Final Notice

On , the Financial Conduct Authority issued a Final Notice to Financial Limited

FINAL NOTICE

Andoversford Business Park

1.
ACTION

1.1.
For the reasons given in this notice, the Authority hereby:

(1)
imposes, pursuant to section 206A of the Act, a restriction on Financial, for

a period of 126 days from the date this Final Notice is issued, so that

Financial is restricted during that period from appointing any AR or RI; and

(2)
publishes, pursuant to section 205 of the Act, a statement to the effect

that Financial has contravened regulatory requirements.

1.2.
This action is in respect of breaches of Principle 3.

1.3.
Were it not for Financial’s financial position the Authority would have imposed on

Financial a financial penalty of £12,589,134.

1.4.
Financial agreed to settle at an early stage of the Authority’s investigation.

Financial therefore qualified for a 30% (stage 1) discount under the Authority’s

executive settlement procedures. Were it not for this discount, the Authority

would have imposed a restriction of 180 days (6 months) on Financial.

1.5.
The public censure will be issued on 23 July 2014 and will take the form of this

Final Notice, which will be published on the Authority’s website.

2.
SUMMARY OF REASONS

2.1.
Financial is an adviser network based in Cheltenham, Gloucestershire, currently

responsible for 299 Appointed Representatives and 342 Registered Individuals

advising customers on pensions, investments including unregulated collective

investment schemes, mortgages and general insurance/protection products. As a

result of Financial’s failures during the Relevant Period over 60,000 customers

were exposed to the real risk that its ARs and RIs would make recommendations,

including in relation to high risk products, which were unsuitable.

2.2.
Between 20 August 2008 and 30 April 2013 (the “Relevant Period”), Financial was

one of three subsidiaries of the Group. The systems and controls and risk

management framework at Financial operated at Group level so that the advisory

standards the ARs and RIs were required to meet, and the operating procedures

they had to follow, were identical for each subsidiary of the Group.

2.3.
During the Relevant Period Financial (through its ARs and RIs) gave advice to

over 60,000 customers, including advising on high risk transactions such as UCIS

and other structured products, pension switching and occupational pension

transfers.

2.4.
In September 2013, a Skilled Person’s Report identified systemic weaknesses in

the design and execution of Financial’s systems and controls and risk

management framework. Financial’s business model had afforded ARs and RIs a

high degree of flexibility and created an environment which allowed poor

standards of business to continue without correction for a significant period of

time. The Authority regards Financial’s failings as serious because they were

directly attributable to Financial’s cultural focus which viewed the ARs and RIs,

rather than the customers of the ARs and RIs, as the end customer. As a result

there was a general failure to embrace an effective risk-based approach to its AR

and RI controls and risk management processes.

2.5.
The Authority considers that this case is particularly serious because Financial

posed a high risk of consumer detriment as a result of the weaknesses identified,

and particularly exposed customers to the risk that Financial’s ARs and RIs would

make personal recommendations which were not suitable, thereby causing loss.

2.6.
In the circumstances the Authority imposes a restriction preventing Financial from

appointing any AR or RI for a period of 126 days from the date this Final Notice is

issued and publish a statement to the effect that Financial has contravened

regulatory requirements, as an alternative to a financial penalty. The Authority

considers that the nature and seriousness of Financial’s breaches would have

warranted a financial penalty of £12,589,134, were it not for Financial’s financial

position.

2.7.
The Authority recognises that Financial has co-operated during the course of the

investigation and has effected material changes to its senior management,

systems and controls.

3.
DEFINITIONS

3.1.
The definitions below are used in this Final Notice.

“the Act” means the Financial Services and Markets Act 2000;

“AR” means Appointed Representative;

“the Authority” means the body corporate previously known as the Financial

Services Authority and renamed on 1 April 2013 as the Financial Conduct

Authority;

“Board” means Financial’s board of executive and non-executive directors;

“CEO” means Chief Executive Officer;

“CMT” means Financial’s Central Monitoring Team;

“Compliance Visits” means annual visits to Financial’s ARs and RIs conducted by

the field Supervisory Staff;

“Database” means Financial’s comprehensive web-based management information

database;

“Desk-Based Monitoring” means Financial’s periodic desk-based reviews of adviser

performance management information;

“Enforcement” means the Enforcement and Financial Crime Division of the

Authority;

“Financial” means Financial Limited;

“File Checker” means a member of the File Checking team within Financial’s CMT

which reviewed individual files against a single generic File Check Form. They are in

addition to the Supervisory Staff who conducted the Desk-Based Monitoring and

Compliance Visits;

“Form A” means the Authority’s application form for approved status;

“General/MSA Licence” has the meaning set out in paragraph 4.21;

“Group” means Standard Financial Group plc;

“Guide to Supervision” means Financial’s guide, provided to the Supervisory Staff,

on the process and purpose of supervising ARs and RIs;

“Handbook” means the Authority’s Handbook of Rules and Guidance;

“KPIs” means Key Performance Indicators;

“MI” means Management Information;

“MSA” means Minimum Standards Achieved;

“NBR” means New Business Register;

“NRS” means Net Risk Score with the meaning set out in paragraph 4.38(3);

“PBR” means Past Business Review;

“Relevant Period” means 20 August 2008 to 30 April 2013;

“Retail Distribution Review” means the Authority’s rules, effective from 1 January

2013, governing the sale of investment products to retail customers;

“RI” means Registered Individual, a natural person employed by an AR and

approved by the Authority under s.59 of the Act as a CF30 of Financial;

“RMF” means Risk Management Framework;

“Risk Register” has the meaning set out in paragraph 4.38;

“Skilled Person’s Report” means the report, dated 11 September 2013, referred to

at paragraph 4.7 of this Notice;

“Specialist Licence” has the meaning set out in paragraph 4.21;

“Statement of Professional Standing” means the accreditation introduced by the

Retail Distribution Review for independent advisers, and required by the

Authority since 1 January 2013;

“Supervisory Staff” means Financial’s supervisory oversight team;

“TCF” means Treating Customers Fairly;

“the Tribunal” means the Upper Tribunal (Tax and Chancery Chamber); and

“UCIS” means unregulated collective investment scheme (as defined in Part XVII,

Chapter I and II of the Act).

4.
FACTS AND MATTERS

4.1.
Financial is an adviser network based in Cheltenham with 299 ARs and 342 RIs.

Financial is a subsidiary of the Group, a holding company which is not authorised

and does not trade.

4.2.
Financial was authorised on 1 December 2001 and during the Relevant Period was

authorised to carry out the following regulated activities:

(1)
advising, advising in relation to pension transfers/opt outs, making

arrangements in relation to designated investment business and arranging

deals in investments, since 1 December 2001;

(2)
advising on and arranging regulated mortgage contracts and making

arrangements in relation to regulated home finance, since 31 October

2004;

(3)
dealing in investments as agent (insurance mediation), since 14 January

2005;

(4)
arranging, safeguarding and administration of assets and safeguarding and

administration of assets, since 31 August 2006; and

(5)
advising on, arranging and making arrangements for home purchase plans

and home reversion plans, since 6 April 2007.

4.3.
Historically, the Group’s ARs and RIs were split across three subsidiaries, but

following a Group restructuring in February 2010 the majority of ARs and RIs

were transferred to Financial.

Risk Assessment and UCIS Thematic Review

4.4.
Since February 2010, Financial has been the subject of an assessment by the

Authority relating to its pension-switching advice, a routine risk assessment and a

further visit by the Authority as part of a thematic review. Specifically, in April

2012, as a follow-up to its previous visit relating to Financial’s pension switching

advice, the Authority reviewed a random sample of Financial’s pension switching

recommendations. A risk assessment visit was conducted in May 2012 and in

June 2012 Financial was visited in connection with the Authority’s thematic review

of firms’ practices in respect of the promotion and sale of UCIS.

4.5.
The assessment and each of the visits raised serious concerns about weaknesses

in Financial’s systems and controls and risk management framework.

4.6.
In response to the Authority’s feedback on the UCIS thematic review, on 3 August

2012, Financial immediately imposed a ban on its ARs and RIs selling UCIS.

Following discussions with the Authority this ban was lifted by Financial in August

2013 to enable ARs and RIs to provide ‘independent’ advice in the regulatory

environment following the Authority’s Retail Distribution Review.

4.7.
The Authority required the Group to commission the Skilled Person’s Report under

section 166 of the Act to review the effectiveness of Financial’s systems and

controls and risk management framework.

4.8.
The Skilled Person’s Report identified:

(1)
material deficiencies with both the design and implementation of

Financial’s systems and controls and the application of appropriate

standards; and

(2)
that Financial had not implemented a robust risk management framework

that enabled Financial’s senior management proactively to identify and

manage risk.

4.9.
The Skilled Person’s Report attributed this to:

(1)
material deficiencies with both the design and implementation of

Financial’s systems and controls and the application of appropriate

standards; and

(2)
that Financial had not implemented a robust risk management framework

that enabled Financial’s senior management proactively to identify and

manage risk.

4.10. The Skilled Person’s Report attributed this to:

(1)
the inherent risks of Financial’s business model which afforded ARs and RIs

a high degree of flexibility; and

(2)
the cultural focus at Financial which resulted in the ARs being treated as

the customers rather than the end customers who received the advice.

4.11. The Authority considered that Financial posed a high risk of consumer detriment

as a result of the weaknesses identified, namely that Financial’s ARs and RIs

would make personal recommendations to customers which were not suitable,

and it was referred to Enforcement for investigation.

Remedial Action by Financial

4.12. Subsequent to the 2012 Risk Assessment and prior to the requirement of the

Skilled Persons Report, Financial commenced a wide-ranging review and

improvement of its senior management and systems and controls and has since

proactively engaged with the Authority and the Skilled Person to remedy

weaknesses identified by the Authority, the draft Skilled Person’s Report and

Financial itself in its systems and controls and risk management framework.

Conduct in issue: Systems and controls and compliance

Determining whether prospective ARs and RIs were suitable to act for Financial

4.13. The decision whether or not to permit a new AR to join Financial was based

primarily on the outcome of Financial’s limited AR recruitment process. Financial’s

procedures set out a list of documentation that needed to be submitted by

applicants (e.g. bank statements, credit reports, employment and character

references and an assets and liabilities statement) but did not provide any

defined criteria or standards for assessing a prospective AR’s or RI’s fitness and

propriety. Financial required prospective ARs and RIs to complete Form A

together with an internal RI/AR application form and to provide supporting

documentation.

4.14. As part of the recruitment process prospective RIs were required to take and pass

a technical knowledge test before Form A was submitted to the Authority. The

application and supporting documentation was reviewed by Financial and if there

were no concerns regarding the prospective RIs fitness and propriety, and the RI

had passed the technical knowledge test, Form A was submitted to the Authority.

Following submission of Form A, the RI was invited to attend Financial’s one-day

induction course. A review of a small sample of Financial’s recruitment files

identified examples where there was insufficient evidence to show that Financial

had carried out an appropriate critical evaluation of the information obtained in

order to determine a prospective AR’s or RI’s fitness and propriety.

4.15. On the instruction of its compliance director, Financial might in certain situations

carry out a “pre-joining visit” before allowing an AR and/or RI to join Financial

(e.g. where it was not possible to obtain all of the fitness and propriety

information needed, such as references from previous employers). However,

given its scope this was not a sufficiently rigorous risk assessment and it did not

provide sufficient insight into an AR’s or RI’s business standards. In any event,

few pre-joining visits took place in the Relevant Period.

4.16. Once Financial had received approval from the Authority for the RI to perform a

controlled function (CF30) the RI was notified that they were permitted to advise

customers without any further skills assessment (unless they were an

inexperienced RI). They were also notified that there would be 100% pre-sale

monitoring of at least three of their new business cases in each applicable

business area and an initial visit would be conducted by the Supervisory Staff

within three months of the AR or RI joining Financial.

Determining RIs’ competence to advise customers

Initial Training and Development

4.17. Financial did not take sufficient steps to identify an RI’s training and development

needs at the outset or before an RI was permitted to provide advice to

customers. New RIs were classified as either experienced or inexperienced. This

classification was made following internal discussions as to whether the RI had at

least two years’ relevant experience but in the absence of a detailed application

form, curriculum vitae or structured interview process Financial did not have

sufficient details of the applicant’s relevant experience in order to make this

judgment. A review of a small sample of Financial’s recruitment and training files

identified that RIs’ skills were only assessed at the outset if the RI was

categorised as inexperienced.

4.18. For those new RIs categorised as experienced, the initial assessment of their

knowledge and skills was generally based upon limited information of previous

experience in the Form A, an applicant’s qualifications, two character references

and employment references for the previous five years (which did not elicit

sufficiently comprehensive information as a result of the standard reference

request template) this was insufficient to assess initial training requirements.

There was no formal documented gap analysis of the RI’s knowledge, skills and

experience and there was no evidence that Financial used the results of the

technical knowledge test to identify any initial development needs and produce a

development plan. Many RIs did not have a development plan so it was not

evident that Financial was fulfilling its regulatory obligation to provide sufficient

training to its RIs (linked to their areas of business and development needs)

before they were permitted to provide advice to customers.

4.19. Financial delivered a full day’s induction training for new RIs followed by further

training on assessing suitability. The validation of learning was insufficient to test

the RI’s knowledge and understanding of the course content and focused on

procedure rather than advisory standards. In any event, prior to February 2012,

it was not compulsory for RIs to attend either course before they gave advice, so

RIs were effectively permitted to advise customers before Financial had taken

steps to ensure that they had sufficient knowledge and understanding of the

advisory standards they were required to meet and the operating procedures to

follow.

4.20. Financial’s procedures did not state clearly when an RI’s competency status had

been achieved and neither its staff nor management understood the need for

clear assessment criteria or a formal performance assessment process.

4.21. Financial operated a two-tiered internal licensing process. A General/MSA Licence

was awarded for generic product groups (i.e. Pensions, Investments, Mortgages

and General Insurance/Protection) after the first ten new business entries had

been reviewed on a pre-sale basis or the first three new business entries in a

particular product area had been reviewed on a pre-sale basis. A Specialist

Licence was awarded for high-risk products (i.e. transfers from occupational

pension schemes, income drawdown, equity release and long-term care) once

three consecutive new pieces of business (regardless of complexity) had been

post-sale checked and graded seven or above (on a scale of one to ten).

4.22. Financial’s Guide to Supervision indicates that its Supervisory Staff were

responsible for deciding when an RI was competent but some Supervisory Staff

accepted this responsibility more readily than others so that, in practice, it was

unclear who took responsibility for confirming that the RI was competent. As a

result, there was no clear or formal record of when an RI was considered

competent nor was the rationale for the decision given, so that prior to an MSA

licence being granted both experienced and inexperienced RIs could be providing

advice to customers without supervision from Financial.

4.23. An RI appeared to be considered competent by Financial when he/she had passed

the technical knowledge test and obtained an MSA licence. However:

(1)
the licensing process did not limit the types of product an RI could

recommend. Upon joining Financial, RIs could recommend all types of

product, provided that they held the appropriate qualifications and a

Statement of Professional Standing. The licensing process simply

determined the timing and type of file checking;

(2)
the decision to grant a licence was not based on the File Checker’s initial

assessment but on the final grade achieved after material intervention by

Financial’s CMT, by which time any remedial action had been taken. The

standard on which the licence was granted was therefore potentially

heavily influenced by the input of the CMT. Prior to the RI obtaining a

licence, they often needed to re-submit files several times before CMT

were satisfied that the advice was suitable; and

(3)
there was no defined policy which applied to those RIs who had failed to

obtain a licence, so RIs continued to make recommendations to customers

having failed to obtain a licence over a long period of time.

4.24. Prior to a Specialist Licence being granted, allowing them to advise on high risk

products, an RI was permitted to give advice/arrange new business without any

pre-sale checking by Financial. This was not sufficiently robust to prevent

unsuitable advice being given, as the recommendation had already been made by

the time the case was checked.

Supervision of ARs

4.25. The Group employed eight field Supervisory Staff during the Relevant Period who

each supervised ARs and RIs within a defined geographical region.

4.26. Financial stipulated, in its Guide to Supervision, the knowledge and skills

Supervisory Staff were required to have in order to perform their role

competently but Supervisory Staff were not provided with any formal training

when they first joined Financial. Supervisory Staff were provided with the Guide

to Supervision workbook, which they were required to study before sitting a

supervisor validation test which comprised multiple choice questions at the back

of the workbook in order to assess their knowledge of the supervision process.

Supervisory Staff sat the test in their own time and it was not invigilated.

4.27. To ensure their ongoing competence, Financial required its Supervisory Staff to

pass an annual supervisory competency course. However, this had not been

attended by the Supervisory Staff since January 2011. A Supervisory Staff

training workshop was held in January 2012 but this only covered their

understanding of the rules for business stationery disclosure, Financial’s customer

file record keeping requirements and the content of annual visits. It did not

include any coaching or other assessment of supervisory skills.

Frequency of AR and RI Supervision

4.28. The frequency of supervision was not driven by the actual risk an AR or RI posed

to consumers. The metrics used to determine the risk rating of ARs and RIs did

not take into account all relevant performance factors and was not based on

recent performance information. For example, the results of pre-sale checking did

not influence the risk rating and post-sale file check results did not have sufficient

weighting which meant that ARs or RIs could exhibit poor results but not be rated

as high risk. Also, aspects of the risk score allocated to the AR’s or RI’s business

was calculated over the whole period since the AR or RI joined Financial.

Consequently, an AR’s or RI’s risk rating did not necessarily reflect the risk they

actually posed which meant the ARs might be subject to lower levels of

supervision by Financial than they should be.

Desk Based Monitoring and Compliance Visits

4.29. The Supervisory Staff supervised Financial’s ARs by periodic Desk Based

Monitoring and annual Compliance Visits, in addition to file checking.

4.30. Desk Based Monitoring comprised an assessment of an AR’s or RI’s performance

against KPIs, the spread of the AR’s or RI’s new business by risk and product

category and the AR’s or RI’s file checking scores. A review of a small sample of

Desk Based Monitoring conducted for high-risk ARs and RIs identified the

(1)
the frequency of Desk Based Monitoring was determined by the risk rating

of the AR or RI, the calculation of which was not sufficiently robust, as set

out in paragraph 4.27 above. The risk rating was automatically calculated

by Financial’s Database incorporating categories of KPI data from the date

the AR or RI joined Financial to the date the report was run. Each result

was given a score and the total points awarded determined the AR or RI’s

risk rating. The categories of KPI data included:

(a)
the number of breaches of Financial’s policies and procedures;

(b)
the number of complaints received;

(c)
the number of disciplinary actions taken by Financial as a result of

the breaches identified;

(d)
the number of cases classified as replacement business;

(e)
the percentage of cases conducted on an execution only basis;

(f)
persistency (calculated as a percentage of cases); and

(g)
a file check risk factor score.

(2)
the Supervisory Staff only analysed available information to identify

underlying file quality problems where the AR’s or RI’s average file check

score was below the benchmark (itself too low);

(3)
the Supervisory Staffs’ assessment record was insufficient to determine

whether the Supervisory Staff were concerned or not about AR or RI

performance and the nature of the action recorded was unclear; and

(4)
any issues noted were not fed through to an AR’s or RI’s development plan

for subsequent monitoring and completion.

4.31. Compliance Visits, conducted annually, were designed to assess five broad areas:

AR Overview and Stability, Compliance, Training and Competence, Advice

Procedures and TCF. The visit also included a competency assessment. The

Skilled Person’s review of relevant procedural documentation and live observation

of a number of Compliance Visits identified that Financial’s methodology and

approach to Compliance Visits was not sufficiently challenging to enable the

identification, monitoring and/or management of material risks associated with

giving financial advice.

AR and RI compliance and file checking

4.32. Once an RI had obtained a relevant licence, Financial conducted post-sale file

checks at a rate of one in every eight new business transactions. Weaknesses in

the file review methodology meant that file checking would not deliver a

sufficiently robust assessment of suitability. In particular, there was inconsistency

in the guidance provided to ARs and RIs regarding the documents that needed to

be submitted for file checking and the documents requested were not sufficient to

assess fully the suitability of advice in all cases. Deficiencies in the generic file

checking form meant that file checking was not carried out to a consistent

standard and Financial’s grading system for post-sale file checks was not

effective, largely because there was no clear definition of unsuitable advice.

4.33. File checking processes did not adequately identify and assess risk:

(1)
pre-sale checking was limited to new RIs who did not hold an MSA licence,

to pension switching and occupational pension transfer files and to RIs who

held an MSA licence but for whom Supervisory Staff considered that

removal of that licence might be appropriate. Financial did not undertake

pre-sale checking for all transactions requiring a Specialist Licence despite

Financial considering such transactions to be high risk.

(2)
where the RIs did not hold the relevant Specialist Licence, they were

required to submit the suitability report for the first advice before the

recommendation was made to the customer (a ‘pre-scrutiny check’).

Otherwise, an RI was permitted to give advice/arrange new business

without any pre-sale checking by Financial. The pre-scrutiny check:

(a)
was not sufficient to allow a comprehensive assessment of

suitability; and

(b)
files which should have been submitted for a pre-scrutiny check

were not submitted until after the advice had been presented to the

customer. No breach was recorded on Financial’s Database and

Financial did not impose any sanction against the RI for failing to

meet this obligation;

(3)
Financial did not follow-up pre-sale checks once the recommendation had

been made in order to establish whether the recommendation which was

approved was the same as that ultimately presented to the customer; and

(4)
post-sale checking was determined solely by the risk presented by the

product alone, resulting in insufficient levels of checking for RIs who

performed poorly. The number of high risk transactions checked was not

sufficient to ensure that a spread of high risk business would be checked

over time for each AR and RI. The level of post-sale checking was

essentially the same for all ARs and RIs regardless of their on-going

performance. As a result, Financial did not ensure that a sufficient spread

of an AR’s or RI’s total business was monitored.

4.34. Financial’s Database automatically selected files for checking from the entries on

the AR’s or RI’s NBR. The effectiveness of the file selection process in respect of

post-sale checking was heavily dependent on the AR or RI accurately inputting

data into their NBR on the Database. Similarly, as new business was not

administratively processed by Financial, the pre-sale file checking process was

dependent on an RI submitting the advice for review before the personal

recommendation was made to the customer.

4.35. Financial had been aware for some time of material risks relating to the accuracy

and quality of the new business information input by its ARs and RIs. This risk

was material because it affected the integrity of the file checking process and MI

data. Nevertheless, Financial did not take appropriate steps to control this risk

effectively. No comprehensive training on the Database was provided to ARs and

RIs before they began to give advice and Financial did not have a robust way of

retrospectively checking that AR’s and RIs’ entries on to the NBR were accurate.

4.36. Financial’s procedures stated that it would carry out a quarterly assessment of a

sample (one for each business area) of post-sale file checks for each individual

File Checker (i.e. 16 quality checks per year). However, no quality assurance

assessment of file checking had been carried out between May 2012 and April

2013 and prior to that quality assurance assessments had focused on post-sale

checking only.

Conduct in issue: Risk management processes

4.37. The governance structure at Financial consisted of the Board and three Sub-

Committees (a Risk Committee, an Audit & Compliance Committee and a

Nominations and Remunerations Committee) which focused on dealing with

incidents and issues that had already materialised rather than proactively

identifying and monitoring on-going risks.

4.38. Following a review of information and documentation relating to Financial’s RMF,

including the RMF document, the Risk Register and MI and interviews with senior

management, the Skilled Person’s Report identified that the scope and quality of

MI provided to the Board and its sub-committees was not sufficient to enable its

senior management to identify and monitor risk effectively. In particular:

(1)
the MI did not adequately summarise the risks to Financial and its

customers. MI provided to the Risk Committee did not contain any

information which would allow it to consider consumer risks directly. Key

analytical information contained in a Consumer Outcomes Report (a

detailed report which focused on the main areas of consumer risk) was

reviewed at a monthly Risk & Compliance Managers’ meeting but not

escalated to the Sub-Committees/Board. The Compliance Report provided

to the Audit & Compliance Committee contained some information relevant

to consumer risks but this was still too high level to enable it to

understand fully the root cause of consumer risks effectively;

(2)
Financial’s risk ratings (High, Medium and Low) as recorded in the Risk

Register were not defined or quantified (i.e. no KPIs had been set,

providing a benchmark against which risk can be monitored) and Financial

had not identified its top risks (comprising both risks to Financial and all

risks to its consumers);

(3)
Financial’s assessment of how well a risk was being controlled was

unreliable and misleading. The Risk Register included a Net Risk Score

(“NRS”) for each risk to reflect how well that risk was being controlled. The

NRS was not set following an objective assessment of the quality and

effectiveness of the internal systems and controls in place. Consequently,

the NRS for most risks (particularly customer risks) was too low resulting

in risks being understated and therefore not being given the appropriate

degree of attention by senior management;

(4)
it was unclear how certain systems and controls linked to risks in the Risk

Register were capable of controlling that risk; and

(5)
the length of the reporting period used to compile data meant there was

little change in the information provided to the Sub-Committees or Board

from month to month. For example, the MI for file check scores was based

on a rolling 12-month period which did not enable senior management to

identify emerging issues promptly and information provided in a Critical

Success Factors report (part of the Board pack) was too high level to

provide the Board with sufficient insight into the root causes of the issues

identified to enable them to decide what action, if any, should be taken.

4.39. In addition to the above, and contrary to what the RMF states, although Financial

engaged external contractors to perform issue-specific audits (September 2008–

August 2009 and March-November 2010), Financial did not have an internal audit

function during the Relevant Period, so that there was no robust mechanism for

assessing the effectiveness of its internal controls.

5.
FAILINGS

5.1.
The regulatory provisions relevant to this Final Notice are referred to in Annex A.

5.2.
On the basis of the facts and matters above, the Authority considers that

Financial failed to take reasonable care to organise and control its affairs

reasonably and effectively, with adequate risk management systems, in breach of

Principle 3.

Systems and controls and compliance

5.3.
Financial failed to establish, implement and maintain effective systems and

controls sufficient to ensure that Financial’s ARs and RIs met applicable

requirements and standards under the regulatory system. Specifically:

Determining whether prospective ARs and RIs were suitable to act for Financial

5.4.
Financial failed to take sufficient steps, as part of the recruitment process, to

assess appropriately prospective ARs’ business models and business practices to

determine whether they were suitable to act for Financial, in particular:

(1)
Financial did not routinely carry out any structured due diligence and/or

risk assessment which would have enabled them to assess the prospective

AR’s business model and business practices and in turn identify whether

there were any unusual or particular risks which needed to be considered

or addressed. The decision to permit a new AR to join Financial was based

primarily on the outcome of the AR and RI recruitment process. This

meant that, upon joining Financial, ARs were effectively permitted to follow

their own sales process and use their own adviser tools (e.g. fact finds,

risk profile questionnaires and research systems) which Financial had not

assessed and deemed fit for purpose;

(2)
Financial placed undue reliance on the background checks carried out by

the Authority. The Authority’s factsheet issued in August 2011 concerning

control over ARs stated that “under no circumstances should the firm rely

on the background checks we carry out to determine whether the

prospective AR is suitable to act for the firm”. Financial required ARs and

RIs to complete Form A and an internal RI/AR form (which captured details

of assets, liabilities and referees). These forms did not capture sufficient

details of an RI’s previous role(s), responsibilities and relevant experience.

Financial did not have a detailed application form, did not require RIs to

submit a full curriculum vitae and did not operate a structured interview

process for assessing an applicant’s knowledge and skills. Although

Financial obtained two character references and employment references

for the previous five years, it adopted a standard reference request

template, which did not elicit sufficiently comprehensive information. As a

result, Financial did not have sufficient details of the applicant’s relevant

experience in order to assess robustly his/her knowledge and skills. Once

individual advisers had been approved by the Authority as CF30, they were

permitted to advise customers without further skills assessment (unless

they were classified as inexperienced); and

(3)
Financial did not take sufficient steps to ensure the integrity of the

technical knowledge test they required RIs to undertake. RIs were

permitted to complete the test remotely in their own time. It was not

invigilated and might not, therefore, provide a true indication of the RI’s

actual knowledge. In any event it did not test the RI’s knowledge of higher

risk products.

Determining RIs’ competence to advise customers

5.5.
Upon an RI joining Financial, Financial did not carry out a suitable assessment of

their knowledge and skills in order to determine their competence before they

began advising customers. In particular:

(1)
Financial’s process for determining an RI’s competence was unclear and

unreliable;

(2)
Financial did not take sufficient steps to identify the RI’s training and

development needs at the outset and before the RI was permitted to

provide advice; and

(3)
Financial did not provide timely and comprehensive training to ensure that

its new ARs and RIs understood the minimum standards Financial expected

them to meet. RIs were effectively permitted to advise customers before

Financial had taken steps to ensure that they had sufficient knowledge and

understanding of the standards they must meet and the processes to

follow.

5.6.
Potentially, training and development needs might be identified over time, as a

result of file checking (including initial pre-sale monitoring) and annual visits from

the Supervisory Staff, but due to Financial’s failings in those areas there was an

increased risk of consumer detriment as a result of Financial’s failure to carry out

a suitable assessment at the outset.

Supervision of ARs and RIs

5.7.
Financial failed to ensure that its ARs and RIs were appropriately and effectively

supervised at all times. In particular:

(1)
there was insufficient contact between ARs and RIs and the Supervisory

Staff to ensure effective supervision;

(2)
Financial did not adequately analyse information on RI performance

sufficient to conduct an effective review of competence, identify training

needs and take appropriate action to ensure that those RIs remained

competent for their role. Specifically:

(a)
as a result of the insufficiently robust benchmark for an RI’s

average file check score, Financial’s minimum standards did not

effectively provide an indication of an RI’s competence;

(b)
Desk-Based Monitoring was ineffective in identifying an individual

RI’s development needs and failed to initiate appropriate and

effective remedial action; and

(c)
Financial’s minimum standards for measuring an individual RI’s on-

going competence did not include an assessment of the RI’s skills or

technical knowledge.

(3)
Financial’s field supervision was not sufficiently risk-based. As a result of

the inadequate design and execution of its supervision activity, the annual

visits carried out by the Supervisory Staff were not sufficiently challenging

to enable the identification of material risks. Specifically:

(a)
Financial did not take sufficient steps to ensure that the Supervisory

Staff had the necessary experience, coaching and assessment skills

to act as a competent supervisor;

(b)
the timing and frequency of compliance visits was not influenced by

issues/risks associated with particular ARs or even the number of

RIs employed by an AR but were calendar driven; and

(c)
the methodology and approach for reviewing key areas during the

annual visits was not sufficiently challenging to identify non-

compliance and instances where customers might not be treated

fairly.

(4)
Monitoring of the Supervisory Staff was ineffective because KPIs for the

Supervisory Staff roles were time driven rather than qualitative indicators

of performance and development points identified for the Supervisory Staff

tended to be minor and procedural in nature.

Compliance and file checking

5.8.
Financial failed to establish and maintain adequate compliance and file checking

arrangements, appropriate to the size and types of business conducted by

Financial. In particular:

(1)
file checking processes did not adequately identify and assess risks. The

methodology for file selection was not sufficiently influenced by the risk

rating of ARs and/or RIs and as a result Financial did not always ensure

that a spread of higher risk products was checked;

(2)
weaknesses in the file review methodology meant that file checking might

not deliver a sufficiently robust assessment of suitability;

(3)
no quality assurance assessment of file checking had been carried out

since May 2012. Quality assurance assessments conducted prior to that

date focused on post-sale checking only; and

(4)
Financial had been aware for some time of significant risks relating to the

accuracy and quality of new business information input into the Database

but had failed to take appropriate steps to control this risk effectively. For

example, the ARs and RIs did not attend comprehensive training on the

Database before they began to give advice and Financial did not have an

effective method of retrospectively checking that ARs’ and RIs’ entries on

to the NBR were accurate.

Risk management process

5.9.
Financial failed to implement effective processes to enable senior management to

identify, measure, manage and control the risks that Financial was, or might be,

exposed to. In particular:

(1)
the scope and quality of MI provided to the Board and its sub-committees

was not sufficient to enable senior management to identify and monitor

risk effectively;

(2)
Financial’s Board and its senior management team focussed on dealing

with incidents and issues that had already materialised rather than

proactively identifying and monitoring on-going risks; and

(3)
the absence of an internal audit function meant that there was no robust

mechanism for assessing the effectiveness of Financial’s internal systems

and controls.

5.10. The Authority considers that Financial’s systems and controls were inadequate for

a firm of its size and taking into account the high risk products that it sold. The

Authority considers that the failings were systemic.

5.11. As a result of these failings, the Authority considers that Financial failed to take

reasonable care to organise and control its affairs responsibly and effectively,

with adequate risk management systems, in breach of Principle 3.

6.
SANCTION

6.1.
The Authority’s policy in relation to the imposition of a financial penalty or public

censure is set out in Chapter 6 of DEPP which forms part of the Authority’s

Handbook. The regulatory provisions governing the determination of financial

penalties changed on 6 March 2010.

6.2.
The Authority’s policy in relation to the imposition of a suspension or restriction is

set out in Chapter 6A of DEPP which forms part of the Authority’s Handbook. The

regulatory provisions governing the imposition of a suspension or restriction were

introduced on 8 August 2010.

Introduction

6.3.
The Authority considered that a financial penalty of £12,589,134 on Financial in

respect of its breaches of Principle 3 throughout the Relevant Period was

appropriate. However, as Financial has satisfied the Authority that payment of

such a penalty would cause it serious financial hardship, the Authority reduces

the level of the penalty to nil and instead publishes a statement that Financial has

breached Principle 3.

6.4.
In addition to publishing such a statement, the Authority considers that it is also

appropriate to impose a restriction on Financial in respect of its misconduct

between 8 August 2010 and 30 April 2013, on the basis that the penalty would

cause Financial serious financial hardship and it is appropriate to reduce the

financial penalty. The Authority believes that imposing a restriction here alongside

a statement of misconduct, as an alternative to payment of a financial penalty,

will be a more effective and persuasive deterrent than the imposition of a

statement of misconduct alone.

6.5.
Accordingly the Authority, in addition to a statement of misconduct, also imposes

a restriction on Financial for a period of 126 days from the date this Final Notice

is issued, so that Financial may not appoint any AR or RI during that period.

Financial penalty

6.6.
The conduct in issue took place both before and after 6 March 2010. As set out at

paragraph 2.7 of the Authority Policy Statement 10/4, when calculating a financial

penalty where the conduct straddles penalty regimes, the Authority must have

regard to both the penalty regime which was effective before 6 March 2010 (the

‘old penalty regime’) and the penalty regime which was effective after 6 March

2010 (the ‘new penalty regime’).

Financial penalty under the old regime

6.7.
The Authority’s policy on the imposition of a financial penalty relevant to the

misconduct prior to 6 March 2010 is set out in Chapter 6 of DEPP that was in

force up to and including 5 March 2010. All references to DEPP in this section are

references to that version.

6.8.
The Authority has also had regard to the corresponding provisions of Chapter 7 of

the Authority’s Enforcement Guide in force at the time.

6.9.
In determining whether a financial penalty is appropriate, the Authority is

required to consider all the relevant circumstances of the case. DEPP 6.5.2G sets

out a non-exhaustive list of factors which may be relevant to determining the

appropriate level of financial penalty. The Authority considers that the following

factors are particularly relevant in this case.

Deterrence (DEPP 6.5.2(1))

6.10. When determining the level of penalty, the Authority has regard to the principal

purpose for which it imposes sanctions, namely to promote high standards of

regulatory and market conduct.

6.11. The Authority considers that the financial penalty will deter Financial and other

similar network firms in the market from committing similar breaches. The

Authority also considers that the penalty will demonstrate generally to other

adviser network firms that a business model which affords its ARs and RIs a high

degree of flexibility is not acceptable and will reinforce the importance of collating

quality MI, embedding risk-focused systems and controls and encouraging a

consumer-focused culture.

The nature, seriousness and impact of the breach (DEPP 6.5.2(2))

6.12. There was an actual risk of significant consumer detriment resulting from

Financial’s breaches of Principle 3, in that there was a real risk that its ARs and

RIs would make personal recommendations to customers which were not

demonstrably suitable. Financial did not adequately manage or mitigate that risk

during the Relevant Period.

6.13. The Authority considers Financial’s breaches to be serious in that the failings were

systemic, impacted all categories of Financial’s business, and persisted for a

significant and continuous period of time without correction.

Conduct following the breach (DEPP 6.5.2(8))

6.14. Financial has cooperated fully with the Authority’s investigation and, with a new

senior management team in place, has taken substantive action to remedy the

failings identified.

Disciplinary record and compliance history (DEPP 6.5.2(9))

6.15. The Authority has taken account of Financial’s general compliance history. In

particular, as a result of actions taken by the Authority during the Relevant

Period, Financial had knowledge of the Authority’s concerns relating to the

weaknesses in its systems and controls and risk management framework but

failed adequately to address those concerns. In particular, Financial was referred

to Enforcement in 2009 as a result of similar concerns identified during the

Authority’s thematic review of Financial’s pension-switching recommendations.

Following its investigation, in February 2010, the Authority imposed a financial

penalty on Mr Charles Palmer, the CEO of the Group at the time and the current

owner of the Group.

Past action taken by the Authority (DEPP 6.5.2(10))

6.16. In determining the level of financial penalty under the old regime, the Authority

has taken into account penalties imposed on other authorised firms for similar

behaviour.

Old regime Conclusion

6.17. Having considered all the circumstances set out above, the Authority considers

that £500,000 is an appropriate financial penalty to impose on Financial under the

old regime. In the event, Financial has provided verifiable evidence to establish

that imposing any financial penalty would cause it serious financial hardship.

Financial Penalty under the new regime

6.18. Under the new regime, in force after 6 March 2010, the Authority applies a five-

step framework to determine the appropriate level of financial penalty. DEPP 6.5A

sets out the details of the five-step framework that applies in respect of financial

penalties imposed on firms.

6.19. Pursuant to DEPP 6.5A.1G, at Step 1 the Authority seeks to deprive a firm of the

financial benefit derived directly from the breach where it is practicable to

quantify this. The Authority’s investigation did not seek to determine the extent

of any actual detriment and it has not therefore identified any financial benefit

that Financial derived directly from the breaches of Principle 3.

6.20. Financial is currently undertaking PBRs and an internal review in relation to its

pension switching and UCIS recommendations in order to address the

weaknesses previously identified by the Authority. The final outcome of this

exercise is as yet unknown, but may result in redress being paid to consumers.

6.21. The Step 1 figure is therefore nil.

Step 2: Seriousness of breach

6.22. Pursuant to DEPP 6.5A.2G, at Step 2 the Authority determines a figure that

reflects the seriousness of the breach. Where the amount of revenue generated

by a firm from a particular product line or business area is indicative of the harm

or potential harm that its breach may cause, that figure will be based on a

percentage of the firm’s revenue from the relevant products or business area.

6.23. The Authority considers that the revenue generated by all ARs and RIs within

Financial’s network (“the Network Revenue”) to be indicative of the potential

harm caused by the breach. The Authority has therefore determined a figure

based on a percentage of the total Network Revenue during the period of the

breach. The period of Financial’s breach in relation to the new penalty regime was

from 6 March 2010 to 30 April 2013. The total Network Revenue for this period is

£73,267,479.

6.24. In deciding on the percentage of the relevant revenue that forms the basis of the

Step 2 figure, the Authority considers the seriousness of the breach and chooses

a percentage between 0% and 20%. This range is divided into five fixed levels

which represent, on a sliding scale, the seriousness of the breach; the more

serious the breach, the higher the level. For penalties imposed on firms there are

the following five levels:

(1)
Level 1 – 0%

(2)
Level 2 – 5%

(3)
Level 3 – 10%

(4)
Level 4 – 15%

(5)
Level 5 – 20%

6.25. In assessing the seriousness level, the Authority takes into account various

factors which reflect the impact and nature of the breach, and whether it was

committed deliberately or recklessly.

6.26. The Authority has determined the seriousness of Financial’s breaches to be Level

4 for the purposes of Step 2, having taken into account the following:

(1)
DEPP 6.5A.2G(6) sets out factors relating to the impact of the breaches:

(a)
the Authority has not identified any direct financial benefit to

Financial as a result of the breaches of Principle 3;

(b)
Financial exposed over 60,000 customers to a risk of loss as a

result of the breaches of Principle 3, in that there was a risk that its

RIs would make personal recommendations to customers which

were not suitable. Financial did not adequately manage or mitigate

that risk during the Relevant Period; and

(c)
loss to individual consumers has not been identified or quantified at

this stage but the Authority has required Financial to conduct

further PBRs in relation to its pension-switching recommendations

and is supervising Financial’s internal review of its promotion and

sale of UCIS (during the Relevant Period, Financial undertook 322

individual sales of UCIS funds to 252 customers). Both the ongoing

PBRs and the internal review may result in redress being paid to

consumers. At the date of this notice, of those customers sold UCIS

funds during the Relevant Period, approximately 80% may not have

been eligible for promotion of UCIS funds and/or may not have

received suitable advice.

(2)
DEPP 6.5A.2G(7) sets out factors relating to the nature of the breach:

(a)
Financial’s breaches of Principle 3 revealed systemic weaknesses in

its systems and controls relating to the recruitment, monitoring and

control of its ARs and RIs; and

(b)
the weaknesses identified persisted for a significant and continuous

period of time without correction.

(3)
DEPP 6.5A.2G(8) and (9) set out factors tending to show the breach was

either deliberate or reckless. The Authority has not identified any evidence

to suggest that Financial acted deliberately or recklessly in committing the

breaches of Principle 3;

(4)
DEPP 6.5A.2G(11) sets out factors likely to be considered ‘level 4 factors’,

or ‘level 5 factors’. The Authority considers the following factors to be

relevant:

(a)
loss to individual consumers has not been identified or quantified at

this stage but the Authority has required Financial to conduct

further PBRs in relation to its pension-switching recommendations

and is supervising Financial’s internal review of its promotion and

sale of UCIS (during the Relevant Period, Financial undertook 322

individual sales of UCIS funds to 252 customers). Both the ongoing

PBRs and the internal review may result in redress being paid to

consumers. At the date of this notice, of those customers sold UCIS

funds during the Relevant Period approximately 80% may not have

been eligible for promotion of UCIS funds and/or may not have

received suitable advice;

(b)
Financial’s breaches of Principle 3 revealed systemic weaknesses in

Financial’s systems and controls relating to the recruitment,

monitoring and control of its ARs;

(c)
no financial crime was facilitated, occasioned or otherwise

attributable to Financial’s breaches;

(d)
Financial’s breaches did not create a significant risk that financial

crime would be facilitated, occasioned or otherwise occur;

(e)
the Authority has not identified anything which suggests that

Financial failed to conduct its business with integrity; and

(f)
the Authority does not consider that Financial’s breaches were

committed deliberately or recklessly.

(5)
DEPP 6.5A.2G(12) sets out factors likely to be considered ‘level 1 factors’,

‘level 2 factors’ or ‘level 3 factors’. The Authority considers the following

factors to be relevant:

(a)
the Authority has not identified any direct financial benefit to

Financial as a result of the breaches of Principle 3;

(b)
the Authority has not identified any actual or potential effects on

the orderliness of, or confidence in, markets as a result of

Financial’s misconduct; and

(c)
the breaches appear to have been committed negligently or

inadvertently.

6.27. Because Financial’s breaches of Principle 3 amounted to gross negligence, rather

than deliberate or reckless misconduct, and because the systemic weaknesses in

Financial’s systems and controls persisted for a significant and continuous period

of time without adequate correction, exposing over 60,000 customers to a risk of

loss, the Authority considers that Financial’s breaches should be considered to be

Level 4 breaches.

6.28. A Level 4 breach equates to 15% of the Network Revenue. The new regime

penalty after Step 2 is therefore £10,990,121.

Step 3: mitigating and aggravating factors

6.29. Pursuant to DEPP 6.5A.3G(2), at Step 3 the Authority may increase or decrease

the amount of the financial penalty arrived at after Step 2 (but not including any

amount disgorged at Step 1) to take into account factors which aggravate or

mitigate the breach.

6.30. The Authority considers that the following factors aggravate the breach:

(1)
the failings in breach of Principle 3 occurred despite the Authority’s

concerns in relation to Financial’s inadequate systems and controls being

raised in supervisory correspondence on a number of occasions during the

Relevant Period; and

(2)
the weaknesses in Financial’s systems and controls were also brought to

the attention of Financial as a result of an investigation by the Authority

which led to the issuing of a Final Notice in February 2010 in relation to

the conduct of the CEO of the Group.

6.31. The Authority considers that the following factors mitigate the breach:

(1)
Financial now has a new Board in place. The new Board began

implementing improvements to Financial’s systems and controls and risk

management framework prior to the appointment of the Skilled Person;

and

(2)
in late 2012 and early 2013 the new Board proactively engaged with the

Authority and the Skilled Person to remedy weakness identified by the

Authority, the Skilled Person’s Report and the new Board itself, in

accordance with an agreed remedial action plan.

6.32. Having taken these aggravating and mitigating factors into account the Authority

considers that an aggregate uplift of 10% is appropriate.

6.33. The Step 3 figure is therefore 110% of £10,990,121 equating to £12,089,134.

Step 4: adjustment for deterrence

6.34. Pursuant to DEPP 6.5A.4G, if the Authority considers the figure arrived at after

Step 3 is insufficient to deter Financial who committed the breach, or others, from

committing further or similar breaches, then the Authority may increase the

penalty.

6.35. The Authority considers the Step 3 figure of £12,089,134 represents a sufficient

deterrent to Financial and others, and so has not increased the penalty at Step 4.

6.36. Taking into account the old regime penalty of £500,000, the total combined

penalty equates to £12,589,134.

6.37. The Authority considers that combining the two separate penalties calculated

under the old and new penalty regimes produces a figure which is proportionate

and consistent with the Authority’s statements that the new penalty regime may

lead to increased penalty levels.

6.38. The Step 4 figure is therefore £12,589,134.

6.39. The Authority would have sought to impose a total financial penalty of

£12,589,134 on Financial for its breaches of Principle 3, were it not that Financial

has provided verifiable evidence to establish that imposing any financial penalty

would cause it serious financial hardship. The penalty is therefore reduced to nil.

Step 5: settlement discount

6.40. As the financial penalty has been reduced to nil before calculation of any discount

for early settlement, no further discount is applicable.

Public censure

6.41. DEPP 6.4.2G sets out the factors that may be of particular relevance in

determining whether it is appropriate to issue a public censure. The criteria are

not exhaustive and DEPP 6.4.1G(1) provides that the Authority will consider all

the relevant circumstances of the case when deciding whether to impose a

penalty or issue a public censure.

6.42. The Authority considered the following factors to be particularly relevant in this

case:

(1)
pursuant to DEPP 6.4.2G(8)(a) the application of the Authority’s policy on

serious financial hardship has resulted in the financial penalty against

Financial being reduced to nil; and

(2)
pursuant to DEPP 6.4.2G(8)(b) there is verifiable evidence that Financial

would be unable to meet other regulatory requirements, particularly

financial resource requirements, if the Authority had imposed a financial

penalty at the appropriate level.

6.43. Having considered all the circumstances set out above, the Authority considers

that £12,589,134 would be the appropriate penalty to impose on Financial.

However, taking into account Financial’s financial position and the fact the penalty

has, as a result, been reduced to nil, the Authority is publishing a statement that

Financial has contravened regulatory requirements.

Restriction

6.44. The Authority also imposes a restriction on Financial, for a period of 126 days

from the date this Final Notice is issued, so that Financial is restricted during that

period from appointing any AR or RI.

6.45. The restriction the Authority imposes is a disciplinary measure in respect of

Financial’s misconduct between 8 August 2010 (when the statutory power to

impose a restriction came in to force) and 30 April 2013.

6.46. When determining whether a restriction is appropriate, the Authority is required

to consider the full circumstances of the case. The Authority will impose a

restriction where it believes that such action will be a more effective and

persuasive deterrent than the imposition of a financial penalty alone. DEPP

6A.2.3G specifies examples of circumstances where the Authority may consider it

appropriate to impose a restriction.

6.47. The main reason why the Authority considers that a restriction is appropriate in

the circumstances of this case is because Financial has provided verifiable

evidence to establish that imposing any financial penalty would cause it serious

financial hardship, pursuant to DEPP6A.2.3G(6). The Authority believes that

imposing a restriction in this instance, in addition to a statement of misconduct

and as an alternative to payment of a penalty, would be a more effective and

persuasive deterrent than the imposition of a financial penalty reduced to nil and

a statement of misconduct alone.

6.48. In addition, the Authority has previously taken Enforcement action in respect of

similar breaches, including action against Mr Charles Palmer (who holds

significant influence functions at Financial and is the current owner of the Group).

Financial failed to take appropriate steps to improve its systems and controls as a

result of this action.

6.49. Financial’s failings suggest a poor compliance culture at Financial. In particular, as

set out at paragraph 4.8 above, the Skilled Person’s Report attributed the failings

identified to:

(1)
the inherent risks of Financial’s business model which afforded ARs and RIs

a high degree of flexibility; and

(2)
the cultural focus at Financial which resulted in the ARs being treated as

the customers rather than the end consumers who received the advice.

6.50. The Authority considers that the restriction it is imposing is appropriate in that it

will demonstrate to other similar network firms in the market that where a firm

continues to operate with a poor compliance culture the Authority will take

disciplinary action to suspend and/or restrict that firm’s regulated activities, in

combination with a financial penalty or as an alternative sanction.

Length of restriction

6.51. When determining the length of the period of restriction that is appropriate for

the breach concerned, and is also a sufficient deterrent, the Authority will

consider all the relevant circumstances of the case. DEPP 6A.3.2G sets out factors

that may be relevant in determining the appropriate length of the period of

restriction. The Authority considers that the following factors are particularly

relevant in this case.

Deterrence (DEPP 6A.3.2G(1))

6.52. When determining the length of the period of restriction, the Authority has regard

to the principal purpose for which it imposes a restriction, namely to promote

high standards of regulatory and/or market conduct by deterring persons who

have committed breaches from committing further breaches, helping to deter

other persons from committing similar breaches, and demonstrating generally the

benefits of compliant behaviour.

6.53. The Authority considers that the restriction it is imposing will deter Financial and

other similar network firms in the market from committing similar breaches. It

will also emphasise that a firm which negligently or otherwise allows systemic

failings in its systems and controls and risk management framework to persist for

a significant and continuous period of time without adequate correction will not

escape disciplinary action, regardless of their financial position.

The seriousness of the breach (DEPP 6A.3.2G(2))

6.54. When assessing the seriousness of the breach, the Authority takes into account

various factors (which may include those listed in DEPP 6.5A.2G (6) to (9)) which

reflect the impact and nature of the breach, and whether it was committed

deliberately or recklessly.

6.55. When considering the seriousness of the breaches, the Authority has taken into

account the following:

(1)
Financial exposed over 60,000 customers to a significant risk of loss as a

result of the breaches of Principle 3, in that there was a significant risk

that its RIs would make personal recommendations to customers which

were not suitable. Financial did not adequately manage or mitigate that

significant risk during the Relevant Period (specifically 8 August 2010 to 30

April 2013);

(2)
loss to individual consumers has not been identified or quantified at this

stage but the Authority has required Financial to conduct further PBRs in

relation to its pension-switching recommendations and is supervising

Financial’s internal review of its promotion and sale of UCIS (during the

Relevant Period, Financial undertook 322 individual sales of UCIS funds to

252 customers). Both the ongoing PBRs and the internal review may result

in redress being paid to consumers. At the date of this notice, of those

customers sold UCIS funds during the Relevant Period approximately 80%

may not have been eligible for promotion of UCIS funds and/or may not

have received suitable advice;

(3)
Financial’s breaches of Principle 3 revealed systemic weaknesses in its

systems and controls relating to the recruitment, monitoring and control of

its ARs and RIs and the weaknesses identified persisted for a significant

and continuous period of time without correction;

(4)
the Authority has not identified any evidence to suggest that Financial

acted deliberately or recklessly in committing the breaches of Principle 3;

(5)
no financial crime was facilitated, occasioned or otherwise attributable to

Financial’s breaches and Financial’s breaches did not create a significant

risk that financial crime would be facilitated, occasioned or otherwise

occur;

(6)
the Authority has not identified anything which suggests that Financial

failed to conduct its business with integrity; and

(7)
the Authority has not identified any actual or potential effects on the

orderliness of, or confidence in, markets as a result of Financial’s

misconduct.

Aggravating and mitigating factors (DEPP 6A.3.2G(3))

6.56. The Authority takes into account various factors (which may include those listed

in DEPP 6.5A.3G (2)) which may aggravate or mitigate a breach.

6.57. The Authority considers that the following factors aggravate the breach:

(1)
the failings in breach of Principle 3 occurred despite the Authority’s

concerns in relation to Financial’s inadequate systems and controls being

raised in supervisory correspondence on a number of occasions during the

Relevant Period (specifically 8 August 2010 to 30 April 2013); and

(2)
the weaknesses in Financial’s systems and controls were also brought to

the attention of Financial as a result of an investigation by the Authority

which led to the issuing of a Final Notice in February 2010 in relation to

the conduct of the CEO of the Group.

6.58. The Authority considers that the following factors mitigate the breach:

(1)
Financial now has a new Board in place. The new Board began

implementing improvements to Financial’s systems and controls and risk

management framework prior to the appointment of the Skilled Person;

and

(2)
in late 2012 and early 2013 the new Board proactively engaged with the

Authority and the Skilled Person to remedy weaknesses identified by the

Authority, the Skilled Person’s Report and the new Board itself, in

accordance with an agreed remedial action plan.

6.59. The total length of restriction the Authority is imposing on Financial is therefore

126 days.

Impact of restriction on Financial (DEPP 6A.3.2G(4))

6.60. When assessing the impact of the restriction on Financial, the Authority has taken

into account the following:

(1)
Financial’s expected lost revenue and profits from not being able to recruit

new ARs and RIs until expiry of the restriction;

(2)
the cost of the measures Financial may be required to undertake in order

to comply with the restriction;

(3)
potential economic costs, for example, the payment of salaries to

employees who will not work during the period of restriction or the

payment of compensation to consumers who will suffer loss as a result of

the restriction;

(4)
the effect on other areas of Financial’s business; and


(5)
the restriction does not cause Financial serious financial hardship.

Impact of restriction on persons other than Financial (DEPP 6A.3.2G(5))

6.61. When assessing the impact of the restriction on persons other than Financial, the

Authority considers the following to be relevant:

(1)
consumers will not suffer loss or inconvenience as a result of the

restriction. The restriction does not impact existing ARs and RIs who are

permitted to carry on the relevant regulated activities within Financial’s

Part 4A permission during the period of restriction; and

(2)
the restriction would not have an impact on the markets.

6.62. Having taken into account all the circumstances of the case, including the

considerations set out at DEPP 6A.3.3G, the Authority does not consider it

appropriate to delay the commencement of the period of restriction.

Settlement discount

6.63. Financial agreed to settle at an early stage of the Authority’s investigation.

Financial therefore qualified for a 30% (stage 1) discount to the length of the

restriction under the Authority’s executive settlement procedures. Were it not for

this discount, the Authority would have imposed a restriction of 180 days (six

months) on Financial.

6.64. The Authority considered that a financial penalty of £12,589,134 on Financial in

respect of its breaches of Principle 3 throughout the Relevant Period was

appropriate. However, as Financial has satisfied the Authority that payment of

such a penalty would cause it serious financial hardship, the Authority has

reduced the level of the penalty to nil and instead is publishing a statement that

Financial has breached Principle 3.

6.65. In addition to publishing such a statement, the Authority considers that it is also

appropriate to impose a restriction on Financial in respect of its misconduct

between 8 August 2010 and 30 April 2013, on the basis that the penalty would

cause Financial serious financial hardship and it is appropriate to reduce the

financial penalty. The Authority believes that imposing a restriction here, as an

alternative to a financial penalty, will be a more effective and persuasive

deterrent than the imposition of a financial penalty reduced to nil together with a

statement of misconduct.

6.66. Accordingly the Authority, in addition to a statement of misconduct, also imposes

a restriction on Financial for a period of 126 days from the date this Final Notice

is issued, so that Financial may not appoint any AR or RI during that period.

6.67. Pursuant to DEPP 6A.4.3G, the Authority considers that the combination of

sanctions is proportionate considering the nature and seriousness of the Principle

3 breaches and the fact Financial are unable to pay the financial penalty as a

result of serious financial hardship.

7.
PROCEDURAL MATTERS

Decision maker

7.1.
The decision which gave rise to the obligation to give this Final Notice was made

by the Settlement Decision Makers.

7.2.
This Final Notice is given under, and in accordance with, section 390 of the Act.

7.3.
Sections 391(4), 391(6) and 391(7) of the Act apply to the publication of

information about the matter to which this notice relates. Under those

provisions, the Authority must publish such information about the matter to which

this notice relates as the Authority considers appropriate. The information may

be published in such manner as the Authority considers appropriate. However,

the Authority may not publish information if such publication would, in the opinion

of the Authority, be unfair to you or prejudicial to the interests of consumers or

detrimental to the stability of the UK financial system.

7.4.
The Authority intends to publish such information about the matter to which this

Final Notice relates as it considers appropriate.

Authority contacts

7.5.
For more information concerning this matter generally, contact Paul Howick

(direct line: 020 7066 7954 /email: paul.howick@fca.org.uk) of the Enforcement

and Financial Crime Division of the Authority.

Financial Conduct Authority, Enforcement and Financial Crime Division

ANNEX A:


STATUTORY PROVISIONS

Statutory objectives

1.
The Authority’s strategic objective, set out in section 1B(2) of the Act, is to ensure

that the relevant markets function well.

2.
The Authority’s operational objectives, set out in sections 1B to 1H of the Act, are

as follows:

(1)
securing an appropriate degree of protection for consumers (“the consumer
protection objective”);

(2)
protecting and enhancing the integrity of the UK financial system (“the
integrity objective”); and

(3)
promoting effective competition in the interests of consumers (“the
competition objective”).

Imposition of a restriction

3.
Section 206A of the Act provides that where an authorised person has contravened

a requirement imposed on it under the Act the Authority may impose, for such

period as it considers appropriate, such limitations or other restrictions in relation

to the carrying on of a regulated activity by the person as it considers appropriate.

4.
A restriction may, in particular, be imposed so as to require the person concerned

to take, or refrain from taking, specified action. The period for which the restriction

is to have effect may not exceed 12 months.

Imposition of a financial penalty

5.
Section 206 of the Act provides that the Authority may impose a penalty on an

authorised person, of such amount as it considers appropriate, if it considers that it

has contravened a relevant requirement imposed on it.

6.
Financial is an authorised person for the purposes of section 206 of the Act. The

requirements imposed on authorised persons include those set out in the

Authority’s rules and made under section 137A of the Act.

Imposition of a public censure

7.
Section 205 of the Act provides that where an authorised person has contravened a

requirement imposed on him under the Act the Authority may publish a statement

to this effect.

REGULATORY GUIDANCE AND POLICY

Principles for Businesses (the “Principles”)

8.
In exercising its power to issue a financial penalty, the Authority must have regard

to the relevant provisions in the Authority’s Handbook.

9.
The Principles are set out in the section of the FCA Handbook entitled ‘PRIN’. They

apply in whole or in part to every authorised firm (PRIN 1.1.1G) and are a general

statement of the fundamental obligations of firms under the regulatory system.

They derive their authority from the FCA’s rule-making powers as set out in the

Act, reflect the FCA’s regulatory objectives (PRIN 1.1.2G) and apply with respect to

the carrying out of regulated activities (PRIN 3.2.1R).

10.
The relevant Principle in this case is Principle 3 (Management and Control), which

states that a firm must take reasonable care to organise and control its affairs

responsibly and effectively, with adequate risk management systems.

Decision Procedure and Penalties Manual (DEPP)

11.
Guidance on the imposition and amount of penalties is set out in Chapter 6 of

DEPP, which came into effect on 28 August 2007. Changes to DEPP were

introduced on 6 March 2010.

12.
Guidance on the imposition of a suspension or restriction and the period for which

those suspensions or restrictions are to have effect, is set out in Chapter 6A of

DEPP, which came into effect on 6 August 2010.

13.
The relevant sections of DEPP are set out in the main body of this Notice.

Enforcement Guide (EG)

14.
The Authority’s approach to taking disciplinary action is set out in Chapter 2 of EG.

The Authority’s approach to financial penalties, suspensions and public censures is

set out in Chapter 7 of EG.

15.
EG 7.1 states that the effective and proportionate use of the Authority’s powers to

enforce the requirements of the Act, the rules and the Statements of Principles for

Approved Persons (APER) will play an important role in the Authority’s pursuit of its

statutory objectives. Imposing financial penalties, suspensions and public censures

shows that the Authority is upholding regulatory standards and helps to maintain

market confidence and deter financial crime. An increased public awareness of

regulatory standards also contributes to the protection of consumers.


© regulatorwarnings.com

Regulator Warnings Logo