of BB PLC’s Investment Banking Division
and held with third-party sub-custodians were safe custody assets and were
subject to the relevant requirements and standards set out in the Authority’s
Principles and Rules in CASS.
4.4
The failings set out below occurred within BB PLC’s Investment Banking Division.
No customers of BB PLC’s other business operations, including Personal and
Corporate Banking (including Wealth) and Barclaycard, were impacted by the
breaches or failings in this case.
Identification, investigation and reporting of the breaches
4.5
BB PLC identified, in the first half of 2011, in the course of its own review into its
historical and current practices in respect of its client asset arrangements, that it
was common practice within its Investment Banking Division, for its Affiliates to:
a)
request external accounts be opened with third-party sub-custodians under
agreements between BB PLC and the third-party sub-custodians; and
7
b) use the accounts to hold their own and their clients’ safe custody assets.
4.6
In some instances, BB PLC’s books and records did not reflect the fact that the
accounts had been opened under an agreement in its name and that it was
responsible for the assets in them. Further, due to the lack of its own books and
records, BB PLC did not perform its own internal or external reconciliations of the
assets in the accounts. Affiliates did, however, maintain their own books and
records and did perform reconciliations in respect of their own and their clients’
assets in those accounts.
4.7
In June 2011 BB PLC sought and received external professional advice which
identified that, for any account where it did not hold its own books and records or
conduct reconciliations, it was in breach of CASS. BB PLC promptly notified the
Authority and at around the same time initiated a remediation project to identify
the number of external accounts that were in breach and implement solutions to
remediate the breaches.
Scope of the breaches
4.8
It took BB PLC approximately eight months and required significant resource to
fully identify which accounts were in breach. This was in part due to the fact that
the information held by BB PLC was not always accurate and was therefore
sometimes inconsistent with information being provided by third-party sub-
custodians. This resulted in additions to and deletions from the list of accounts
considered to be in breach.
4.9
BB PLC ultimately identified 95 external accounts where it was in breach of the
Authority’s Rules:
a)
61 of the accounts held Affiliates’ assets (including assets where title had been
transferred to the Affiliate in accordance with agreements with their clients) –
these 61 accounts held approximately £13.5 billion of safe custody assets;
b) 33 of the accounts held Affiliates’ clients’ safe custody assets – these 33
accounts held approximately £2.7 billion of safe custody assets; and
c)
1 account which held BB PLC’s own clients’ safe custody assets – this account
held approximately £0.3 billion of safe custody assets.
The accounts holding Affiliates’ and/or Affiliates’ clients’ assets were held on behalf
of 13 different Affiliates from 8 different jurisdictions.
4.10 In light of the fact that BB PLC employed a network of third-party sub-custodians
to hold the safe custody assets, the 95 external accounts were:
a)
held with 11 different third-party sub-custodians; and
b) located in 21 different jurisdictions.
4.11 The Authority’s investigation identified further significant weaknesses in BB PLC’s
arrangements to ensure adequate protection for the safe custody assets held in the
95 accounts, including the following:
a)
Legal agreements relating to the provision of custody services:
i.
by BB PLC to its Affiliates were not in place for:
a.
over half of the 61 accounts holding Affiliates’ safe custody assets until
after September 2010; and
b.
any of the 33 accounts holding Affiliates’ clients’ safe custody assets
until September 2011;
ii.
by an Affiliate to BB PLC was not in place for the account holding BB PLC’s
clients’ safe custody assets at any time during the Relevant Period.
The failure to adequately document the basis upon which assets are held could
create uncertainty as to how assets should be treated in the event of
insolvency and may lead to competing claims. The consequence of this is that
an Insolvency Practitioner would need to perform an evidential exercise in
order to establish the basis of the holdings. This could lead to significant delays
in returning safe custody assets to the affected clients and a possible risk of
loss due to the need to seek the resolution of a court.
i.
Approximately 60% of the accounts in which Affiliates’ safe custody assets
were held with third-party sub-custodians did not have a no-lien or a side
letter until October 2011; and
ii.
1 of the 33 accounts in which Affiliates’ clients’ safe custody assets were
held with third-party sub-custodians had a no-lien letter in place prior to
2009. From 2009, the majority of accounts holding Affiliates’ clients’ safe
custody assets had no-lien letters in place.
BB PLC failed to give adequate consideration to whether it was appropriate to
restrict any right of the third-party sub-custodians to claim a lien and/or right
of retention and/or sale over the assets until it discovered the breaches. Before
the letters were in place safe custody assets could have been at risk of set-off
to secure any claim of the third-party sub-custodians’ against BB PLC without
the Affiliates’ or Affiliates’ clients’ agreement. This may have created
uncertainty as to how assets should be treated in the event of insolvency with
similar consequences to those as set out at 4.11 a) above.
c)
Account naming:
i.
8 of the account names contained information that was incorrect or
misleading; and
ii.
33 of the account names omitted BB PLC, the owner of the account and/or
the name of the Affiliate using the account.
The failure to ensure that external custody account names fully described the
ownership/usage of the account and ownership of the assets deposited in the
account could have created additional uncertainty in insolvency.
d) Static data used by BB PLC was not always accurate:
i.
23 of the accounts had inconsistencies in relation to which legal entity
owned the account:
a.
21 accounts had Affiliates instead of BB PLC recorded as the owner of
the account, whereas the Affiliate was actually the user of the
account;
b.
1 account holding BB PLC’s clients’ assets had BB PLC instead of the
Affiliate recorded as the owner of the account; and
c.
1 account had an Affiliate which did not own or use the account
recorded as the owner.
ii.
11
of
the
accounts
holding
Affiliates’
safe
custody
assets
had
inconsistencies in relation to whether the account held BB PLC firm or BB
PLC client assets (i.e. assets belonging to an Affiliate). This arose through
the lack of clearly documented procedures to provide guidance in relation
to what ‘Firm’ meant within the static data field.
iii.
1 account was not recorded. While this account was not used during the
Relevant Period, it was opened some months after BB PLC had discovered
the breaches and at around the same time as BB PLC was remediating the
breaches.
In some cases, BB PLC had to change its record of the legal owner of the
account as a result of the third-party sub-custodians’ responses to BB PLC’s
validation exercise. The failure to ensure that account details were captured in
a consistent and accurate manner in internal databases could have created
additional uncertainty in relation to the ownership of the account and/or the
assets it contained.
e)
Segregation of assets:
i.
Two accounts contained both BB PLC’s own clients’ safe custody assets
and a small amount of Affiliates’ clients’ safe custody assets. For one of
these accounts the Affiliate’s clients could not be identified.
While the absence of segregation was not a breach, in the context of the other
issues identified and because BB PLC’s systems required the opening of
segregated accounts, this could have created more uncertainty in the event of
insolvency.
4.12 The investigation also found that as a consequence of its failings BB PLC submitted
incomplete and inaccurate returns to the Authority during the Relevant Period:
a) in January 2011, BB PLC’s notification of the highest total value of safe custody
assets held during 2010 was incomplete and did not include 91 of the 95
accounts; and
b) from October 2011, BB PLC submitted a monthly CMAR. The asset valuations
provided in the returns were inaccurate and contained pricing errors.
Systems and controls in relation to external custody accounts
4.13 The breaches above and BB PLC’s failure to identify them for over three years were
a consequence of significant historic deficiencies in its systems and controls in
relation to the opening, on-going operation and monitoring of external safe custody
accounts.
4.14 BB PLC’s Investment Banking Division did not have any documented policies,
procedures or controls as regards external custody account opening and
maintenance prior to October 2009, when high level account opening checklists
were introduced. However, the checklists were not accompanied by a formal
procedure guide until March 2010. Neither the checklist nor the formal procedure
guide covered account naming until August 2010. Prior to this the informal process
was for the account name to reflect account usage (e.g. that the account held
client assets as opposed to Firm assets). The naming conventions introduced in
August 2010 did not include any provision for the naming of accounts holding an
Affiliate’s own safe custody assets. This was not introduced until after the issues in
this Notice were identified in 2011.
4.15 BB PLC did not review accounts opened prior to the introduction of the policies and
procedures to ensure that they had been named appropriately and that CASS
requirements had been properly considered.
4.16 Further BB PLC did not have any clear guidance or controls to ensure that account
details were captured in a manner that was consistent with the ownership of an
account and whether the assets belonged to BB PLC, its Affiliates or clients of an
Affiliate. There was also no regular reconciliation between BB PLC’s static data and
sub-ledgers to ensure that a complete record of external accounts was maintained.
5
FAILINGS
5.1
Based on the facts and matters described above, the Authority concludes that BB
PLC has failed to satisfy Principles 3 and 10 and associated CASS Rules. The
regulatory provisions relevant to this Final Notice are referred to in Annex A.
5.2
Specifically, in relation to its safe custody assets arrangements in its Investment
Banking Division, during the Relevant Period BB PLC breached:
a)
Principle 3: by failing to take reasonable care to organise and control its affairs
responsibly with adequate risk management systems in order to ensure that it:
i.
had in place adequate organisational arrangements in respect of safe
custody assets; and
ii.
implemented and maintained adequate policies and procedures to detect
and manage its safe custody asset risks.
b) Principle 10: by failing to arrange adequate protection for safe custody assets
when it was responsible for them.
5.3
BB PLC breached Principle 3 and CASS 6.2.2R by failing to take reasonable care to
ensure that it put in place effective systems and controls to ensure that:
a)
a complete and accurate record of external custody accounts, the assets in the
accounts and the ownership of those assets was maintained;
b) account details were captured in BB PLC’s static data and sub-ledgers
accurately and in a manner consistent with the way in which the assets were
held;
c)
written agreements were in place throughout the custodial chain and, where
required, in respect of the safe custody assets held in the external accounts;
d) proper consideration was given at all times during the Relevant Period to
whether to restrict the right of the third-party sub-custodians to exercise rights
of lien, sale and/or retention in relation to the relevant assets;
e)
all external custody accounts were named appropriately; and
f)
its relevant returns to the Authority were complete and accurate.
5.4
BB PLC breached Principle 10 and CASS 6.2.1R, 6.3.1R, 6.5.1R, 6.5.2R and 6.5.6R
as a result of its breaches of Principle 3 and CASS 6.2.2R set out above and by
failing in respect of safe custody assets held in 95 external accounts with third-
party sub-custodians to:
a)
make adequate arrangements so as to safeguard clients’ ownership rights;
b) ensure adequate protection for the safe custody assets;
c)
record in writing the legal basis on which the safe custody assets were held;
d) fully consider the arrangements for the holding and safekeeping of the safe
custody assets, in particular the restrictions over the third-party sub-
custodian’s right to claim a lien, right of retention or sale over the assets;
e)
maintain its own records and accounts in a way that ensured they
corresponded to how the safe custody assets were held;
f)
conduct its own internal and external reconciliations;
g) submit an accurate valuation to the Authority in January 2011 of the highest
total value of safe custody assets held during 2010; and
h) submit accurate CMARs from their inception in October 2011.
5.5
Further, BB PLC’s failure to submit appropriate returns to the Authority was a
breach of CASS 1A.2.8R.
5.6
Having regard to the issues above, the Authority considers it appropriate and
proportionate in all the circumstances to take disciplinary action against BB PLC for
its breaches of the Principles and associated CASS Rules during the Relevant
Period.
6
SANCTION
6.1
The Authority has considered the disciplinary and other options available to it and
has concluded that a financial penalty is the appropriate sanction in the
circumstances of this particular case.
6.2
The Authority’s policy on the imposition of financial penalties is set out in Chapter 6
of the Authority’s Decision Procedure & Penalties Manual (“DEPP”). In determining
the financial penalty, the Authority has had regard to this guidance.
6.3
BB PLC’s failings took place both before and after 6 March 2010. As set out at
paragraph 2.7 of the Authority’s Policy Statement 10/4, when calculating a
financial penalty where the conduct occurred under both penalty regimes, the
Authority will have regard to both the penalty regime which was effective before 6
March 2010 (“the old penalty regime”) and the penalty regime which was effective
after 6 March 2010 (“the current penalty regime”).
6.4
The Authority has:
a)
calculated the financial penalty for BB PLC’s misconduct from 1 November
2007 to 5 March 2010 by applying the old penalty regime to that misconduct;
b) calculated the financial penalty for BB PLC’s misconduct from 6 March 2010 to
24 January 2012 by applying the current penalty regime to that misconduct;
and
c)
added the penalties calculated under a) and b) to produce the total penalty.
Financial penalty under the old penalty regime
6.5
All references to DEPP under this heading are to the version of DEPP in force prior
to 6 March 2010.
6.6
In determining what financial penalty is appropriate and proportionate to the
breach concerned the Authority is required to consider all the relevant
circumstances of the case. DEPP 6.5.2G identifies a non-exhaustive list of factors
that may be relevant in determining the level of financial penalty. The Authority
considers that the following factors are particularly relevant in this case.
Deterrence (DEPP 6.5.2G(1))
6.7
It is of fundamental importance that firms providing safe custody services take
reasonable care to organise, control and manage the risks arising from their affairs
and to ensure that they arrange adequate protection for clients’ safe custody
assets when they are responsible for them. The Authority considers there is a
continuing need to send a strong message to the industry that firms must handle
safe custody assets in a way that is consistent with CASS 6.
6.8
Failure to organise safe custody affairs properly and to ensure adequate processes,
records and legal documentation are in place and regularly checked and monitored
significantly increases the risk that in the event of insolvency, delivery of safe
custody assets will be delayed and that assets may be diminished.
6.9
The Authority considers that a significant financial penalty is an appropriate
sanction given the serious nature of the breaches and risks to BB PLC’s clients.
The nature, seriousness and impact of the breach (DEPP 6.5.2G(2))
6.10 The Authority considers BB PLC’s breaches to be particularly serious for the
following reasons:
a)
the total value of the assets at risk was significant;
b) the failings continued undetected for a number of years;
c)
the failings were the result of not just serious, but also widespread weaknesses
in the Firm’s internal processes and controls relating to the opening, on-going
monitoring and maintenance of external safe custody accounts which
continued for a prolonged period; and
d) BB PLC’s breaches meant that had it become insolvent at any point during the
Relevant Period it is likely that an Insolvency Practitioner would have had to
seek the resolution of a court before assets in the 95 accounts could be
distributed. This could have exposed clients of BB PLC’s Investment Banking
Division, including its Affiliates and BB PLC’s Affiliates’ clients, to delay in
return of their safe custody assets, costs associated with the delay and a
possible risk of loss of their safe custody assets over and above that which
might otherwise have been expected in an insolvency of the size and
6.11 The Authority has also had regard to the following:
a)
there were no actual losses resulting from BB PLC’s breaches;
b) the Affiliates maintained books and records and conducted reconciliations in
relation to the safe custody assets held in the 95 external safe custody
accounts; and
c)
whilst it was not a specific requirement of the Rules to have separate
segregated accounts for each client, BB PLC maintained a system of opening
segregated accounts with third-party sub-custodians in relation to assets held
for each client.
The extent to which the breach was deliberate or reckless (DEPP 6.5.2G(3))
6.12 The Authority does not consider that BB PLC committed the breaches deliberately
or recklessly.
The size, financial resources and other circumstances of the firm (DEPP 6.5.2G(5))
6.13 In deciding on the level of financial penalty, the Authority has considered BB PLC’s
size and its financial resources. The Authority has no evidence to suggest that BB
PLC is unable to pay the financial penalty.
The amount of benefit gained or loss avoided (DEPP 6.5.2G(6))
6.14 The Authority has not identified any financial benefit or avoidance of loss that BB
PLC may have derived directly or indirectly from its breaches.
Conduct following the breach (DEPP 6.5.2G(8))
6.15 For the greater part of the Relevant Period, BB PLC failed to identify or act upon
the failings set out in this Notice.
6.16 Since identifying the breaches and promptly notifying the Authority, BB PLC has
committed significant resources to remediating the breaches and the control
weaknesses which led to them.
Disciplinary record and compliance history (DEPP 6.5.2G(9))
6.17 The Authority took enforcement action against BB PLC in August 2009, imposing a
penalty of £2.45 million for breaches of Principles 2 and 3 arising out of failures in
transaction reporting which occurred between 1 October 2006 and 31 October
2008.
6.18 Whilst the subject matter of this previous case is not directly related to the current
action, the failings occurred within the same Investment Banking Division of BB
Other action taken by the Authority (DEPP 6.5.2G(10))
6.19 This is the first safe custody assets case that the Authority has brought under the
old penalty regime. As such there are no comparable cases to be taken into
account.
Conclusions in relation to the old penalty regime
6.20 The Authority considers that the seriousness of BB PLC’s failings merits a
significant financial penalty. In determining the financial penalty the Authority has
considered the need to send a clear message to the industry of the need to ensure
that safe custody assets are properly protected and that failure to do so will result
in severe consequences.
6.21 The Authority therefore imposes a financial penalty under the old penalty regime of
£12,702,600 (£18,146,699 pre-discount) on BB PLC for its breaches of Principles 3
and 10 and CASS. This amount is equal to 0.2% of the value of the safe custody
assets held in the 95 external safe custody accounts as at 24 January 2012
(£16,526,457,764) adjusted to take into account that 28 months of the Relevant
Period was before 6 March 2010.
6.22 The Authority would usually calculate a financial penalty by reference to the
average value of safe custody assets over the Relevant Period. Prior to the
introduction of CMAR reporting in 2011 the Authority did not require firms to
routinely value the assets they held for clients. BB PLC was not required to, and did
not, routinely value its safe custody holdings during the Relevant Period. The
Authority does not consider it proportionate to require BB PLC to retrospectively
value the assets in this case in order to determine the average due to the length of
the Relevant Period and the number of different lines of stock held in multiple
jurisdictions and currencies. In coming to this conclusion the Authority has had
regard to movements in relevant market prices. The Authority has concluded that
the value of the safe custody assets held in the 95 external accounts as at 24
January 2012 is a suitable proxy for the average value of safe custody assets in the
accounts during the Relevant Period.
Financial penalty under the current penalty regime
6.23 All references to DEPP under this heading are to the version of DEPP implemented
on 6 March 2010 and currently in force.
6.24 Under the current penalty regime, the Authority applies a five-step framework to
determine the appropriate level of financial penalty. DEPP 6.5A sets out the details
of the five-step framework that applies to financial penalties imposed on firms.
Step 1: disgorgement
6.25 Pursuant to DEPP 6.5A.1G, at Step 1 the Authority seeks to deprive a firm of the
financial benefit derived directly from the breach where it is practicable to quantify
this.
6.26 The Authority has not identified any financial benefit that BB PLC may have derived
directly from its breaches.
6.27 Step 1 is therefore £0.
Step 2: the seriousness of the breach
6.28 Pursuant to DEPP 6.5A.2G(1), at Step 2 the Authority determines a figure that
reflects the seriousness of the breach. Where the amount of revenue generated by
a firm from a particular product line or business area is indicative of the harm or
potential harm that its breach may cause, that figure will be based on a percentage
of the firm’s revenue from the relevant products or business area.
6.29 The Authority considers that the revenue generated by BB PLC is not an
appropriate indicator of the harm or potential harm caused by its breach in this
case. This is because its revenue could increase or decrease without the value of
the safe custody assets it is holding (and therefore the associated risks) being
directly affected.
6.30 The Authority usually considers that the appropriate indicator in a safe custody
asset case is the average value of safe custody assets over the Relevant Period.
However, for the reasons set out at paragraph 6.22 above, is not practical to
determine the average value during the Relevant Period. The Authority has
therefore determined that the appropriate indicator in this case is the value of the
safe custody assets held in the 95 external safe custody accounts as at 24 January
2012.
6.31 In deciding on the percentage of the safe custody asset value that forms the basis
of the Step 2 figure, the Authority considers the seriousness of the breach and
chooses a percentage that is appropriate to the relevant fixed level which
represents, on a sliding scale of 1 to 5, the seriousness of the breach; the more
serious the breach, the higher the level. The percentage levels that the Authority
applies to cases involving safe custody assets are as follows:
Level 1 – 0%
Level 2 – 0.2%
Level 3 – 0.4%
Level 4 – 0.6%
Level 5 – 0.8%
6.32 In assessing the seriousness level, the Authority takes into account various factors
which reflect the impact and nature of the breach, and considers whether the firm
committed the breach deliberately or recklessly. DEPP 6.5A.2G(11) lists factors
likely to be considered ‘level 4 or 5 factors’. Of these, the Authority considers the
following factors to be relevant:
a)
Risk of loss to clients: BB PLC’s breaches meant that had it become insolvent
at any point during the Relevant Period it is likely that an Insolvency
Practitioner would have had to seek the resolution of a court before assets in
the 95 external accounts could be distributed. This would have exposed BB
PLC’s clients, including its Affiliates and BB PLC’s Affiliates’ clients to a risk of
delay in the return of their safe custody assets, costs associated with the delay
and a possible risk of loss of their safe custody assets over and above that
which might otherwise have been expected in an insolvency of the size and
b) Systemic weaknesses in the Firm’s procedures, management systems and/or
internal controls: BB PLC’s breaches highlighted that there were inadequate
systems and controls relating to the opening, on-going monitoring and
maintenance of external safe custody accounts which continued for a
prolonged period.
6.33 DEPP 6.5A.2G(12) lists factors likely to be considered ‘level 1, 2 or 3 factors’. Of
these, the Authority considers the following factors to be relevant in this case:
a)
There was no effect on the orderliness of/confidence in the markets.
b) The Authority does not consider that BB PLC committed the breaches
deliberately or recklessly.
6.34 The Authority also considers that the following factors are relevant:
a)
BB PLC failed to identify that it was not compliant for more than three years
and the full extent of its non-compliance for even longer.
b) BB PLC’s Affiliates maintained books and records and conducted reconciliations
in relation to the safe custody assets in the 95 external accounts.
6.35 Whilst it was not a specific requirement of the Rules to have separate segregated
accounts for each client, BB PLC maintained segregated accounts with third-party
sub-custodians in relation to assets held for each client. Taking all of these factors
into account, the Authority considers the seriousness of the breach to be level 3
and so the Step 2 figure is 0.4% of the value of the 95 external accounts as at 24
January 2012 (£16,526,457,764) adjusted to take into account that 23 months of
the Relevant Period was after 6 March 2010.
6.36 Step 2 is therefore £29,812,434.
Step 3: mitigating and aggravating factors
6.37 Pursuant to DEPP 6.5A.3G, at Step 3 the Authority may increase or decrease the
amount of the financial penalty arrived at after Step 2, but not including any
amount to be disgorged as set out in Step 1, to take into account factors which
aggravate or mitigate the breach.
6.38 The Authority considers that the following factors aggravate the breach:
a)
The Authority imposed a financial penalty of £1.1 million on Barclays Capital
Securities Limited (“BCSL”), a BB PLC subsidiary, in January 2011 for breaches
of Principle 10 and CASS. Between December 2001 and December 2009 BCSL
failed to segregate client money. Whilst BB PLC is a separate legal entity, the
breaches in the present case occurred within the same division of the Barclays
Group, the Investment Banking Division;
b) The Authority has imposed significant financial penalties on BB PLC on previous
occasions in relation to misconduct:
i.
in August 2009, imposing a penalty of £2.45 million (see paragraph 6.17
above);
ii.
in January 2011, imposing a penalty of £7.7 million for breaches of
Principle 9 which occurred between July 2006 and November 2008 in
relation to the sales of Aviva's Global Balanced Income Fund and Global
Cautious Income Fund;
iii.
in June 2012, imposing a penalty of £59.5 million for breaches of
Principles 2, 3 and 5 arising from misconduct relating to the submission of
rates which formed part of the London Interbank Offered Rate (LIBOR),
and in respect of the submission of rates for the Euro Interbank Offered
Rate (EURIBOR) between January 2005 and June 2010; and
iv.
in May 2014, imposing a penalty of £26 million for breaches of Principles 3
and 8 which occurred between June 2004 and March 2013 in relation to
gold market price setting.
c)
The importance of arranging adequate protection for clients’ safe custody
assets was well publicised by the Authority during the Relevant Period,
including through numerous enforcement actions which have drawn firms’
attention to the need for improved focus on this area and the importance of
protecting client money and safe custody assets; and
d) Whilst BB PLC sought to cooperate with the Authority’s investigation into this
matter, its ability to respond to the Authority’s requests for information quickly
and accurately was at times hampered by the failings identified in this Notice.
6.39 The Authority considers that the following factors mitigate the breach:
a)
BB PLC promptly reported the breaches and failings to the Authority before it
was aware of the full extent of those breaches; and
b) BB PLC has committed significant resources to investigating the extent of the
failings and to remediating them and the control weaknesses which led to
them.
6.40 Having taken into account these aggravating and mitigating factors, the Authority
considers that the Step 2 figure should be increased by 20%.
6.41 Step 3 is therefore £35,774,920.
Step 4: adjustment for deterrence
6.42 Pursuant to DEPP 6.5A.4G, if the Authority considers the figure arrived at after
Step 3 is insufficient to deter the firm who committed the breach, or others, from
committing further or similar breaches, then the Authority may increase the
penalty.
6.43 The Authority considers that the Step 3 figure of £35,774,920 represents a
sufficient deterrent to BB PLC and others, and so has not increased the penalty at
Step 4.
6.44 Step 4 is therefore £35,774,920.
Step 5: settlement discount
6.45 Pursuant to DEPP 6.5A.5G, if the Authority and the firm on whom a penalty is to be
imposed agree the amount of the financial penalty and other terms, DEPP 6.7G
provides that the amount of the financial penalty which might otherwise have been
payable will be reduced to reflect the stage at which the Authority and the firm
reached agreement. The settlement discount does not apply to the disgorgement of
any benefit calculated at Step 1.
6.46 The Authority and BB PLC reached agreement at Stage 1 and so a 30% discount
applies to the Step 4 figure.
6.47 Step 5 is therefore £25,042,400.
Conclusion as to financial penalty
6.48 The Authority therefore imposes on BB PLC a financial penalty of £37,745,000
(£53,921,619 pre-discount).
7
PROCEDURAL MATTERS
Decision maker
7.1
The decision which gave rise to the obligation to give this Notice was made by the
Settlement Decision Makers.
7.2
This Final Notice is given under, and in accordance with, section 390 of the Act.
Manner of and time for Payment
7.3
The financial penalty must be paid in full by BB PLC to the Authority by no later
than 7 October 2014, 14 days from the date of the Final Notice.
If the financial penalty is not paid
7.4
If all or any of the financial penalty is outstanding on 8 October 2014, the Authority
may recover the outstanding amount as a debt owed by BB PLC and due to the
Authority.
7.5
Sections 391(4), 391(6) and 391(7) of the Act apply to the publication of
information about the matter to which this Notice relates. Under those provisions,
the Authority must publish such information about the matter to which this Notice
relates as the Authority considers appropriate. The information may be published
in such manner as the Authority considers appropriate. However, the Authority
may not publish information if such publication would, in the opinion of the
Authority, be unfair to you or prejudicial to the interests of consumers or
detrimental to the stability of the UK financial system.
7.6
The Authority intends to publish such information about the matter to which this
Final Notice relates as it considers appropriate.
Authority contact
7.7
For more information concerning this matter generally, contact Guy Wilkes (direct
line: 020 7066 7574) of the Enforcement and Financial Crime Division of the
Authority.
Financial Conduct Authority, Enforcement and Financial Crime Division
ANNEX A
RELEVANT STATUTORY AND REGULATORY PROVISIONS
1
RELEVANT STATUTORY PROVISIONS
1.1
The Authority’s operational objectives are set out in section 1B (3) of the Act and
include the objective of securing an appropriate degree of protection for
consumers.
1.2
Section 206(1) of the Act provides:
“If the Authority considers that an authorised person has contravened a
requirement imposed on him by or under this Act… it may impose on him a
penalty, in respect of the contravention, of such amount as it considers
appropriate."
2
RELEVANT REGULATORY PROVISIONS
Principles for Businesses (“Principles”)
2.1
The Principles are a general statement of the fundamental obligations of firms
under the regulatory system and are set out in the Authority’s Handbook. They
derive their authority from the Authority’s rule-making powers set out in the Act.
The relevant Principles are as follows.
2.2
Principle 3 (management and control) states that:
‘A firm must take reasonable care to organise and control its affairs responsibly
and effectively, with adequate risk management systems’
2.3
Principle 10 (client assets) states that:
‘A firm must arrange adequate protection for clients’ assets when it is responsible
for them.’
Client Assets sourcebook (“CASS”)
2.4
CASS is the part of the Authority’s Handbook which sets out the Authority’s
requirements in relation to holding client assets and client money.
2.5
CASS 1A.2.8R provided from 1 January 2011 to 31 December 2012 that:
‘In relation to the calendar year ending on 31 December 2011, a firm must notify
the FSA in writing:
(1) by 31 January 2011 of the highest total amount of client money and the
highest total value of safe custody assets held during the previous calendar year, if
it held client money or safe custody assets in that previous year; or
(2) by 31 January 2011 of the highest total amount of client money and the
highest total value of safe custody assets that the firm projects that it will hold
during 2011, if it did not hold client money or safe custody assets in the previous
calendar year but at the date of its notification to the FSA projects that it will do so
in 2011; or
(3) in any other case, before the date on which the firm begins to hold client
money or safe custody assets, of the highest total amount of client money and the
highest total value of safe custody assets that the firm projects that it will hold
during the remainder of 2011; and
(4) in every case, of its 'CASS firm type' classification.’
2.6
In respect of all the rules and guidance within CASS 6 set out below:
a)
they were in force throughout the Relevant Period unless otherwise made
clear; and
b) where they now refer to “safe custody assets”, before 1 January 2009 they
referred to “financial instruments”. Both terms are defined in the Authority’s
Handbook, but the Authority does not consider the differences between the
definitions to be material in the current case.
2.7
CASS 6.1.10G stated that:
‘The fact that a client is an affiliated company … does not affect the operation of
the custody rules in relation to that client.’
2.8
CASS 6.1.22G stated that:
‘Principle 10 (Clients’ assets) requires a firm to arrange adequate protection for
clients’ assets when it is responsible for them. As part of these protections the
custody rules require a firm to take appropriate steps to protect safe custody
assets for which it is responsible.’
2.9
CASS 6.2.1R stated that:
‘A firm must, when holding safe custody assets belonging to clients, make
adequate arrangements so as to safeguard clients' ownership rights, especially in
the event of the firm's insolvency, and to prevent the use of safe custody assets
belonging to a client on the firm's own account except with the client's express
consent.’
2.10 CASS 6.2.2R stated that:
‘A firm must introduce adequate organisational arrangements to minimise the risk
of the loss or diminution of clients' safe custody assets, or the rights in connection
with those safe custody assets, as a result of the misuse of the safe custody
assets, fraud, poor administration, inadequate record-keeping or negligence.’
2.11 CASS 6.3.1R stated that:
‘(1) A firm may deposit safe custody assets held by it on behalf of its clients into an
account or accounts opened with a third party, but only if it exercises all due skill,
care and diligence in the selection, appointment and periodic review of the third
party and of the arrangements for the holding and safekeeping of those safe
custody assets.
(2) A firm must take the necessary steps to ensure that any client's safe custody
assets deposited with a third party, in accordance with this rule are identifiable
separately from the applicable assets belonging to the firm and from the applicable
assets belonging to that third party, by means of differently titled accounts on the
books of the third party or other equivalent measures that achieve the same level
of protection.
(3) When a firm makes the selection, appointment and conducts the periodic
review referred to under this rule, it must take into account:
(a) the expertise and market reputation of the third party; and
(b) any legal requirements or market practices related to the holding of those safe
custody assets that could adversely affect clients' rights.
(4) A firm must make a record of the grounds upon which it satisfies itself as to the
appropriateness of its selection of a third party as required in this rule. The firm
must make the record on the date it makes the selection and must keep it from the
date of such selection until five years after the firm ceases to use the third party to
hold safe custody assets belonging to clients.’
2.12 Additionally from 1 January 2009 CASS 6.3.1R (1A) stated that:
‘(1A) A firm which arranges the registration of a safe custody investment through a
third party must exercise all due skill, care and diligence in the selection and
appointment of the third party’
2.13 CASS 6.3.3G stated that:
‘A firm should consider carefully the terms of its agreements with third parties with
which it will deposit safe custody assets belonging to a client. The following terms
are examples of the issues firms should address in this agreement:
(1) that the title of the account indicates that any safe custody asset credited to it
does not belong to the firm;
(2) that the third party will hold or record a safe custody asset belonging to the
firm's client separately from any applicable asset belonging to the firm or to the
third party;
(3) the arrangements for registration or recording of the safe custody asset if this
will not be registered in the client's name;
(4) the restrictions over the third party's right to claim a lien, right of retention or
sale over any safe custody asset standing to the credit of the account;
(5) the restrictions over the circumstances in which the third party may withdraw
assets from the account;
(6) the procedures and authorities for the passing of instructions to or by the firm;
(7) the procedures regarding the claiming and receiving of dividends, interest
payments and other entitlements accruing to the client; and
(8) the provisions detailing the extent of the third party's liability in the event of
the loss of a safe custody asset caused by the fraud, wilful default or negligence of
the third party or an agent appointed by him.’
2.14 CASS 6.5.1R stated that:
‘A firm must keep such records and accounts as necessary to enable it at any time
and without delay to distinguish safe custody assets held for one client from safe
custody assets held for any other client, and from the firm's own applicable assets.’
2.15 CASS 6.5.2R stated that:
‘A firm must maintain its records and accounts in a way that ensures their
accuracy, and in particular their correspondence to the safe custody assets held for
clients.’
2.16 From 1 November 2007 to 1 December 2008 CASS 6.5.4G stated that:
‘(1) SYSC 4.1.1 R requires firms to have robust governance arrangements, such as
internal control mechanisms, including sound administrative and accounting
procedures and effective control and safeguard arrangements for information
processing systems. In addition, SYSC 6.1.1 R requires firms to establish,
implement and maintain adequate policies and procedures sufficient to ensure the
firm's compliance with its obligations under the regulatory system. Carrying out
internal reconciliations of the financial instruments held for each client with the
financial instruments held by the firm and third parties is an important step in the
discharge of the firm's obligations under CASS 6.5.2 R, SYSC 4.1.1 R and SYSC
(2) A firm should perform such internal reconciliations:
(a) as often as is necessary; and
(b) as soon as reasonably practicable after the date to which the reconciliation
relates;
to ensure the accuracy of the firm's records and accounts.
(3) Reconciliation methods which can be adopted for these purposes include the
'total count method', which requires that all financial instruments be counted and
reconciled as at the same date.
(4) If a firm chooses to use an alternative reconciliation method (for example the
'rolling stock method') it needs to ensure that:
(a) all of a particular financial instrument are counted and reconciled as at the
same date; and
(b) all financial instruments are counted and reconciled during a period of six
months.’
2.17 From 1 January 2009 CASS 6.5.4G stated that:
‘(1) Carrying out internal reconciliations of the safe custody assets held for each
client with the safe custody assets held by the firm and third parties is an
important step in the discharge of the firm's obligations under CASS 6.5.2 R, and
where relevant, SYSC 4.1.1 R and SYSC 6.1.1 R.
(2) A firm should perform such internal reconciliations:
(a) as often as is necessary; and
(b) as soon as reasonably practicable after the date to which the reconciliation
relates;
to ensure the accuracy of the firm's records and accounts.’
2.18 CASS 6.5.6R stated that:
‘A firm must conduct on a regular basis, reconciliations between its internal
accounts and records and those of any third parties by whom those safe custody
assets are held.’
2.19 CASS 6.5.8G stated that:
‘A firm should perform the reconciliation required by CASS 6.5.6R:
(1) as regularly as is necessary; and
(2) as soon as reasonably practicable after the date to which the reconciliation
relates;
to ensure the accuracy of its internal accounts and records against those of third
parties by whom safe custody assets are held.’
Decision Procedure and Penalties Manual (“DEPP”)
2.20 Chapter 6 of DEPP, which forms part of the Authority’s Handbook, sets out the
Authority’s statement of policy with respect to the imposition and amount of
financial penalties under the Act.
The Enforcement Guide
2.21 The Enforcement Guide sets out the Authority’s approach to exercising its main
enforcement powers under the Act.
2.22 Chapter 7 of the Enforcement Guide sets out the Authority’s approach to exercising
its power to impose a financial penalty.