Final Notice
FINAL NOTICE
Andoversford Business Park
1.
ACTION
1.1.
For the reasons given in this notice, the Authority hereby:
(1)
imposes, pursuant to section 206A of the Act, a restriction on Investments,
for a period of 126 days from the date this Final Notice is issued, so that
Investments is restricted during that period from appointing any AR or RI;
and
(2)
publishes, pursuant to section 205 of the Act, a statement to the effect
that Investments has contravened regulatory requirements.
1.2.
This action is in respect of breaches of Principle 3.
1.3.
Were it not for Investments’ financial position the Authority would have imposed
on Investments a financial penalty of £621,583.
Page 2 of 38
1.4.
Investments agreed to settle at an early stage of the Authority’s investigation.
Investments therefore qualified for a 30% (stage 1) discount under the
Authority’s executive settlement procedures. Were it not for this discount, the
Authority would have imposed a restriction of 180 days (six months) on
Investments.
1.5.
The public censure will be issued on 23 July 2014 and will take the form of this
Final Notice, which will be published on the Authority’s website.
2.
SUMMARY OF REASONS
2.1.
Investments is an adviser network based in Cheltenham, Gloucestershire,
currently responsible for four Appointed Representatives and six Registered
Individuals advising customers on pensions, investments including unregulated
collective investment schemes, mortgages and general insurance/protection
products. Investments also holds permission for dealing in investments enabling
it to offer discretionary investment management services to its customers. As a
result of Investments’ failures during the Relevant Period over 1,400 customers
were exposed to the real risk that its ARs and RIs would make recommendations,
including in relation to high risk products, which were unsuitable.
2.2.
Between 20 August 2008 and 30 April 2013 (the “Relevant Period”) Investments
was one of three subsidiaries of the Group. The systems and controls and risk
management framework at Investments operated at Group level so that the
advisory standards the ARs and RIs were required to meet and the operating
procedures they had to follow were identical for each subsidiary of the Group.
2.3.
During the Relevant Period Investments (through its ARs and RIs) gave advice to
over 1,400 customers, including advising on high risk transactions such as UCIS
and other structured products, pension switching and occupational pension
transfers.
2.4.
In September 2013, a Skilled Person’s Report identified systemic weaknesses in
the design and execution of Investments’ systems and controls and risk
management framework. In particular, the Skilled Person’s Report identified that
Investments had not established any specific systems and controls in respect of
the DIM activity carried out by its RIs. The DIM activity was not a focus for
compliance or risk management generally.
Page 3 of 38
2.5.
Investments’ business model had afforded ARs and RIs a high degree of flexibility
and created an environment which allowed poor standards of business to continue
without correction for a significant period of time. The Authority regards
Investments’ failings as serious because they were directly attributable to
Investments’ cultural focus which viewed the ARs and RIs, rather than the
customers of the ARs and RIs, as the end customer. As a result there was a
general failure to embrace an effective risk-based approach to its AR and RI
controls and risk management processes.
2.6.
Of significant concern to the Authority was the fact that Investments’ DIM activity
was not a focus for compliance or risk management at Group level or at all.
Investments had not established any specific systems and controls in respect of
the DIM activity carried out by its RIs. As a result, there was a significant risk of
consumer detriment in relation to unsuitable investment transactions.
2.7.
The Authority considers that this case is particularly serious because Investments
posed a high risk of consumer detriment as a result of the weaknesses identified,
and particularly exposed customers to the risk that Investments’ ARs and RIs
would make personal recommendations which were not suitable, thereby causing
loss.
2.8.
In the circumstances, the Authority imposes a restriction preventing Investments
from appointing any AR or RI for a period of 126 days from the date this Final
Notice is issued and publish a statement to the effect that Investments has
contravened regulatory requirements. The Authority considers that the nature
and seriousness of Investments’ breaches would have warranted a financial
penalty of £621,583, were it not for Investments’ financial position.
2.9.
The Authority recognises that Investments has co-operated during the course of
the investigation and has effected material changes to its senior management,
systems and controls.
2.10. The Authority recognises that Investments has co-operated during the course of
the investigation and has effected material changes to its senior management,
systems and controls.
3.
DEFINITIONS
3.1.
The definitions below are used in this Final Notice.
“the Act” means the Financial Services and Markets Act 2000;
Page 4 of 38
“AR” means Appointed Representative;
“the Authority” means the body corporate previously known as the Financial
Services Authority and renamed on 1 April 2013 as the Financial Conduct
Authority;
“Board” means Investments’ board of executive and non-executive directors;
“CEO” means Chief Executive Officer;
“CMT” means Investments’ Central Monitoring Team;
“Compliance Visits” means annual visits to Investments’ ARs and RIs conducted by
the field Supervisory Staff;
“Database” means Investments’ comprehensive web-based management
information database;
“Desk-Based Monitoring” means Investments’ periodic desk-based reviews of
adviser performance management information;
“DIM” means discretionary investment management;
“Enforcement” means the Enforcement and Financial Crime Division of the
Authority;
“File Checker” means a member of the File Checking team within Investments’ CMT
which reviewed individual files against a single generic File Check Form. They are in
addition to the Supervisory Staff who conducted the Desk-Based Monitoring and
Compliance Visits;
“Form A” means the Authority’s application form for approved status;
“General/MSA Licence” has the meaning set out in paragraph 4.20;
“Group” means Standard Financial Group plc;
“Guide to Supervision” means Investments’ guide, provided to the Supervisory
Staff, on the process and purpose of supervision;
“Handbook” means the Authority’s Handbook of Rules and Guidance;
“Investments” means Investments Limited;
“KPIs” means Key Performance Indicators;
“MI” means Management Information;
“MSA” means Minimum Standards Achieved;
“NBR” means New Business Register;
“NRS” means Net Risk Score with the meaning set out in paragraph 4.37 (3);
“PBR” means Past Business Review;
“Relevant Period” means 20 August 2008 to 30 April 2013;
Page 5 of 38
“Retail Distribution Review” means the Authority’s rules, effective from 1 January
2013, governing the sale of investment products to retail customers;
“RI” means Registered Individual, a natural person employed by an AR and
approved by the Authority under s.59 of the Act as a CF30 of Investments in
relation to investment business;
“RMF” means Risk Management Framework;
“Risk Register” has the meaning set out in paragraph 4.37;
“Skilled Person’s Report” means the report, dated 11 September 2013, referred to
at paragraph 4.7 of this Notice;
“Specialist Licence” has the meaning set out in paragraph 4.20;
“Statement of Professional Standing” means the accreditation introduced by the
Retail Distribution Review for independent advisers, and required by the
Authority since 1 January 2013;
“Supervisory Staff” means Investments’ supervisory oversight team;
“TCF” means Treating Customers Fairly;
“the Tribunal” means the Upper Tribunal (Tax and Chancery Chamber); and
“UCIS” means unregulated collective investment scheme (as defined in Part XVII,
Chapter I and II of the Act).
4.
FACTS AND MATTERS
4.1.
Investments is an adviser network based in Cheltenham with four ARs and six
RIs. Investments is a subsidiary of the Group, a holding company which is not
authorised and does not trade.
4.2.
Investments was authorised on 2 June 2004 and during the Relevant Period was
authorised to carry out regulated activities:
(1)
advising, advising in relation to pension transfers/opt outs, arranging deals
in investments, making arrangements in relation to designated investment
business, since 2 June 2004;
(2)
advising on and arranging regulated mortgage contracts, and making
arrangements in relation to regulated home finance, since 31 October
2004;
(3)
arranging, safeguarding and administration of assets, the separate
authorisation of safeguarding and administration of assets, managing
investments and dealing in investments as agent, since 1 August 2005;
Page 6 of 38
(4)
dealing in investments as principal and establishing, operating and winding
up both regulated and un-regulated collective investment schemes, since
30 November 2006; and
(5)
establishing, operating and winding up personal pensions and making
arrangements for home purchase plans and home reversion plans, since 6
April 2007.
4.3.
Historically, the Group’s ARs and RIs were split across three subsidiaries, but
following a Group restructuring in February 2010 the majority of ARs and RIs
were transferred to another of the subsidiaries, with the exception of those RIs
who wanted to be able to offer DIM activity, who remained as RIs of Investments.
Risk Assessment and UCIS Thematic Review
4.4.
Since February 2010, Investments has been the subject of an assessment by the
Authority relating to its pension-switching advice, a routine risk assessment and a
further visit by the Authority as part of a thematic review. Specifically, in April
2012, as a follow-up to its previous visit relating to Investments’ pension
switching advice, the Authority reviewed a random sample of Investments’
pension switching recommendations. A risk assessment visit was conducted in
May 2012 and in June 2012 Investments was visited in connection with the
Authority’s thematic review of firms’ practices in respect of the promotion and
sale of UCIS.
4.5.
The assessment and each of the visits raised serious concerns about weaknesses
in Investments’ systems and controls and risk management framework.
4.6.
In response to the Authority’s feedback on the UCIS thematic review, on 3 August
2012, Investments immediately imposed a ban on its ARs and RIs selling UCIS.
Following discussions with the Authority this ban was lifted by Investments in
August 2013 to enable ARs and RIs to provide ‘independent’ advice in the
regulatory environment following the Authority’s Retail Distribution Review.
4.7.
The Authority required the Group to commission the Skilled Person’s Report under
section 166 of the Act to review the effectiveness of Investments’ systems and
controls and risk management framework.
4.8.
The Skilled Person’s Report identified:
Page 7 of 38
(1)
material deficiencies with both the design and implementation of
Investments’ systems and controls and the application of appropriate
standards; and
(2)
that Investments had not implemented a robust risk management
framework that enabled Investments’ senior management proactively to
identify and manage risk.
4.9.
The Skilled Person’s Report attributed this to:
(1)
the inherent risks of Investments’ business model which afforded ARs and
RIs a high degree of flexibility; and
(2)
the cultural focus at Investments which resulted in the ARs and RIs being
treated as the customers rather than the end customers who received the
advice.
4.10. The Authority considered that Investments posed a high risk of consumer
detriment as a result of the weaknesses identified, namely that Investments’ ARs
and RIs would make personal recommendations to customers which were not
suitable, and it was referred to Enforcement for investigation.
Remedial Action by Investments
4.11. Subsequent to the 2012 Risk Assessment and prior to the requirement of the
Skilled Persons Report, Investments commenced a wide-ranging review and
improvement of its senior management and systems and controls and has since
proactively engaged with the Authority and the Skilled Person to remedy
weaknesses identified by the Authority, the draft Skilled Person’s Report and
Investments itself in its systems and controls and risk management framework.
Conduct in issue: Systems and controls and compliance
Determining whether prospective ARs and RIs were suitable to act for Investments
4.12. The decision whether or not to permit a new AR to join Investments was based
primarily on the outcome of Investments’ limited AR recruitment process.
Investments’ procedures set out a list of documentation that needed to be
submitted by applicants (e.g. bank statements, credit reports, employment and
character references, and an assets and liabilities statement) but did not provide
any defined criteria or standards for assessing a prospective ARs’ and RIs’ fitness
and propriety. Investments required prospective ARs and RIs to complete Form A
Page 8 of 38
together with an internal RI/AR application form and to provide the supporting
documentation.
4.13. As part of the recruitment process prospective RIs were required to take and pass
a technical knowledge test before Form A was submitted to the Authority. The
application and supporting documentation was reviewed by Investments and if
there were no concerns regarding the prospective RI’s fitness and propriety, and
the RI had passed the technical knowledge test, Form A was submitted to the
Authority. Following submission of Form A, the prospective RI was invited to
attend Investments’ one-day induction course. A review of a small sample of
Investments’ prospective recruitment files identified examples where there was
insufficient evidence to show that Investments had carried out an appropriate
critical evaluation of the information obtained in order to determine a prospective
AR’s or RI’s fitness and propriety.
4.14. On the instruction of its compliance director, Investments might in certain
situations carry out a “pre-joining visit” before allowing an AR and/or RI to join
Investments (e.g. where it was not possible to obtain all of the fitness and
propriety information needed, such as references from previous employers).
However, given its scope this was not a sufficiently rigorous risk assessment and
it did not provide sufficient insight into an AR’s or RI’s business standards. In any
event, few pre-joining visits took place in the Relevant Period.
4.15. Once Investments had received approval from the Authority for the RI to perform
a controlled function (CF30) the RI was notified that they were permitted to
advise customers without any further skills assessment (unless they were
inexperienced). They were also notified that there would be 100% pre-sale
monitoring of at least three of their new business cases in each applicable
business area and an initial visit would be conducted by the Supervisory Staff
within three months of the AR or RI joining Investments.
Determining RIs’ competence to advise customers
Initial Training and Development
4.16. Investments did not take sufficient steps to identify an RI’s training and
development needs at the outset and before an RI was permitted to provide
advice to customers. New RIs were classified as either experienced or
inexperienced. This classification was made following internal discussions as to
whether the RI had at least two year’s relevant experience but in the absence of
a detailed application form, curriculum vitae or structured interview process
Page 9 of 38
Investments did not have sufficient details of the applicant’s relevant experience
in order to make this judgment. A review of a small sample of Investments’
recruitment and training files identified that an RI’s skills were only assessed at
the outset if the RI was categorised as inexperienced.
4.17. For those new RIs categorised as experienced, the initial assessment of their
knowledge and skills was generally based upon limited information of previous
experience in the Form A, an applicant’s qualifications, two character references
and employment references for the previous five years (which did not elicit
sufficiently comprehensive information as a result of the standard reference
request template). This was insufficient to assess initial training requirements.
There was no formal documented gap analysis of the RI’s knowledge, skills and
experience and there was no evidence that Investments used the results of the
technical knowledge test to identify any initial development needs and produce a
development plan. Many RIs did not have a development plan so it was not
evident that Investments was fulfilling its regulatory obligation to provide
sufficient training to its RIs (linked to their areas of business and development
needs) before they were permitted to provide advice to customers.
4.18. Investments delivered a full day’s induction training for new RIs followed by
further training on assessing suitability. The validation of learning was insufficient
to test the RI’s knowledge and understanding of the course content and focused
on procedure rather than advisory standards. In any event, prior to February
2012, it was not compulsory for RIs to attend either course before they gave
advice, so RIs were effectively permitted to advise customers before Investments
had taken steps to ensure that they had sufficient knowledge and understanding
of the advisory standards they were required to meet and the operating
procedures to follow.
4.19. Investments’ procedures did not state clearly when an RI’s competency status
had been achieved and neither its staff nor management understood the need for
clear assessment criteria or a formal performance assessment process.
4.20. Investments operated a two-tiered internal licensing process. A General/MSA
Licence was awarded for generic product groups (i.e. Pensions, Investments,
Mortgages and General Insurance/Protection) after the first ten new business
entries had been reviewed on a pre-sale basis or the first three new business
entries in a particular product area had been reviewed on a pre-sale basis. A
Page 10 of 38
Specialist Licence was awarded for high-risk products (i.e. transfers from
occupational pension schemes, income drawdown, equity release and long-term
care) once three consecutive new pieces of business (regardless of complexity)
had been post-sale checked and graded seven or above (on a scale of one to
ten).
4.21. Investments’ Guide to Supervision indicates that its Supervisory Staff were
responsible for deciding when an RI was competent but some Supervisory Staff
accepted this responsibility more readily than others so that, in practice, it was
unclear who took responsibility for confirming that the RI was competent. As a
result, there was no clear or formal record of when an RI was considered
competent nor was the rationale for the decision given, so that prior to an MSA
licence being granted both experienced and inexperienced RIs could be providing
advice to customers without supervision from Investments.
4.22. An RI appeared to be considered competent by Investments when he/she had
passed the technical knowledge test and obtained an MSA licence. However:
(1)
the licensing process did not limit the types of product an RI could
recommend. Upon joining Investments, RIs could recommend all types of
product, provided that they held the appropriate qualifications and a
Statement of Professional Standing. The licensing process simply
determined the timing and type of file checking;
(2)
the decision to grant a licence was not based on the File Checker’s initial
assessment but on the final grade achieved after material intervention by
Investments’ CMT, by which time any remedial action had been taken. The
standard on which the licence was granted was therefore potentially
heavily influenced by the input of the CMT. Prior to the RI obtaining a
licence, they often needed to re-submit files several times before CMT
were satisfied that the advice was suitable; and
(3)
there was no defined policy which applied to those RIs who had failed to
obtain a licence, so RIs continued to make recommendations to customers
having failed to obtain a licence over a long period of time.
4.23. Prior to a Specialist Licence being granted, allowing him or her to advise on high
risk products, an RI was permitted to give advice/arrange new business without
any pre-sale checking by Investments. This was not sufficiently robust to prevent
Page 11 of 38
unsuitable advice being given, as the recommendation had already been made by
the time the case was checked.
Supervision of ARs
4.24. The Group employed eight field Supervisory Staff during the Relevant Period who
each supervised ARs and RIs within a defined geographical region.
4.25. Investments stipulated, in its Guide to Supervision, the knowledge and skills the
Supervisory Staff were required to have in order to perform their role
competently but the Supervisory Staff were not provided with any formal training
when they first joined Investments. Supervisory Staff were provided with the
Guide to Supervision workbook, which they were required to study before sitting
a supervisor validation test which comprised multiple choice questions at the back
of the workbook in order to assess their knowledge of the supervision process.
Supervisory Staff sat the test in their own time and it was not invigilated.
4.26. To ensure their ongoing competence, Investments required its Supervisory Staff
to pass an annual supervisory competency course. However, this had not been
attended by the Supervisory Staff since January 2011. A Supervisory Staff
training workshop was held in January 2012 but this only covered their
understanding of the rules for business stationery disclosure, Investments’
customer file record keeping requirements and the content of the annual visits. It
did not include any coaching or other assessment of supervisory skills.
Frequency of AR and RI Supervision
4.27. The frequency of supervision was not driven by the actual risk an AR or RI posed
to consumers. The metrics used to determine the risk rating of ARs and RIs did
not take into account all relevant performance factors and was not based on
recent performance information. For example, the results of pre-sale checking did
not influence the risk rating and post-sale file check results did not have sufficient
weighting which meant that ARs or RIs could exhibit poor results but not be rated
as high risk. Also, aspects of the risk score allocated to the AR’s or RI’s business
was calculated over the whole period since the AR or RI joined Investments.
Consequently, an AR’s or RI’s risk rating did not necessarily reflect the risk they
actually posed which meant the AR or RI might be subject to lower levels of
supervision by Investments than they should have been.
Page 12 of 38
Desk Based Monitoring and Compliance Visits
4.28. The Supervisory Staff supervised Investments’ ARs and RIs by periodic Desk
Based Monitoring and annual Compliance Visits, in addition to file checking.
4.29. Desk Based Monitoring comprised an assessment of an AR’s or RI’s performance
against KPIs, the spread of the AR’s or RI’s new business by risk and product
category and the AR’s or RI’s file checking scores. A review of a small sample of
Desk Based Monitoring conducted for high-risk ARs and RIs identified the
(1)
the frequency of Desk Based Monitoring was determined by the risk rating
of the AR or RI, the calculation of which was not sufficiently robust, as set
out in paragraph 4.26 above. The risk rating was automatically calculated
by Investments’ Database incorporating categories of KPI data from the
date the AR or RI joined Investments to the date the report was run. Each
result was given a score and the total points awarded determined the AR
or RI’s risk rating. The categories of KPI data included:
(a)
the number of breaches of Investments’ policies and procedures;
(b)
the number of complaints received;
(c)
the number of disciplinary actions taken by Investments as a result
of the breaches identified;
(d)
the number of cases classified as replacement business;
(e)
the percentage of cases conducted on an execution only basis;
(f)
persistency (calculated as a percentage of cases); and
(g)
a file check risk factor score.
(2)
the Supervisory Staff only analysed available information to identify
underlying file quality problems where the AR’s or RI’s average file check
score was below the benchmark (itself too low);
(3)
the Supervisory Staffs’ assessment record was insufficient to determine
whether the Supervisory Staff were concerned or not about AR or RI
performance and the nature of the action recorded was unclear; and
(4)
any issues noted were not fed through to an AR’s or RI’s development plan
for subsequent monitoring and completion.
Page 13 of 38
4.30. Compliance Visits, conducted annually, were designed to assess five broad areas:
AR Overview and Stability, Compliance, Training and Competence, Advice
Procedures and TCF. The visit also included a competency assessment. The
Skilled Person’s review of relevant procedural documentation and live observation
of a number of Compliance Visits identified that Investments’ methodology and
approach to Compliance Visits was not sufficiently challenging to enable the
identification, monitoring and/or management of material risks associated with
giving financial advice.
AR and RI compliance and file checking
4.31. Once an RI had obtained a relevant licence, Investments conducted post-sale file
checks at a rate of one in every eight new business transactions. Weaknesses in
the file review methodology meant that file checking would not deliver a
sufficiently robust assessment of suitability. In particular, there was inconsistency
in the guidance provided to ARs and RIs regarding the documents that needed to
be submitted for file checking and the documents requested were not sufficient to
assess fully the suitability of advice in all cases. Deficiencies in the generic file
checking form meant that file checking was not carried out to a consistent
standard and Investments’ grading system for post-sale file checks was not
effective, largely because there was no clear definition of unsuitable advice.
4.32. File checking processes did not adequately identify and assess risk:
(1)
pre-sale checking was limited to new RIs who did not hold an MSA licence,
to pension switching and occupational pension transfer files and to RIs who
held an MSA licence but for whom Supervisory Staff considered that
removal of that licence might be appropriate. Investments did not
undertake pre-sale checking for all transactions requiring a Specialist
Licence, despite Investments considering such transactions to be high risk.
(2)
where the RIs did not hold the relevant Specialist Licence, they were
required to submit the suitability report for the first advice before the
recommendation was made to the customer (a ‘pre-scrutiny check’).
Otherwise, an RI was permitted to give advice/arrange new business
without any pre-sale checking by Investments. The pre-scrutiny check:
(a)
was not sufficient to allow a comprehensive assessment of
suitability; and
Page 14 of 38
(b)
some files which should have been submitted for a pre-scrutiny
check were not submitted until after the advice had been presented
to the customer. No breach was recorded on Investments’ Database
and Investments did not impose any sanction against the RI for
failing to meet this obligation.
(3)
Investments did not follow-up pre-sale checks once the recommendation
had been made in order to establish whether the recommendation which
was approved was the same as that ultimately presented to the customer;
and
(4)
post-sale checking was determined solely by the risk presented by the
product alone, resulting in insufficient levels of checking for RIs who
performed poorly. The number of high risk transactions checked was not
sufficient to ensure that a spread of high risk business would be checked
over time for each AR and RI. The level of post-sale checking was
essentially the same for all ARs and RIs regardless of their on-going
performance. As a result, Investments did not ensure that a sufficient
spread of an AR’s or RI’s total business was monitored.
4.33. Investments’ Database automatically selected files for checking from the entries
on the AR’s or RI’s NBR. The effectiveness of the file selection process in respect
of post-sale checking was heavily dependent on the AR or RI accurately inputting
data into their NBR on the Database. Similarly, as new business was not
administratively processed by Investments, the pre-sale file checking process was
dependent on an RI submitting the advice for review before the personal
recommendation was made to the customer.
4.34. Investments had been aware for some time of material risks relating to the
accuracy and quality of the new business information input by its ARs and RIs.
This risk was material because it affected the integrity of the file checking process
and MI data. Nevertheless, Investments did not take appropriate steps to control
this risk effectively. No comprehensive training on the Database was provided to
ARs and RIs before they began to give advice and Investments did not have a
robust way of retrospectively checking that ARs’ and RIs’ entries on to the NBR
were accurate.
4.35. Investments’ procedures stated that it would carry out a quarterly assessment of
a sample (one for each business area) of post-sale file checks for each individual
File Checker (i.e. 16 quality checks per year). However, no quality assurance
Page 15 of 38
assessment of file checking had been carried out between May 2012 and April
2013 and prior to that quality assurance assessments had focused on post-sale
checking only.
Conduct in issue: Risk management processes
4.36. The governance structure at Investments consisted of the Board and three Sub-
Committees (a Risk Committee, an Audit & Compliance Committee and a
Nominations and Remunerations Committee) which focused on dealing with
incidents and issues that had already materialised rather than proactively
identifying and monitoring on-going risks.
4.37. Following a review of information and documentation relating to Investments’
RMF, including the RMF document, the Risk Register and MI and interviews with
senior management, the Skilled Person’s Report identified that the scope and
quality of MI provided to the Board and its sub-committees was not sufficient to
enable its senior management to identify and monitor risk effectively. In
particular:
(1)
the MI did not adequately summarise the risks to Investments and its
customers. MI provided to the Risk Committee did not contain any
information which would allow it to consider consumer risks directly. Key
analytical information contained in a Consumer Outcomes Report (a
detailed report which focused on the main areas of consumer risk) was
reviewed at a monthly Risk & Compliance Managers’ meeting but not
escalated to the Sub-Committees/Board. The Compliance Report provided
to the Audit & Compliance Committee contained some information relevant
to consumer risks but this was still too high level to enable it to
understand fully the root cause of consumer risks effectively;
(2)
Investments’ risk ratings (High, Medium and Low) as recorded in the Risk
Register were not defined or quantified (i.e. no KPIs had been set,
providing a benchmark against which risk can be monitored) and
Investments had not identified its top risks (comprising both risks to
Investments and all risks to its consumers);
(3)
Investments’ assessment of how well a risk was being controlled was
unreliable and misleading. The Risk Register included a Net Risk Score
(“NRS”) for each risk to reflect how well that risk was being controlled. The
NRS was not set following an objective assessment of the quality and
Page 16 of 38
effectiveness of the internal systems and controls in place. Consequently,
the NRS for most risks (particularly customer risks) was too low resulting
in risks being understated and therefore not being given the appropriate
degree of attention by senior management;
(4)
it was unclear how certain systems and controls linked to risks in the Risk
Register were capable of controlling that risk; and
(5)
the length of the reporting period used to compile data meant there was
little change in the information provided to the Sub-Committees or Board
from month to month. For example, the MI for file check scores was based
on a rolling 12-month period which did not enable senior management to
identify emerging issues promptly and information provided in a Critical
Success Factors report (part of the Board pack) was too high level to
provide the Board with sufficient insight into the root causes of the issues
identified to enable them to decide what action, if any, should be taken.
4.38. In addition to the above, and contrary to what the RMF states, although
Investments engaged external contractors to perform issue-specific audits
(September 2008 - August 2009 and March – November 2010), Investments did
not have an internal audit function during the Relevant Period, so that there was
no robust mechanism for assessing the effectiveness of its internal controls.
5.
FAILINGS
5.1.
The regulatory provisions relevant to this Final Notice are referred to in Annex A.
5.2.
On the basis of the facts and matters above, the Authority considers that
Investments failed to take reasonable care to organise and control its affairs
reasonably and effectively, with adequate risk management systems, in breach of
Principle 3.
5.3.
Of significant concern to the Authority was the fact that Investments’ DIM activity
was not a focus for compliance or risk management at Group level or at all.
Investments had not established any specific systems and controls in respect of
the DIM activity carried out by its ARs and RIs. As a result, there was a significant
risk of consumer detriment in relation to unsuitable investment transactions.
Page 17 of 38
Systems and controls and compliance
5.4.
Investments failed to establish, implement and maintain effective systems and
controls sufficient to ensure that Investments’ ARs and RIs met applicable
requirements and standards under the regulatory system. Specifically:
Determining whether prospective ARs and RIs were suitable to act for Investments
5.5.
Investments failed to take sufficient steps as part of the recruitment process, to
assess appropriately prospective ARs’ business models and business practices to
determine whether they were suitable to act for Investments, in particular:
(1)
Investments did not routinely carry out any structured due diligence
and/or risk assessment which would have enabled them to assess the
prospective AR’s business model and business practices and in turn
identify whether there were any unusual or particular risks which needed
to be considered or addressed. The decision to permit a new AR to join
Investments was based primarily on the outcome of the AR and RI
recruitment process. This meant that, upon joining Investments, ARs were
effectively permitted to follow their own sales process and use their own
adviser tools (e.g. fact finds, risk profile questionnaires and research
systems) which Investments had not assessed and deemed fit for purpose;
(2)
Investments placed undue reliance on the background checks carried out
by the Authority. The Authority’s factsheet issued in August 2011
concerning control over ARs stated that “under no circumstances should
the firm rely on the background checks we carry out to determine whether
the prospective AR is suitable to act for the firm”. Investments required
ARs and RIs to complete Form A and an internal RI/AR form (which
captured details of assets, liabilities and referees). These forms did not
capture sufficient details of an RI’s previous role(s), responsibilities and
relevant experience. Investments did not have a detailed application form,
did not require RIs to submit a full curriculum vitae and did not operate a
structured interview process for assessing an applicant’s knowledge and
skills. Although Investments obtained two character references and
employment references for the previous five years, it adopted a standard
reference request template, which did not elicit sufficiently comprehensive
information. As a result, Investments did not have sufficient details of the
applicant’s relevant experience in order to assess robustly his/her
knowledge and skills. Once RIs had been approved by the Authority as
Page 18 of 38
CF30, they were permitted to advise customers without further skills
assessment (unless they were classified as inexperienced); and
(3)
Investments did not take sufficient steps to ensure the integrity of the
technical knowledge test they required RIs to undertake. RIs were
permitted to complete the test remotely in their own time. It was not
invigilated and might not, therefore, provide a true indication of the RI’s
actual knowledge. In any event it did not test the RI’s knowledge of higher
risk products.
Determining RIs’ competence to advise customers
5.6.
Upon an RI joining Investments, Investments did not carry out a suitable
assessment of their knowledge and skills in order to determine their competence
before they began advising customers. In particular:
(1)
Investments’ process for determining an RI’s competence was unclear and
unreliable;
(2)
Investments did not take sufficient steps to identify the RI’s training and
development needs at the outset and before the RI was permitted to
provide advice;
(3)
Investments did not provide timely and comprehensive training to ensure
that its new ARs and RIs understood the minimum standards Investments
expected them to meet. RIs were effectively permitted to advise
customers before Investments had taken steps to ensure that they had
sufficient knowledge and understanding of the standards they must meet
and the processes to follow; and
(4)
Investments did not specify any specific training and competence
arrangements for RIs who carried out DIM activity.
5.7.
Potentially training and development needs might be identified over time, as a
result of file checking (including initial pre-sale monitoring) and annual visits from
the Supervisory Staff, but due to Investments’ failings in those areas there was
an increased risk of consumer detriment as a result of Investments’ failure to
carry out a suitable assessment at the outset.
Page 19 of 38
Supervision of ARs and RIs
5.8.
Investments failed to ensure that its ARs and RIs were appropriately and
effectively supervised at all times. In particular:
(1)
there was insufficient contact between ARs and RIs and the Supervisory
Staff to ensure effective supervision;
(2)
Investments did not adequately analyse information on RI performance
sufficient to conduct an effective review of competence, identify training
needs and take appropriate action to ensure that those RIs remained
competent for their role. Specifically:
(a)
as a result of the insufficiently robust benchmark for an RI’s
average file check score, Investments’ minimum standards did not
effectively provide an indication of an RI’s competence;
(b)
Desk Based Monitoring was ineffective in identifying an individual
RI’s development needs and failed to initiate appropriate and
effective remedial action; and
(c)
Investments’ minimum standards for measuring an individual RI’s
on-going competence did not include an assessment of the RI’s
skills or technical knowledge.
(3)
Investments’ field supervision was not sufficiently risk-based. As a result
of the inadequate design and execution of its supervision activity, the
annual visits carried out by the Supervisory Staff were not sufficiently
challenging to enable the identification of material risks. Specifically:
(a)
Investments did not take sufficient steps to ensure that the
Supervisory Staff had the necessary experience, coaching and
assessment skills to act as a competent supervisor;
(b)
the timing and frequency of compliance visits was not influenced by
issues/risks associated with particular ARs or even the number of
RIs employed by an AR but were calendar driven;
(c)
the methodology and approach for reviewing key areas during the
annual visits was not sufficiently challenging to identify non-
compliance and instances where customers might not be treated
fairly; and
Page 20 of 38
(d)
the Supervisory Staff did not supervise the DIM activity carried on
by ARs and RIs of Investments, despite evidence of poor behaviour.
(4)
monitoring of the Supervisory Staff was ineffective because KPIs for the
Supervisory Staff roles were time driven rather than qualitative indicators
of performance and development points identified for the Supervisory Staff
tended to be minor and procedural in nature.
Compliance and file checking
5.9.
Investments failed to establish and maintain adequate compliance and file
checking arrangements, appropriate to the size and types of business conducted
by Investments. In particular:
(1)
file checking processes did not adequately identify and assess risks. The
methodology for file selection was not sufficiently influenced by the risk
rating of ARs and/or RIs and as a result Investments did not always ensure
that a spread of higher risk products was checked;
(2)
weaknesses in the file review methodology meant that file checking might
not deliver a sufficiently robust assessment of suitability;
(3)
no quality assurance assessment of file checking had been carried out
since May 2012. Quality assurance assessments conducted prior to that
date focused on post-sale checking only;
(4)
Investments had been aware for some time of significant risks relating to
the accuracy and quality of new business information input into the
Database but had failed to take appropriate steps to control this risk
effectively. For example, the RIs did not attend comprehensive training on
the Database before they began to give advice and Investments did not
have an effective method of retrospectively checking that ARs’ and RIs’
entries on to the NBR were accurate; and
(5)
Investments did not monitor the suitability of DIM decisions and the
management of customer portfolios.
Page 21 of 38
Risk management processes
5.10. Investments
failed
to
implement
effective
processes
to
enable
senior
management to identify, measure, manage and control the risks that Investments
was, or might, be exposed to. In particular:
(1)
the scope and quality of MI provided to the Board and its sub-committees
was not sufficient to enable senior management to identify and monitor
risk effectively;
(2)
Investments’ Board and its senior management team focussed on dealing
with incidents and issues that had already materialised rather than
proactively identifying and monitoring on-going risks;
(3)
the DIM activity of Investments was not routinely considered by
Investments’ Board or sub-committees; and
(4)
the absence of an internal audit function meant that there was no robust
mechanism for assessing the effectiveness of Investments’ internal
systems and controls.
5.11. Taking into account the potentially high risk investment management activities it
offered, the Authority considers that Investments’ systems and controls were
inadequate. The Authority considers that the failings were systemic.
5.12. As a result of these failings, the Authority considers that Investments failed to
take reasonable care to organise and control its affairs responsibly and
effectively, with adequate risk management systems, in breach of Principle 3.
6.
SANCTION
6.1.
The Authority’s policy in relation to the imposition of a financial penalty or public
censure is set out in Chapter 6 of DEPP which forms part of the Authority’s
Handbook. The regulatory provisions governing the determination of financial
penalties changed on 6 March 2010.
6.2.
The Authority’s policy in relation to the imposition of a suspension or restriction is
set out in Chapter 6A of DEPP which forms part of the Authority’s Handbook. The
regulatory provisions governing the imposition of a suspension or restriction were
introduced on 8 August 2010.
Page 22 of 38
Introduction
6.3.
The Authority considered that a financial penalty of £621,583 on Investments in
respect of its breaches of Principle 3 throughout the Relevant Period was
appropriate. However, as Investments has satisfied the Authority that payment of
such a penalty would cause it serious financial hardship, the Authority reduces
the level of the penalty to nil and instead publishes a statement that Investments
has breached Principle 3.
6.4.
In addition to publishing such a statement, the Authority considers that it is
appropriate also to impose a restriction on Investments in respect of its
misconduct between 8 August 2010 and 30 April 2013, on the basis that the
penalty would cause Investments serious financial hardship and it is appropriate
to reduce the financial penalty. The Authority believes that imposing a restriction
here alongside a statement of misconduct, as an alternative to payment of a
financial penalty, will be a more effective and persuasive deterrent than the
imposition of a statement of misconduct alone.
6.5.
Accordingly the Authority, in addition to a statement of misconduct, also imposes
a restriction on Investments for a period of 126 days from the date this Final
Notice is issued, so that Investments may not appoint any AR or RI during that
period.
Financial penalty
6.6.
The conduct in issue took place both before and after 6 March 2010. As set out at
paragraph 2.7 of the Authority Policy Statement 10/4, when calculating a financial
penalty where the conduct straddles penalty regimes, the Authority must have
regard to both the penalty regime which was effective before 6 March 2010 (the
‘old penalty regime’) and the penalty regime which was effective after 6 March
2010 (the ‘new penalty regime’).
Financial penalty under the old regime
6.7.
The Authority’s policy on the imposition of a financial penalty relevant to the
misconduct prior to 6 March 2010 is set out in Chapter 6 of DEPP that was in
force up to and including 5 March 2010. All references to DEPP in this section are
references to that version.
6.8.
The Authority has also had regard to the corresponding provisions of Chapter 7 of
the Authority’s Enforcement Guide in force at the time.
Page 23 of 38
6.9.
In determining whether a financial penalty is appropriate, the Authority is
required to consider all the relevant circumstances of the case. DEPP 6.5.2G sets
out a non-exhaustive list of factors which may be relevant to determining the
appropriate level of financial penalty. The Authority considers that the following
factors are particularly relevant in this case.
Deterrence (DEPP 6.5.2(1))
6.10. When determining the level of penalty, the Authority has regard to the principal
purpose for which it imposes sanctions, namely to promote high standards of
regulatory and market conduct.
6.11. The Authority considers that the financial penalty will deter Investments and
other similar network firms in the market from committing similar breaches. The
Authority also considers that the penalty will demonstrate generally to other
adviser network firms that a business model which affords its ARs and RIs a high
degree of flexibility is not acceptable and will reinforce the importance of collating
quality MI, embedding risk-focused systems and controls and encouraging a
consumer-focused culture.
The nature, seriousness and impact of the breach (DEPP 6.5.2(2))
6.12. There was a real risk of significant consumer detriment resulting from
Investments’ breaches of Principle 3, in that there was a real risk that its ARs and
RIs would make personal recommendations to customers which were not
demonstrably suitable. Investments did not adequately manage or mitigate that
risk during the Relevant Period.
6.13. The Authority considers Investments’ breaches to be serious in that the failings
were systemic, impacted all categories of Investments’ business, and persisted
for a significant and continuous period of time without correction.
Conduct following the breach (DEPP 6.5.2(8))
6.14. Investments has cooperated fully with the Authority’s investigation and, with a
new senior management team in place, has taken substantive action to remedy
the failings identified.
Disciplinary record and compliance history (DEPP 6.5.2(9))
6.15. The Authority has taken account of Investments’ general compliance history. In
particular, as a result of actions taken by the Authority during the Relevant
Page 24 of 38
Period, Investments had knowledge of the Authority’s concerns relating to the
weaknesses in systems and controls and the risk management framework at
Group level but failed adequately to address those concerns. In particular,
Investments was referred to Enforcement in 2009 as a result of similar concerns
identified during the Authority’s thematic review of another subsidiary of the
Group’s pension-switching recommendations. Following its investigation, in
February 2010, the Authority imposed a financial penalty on Mr Charles Palmer,
the CEO of the Group at the time and the current owner of the Group.
Past action taken by the Authority (DEPP 6.5.2(10))
6.16. In determining the level of financial penalty under the old regime, the Authority
has taken into account penalties imposed on other authorised firms for similar
behaviour.
Old Regime Conclusion
6.17. Having considered all the circumstances set out above, the Authority considers
that £200,000 is an appropriate financial penalty to impose on Investments under
the old regime. In the event, Investments has provided verifiable evidence to
establish that imposing any financial penalty would cause it serious financial
hardship.
Financial Penalty under the new regime
6.18. Under the new regime, in force after 6 March 2010, the Authority applies a five-
step framework to determine the appropriate level of financial penalty. DEPP 6.5A
sets out the details of the five-step framework that applies in respect of financial
penalties imposed on firms.
6.19. Pursuant to DEPP 6.5A.1G, at Step 1 the Authority seeks to deprive a firm of the
financial benefit derived directly from the breach where it is practicable to
quantify this. The Authority’s investigation did not seek to determine the extent
of any actual detriment and it has not therefore identified any financial benefit
that Investments derived directly from the breaches of Principle 3.
6.20. Investments is currently undertaking PBRs and an internal review in relation to its
pension switching and UCIS recommendations in order to address the
Page 25 of 38
weaknesses previously identified by the Authority. The final outcome of this
exercise is as yet unknown, but may result in redress being paid to consumers.
6.21. The Step 1 figure is therefore nil.
Step 2: Seriousness of breach
6.22. Pursuant to DEPP 6.5A.2G, at Step 2 the Authority determines a figure that
reflects the seriousness of the breach. Where the amount of revenue generated
by a firm from a particular product line or business area is indicative of the harm
or potential harm that its breach may cause, that figure will be based on a
percentage of the firm’s revenue from the relevant products or business area.
6.23. The Authority considers that the revenue generated by all ARs and RIs within
Investments’ network (“the Network Revenue”) to be indicative of the potential
harm caused by the breach. The Authority has therefore determined a figure
based on a percentage of the total Network Revenue during the period of the
breach. The period of Investments’ breach in relation to the new penalty regime
was from 6 March 2010 to 30 April 2013. The total Network Revenue for this
period is £2,555,050.
6.24. In deciding on the percentage of the relevant revenue that forms the basis of the
Step 2 figure, the Authority considers the seriousness of the breach and chooses
a percentage between 0% and 20%. This range is divided into five fixed levels
which represent, on a sliding scale, the seriousness of the breach; the more
serious the breach, the higher the level. For penalties imposed on firms there are
the following five levels:
(1)
Level 1 – 0%
(2)
Level 2 – 5%
(3)
Level 3 – 10%
(4)
Level 4 – 15%
(5)
Level 5 – 20%
6.25. In assessing the seriousness level, the Authority takes into account various
factors which reflect the impact and nature of the breach, and whether it was
committed deliberately or recklessly.
6.26. The Authority has determined the seriousness of Investments’ breaches to be
Level 4 for the purposes of Step 2, having taken into account the following:
Page 26 of 38
(1)
DEPP 6.5A.2G(6) sets out factors relating to the impact of the breaches:
(a)
the Authority has not identified any direct financial benefit to
Investments as a result of the breaches of Principle 3;
(b)
Investments exposed over 1,400 customers to a risk of loss as a
result of the breaches of Principle 3, in that there was a risk that its
RIs would make personal recommendations to customers which
were not demonstrably suitable. Investments did not adequately
manage or mitigate that risk during the Relevant Period; and
(c)
loss to individual consumers has not been identified or quantified at
this stage but the Authority has required Investments to conduct
further PBRs in relation to its pension-switching recommendations
and is supervising Investments’ internal review of its promotion and
sale of UCIS (during the Relevant Period, Investments undertook 24
individual sales of UCIS funds to 22 customers). Both the ongoing
PBRs and the internal review may result in redress being paid to
consumers.
(2)
DEPP 6.5A.2G(7) sets out factors relating to the nature of the breach:
(a)
Investments’ breaches of Principle 3 revealed systemic weaknesses
in its systems and controls relating to the recruitment, monitoring
and control of its ARs and RIs; and
(b)
the weaknesses identified persisted for a significant and continuous
period of time without correction.
(3)
DEPP 6.5A.2G(8) and (9) set out factors tending to show the breach was
either deliberate or reckless. The Authority has not identified any evidence
to suggest that Investments acted deliberately or recklessly in committing
the breaches of Principle 3;
(4)
DEPP 6.5A.2G(11) sets out factors likely to be considered ‘level 4 factors’,
or ‘level 5 factors’. The Authority considers the following factors to be
relevant:
(a)
loss to individual consumers has not been identified or quantified at
this stage but the Authority has required Investments to conduct
further PBRs in relation to its pension-switching recommendations
and is supervising Investments’ internal review of its promotion and
Page 27 of 38
sale of UCIS (during the Relevant Period, Investments undertook 24
individual sales of UCIS funds to 22 customers). Both the ongoing
PBRs and the internal review may result in redress being paid to
consumers;
(b)
Investments’ breaches of Principle 3 revealed systemic weaknesses
in Investments’ systems and controls relating to the recruitment,
monitoring and control of its ARs;
(c)
no financial crime was facilitated, occasioned or otherwise
attributable to Investments’ breaches;
(d)
Investments’ breaches did not create a significant risk that financial
crime would be facilitated, occasioned or otherwise occur;
(e)
the Authority has not identified anything which suggests that
Investments failed to conduct its business with integrity; and
(f)
the Authority does not consider that Investments’ breaches were
committed deliberately or recklessly.
(5)
DEPP 6.5A.2G(12) sets out factors likely to be considered ‘level 1 factors’,
‘level 2 factors’ or ‘level 3 factors’. The Authority considers the following
factors to be relevant:
(a)
the Authority has not identified any direct financial benefit to
Investments as a result of the breaches of Principle 3;
(b)
the Authority has not identified any actual or potential effects on
the orderliness of, or confidence in, markets as a result of
Investments’ misconduct; and
(c)
the breaches appear to have been committed negligently or
inadvertently.
6.27. Because Investments’ breaches of Principle 3 amounted to gross negligence,
rather than deliberate or reckless misconduct, and because the systemic
weaknesses in Investments’ systems and controls persisted for a significant and
continuous period of time without adequate correction, exposing 1,407 customers
to a risk of loss, the Authority considers that Investments’ breaches should be
considered to be Level 4 breaches.
Page 28 of 38
6.28. A Level 4 breach equates to 15% of the Network Revenue. The new regime
penalty after Step 2 is therefore £383,258.
Step 3: mitigating and aggravating factors
6.29. Pursuant to DEPP 6.5A.3G(2), at Step 3 the Authority may increase or decrease
the amount of the financial penalty arrived at after Step 2 (but not including any
amount disgorged at Step 1) to take into account factors which aggravate or
mitigate the breach.
6.30. The Authority considers that the following factors aggravate the breach:
(1)
the failings in breach of Principle 3 occurred despite the Authority’s
concerns in relation to Investments’ inadequate systems and controls
being raised in supervisory correspondence on a number of occasions
during the Relevant Period; and
(2)
the weaknesses in Investments’ systems and controls were also brought to
the attention of Investments as a result of an investigation by the
Authority which led to the issuing of a Final Notice in February 2010 in
relation to the conduct of the CEO of the Group.
6.31. The Authority considers that the following factors mitigate the breach:
(1)
Investments now has a new Board in place. The new Board began
implementing improvements to Investments’ systems and controls and risk
management framework prior to the appointment of the Skilled Person;
and
(2)
in late 2012 and early 2013 the new Board proactively engaged with the
Authority and the Skilled Person to remedy weakness identified by the
Authority, the Skilled Person’s Report and the new Board itself, in
accordance with an agreed remedial action plan.
6.32. Having taken these aggravating and mitigating factors into account the Authority
considers that an aggregate uplift of 10% is appropriate.
6.33. The Step 3 figure is therefore 110% of £383,258 equating to £421,583.
Step 4: adjustment for deterrence
6.34. Pursuant to DEPP 6.5A.4G, if the Authority considers the figure arrived at after
Step 3 is insufficient to deter Investments who committed the breach, or others,
Page 29 of 38
from committing further or similar breaches, then the Authority may increase the
penalty.
6.35. The Authority considers the Step 3 figure of £421,583 represents a sufficient
deterrent to Investments and others, and so has not increased the penalty at
Step 4.
6.36. Taking into account the old regime penalty of £200,000, the total combined
penalty equates to £621,583.
6.37. The Authority considers that combining the two separate penalties calculated
under the old and new penalty regimes produces a figure which is proportionate
and consistent with the Authority’s statements that the new penalty regime may
lead to increased penalty levels.
6.38. The Step 4 figure is therefore £621,583.
6.39. The Authority would have sought to impose a total financial penalty of £621,583
on Investments for its breaches of Principle 3, were it not that Investments has
provided verifiable evidence to establish that imposing any financial penalty
would cause it serious financial hardship. The penalty is therefore reduced to nil.
Step 5: settlement discount
6.40. As the financial penalty has been reduced to nil before calculation of any discount
for early settlement, no further discount is applicable.
6.41. DEPP 6.4.2G sets out the factors that may be of particular relevance in
determining whether it is appropriate to issue a public censure. The criteria are
not exhaustive and DEPP 6.4.1G(1) provides that the Authority will consider all
the relevant circumstances of the case when deciding whether to impose a
penalty or issue a public censure.
6.42. The Authority considered the following factors to be particularly relevant in this
case:
(1)
pursuant to DEPP 6.4.2G(8)(a) the application of the Authority’s policy on
serious financial hardship has resulted in the financial penalty against
Investments being reduced to nil; and
Page 30 of 38
(2)
pursuant to DEPP 6.4.2G(8)(b) there is verifiable evidence that
Investments would be unable to meet other regulatory requirements,
particularly financial resource requirements, if the Authority had imposed a
financial penalty at the appropriate level.
6.43. Having considered all the circumstances set out above, the Authority considers
that £621,583 would be the appropriate penalty to impose on Investments.
However, taking into account Investments’ financial position and the fact the
penalty has, as a result, been reduced to nil, the Authority is publishing a
statement that Investments has contravened regulatory requirements.
Restriction
6.44. The Authority also imposes a restriction on Investments, for a period of 126 days
from the date this Final Notice is issued, so that Investments is restricted during
that period from appointing any AR or RI.
6.45. The restriction the Authority imposes is a disciplinary measure in respect of
Investments’ misconduct between 8 August 2010 (when the statutory power to
impose a restriction came in to force) and 30 April 2013.
6.46. When determining whether a restriction is appropriate, the Authority is required
to consider the full circumstances of the case. The Authority will impose a
restriction where it believes that such action will be a more effective and
persuasive deterrent than the imposition of a financial penalty alone. DEPP
6A.2.3G specifies examples of circumstances where the Authority may consider it
appropriate to impose a restriction.
6.47. The main reason why the Authority considers that a restriction is appropriate in
the circumstances of this case is because Investments has provided verifiable
evidence to establish that imposing any financial penalty would cause it serious
financial hardship, pursuant to DEPP6A.2.3G(6). The Authority believes that
imposing a restriction in this instance, in addition to a statement of misconduct
and as an alternative to payment of a penalty, would be a more effective and
persuasive deterrent than the imposition of a financial penalty reduced to nil and
a statement of misconduct alone.
6.48. In addition, the Authority considers that a restriction is appropriate because the
Authority has previously taken Enforcement action in respect of similar breaches,
including action against Mr Charles Palmer (who holds significant influence
Page 31 of 38
functions at Investments and is the current owner of the Group). Investments
failed to take appropriate steps to improve its systems and controls as a result of
this action.
6.49. Investments’ failings also suggest a poor compliance culture at Investments. In
particular, as set out at paragraph 4.8 above, the Skilled Person’s Report
attributed the failings identified to:
(1)
the inherent risks of Investments’ business model which afforded ARs and
RIs a high degree of flexibility; and
(2)
the cultural focus at Investments which resulted in the ARs being treated
as the customers rather than the end consumers who received the advice.
6.50. The Authority considers that the restriction it is imposing to be appropriate in that
it will demonstrate to other similar network firms in the market that where a firm
continues to operate with a poor compliance culture the Authority will take
disciplinary action to suspend and/or restrict that firm’s regulated activities, in
combination with a financial penalty or as an alternative sanction.
Length of restriction
6.51. When determining the length of the period of restriction that is appropriate for
the breach concerned, and is also a sufficient deterrent, the Authority will
consider all the relevant circumstances of the case. DEPP 6A.3.2G sets out factors
that may be relevant in determining the appropriate length of the period of
restriction. The Authority considers that the following factors are particularly
relevant in this case.
Deterrence (DEPP 6A.3.2G(1))
6.52. When determining the length of the period of restriction, the Authority has regard
to the principal purpose for which it imposes a restriction, namely to promote
high standards of regulatory and/or market conduct by deterring persons who
have committed breaches from committing further breaches, helping to deter
other persons from committing similar breaches, and demonstrating generally the
benefits of compliant behaviour.
6.53. The Authority considers that the restriction it is imposing will deter Investments
and other similar network firms in the market from committing similar breaches.
It will also emphasise that a firm which negligently or otherwise allows systemic
Page 32 of 38
failings in its systems and controls and risk management framework to persist for
a significant and continuous period of time without adequate correction will not
escape disciplinary action, regardless of its financial position.
The seriousness of the breach (DEPP 6A.3.2G(2))
6.54. When assessing the seriousness of the breach, the Authority takes into account
various factors (which may include those listed in DEPP 6.5A.2G (6) to (9)) which
reflect the impact and nature of the breach, and whether it was committed
deliberately or recklessly.
6.55. When considering the seriousness of the breaches, the Authority has taken into
account the following:
(1)
Investments exposed 1,407 customers to a significant risk of loss as a
result of the breaches of Principle 3, in that there was a significant risk
that its RIs would make personal recommendations to customers which
were not suitable. Investments did not adequately manage or mitigate that
significant risk during the Relevant Period (specifically 8 August 2010 to 30
April 2013);
(2)
loss to individual consumers has not been identified or quantified at this
stage but the Authority has required Investments to conduct further PBRs
in relation to its pension-switching recommendations and is supervising
Investments’ internal review of its promotion and sale of UCIS (during the
Relevant Period, Investments undertook 24 individual sales of UCIS funds
to 22 customers). Both the ongoing PBRs and the internal review may
result in redress being paid to consumers;
(3)
Investments’ breaches of Principle 3 revealed systemic weaknesses in its
systems and controls relating to the recruitment, monitoring and control of
its ARs and RIs and the weaknesses identified persisted for a significant
and continuous period of time without correction;
(4)
the Authority has not identified any evidence to suggest that Investments
acted deliberately or recklessly in committing the breaches of Principle 3;
(5)
no financial crime was facilitated, occasioned or otherwise attributable to
Investments’ breaches and Investments’ breaches did not create a
significant risk that financial crime would be facilitated, occasioned or
otherwise occur;
Page 33 of 38
(6)
the Authority has not identified anything which suggests that Investments
failed to conduct its business with integrity; and
(7)
the Authority has not identified any actual or potential effects on the
orderliness of, or confidence in, markets as a result of Investments’
misconduct.
Aggravating and mitigating factors (DEPP 6A.3.2G(3))
6.56. The Authority takes into account various factors (which may include those listed
in DEPP 6.5A.3G (2)) which may aggravate or mitigate a breach.
6.57. The Authority considers that the following factors aggravate the breach:
(1)
the failings in breach of Principle 3 occurred despite the Authority’s
concerns in relation to Investments’ inadequate systems and controls
being raised in supervisory correspondence on a number of occasions
during the Relevant Period (specifically 8 August 2010 to 30 April 2013);
and
(2)
the weaknesses in Investments’ systems and controls were also brought to
the attention of Investments as a result of an investigation by the
Authority which led to the issuing of a Final Notice in February 2010 in
relation to the conduct of the CEO of the Group.
6.58. The Authority considers that the following factors mitigate the breach:
(1)
Investments now has a new Board in place. The new Board began
implementing improvements to Investments’ systems and controls and risk
management framework prior to the appointment of the Skilled Person;
and
(2)
in late 2012 and early 2013 the new Board proactively engaged with the
Authority and the Skilled Person to remedy weaknesses identified by the
Authority, the Skilled Person’s Report and the new Board itself, in
accordance with an agreed remedial action plan.
6.59. The total length of restriction the Authority is imposing on Investments is
therefore 126 days.
Impact of restriction on Investments (DEPP 6A.3.2G(4))
Page 34 of 38
6.60. When assessing the impact of the restriction on Investments, the Authority has
taken into account the following:
(1)
Investments’ expected lost revenue and profits from not being able to
recruit new ARs and RIs until the expiry of the restriction;
(2)
the cost of the measures Investments may be required to undertake in
order to comply with the restriction;
(3)
potential economic costs, for example, the payment of salaries to
employees who will not work during the period of restriction or the
payment of compensation to consumers who will suffer loss as a result of
the restriction;
(4)
the effect on other areas of Investments’ business; and
(5)
the restriction would not cause Investments serious financial hardship.
Impact of restriction on persons other than Investments (DEPP 6A.3.2G(5))
6.61. When assessing the impact of the restriction on persons other than Investments,
the Authority considers the following to be relevant:
(1)
consumers will not suffer loss or inconvenience as a result of the
restriction. The restriction does not impact existing ARs and RIs who are
permitted to carry on the relevant regulated activities within Investments’
Part 4A permission during the period of restriction; and
(2)
the restriction would not have an impact on the markets.
6.62. Having taken into account all the circumstances of the case, including the
considerations set out at DEPP 6A.3.3G, the Authority does not consider it
appropriate to delay the commencement of the period of restriction.
Settlement discount
6.63. Investments agreed to settle at an early stage of the Authority’s investigation.
Investments therefore qualified for a 30% (stage 1) discount to the length of the
restriction under the Authority’s executive settlement procedures. Were it not for
this discount, the Authority would have imposed a restriction of 180 days (six
months) on Investments.
Page 35 of 38
6.64. The Authority considered that a financial penalty of £621,583 on Investments in
respect of its breaches of Principle 3 throughout the Relevant Period was
appropriate. However, as Investments has satisfied the Authority that payment of
such a penalty would cause it serious financial hardship, the Authority has
reduced the level of the penalty to nil and instead is publishing a statement that
Investments has breached Principle 3.
6.65. In addition to publishing such a statement, the Authority considers that it is
appropriate also to impose a restriction on Investments in respect of its
misconduct between 8 August 2010 and 30 April 2013, on the basis that the
penalty would cause Investments serious financial hardship and it is appropriate
to reduce the financial penalty. The Authority believes that imposing a restriction
here, as an alternative to a financial penalty, will be a more effective and
persuasive deterrent than the imposition of a financial penalty reduced to nil
together with a statement of misconduct.
6.66. Accordingly the Authority, in addition to a statement of misconduct, also imposes
a restriction on Investments for a period of 126 days from the date this Final
Notice is issued, so that Investments may not appoint any AR or RI during that
period.
6.67. Pursuant to DEPP 6A.4.3G, the Authority considers that the combination of
sanctions is proportionate considering the nature and seriousness of the Principle
3 breaches and the fact Investments is unable to pay the financial penalty as a
result of serious financial hardship.
7.
PROCEDURAL MATTERS
Decision maker
7.1.
The decision which gave rise to the obligation to give this Final Notice was made
by the Settlement Decision Makers.
7.2.
This Final Notice is given under, and in accordance with, section 390 of the Act.
7.3.
Sections 391(4), 391(6) and 391(7) of the Act apply to the publication of
information about the matter to which this notice relates. Under those
provisions, the Authority must publish such information about the matter to which
this notice relates as the Authority considers appropriate. The information may
Page 36 of 38
be published in such manner as the Authority considers appropriate. However,
the Authority may not publish information if such publication would, in the opinion
of the Authority, be unfair to you or prejudicial to the interests of consumers or
detrimental to the stability of the UK financial system.
7.4.
The Authority intends to publish such information about the matter to which this
Final Notice relates as it considers appropriate.
Authority contacts
7.5.
For more information concerning this matter generally, contact Paul Howick
(direct line: 020 7066 7954 /email: paul.howick@fca.org.uk) of the Enforcement
and Financial Crime Division of the Authority.
Bill Sillett
Head of Department
Financial Conduct Authority, Enforcement and Financial Crime Division
Page 37 of 38
ANNEX A:
STATUTORY PROVISIONS
Statutory objectives
1.
The Authority’s strategic objective, set out in section 1B(2) of the Act, is to ensure
that the relevant markets function well.
2.
The Authority’s operational objectives, set out in sections 1B to 1H of the Act, are
as follows:
(1)
securing an appropriate degree of protection for consumers (“the consumer
protection objective”);
(2)
protecting and enhancing the integrity of the UK financial system (“the
integrity objective”); and
(3)
promoting effective competition in the interests of consumers (“the
competition objective”).
Imposition of a restriction
3.
Section 206A of the Act provides that where an authorised person has contravened
a requirement imposed on it under the Act the Authority may impose, for such
period as it considers appropriate, such limitations or other restrictions in relation
to the carrying on of a regulated activity by the person as it considers appropriate.
4.
A restriction may, in particular, be imposed so as to require the person concerned
to take, or refrain from taking, specified action. The period for which the restriction
is to have effect may not exceed 12 months.
Imposition of a financial penalty
5.
Section 206 of the Act provides that the Authority may impose a penalty on an
authorised person, of such amount as it considers appropriate, if it considers that it
has contravened a relevant requirement imposed on it.
6.
Financial is an authorised person for the purposes of section 206 of the Act. The
requirements imposed on authorised persons include those set out in the
Authority’s rules and made under section 137A of the Act.
Imposition of a public censure
7.
Section 205 of the Act provides that where an authorised person has contravened a
requirement imposed on him under the Act the Authority may publish a statement
to this effect.
Page 38 of 38
REGULATORY GUIDANCE AND POLICY
Principles for Businesses (the “Principles”)
8.
In exercising its power to issue a financial penalty, the Authority must have regard
to the relevant provisions in the Authority’s Handbook.
9.
The Principles are set out in the section of the FCA Handbook entitled ‘PRIN’. They
apply in whole or in part to every authorised firm (PRIN 1.1.1G) and are a general
statement of the fundamental obligations of firms under the regulatory system.
They derive their authority from the FCA’s rule-making powers as set out in the
Act, reflect the FCA’s regulatory objectives (PRIN 1.1.2G) and apply with respect to
the carrying out of regulated activities (PRIN 3.2.1R).
10.
The relevant Principle in this case is Principle 3 (Management and Control), which
states that a firm must take reasonable care to organise and control its affairs
responsibly and effectively, with adequate risk management systems.
Decision Procedure and Penalties Manual (DEPP)
11.
Guidance on the imposition and amount of penalties is set out in Chapter 6 of
DEPP, which came into effect on 28 August 2007. Changes to DEPP were
introduced on 6 March 2010.
12.
Guidance on the imposition of a suspension or restriction and the period for which
those suspensions or restrictions are to have effect, is set out in Chapter 6A of
DEPP, which came into effect on 6 August 2010.
13.
The relevant sections of DEPP are set out in the main body of this Notice.
Enforcement Guide (EG)
14.
The Authority’s approach to taking disciplinary action is set out in Chapter 2 of EG.
The Authority’s approach to financial penalties, suspensions and public censures is
set out in Chapter 7 of EG.
15.
EG 7.1 states that the effective and proportionate use of the Authority’s powers to
enforce the requirements of the Act, the rules and the Statements of Principles for
Approved Persons (APER) will play an important role in the Authority’s pursuit of its
statutory objectives. Imposing financial penalties, suspensions and public censures
shows that the Authority is upholding regulatory standards and helps to maintain
market confidence and deter financial crime. An increased public awareness of
regulatory standards also contributes to the protection of consumers.