Final Notice
On , the Financial Conduct Authority issued a Final Notice to PricewaterhouseCoopers LLP
FINAL NOTICE
Address:
1 Embankment Place, London WC2N 6RH
1.
ACTION
1.1.
For the reasons given in this Final Notice, the Financial Conduct Authority (“the
Authority”) hereby imposes on PricewaterhouseCoopers LLP (“PwC”) a financial
penalty of £15,000,000 pursuant to section 345 of the Act.
2.
SUMMARY OF REASONS
2.1.
On 30 January 2019, London Capital & Finance plc (“LCF”) entered administration.
This followed the action taken by the Authority on 10 December 2018 when LCF
was directed to immediately withdraw its promotional material because the way
the firm was marketing its minibonds was unfair, unclear and misleading (for
further detail see this Supervisory Notice).
2.2.
LCF had been in the business of raising finance from the general public through
the issuance of minibonds, ostensibly with the funds then being loaned to third-
party corporate entities. By the time LCF entered administration, it had in total
sold over 16,700 minibonds to 11,625 bondholders. The minibonds sold by LCF
had a face value of around £237.2m.
2.3.
PwC was engaged as LCF’s statutory auditor in the period from 8 September 2016
to 17 October 2017. It audited LCF’s Annual Report and Financial Statements for
the year ended 30 April 2016 (“the 2016 Accounts”) between 8 September 2016
and 10 October 2016 (“the Relevant Period”). PwC resigned as LCF’s auditor on
17 October 2017.
2.4.
During the Relevant Period, LCF failed to co-operate with PwC (including by failing
to provide basic information to PwC), acted aggressively towards auditors at PwC,
and provided inaccurate and/or misleading information to PwC. In the context of
these and other significant issues, PwC formed a reasonable belief that LCF might
be (i.e. suspected that LCF was) involved in fraudulent activity.
2.5.
In the circumstances, PwC should have reported its reasonable belief to the
Authority (as well as the facts and matters that gave rise thereto) pursuant to its
obligations under the Financial Services and Markets Act 2000 (Communications
by Auditors) Regulations 2001 (SI 2001/2587) (“the Reporting Regulations”). PwC
failed to do so.
2.6.
After LCF entered administration, it became clear that its borrowers were unable
to repay their loans and that its business had been run in a highly suspicious way.
Consequently, LCF’s bondholders were exposed to significant losses which have
only been partly reimbursed by compensation schemes funded by the financial
services industry and the taxpayer. As to those schemes:
2.6.1.
By 19 April 2021, the Financial Services Compensation Scheme (“the
FSCS”) had paid out £57.6m to eligible bondholders who lost money when
LCF collapsed.
2.6.2.
On 19 April 2021, the Government established a “one-off” compensation
scheme, facilitated by the FSCS, to compensate 80% of bondholders’
initial investment (up to a maximum of £68,000) for those whom the
FSCS could not otherwise compensate. The government scheme closed
on 31 October 2022, having paid out a total of £115m to eligible
bondholders.
2.7.
The action proposed in the Notice forms part of a wide range of civil, criminal and
regulatory actions that arise against the above background. These include (but
are not limited to):
2.7.1.
criminal investigations by the Serious Fraud Office (in relation to
suspected fraud and money laundering offences);
2.7.2.
action for the recovery of funds by LCF’s Administrators against a wide
range of persons, including: (i) civil court action against senior
management at LCF and various other parties; and (ii) confidential
settlements reached (without the admission of liability) to recover up to
£25.5 million from LCF’s former auditors, including PwC;
2.7.3.
regulatory investigations by the Financial Reporting Council into LCF’s
auditors (which resulted in a severe reprimand and financial sanction of
£7,000,000 (before 30% discount) imposed on PwC for its audit of LCF);
2.7.4.
a Final Notice issued against LCF by the Authority on 11 October 2023
(for
further
details
see
https://www.fca.org.uk/publication/final-
notices/london-capital-and-finance-plc-2023.pdf ); and
2.7.5.
a Final Notice issued against a former director of LCF by the Authority on
13
February
2024
(for
further
details
see
2.8.
The Authority recognises that PwC was not involved in the misconduct of LCF and,
as an auditor, it was not responsible for seeking out or fully investigating
suspected fraud. Nevertheless, auditors of regulated firms, by the nature of their
work, have a unique insight into how those firms are run and managed. Auditors
therefore play an important role in alerting the Authority to issues that may be of
material significance to it, as required by the Reporting Regulations. Speed of
reporting is vitally important given the potential consequences of consumer harm,
financial crime, or other risks to the Authority’s objectives.
2.9.
The Authority also recognises that auditors are required to apply professional
scepticism, which includes being open to the possibility of fraud in a way that falls
short of a reasonable belief of suspecting their client may be involved in fraud.
However, once a relevant reasonable belief has formed, auditors are required to
report that to the Authority and this should be done as soon as practicable.
2.10.
In the circumstances, the Authority hereby imposes on PwC a financial penalty of
£15,000,000 pursuant to section 345 of the Act.
3.
DEFINITIONS
3.1.
The definitions below are used in this Notice:
“the 2016 Accounts” means LCF’s Annual Report and Financial Statements for the
year ended 30 April 2016
“the Act” means the Financial Services and Markets Act 2000
“the Audit Team” means a number of individuals at PwC who were assigned to
the LCF Audit
“the Authority” means the Financial Conduct Authority
“Banking & Capital Markets” means the department at PwC which includes the
“bondholders” means individual investors who invested in a LCF minibond
“minibonds” means non-transferable debt securities issued by LCF and marketed
to retail investors
“corporate borrowers” means the companies to which LCF loaned bondholder
funds
“FSCS” means the Financial Services Compensation Scheme
“FY16” means the financial year 1 May 2015 to 30 April 2016
“internal SAR” means an inhouse report which PwC staff are obliged to make to
the MLRO Unit when they suspect that a person has engaged in money laundering
or terrorist financing
“ISA (UK) 250” means the International Standard on Auditing (UK) 250 (revised
June 2016) for audits of financial statements for periods beginning on or after
“ISA (UK) 250A” means Section A of the International Standard on Auditing (UK)
250 (revised June 2016) which deals with the auditor’s responsibility to consider
laws and regulations in an audit of financial statements
“ISA (UK) 250B” means Section B of the International Standard on Auditing (UK)
250 (revised June 2016) which deals with the auditor’s statutory right and duty
to report to regulators of public interest entities and regulators of other entities
in the financial sector
“LCF” means London Capital & Finance plc
“the LCF Audit” means PwC’s audit of the 2016 Accounts which took place between
“the Legal Team” means the inhouse legal team that provides legal advice to PwC
“MLRO Unit” means the money laundering reporting officer’s unit, the department
at PwC responsible for considering and dealing with internal reports of suspicious
activity
“the NCA” means the National Crime Agency
“PwC” means PricewaterhouseCoopers LLP
“the PwC SAR Guidance” means the inhouse guidance on submitting an internal
SAR to the MLRO Unit
“the Reporting Regulations” means the Financial Services and Markets Act 2000
(Communications by Auditors) Regulations 2001 (SI 2001/2587)
“Regulation 2” means regulation 2 of the Reporting Regulations
“the Relevant Period” means 8 September 2016 until 10 October 2016
“Risk Management” means PwC’s Risk Management department
“SAR” means a suspicious activity report, a report which a firm is obliged to make
to the NCA when it suspects that a person has engaged in money laundering or
terrorist financing
“tipping off” means the offences defined by section 333A of the Proceeds of Crime
Act 2002 and relates to the act of alerting someone that their activities may be
under investigation
“the Tribunal” means the Upper Tribunal (Tax and Chancery Chamber)
4.
FACTS AND MATTERS
4.1.
PwC is the largest audit firm in the UK by revenue. It is also the second largest
professional services network in the world.
4.2.
PwC started the preparatory work for its audit of the 2016 Accounts in June 2016
and sent LCF an engagement letter on 23 June 2016. By 30 August 2016, PwC
had put in place the Audit Team. The engagement letter was signed by LCF on
8 September 2016, thereby formally appointing PwC as the statutory auditor of
LCF from that date until PwC resigned on 17 October 2017.
4.3.
During the period from 2012 to early-2015, LCF engaged in very little commercial
activity and filed accounts showing it to be either a dormant company or one
generating low revenue.
4.4.
Thereafter LCF engaged in the business of raising finance from the general public
through the issuance of minibonds, ostensibly with the funds then being loaned
to third-party corporate entities.
4.5.
From early 2015 the minibond business of LCF grew rapidly. By the financial year
ending 30 April 2016 (the year audited by PwC, “FY16”) LCF had issued minibonds
with a total face value of £9.95m. Over the next 12 months, after the period
covered by the financial statements PwC had audited, LCF issued a further £53.4m
of minibonds. When LCF went into administration on 30 January 2019, it had
issued bonds with a face value of £237.2m to 11,625 bondholders.
The Reporting Regulations and PwC’s understanding of Regulation 2
4.6.
Pursuant to Regulation 2 and section 342(6) of the Act, auditors of authorised
firms have a duty to report certain matters to the Authority.
4.7.
Regulation 2 is set out in more detail in Annex A but it provides (amongst other
things) that an auditor of an authorised firm must inform the Authority if it
reasonably believes that:
7
4.7.1.
the firm in question is or has been, or may be or may have been, in
contravention of any “relevant requirement” (as defined in Annex A)
applicable to that firm, which contravention may be of material
significance to the Authority in determining whether to exercise, in
relation to the firm concerned, the functions conferred on the Authority
by or under the Act; or
4.7.2.
information or its opinion on matters of which it has become aware in its
capacity as an auditor may be of material significance to the Authority in
determining whether the firm satisfies and will continue to satisfy the
“threshold conditions” (again, as defined in Annex A).
4.8.
During the Relevant Period, PwC understood that:
4.8.1.
Regulation 2 required it to inform the Authority of any information that it
believed could be a breach of the Authority’s regulations and would be of
material significance to the Authority; and
4.8.2.
material significance encompassed “anything that could influence the
decision of the [Authority] in terms of whether [an authorised person
was] in compliance with the [...] rules that were surrounding that
[authorised person] at the time", including information possessed by an
auditor related to (or the auditor’s opinion about) the authorised person’s
involvement in a potential fraud.
The LCF Audit
4.9.
PwC initially considered that the LCF Audit would be low-risk and simple based on
the size and nature of the business and that it would take around 2 weeks to
complete. Instead, the LCF Audit turned into a “very complex and risky job” with
involvement of multiple partners, Risk Management and the Legal Team.
4.10.
The LCF Audit encountered significant risk management issues and required a
large amount of partner time considering various options, including whether LCF
might be involved in fraudulent activity. It took 3 times longer to complete
(6 weeks in total) due to significant issues which fell “at the extreme end of the
scale”, including: (i) LCF’s failure to co-operate with PwC, which gave rise to
serious difficulties in obtaining even basic information from LCF; (ii) aggressive
behaviour from a senior individual at LCF with complete control of its day-to-day
operations; and (iii) substantial concerns about the veracity and reliability of the
information provided by LCF and its involvement in potential fraud. Whilst these
kinds of issues are not uncommon in an audit, they collectively gave rise to serious
concerns and resulted in PwC having a reasonable belief that LCF might be
involved in potential fraud.
4.11.
On 8 September 2016, the Audit Team had an internal kick-off meeting to discuss
the audit approach for LCF. The notes of the meeting mention that the behaviour
of the client had raised questions as to whether there was “something wrong”.
4.12.
Later that day, the Audit Team identified that payments from two of the corporate
borrowers during FY16 had originated from the same bank account. The nature of
the relationship between the corporate borrowers had not been disclosed by the
client. It was noted in an internal email sent by a member of the Audit Team that
“if there’s something funny going on there we need to treat it to be strictly
confidential for now”.
4.13.
That same day, a member of the Audit Team shared the developing concerns with
a senior person within PwC’s Banking & Capital Markets practice stating that the
situation with LCF had become “exponentially worse” and that PwC might need to
resign as auditor or limit the scope of the audit “based on what is happening”.
4.14.
By this stage PwC, through its Audit Team, considered that the amount of
information relevant to the audit, which had been requested and should have been
available but was outstanding, was “quite extreme” such that it justified involving
PwC’s Risk Management department.
4.15.
The outstanding material as at 8 September 2016 included amongst other things:
copies of LCF’s bank statements; accurate and full disclosure of directorships and
related parties; physical copies of signed facility agreements between LCF and the
corporate borrowers; copies of the corporate borrowers’ audited financial
statements and unaudited monthly accounts which should have been provided to
LCF on a rolling basis as per the terms of the facility agreements; copies of
independent valuation reports confirming property valuations upon which charges
had been secured or other evidence to support LCF’s decisions to lend money to
the corporate borrowers; details of impairment assessments on the corporate
borrowers; the signed contract between LCF and an important third party; and
missing invoices for payments due from corporate borrowers. The Audit Team
were also waiting for signed debtor confirmation letters from LCF which they
intended to send to the corporate borrowers to confirm the amounts owed to LCF.
4.16.
On 9 September 2016, an email between senior individuals within Risk
Management described the LCF Audit as “a problematic situation with numerous
concerns”, including “reluctance to provide information and a number of things
that don’t feel right to [the Audit Team]”.
4.17.
Over the course of the audit, the Audit Team continued to encounter, in its own
words at the time, “significant issues”. These issues included the struggle to
progress the audit because the client was either unwilling or unable to provide
necessary information, time pressure from the client to complete the audit by
16 September 2016, and incorrect information provided by the client in relation
to directorships and related parties. There were also concerns about whether the
corporate borrowers existed. In addition, the significant issues included various
red flags that indicated a risk of fraud which caused the Audit Team to question
what was going on at LCF.
4.18.
On 12 September 2016, Risk Management came to the view that the Audit Team
should talk to PwC’s inhouse legal team that provides legal advice to PwC staff
(“the Legal Team”). Later that evening, the Audit Team briefed the Legal Team.
4.19.
On 13 September 2016 (the next day), the Audit Team sought advice from the
Legal Team and others on the contents of a draft email for LCF out of a concern
that if it turned out that LCF was involved in fraudulent activity, that email might
subsequently be construed as tipping off the client about PwC’s suspicions. The
email, which was subsequently sent to LCF, listed the outstanding questions and
documents needed to progress the audit.
4.20.
Later that day, a senior person within PwC’s Banking & Capital Markets practice
sent an email to the Audit Team asking about the Legal Team’s view on attendees
at a meeting with LCF due to take place the next day and whether or how far they
want to be drawn on their questions and key points.
4.21.
On 14 September 2016, after meeting with LCF, the Audit Team considered the
meeting had resulted in more questions than answers. For example, during the
meeting LCF denied knowledge of directorships it clearly did know about and only
admitted such knowledge when shown evidence obtained by the Audit Team from
open-source searches. At the meeting, LCF committed to providing all outstanding
audit evidence by the end of 20 September 2016.
4.22.
On 20 September 2016, the Audit Team emailed the Legal Team and Risk
Management about issues which arose during the client meeting on 14 September
2016 and informed them that there was still a lot of outstanding audit evidence,
and they had more queries on the information received from the client.
4.23.
Shortly afterwards, Risk Management told the Audit Team that PwC’s MLRO Unit
would be in contact to discuss money laundering reporting obligations in relation
to LCF. The MLRO Unit is the department at PwC responsible for dealing with
internal reports of suspicious activity (“internal SARs”), and for making onward
disclosure to the National Crime Agency (“NCA”) through suspicious activity
reports (“SARs”) which financial institutions and other professionals including
auditors are obliged to make when they suspect that a person has engaged in
money laundering or terrorist financing.
4.24.
That same day, after a telephone call with the Audit Team, the MLRO Unit told the
Audit Team to submit an internal SAR on LCF within three working days unless
they were awaiting any further information to substantiate their suspicion or bring
clarity to the matter.
4.25.
Later that day, on 20 September 2016, the Audit Team emailed Risk Management,
copying in the Legal Team, to confirm that contact had been made with the MLRO
Unit and that they intended to complete an internal SAR that evening. The MLRO
Unit also expected to receive an internal SAR based on the information provided.
4.26.
PwC had written guidance on submitting an internal SAR at the time of the LCF
Audit (“the PwC SAR Guidance”) which stated that information which causes a
member of PwC to know, suspect, or have reasonable grounds to know or suspect,
that someone is engaged in money laundering (including suspicions relating to
persons connected to or employed by the client, or counterparties to a transaction
with the client) should be reported to the MLRO Unit as soon as practically possible
once a suspicion is formed. The guidance also provided examples of what may be
reported, including “refusal by a client to provide information you have requested
without a legitimate explanation”.
4.27.
The Audit Team did not seek further information to substantiate their suspicion,
instead sending a completed internal SAR to the MLRO Unit on 20 September
2016, describing the ongoing struggle to obtain information from LCF.
4.28.
Throughout the LCF Audit, the Audit Team believed the information requested
from LCF was “very straightforward” and “deliverables that you would expect to
get on every audit” but the information was not forthcoming or easy to obtain,
and when it was received it was incomplete. The Audit Team believed the missing
information might be relevant to their concerns about whether LCF may have been
involved in a potential fraud.
4.29.
On 27 September 2016, the approach for several audit tests were changed or
abandoned due to the lack of audit evidence provided by the client.
4.30.
On 3 October 2016, the Audit Team informed the Legal Team and Risk
Management that they believed they had sufficient and appropriate audit evidence
to sign off the audit. The next day, the Audit Team was asked to attend an urgent
meeting with the Legal Team and Risk Management to review the audit file and
answer questions. In the following days, the Audit Team received further audit
evidence from LCF and a hot file review was carried out by an independent auditor
at PwC on 8 and 9 October 2016 before the audit could be signed off.
4.31.
By 10 October 2016, PwC had satisfied itself that it was appropriate to sign an
unqualified (clean) audit opinion for the 2016 Accounts. Even if that meant that
PwC no longer subjectively believed that LCF was involved in fraudulent activity
(as to which the Authority does not need to make a finding and makes no finding)
its obligation to report its previous reasonable belief as to fraud remained.
5.
FAILINGS
5.1.
The regulatory provisions relevant to this Notice are referred to in Annex A.
5.2.
During the LCF Audit, PwC (through the Audit Team) formed a reasonable belief
that LCF might have been involved in fraudulent activity in that:
5.2.1.
by 8 September 2016, PwC suspected LCF might be involved in fraudulent
activity, in large part due to the lack of co-operation from LCF and the
extreme amount of basic audit information which had been requested but
not provided, the aggressive behaviour of a senior individual at LCF with
complete control of its day-to-day operations, and the fact that
information that LCF had provided to the Audit Team had been discovered
to be inaccurate and/or incomplete (see paragraphs 4.11 to 4.15); and
5.2.2.
by 13 September 2016 at the latest, PwC’s suspicions continued to be
such that they were concerned about potentially tipping off LCF and
sought advice on the content of a draft email for LCF and the extent to
which they wanted to be drawn on their questions in in-person meetings
with LCF (see paragraphs 4.16 to 4.20 above); and
5.2.3.
by 20 September 2016 PwC’s suspicion was such that the matter had
been discussed with Risk Management, the Legal Team and reported to
the MLRO Unit both verbally and by the submission of an internal SAR
(see paragraphs 4.22 to 4.27 above).
5.3.
PwC understood that if it suspected an authorised firm was involved in fraudulent
activity that would potentially: (a) mean there might have been a contravention
of a relevant requirement and/or that the firm concerned might not be satisfying
the threshold conditions (including, e.g. the firm’s duty to conduct its business
with integrity and/or to establish and maintain controls for countering the risk of
being used to further financial crime and also the suitability requirement to be a
fit and proper person); and (b) be a matter of material significance to the
Authority in determining whether to exercise, in relation to the firm concerned,
the functions conferred on the Authority by or under the Act.
5.4.
In the circumstances, PwC should have promptly reported its reasonable beliefs
to the Authority (as well as the facts and matters giving rise thereto) pursuant to
Regulation 2 and section 342(6) of the Act. These provisions do not require an
auditor to investigate fully whether their suspicions are conclusively established,
nor to wait for an extensive period to see if their suspicions are allayed before
making a report (although in any event the Audit Team waited at least 11 days
before resolving to make an internal SAR). On the contrary, where the matter
giving rise to the duty to report casts doubt on the integrity of those charged with
governance or their competence to conduct the business of a regulated entity, the
auditor is to make the report to the regulator as soon as practicable (see Annex
B and, in particular, paragraph 14 of ISA (UK) 250B therein).
5.5.
However, in breach of Regulation 2 and section 342(6) of the Act, at no point
during the Relevant Period did PwC communicate to the Authority its reasonable
belief that LCF might have been involved in fraudulent activity.
6.
SANCTION
6.1.
The Authority’s policy for imposing a financial penalty is set out in Chapter 6 of
DEPP. DEPP 6.5A sets out the details of the five-step framework that applies in
respect of financial penalties imposed on firms. As per DEPP 6.5.1G for the
purpose of DEPP 6.5 to 6.5D and DEPP 6.6.2 G the term “firm” includes auditors.
Step 1: disgorgement
6.2.
Pursuant to DEPP 6.5A.1G, at Step 1 the Authority seeks to deprive a firm of the
financial benefit derived directly from the breach where it is practical to quantify
this. The Authority has not identified any financial benefit that PwC derived from
its breach.
6.3.
The figure after Step 1 is therefore £0.
Step 2: the seriousness of the breach
6.4.
Pursuant to DEPP 6.5A.2G, at Step 2 the Authority determines a figure that
reflects the seriousness of the breach. Where the amount of revenue generated
by a firm from a particular product line or business area is indicative of the harm
or potential harm of its breach, the Step 2 figure will be based on a percentage of
the firm’s revenue from the relevant products or business area.
6.5.
The Authority considers that the revenue generated by PwC is not an appropriate
indicator of the harm or potential harm caused by its breach and there is no
alternative indicator of harm or potential harm. Pursuant to DEPP 6.5A.2G(13),
the Authority has determined the appropriate Step 2 amount by taking into
account those factors which are relevant to an assessment of the level of the
seriousness of the breach.
6.6.
In assessing the seriousness level, the Authority takes into account various factors
which reflect the impact and nature of the breach, and whether it was committed
deliberately or recklessly. The Authority considers the following factors to be
relevant to the seriousness of PwC’s breach:
(i)
Factors relating to the impact of the breach
The Authority does not hold PwC directly responsible for the losses
resulting from LCF’s collapse. However, by failing to report its reasonable
belief about potential fraud at LCF, PwC failed to make the Authority aware
of information which may have been materially significant to it.
(ii)
Factors relating to the nature of the breach
Auditors of regulated firms, by the nature of their work, have a unique
insight into how those firms are run and managed. As such, they play an
important role in alerting the Authority to issues that may be of material
significance to it as they are required to do under Regulation 2. Speed of
reporting issues is vitally important given the potential consequences of
consumer harm, financial crime, or other risks to the Authority’s
objectives.
During the LCF Audit, PwC formed a reasonable belief that LCF may have
been involved in fraudulent activity but failed to report that belief (and
information and opinions relating thereto) as required at any point during
the Relevant Period.
PwC’s breach was serious. PwC was aware that LCF offered high risk bonds,
was experiencing (and targeting) rapid growth, and was targeting retail
investors. Furthermore, in light of (amongst other things) LCF’s failure to
co-operate (including the extreme amount of basic information which had
been requested but not provided) and LCF’s provision of inaccurate and/or
misleading information to PwC, the Audit Team had suspicions that LCF
might be involved in a potential fraud from very early on in the audit. PwC
failed to report its suspicions or the facts and matters that gave rise to
them to the Authority at any point during the Relevant Period.
(iii)
Factors relevant to whether the breach was reckless or deliberate
PwC’s breach was not reckless or deliberate.
6.7.
DEPP 6.5A.2G(11) lists factors that are likely to be considered “level 4 or 5
factors”. Of these, the Authority considers the following factor to be relevant:
(i)
The breach created a significant risk that financial crime would be
facilitated, occasioned or otherwise occur by not reporting the potential
risk of fraud to the Authority.
6.8.
DEPP 6.5A.2G(12) lists the factors that are likely to be considered “level 1 or 2 or
3 factors”. Of these, the Authority considers the following factors to be relevant:
(i)
Little, or no, profits were made or losses avoided as a result of the breach.
(ii)
The breach was committed negligently.
6.9.
Taking all of the above into account, the Authority considers the seriousness of
the breach to be level 3. The Step 2 figure is £15,000,000.
Step 3: mitigating and aggravating factors
6.10.
Pursuant to DEPP 6.5A.3G, at Step 3 the Authority may increase or decrease the
amount of financial penalty arrived at after Step 2, but not including any amount
to be disgorged as set out in Step 1, to take into account factors which aggravate
or mitigate the breach.
6.11.
The Authority has determined that there are no aggravating or mitigating factors.
6.12.
The figure after Step 3 is therefore £15,000,000.
Step 4: adjustment for deterrence
6.13.
Pursuant to DEPP 6.5A.4G, if the Authority considers the figure arrived at after
Step 3 is insufficient to deter the firm who committed the breach, or others, from
committing further or similar breaches, then the Authority may increase the
penalty.
6.14.
The Authority considers that the Step 3 figure of £15,000,000 represents a
sufficient deterrent to PwC and other auditors and so has not increased the penalty
at Step 4.
6.15.
The figure after Step 4 is therefore £15,000,000.
Step 5: settlement discount
6.16.
There is no settlement discount. The figure after Step 5 is therefore £15,000,000.
6.17.
The Authority therefore hereby imposes a total financial penalty of £15,000,000
on PwC for contravening section 342 of the Act and Regulation 2.
7.
PROCEDURAL MATTERS
7.1.
This Notice is given to PwC under and in accordance with the section 390 of the
Act.
7.2.
The following statutory rights are important.
Decision maker
7.3.
The decision which gave rise to the obligation to give this Notice was made by the
Settlement Decision Makers.
Manner and time for payment
7.4.
The financial penalty must be paid in full by PwC to the Authority no later than
30 August 2024.
If the financial penalty is not paid
7.5.
If all or any of the financial penalty is outstanding on 1 day after the date above,
the Authority may recover the outstanding amount as a debt owed by PwC and
due to the Authority.
7.6.
Sections 391(4), 391(6) and 391(7) of the Act apply to the publication of
information about the matter to which this Notice relates. Under those provisions,
the Authority must publish such information about the matter to which this Notice
relates as the Authority considers appropriate. The information may be published
in such manner as the Authority considers appropriate. However, the Authority
may not publish information if such publication would, in the opinion of the
Authority, be unfair to PwC or prejudicial to the interests of consumers or
detrimental to the stability of the UK financial system.
7.7.
The Authority intends to publish such information about the matter to which this
Final Notice relates as it considers appropriate.
Authority contact
7.8.
For more information concerning this matter generally, contact Gareth Buttrill at
the Authority (email: gareth.buttrill@fca.org.uk).
Financial Conduct Authority, Enforcement and Market Oversight Division
ANNEX A
RELEVANT STATUTORY AND REGULATORY PROVISIONS
Financial Services and Markets Act 2000
1.
The Authority’s statutory objectives, set out in section 1B(3) of the Act, include the
integrity objectives (protecting and enhancing the integrity of the UK financial
system).
2.
Pursuant to section 206(1) of the Act, if the Authority considers that an authorised
person has contravened a requirement imposed on him by or under the Act, it may
impose on him a penalty, in respect of the contravention, of such amount as it
considers appropriate.
Section 342 of the Act
3.
Section 342 information given by auditor or actuary to a regulator:
“(1) This section applies to a person who is, or has been, an auditor of an authorised
person or recognised investment exchange, appointed under or as a result of a
statutory provision.
(2) This section also applies to a person who is, or has been, an actuary acting for
an authorised person and appointed under or as a result of a statutory provision.
(3) An auditor or actuary does not contravene any duty to which he is subject
merely because he gives to a regulator—
(a) information on a matter of which he has, or had, become aware in his capacity
as auditor of, or actuary acting for, the authorised person or recognised investment
exchange, or
(b) his opinion on such a matter,
if he is acting in good faith and he reasonably believes that the information or
opinion is relevant to any functions of that regulator.
(4) Subsection (3) applies whether or not the auditor or actuary is responding to a
request from the regulator.
(5) The Treasury may make regulations prescribing circumstances in which an
auditor or actuary must communicate matters to a regulator as mentioned in
subsection (3).
(6) It is the duty of an auditor or actuary to whom any such regulations apply to
communicate a matter to a regulator in the circumstances prescribed by the
regulations.
(6A) If the authorised person concerned is a credit institution or an investment
firm, and an auditor or actuary communicates a matter to a regulator in accordance
with the regulations, the matter must be disclosed simultaneously to the
management body of the authorised person, unless there are compelling reasons
not to do so.
(7) The matters to be communicated to a regulator in accordance with the
regulations may include matters relating to persons other than the authorised
person or recognised investment exchange concerned.
(8) In subsection (6A) “credit institution” and “investment firm” have the same
meaning as in Article 4(1) of the capital requirements regulation.”
Section 345 of the Act
4.
Section 345 disciplinary measures:
“(1) Subsection (2) applies if it appears to the FCA that an auditor or actuary to
whom section 342 applies—
(a) has failed to comply with a duty imposed on the auditor or actuary by rules
made by the FCA, or
(b) has failed to comply with a duty imposed under this Act to communicate
information to the FCA.
(2) The FCA may do one or more of the following—
(a) disqualify the auditor or actuary from being the auditor of, or (as the case may
be) from acting as an actuary for, any authorised person or any particular class of
authorised person;
(b) disqualify the auditor from being the auditor of any recognised investment
exchange or any particular class of recognised investment exchange;
(c) publish a statement to the effect that it appears to the FCA that the auditor or
(as the case may be) actuary has failed to comply with the duty;
(d) impose on the auditor or actuary a penalty, payable to the FCA, of such amount
as the FCA considers appropriate.
(3) If an auditor or actuary has been disqualified by the PRA under section
345A(4)(a), the FCA may disqualify the auditor or actuary, so long as the
disqualification under that provision remains in force, from being the auditor of, or
(as the case may be) from acting as an actuary for—
(a) any FCA-authorised person,
(b) any particular class of FCA-authorised person,
(c) any recognised investment exchange, or
(d) any particular class of recognised investment exchange.
(4) In subsection (3) “FCA-authorised person” means an authorised person who is
not a PRA-authorised person.
(5) Where under subsection (2) or (3) the FCA disqualifies a person from being the
auditor of an authorised person or recognised investment exchange or class of
authorised person or recognised investment exchange and that authorised person
or recognised investment exchange is also, or any person within that class is also,
a recognised clearing house or recognised CSD, the FCA must —
(a) notify the Bank of England, and
(b) notify the disqualified person that it has made a notification under paragraph
(a).
(6) The FCA may remove any disqualification imposed under paragraph (a) or (b)
of subsection (2) if satisfied that the disqualified person will in future comply with
the duty in question.
(7) The FCA may at any time remove any disqualification imposed under subsection
(3).”
Financial Services and Markets Act 2000 (Communications by Auditors)
Regulations 2001 (SI 2001/2587) (“the Reporting Regulations”)
5.
Regulation 2: Circumstances in which an auditor is to communicate:
“(1) An auditor to whom section 342 … of the Act applies must communicate to the
FCA information on, or his opinion on, matters mentioned in section 342(3)(a) … of
the Act (matters of which he has, or had, become aware in his capacity as auditor
of an authorised person or recognised body or as auditor of a person who has close
links with an authorised person or recognised body) in the following circumstances.
(2) The circumstances are that —
(a) the auditor reasonably believes that, as regards the person concerned—
(i) there is or has been, or may be or may have been, a contravention of any
relevant requirement that applies to the person concerned; and
(ii) that contravention may be of material significance to the FCA in determining
whether to exercise, in relation to the person concerned, any functions conferred
on that regulator by or under any provision of the Act other than Part VI;
(b) the auditor reasonably believes that the information on, or his opinion on, those
matters may be of material significance to the FCA in determining whether the
person concerned satisfies and will continue to satisfy the threshold conditions […];
(c) the auditor reasonably believes that the person concerned is not, may not be
or may cease to be a going concern;
(d) [ …]
(e) [ …]”.
6.
Under Regulation 1 of the Reporting Regulations, “relevant requirement” is and was
at all material times defined as meaning (as relevant here):
“a requirement which is imposed by or under any provision of the Act other than
Part VI (listing) and which relates to authorisation under the Act (whether by way
of permission under Part 4A of the Act or otherwise) or to the carrying on of any
regulated activity”.
7.
In referring to the “threshold conditions” the Reporting Regulations are referring to
the minimum conditions that all authorised firms are required to satisfy. As relevant
here all authorised firms are required to satisfy the Authority that they are fit and
proper having regard to all the circumstances including whether those who manage
the firm’s affairs have adequate skills and experience and act with probity (COND
2.5.1A of the Authority’s Handbook).
RULES AND GUIDANCE
Relevant requirements
8.
The following were “relevant requirements” that applied to LCF during the Relevant
8.1
Principle 1 – “A firm must conduct its business with integrity.”
8.2
SYSC 6.1.1 R - “A firm must establish, implement and maintain adequate policies
and procedures sufficient to ensure compliance of the firm including its
managers, employees and appointed representatives (or where applicable, tied
agents) with its obligations under the regulatory system and for countering the
risk that the firm might be used to further financial crime.”
9.
As per PERG 3.2.2R Principle 1 applies to the communication and approval of financial
promotions which if communicated by an unauthorised person without approval would
contravene section 21(1) of the Act.
10. As per SYSC 1 Annex 1 Part 2.13 R SYSC 6.1.1R applies with respect to the carrying
on of unregulated activities in a prudential context, which is the context in which the
activities carried on by a firm have, or might reasonably be regarded as likely to have,
a negative effect on matters including the integrity of the UK financial system and the
ability of the firm to meet the “fit and proper” test in threshold condition 2E and 3D
(Suitability).
DEPP
11. Chapter 6 of DEPP, which forms part of the Authority’s Handbook, sets out the
Authority’s statement of policy with respect to the imposition and amount of financial
penalties under the Act. In particular, DEPP 6.5A sets out the five steps for penalties
imposed on firms.
12. The Enforcement Guide sets out the Authority’s approach to taking disciplinary action.
The Authority’s approach to financial penalties and suspensions (including restrictions)
is set out in Chapter 7 of the Enforcement Guide.
ANNEX B
EXTRACTS FROM THE INTERNATIONAL STANDARD ON AUDITING
ISA (UK) 250A
1.
Paragraph A10: “As the financial reporting consequences of other laws and regulations
can vary depending on the entity’s operations, the audit procedures required […] are
directed to bringing to the auditor’s attention instances of non-compliance with laws
and regulations that may have a material effect on the financial statements.”
2.
Paragraph 28: “If the auditor has identified or suspects non-compliance with laws and
regulations, the auditor shall determine whether the auditor has a responsibility to
report the identified or suspected non-compliance to parties outside the entity.”
ISA (UK) 250B
3.
Paragraph 14: “When the matter giving rise to a statutory duty to make a report direct
to a regulator casts doubt on the integrity of those charged with governance or their
competence to conduct the business of the regulated entity, the auditor shall (in the
UK, subject to compliance with legislation relating to “tipping off”) make the report to
the regulator as soon as practicable and without informing those charged with
governance in advance.”
4.
Paragraph A25: “In assessing the effect of an apparent breach, the auditor takes into
account the quantity and type of evidence concerning such a matter which may
reasonably be expected to be available. If the auditor concludes that the auditor has
been prevented from obtaining all such evidence concerning a matter which may give
rise to a duty to report, the auditor would normally make a report direct to the
regulator as soon as practicable.”
5.
Paragraph A34: “Speed of reporting is essential where the circumstances cause the
auditor no longer to have confidence in the integrity of those charged with governance.
In such circumstances, there may be a serious and immediate threat to the interests
of depositors or other persons for whose protection the regulator is required to act;
for example where the auditor believes that a fraud or other irregularity may have
been committed by, or with the knowledge of, those charged with governance, or have
evidence of the intention of those charged with governance to commit or condone a
suspected fraud or other irregularity.”
Address:
1 Embankment Place, London WC2N 6RH
1.
ACTION
1.1.
For the reasons given in this Final Notice, the Financial Conduct Authority (“the
Authority”) hereby imposes on PricewaterhouseCoopers LLP (“PwC”) a financial
penalty of £15,000,000 pursuant to section 345 of the Act.
2.
SUMMARY OF REASONS
2.1.
On 30 January 2019, London Capital & Finance plc (“LCF”) entered administration.
This followed the action taken by the Authority on 10 December 2018 when LCF
was directed to immediately withdraw its promotional material because the way
the firm was marketing its minibonds was unfair, unclear and misleading (for
further detail see this Supervisory Notice).
2.2.
LCF had been in the business of raising finance from the general public through
the issuance of minibonds, ostensibly with the funds then being loaned to third-
party corporate entities. By the time LCF entered administration, it had in total
sold over 16,700 minibonds to 11,625 bondholders. The minibonds sold by LCF
had a face value of around £237.2m.
2.3.
PwC was engaged as LCF’s statutory auditor in the period from 8 September 2016
to 17 October 2017. It audited LCF’s Annual Report and Financial Statements for
the year ended 30 April 2016 (“the 2016 Accounts”) between 8 September 2016
and 10 October 2016 (“the Relevant Period”). PwC resigned as LCF’s auditor on
17 October 2017.
2.4.
During the Relevant Period, LCF failed to co-operate with PwC (including by failing
to provide basic information to PwC), acted aggressively towards auditors at PwC,
and provided inaccurate and/or misleading information to PwC. In the context of
these and other significant issues, PwC formed a reasonable belief that LCF might
be (i.e. suspected that LCF was) involved in fraudulent activity.
2.5.
In the circumstances, PwC should have reported its reasonable belief to the
Authority (as well as the facts and matters that gave rise thereto) pursuant to its
obligations under the Financial Services and Markets Act 2000 (Communications
by Auditors) Regulations 2001 (SI 2001/2587) (“the Reporting Regulations”). PwC
failed to do so.
2.6.
After LCF entered administration, it became clear that its borrowers were unable
to repay their loans and that its business had been run in a highly suspicious way.
Consequently, LCF’s bondholders were exposed to significant losses which have
only been partly reimbursed by compensation schemes funded by the financial
services industry and the taxpayer. As to those schemes:
2.6.1.
By 19 April 2021, the Financial Services Compensation Scheme (“the
FSCS”) had paid out £57.6m to eligible bondholders who lost money when
LCF collapsed.
2.6.2.
On 19 April 2021, the Government established a “one-off” compensation
scheme, facilitated by the FSCS, to compensate 80% of bondholders’
initial investment (up to a maximum of £68,000) for those whom the
FSCS could not otherwise compensate. The government scheme closed
on 31 October 2022, having paid out a total of £115m to eligible
bondholders.
2.7.
The action proposed in the Notice forms part of a wide range of civil, criminal and
regulatory actions that arise against the above background. These include (but
are not limited to):
2.7.1.
criminal investigations by the Serious Fraud Office (in relation to
suspected fraud and money laundering offences);
2.7.2.
action for the recovery of funds by LCF’s Administrators against a wide
range of persons, including: (i) civil court action against senior
management at LCF and various other parties; and (ii) confidential
settlements reached (without the admission of liability) to recover up to
£25.5 million from LCF’s former auditors, including PwC;
2.7.3.
regulatory investigations by the Financial Reporting Council into LCF’s
auditors (which resulted in a severe reprimand and financial sanction of
£7,000,000 (before 30% discount) imposed on PwC for its audit of LCF);
2.7.4.
a Final Notice issued against LCF by the Authority on 11 October 2023
(for
further
details
see
https://www.fca.org.uk/publication/final-
notices/london-capital-and-finance-plc-2023.pdf ); and
2.7.5.
a Final Notice issued against a former director of LCF by the Authority on
13
February
2024
(for
further
details
see
2.8.
The Authority recognises that PwC was not involved in the misconduct of LCF and,
as an auditor, it was not responsible for seeking out or fully investigating
suspected fraud. Nevertheless, auditors of regulated firms, by the nature of their
work, have a unique insight into how those firms are run and managed. Auditors
therefore play an important role in alerting the Authority to issues that may be of
material significance to it, as required by the Reporting Regulations. Speed of
reporting is vitally important given the potential consequences of consumer harm,
financial crime, or other risks to the Authority’s objectives.
2.9.
The Authority also recognises that auditors are required to apply professional
scepticism, which includes being open to the possibility of fraud in a way that falls
short of a reasonable belief of suspecting their client may be involved in fraud.
However, once a relevant reasonable belief has formed, auditors are required to
report that to the Authority and this should be done as soon as practicable.
2.10.
In the circumstances, the Authority hereby imposes on PwC a financial penalty of
£15,000,000 pursuant to section 345 of the Act.
3.
DEFINITIONS
3.1.
The definitions below are used in this Notice:
“the 2016 Accounts” means LCF’s Annual Report and Financial Statements for the
year ended 30 April 2016
“the Act” means the Financial Services and Markets Act 2000
“the Audit Team” means a number of individuals at PwC who were assigned to
the LCF Audit
“the Authority” means the Financial Conduct Authority
“Banking & Capital Markets” means the department at PwC which includes the
“bondholders” means individual investors who invested in a LCF minibond
“minibonds” means non-transferable debt securities issued by LCF and marketed
to retail investors
“corporate borrowers” means the companies to which LCF loaned bondholder
funds
“FSCS” means the Financial Services Compensation Scheme
“FY16” means the financial year 1 May 2015 to 30 April 2016
“internal SAR” means an inhouse report which PwC staff are obliged to make to
the MLRO Unit when they suspect that a person has engaged in money laundering
or terrorist financing
“ISA (UK) 250” means the International Standard on Auditing (UK) 250 (revised
June 2016) for audits of financial statements for periods beginning on or after
“ISA (UK) 250A” means Section A of the International Standard on Auditing (UK)
250 (revised June 2016) which deals with the auditor’s responsibility to consider
laws and regulations in an audit of financial statements
“ISA (UK) 250B” means Section B of the International Standard on Auditing (UK)
250 (revised June 2016) which deals with the auditor’s statutory right and duty
to report to regulators of public interest entities and regulators of other entities
in the financial sector
“LCF” means London Capital & Finance plc
“the LCF Audit” means PwC’s audit of the 2016 Accounts which took place between
“the Legal Team” means the inhouse legal team that provides legal advice to PwC
“MLRO Unit” means the money laundering reporting officer’s unit, the department
at PwC responsible for considering and dealing with internal reports of suspicious
activity
“the NCA” means the National Crime Agency
“PwC” means PricewaterhouseCoopers LLP
“the PwC SAR Guidance” means the inhouse guidance on submitting an internal
SAR to the MLRO Unit
“the Reporting Regulations” means the Financial Services and Markets Act 2000
(Communications by Auditors) Regulations 2001 (SI 2001/2587)
“Regulation 2” means regulation 2 of the Reporting Regulations
“the Relevant Period” means 8 September 2016 until 10 October 2016
“Risk Management” means PwC’s Risk Management department
“SAR” means a suspicious activity report, a report which a firm is obliged to make
to the NCA when it suspects that a person has engaged in money laundering or
terrorist financing
“tipping off” means the offences defined by section 333A of the Proceeds of Crime
Act 2002 and relates to the act of alerting someone that their activities may be
under investigation
“the Tribunal” means the Upper Tribunal (Tax and Chancery Chamber)
4.
FACTS AND MATTERS
4.1.
PwC is the largest audit firm in the UK by revenue. It is also the second largest
professional services network in the world.
4.2.
PwC started the preparatory work for its audit of the 2016 Accounts in June 2016
and sent LCF an engagement letter on 23 June 2016. By 30 August 2016, PwC
had put in place the Audit Team. The engagement letter was signed by LCF on
8 September 2016, thereby formally appointing PwC as the statutory auditor of
LCF from that date until PwC resigned on 17 October 2017.
4.3.
During the period from 2012 to early-2015, LCF engaged in very little commercial
activity and filed accounts showing it to be either a dormant company or one
generating low revenue.
4.4.
Thereafter LCF engaged in the business of raising finance from the general public
through the issuance of minibonds, ostensibly with the funds then being loaned
to third-party corporate entities.
4.5.
From early 2015 the minibond business of LCF grew rapidly. By the financial year
ending 30 April 2016 (the year audited by PwC, “FY16”) LCF had issued minibonds
with a total face value of £9.95m. Over the next 12 months, after the period
covered by the financial statements PwC had audited, LCF issued a further £53.4m
of minibonds. When LCF went into administration on 30 January 2019, it had
issued bonds with a face value of £237.2m to 11,625 bondholders.
The Reporting Regulations and PwC’s understanding of Regulation 2
4.6.
Pursuant to Regulation 2 and section 342(6) of the Act, auditors of authorised
firms have a duty to report certain matters to the Authority.
4.7.
Regulation 2 is set out in more detail in Annex A but it provides (amongst other
things) that an auditor of an authorised firm must inform the Authority if it
reasonably believes that:
7
4.7.1.
the firm in question is or has been, or may be or may have been, in
contravention of any “relevant requirement” (as defined in Annex A)
applicable to that firm, which contravention may be of material
significance to the Authority in determining whether to exercise, in
relation to the firm concerned, the functions conferred on the Authority
by or under the Act; or
4.7.2.
information or its opinion on matters of which it has become aware in its
capacity as an auditor may be of material significance to the Authority in
determining whether the firm satisfies and will continue to satisfy the
“threshold conditions” (again, as defined in Annex A).
4.8.
During the Relevant Period, PwC understood that:
4.8.1.
Regulation 2 required it to inform the Authority of any information that it
believed could be a breach of the Authority’s regulations and would be of
material significance to the Authority; and
4.8.2.
material significance encompassed “anything that could influence the
decision of the [Authority] in terms of whether [an authorised person
was] in compliance with the [...] rules that were surrounding that
[authorised person] at the time", including information possessed by an
auditor related to (or the auditor’s opinion about) the authorised person’s
involvement in a potential fraud.
The LCF Audit
4.9.
PwC initially considered that the LCF Audit would be low-risk and simple based on
the size and nature of the business and that it would take around 2 weeks to
complete. Instead, the LCF Audit turned into a “very complex and risky job” with
involvement of multiple partners, Risk Management and the Legal Team.
4.10.
The LCF Audit encountered significant risk management issues and required a
large amount of partner time considering various options, including whether LCF
might be involved in fraudulent activity. It took 3 times longer to complete
(6 weeks in total) due to significant issues which fell “at the extreme end of the
scale”, including: (i) LCF’s failure to co-operate with PwC, which gave rise to
serious difficulties in obtaining even basic information from LCF; (ii) aggressive
behaviour from a senior individual at LCF with complete control of its day-to-day
operations; and (iii) substantial concerns about the veracity and reliability of the
information provided by LCF and its involvement in potential fraud. Whilst these
kinds of issues are not uncommon in an audit, they collectively gave rise to serious
concerns and resulted in PwC having a reasonable belief that LCF might be
involved in potential fraud.
4.11.
On 8 September 2016, the Audit Team had an internal kick-off meeting to discuss
the audit approach for LCF. The notes of the meeting mention that the behaviour
of the client had raised questions as to whether there was “something wrong”.
4.12.
Later that day, the Audit Team identified that payments from two of the corporate
borrowers during FY16 had originated from the same bank account. The nature of
the relationship between the corporate borrowers had not been disclosed by the
client. It was noted in an internal email sent by a member of the Audit Team that
“if there’s something funny going on there we need to treat it to be strictly
confidential for now”.
4.13.
That same day, a member of the Audit Team shared the developing concerns with
a senior person within PwC’s Banking & Capital Markets practice stating that the
situation with LCF had become “exponentially worse” and that PwC might need to
resign as auditor or limit the scope of the audit “based on what is happening”.
4.14.
By this stage PwC, through its Audit Team, considered that the amount of
information relevant to the audit, which had been requested and should have been
available but was outstanding, was “quite extreme” such that it justified involving
PwC’s Risk Management department.
4.15.
The outstanding material as at 8 September 2016 included amongst other things:
copies of LCF’s bank statements; accurate and full disclosure of directorships and
related parties; physical copies of signed facility agreements between LCF and the
corporate borrowers; copies of the corporate borrowers’ audited financial
statements and unaudited monthly accounts which should have been provided to
LCF on a rolling basis as per the terms of the facility agreements; copies of
independent valuation reports confirming property valuations upon which charges
had been secured or other evidence to support LCF’s decisions to lend money to
the corporate borrowers; details of impairment assessments on the corporate
borrowers; the signed contract between LCF and an important third party; and
missing invoices for payments due from corporate borrowers. The Audit Team
were also waiting for signed debtor confirmation letters from LCF which they
intended to send to the corporate borrowers to confirm the amounts owed to LCF.
4.16.
On 9 September 2016, an email between senior individuals within Risk
Management described the LCF Audit as “a problematic situation with numerous
concerns”, including “reluctance to provide information and a number of things
that don’t feel right to [the Audit Team]”.
4.17.
Over the course of the audit, the Audit Team continued to encounter, in its own
words at the time, “significant issues”. These issues included the struggle to
progress the audit because the client was either unwilling or unable to provide
necessary information, time pressure from the client to complete the audit by
16 September 2016, and incorrect information provided by the client in relation
to directorships and related parties. There were also concerns about whether the
corporate borrowers existed. In addition, the significant issues included various
red flags that indicated a risk of fraud which caused the Audit Team to question
what was going on at LCF.
4.18.
On 12 September 2016, Risk Management came to the view that the Audit Team
should talk to PwC’s inhouse legal team that provides legal advice to PwC staff
(“the Legal Team”). Later that evening, the Audit Team briefed the Legal Team.
4.19.
On 13 September 2016 (the next day), the Audit Team sought advice from the
Legal Team and others on the contents of a draft email for LCF out of a concern
that if it turned out that LCF was involved in fraudulent activity, that email might
subsequently be construed as tipping off the client about PwC’s suspicions. The
email, which was subsequently sent to LCF, listed the outstanding questions and
documents needed to progress the audit.
4.20.
Later that day, a senior person within PwC’s Banking & Capital Markets practice
sent an email to the Audit Team asking about the Legal Team’s view on attendees
at a meeting with LCF due to take place the next day and whether or how far they
want to be drawn on their questions and key points.
4.21.
On 14 September 2016, after meeting with LCF, the Audit Team considered the
meeting had resulted in more questions than answers. For example, during the
meeting LCF denied knowledge of directorships it clearly did know about and only
admitted such knowledge when shown evidence obtained by the Audit Team from
open-source searches. At the meeting, LCF committed to providing all outstanding
audit evidence by the end of 20 September 2016.
4.22.
On 20 September 2016, the Audit Team emailed the Legal Team and Risk
Management about issues which arose during the client meeting on 14 September
2016 and informed them that there was still a lot of outstanding audit evidence,
and they had more queries on the information received from the client.
4.23.
Shortly afterwards, Risk Management told the Audit Team that PwC’s MLRO Unit
would be in contact to discuss money laundering reporting obligations in relation
to LCF. The MLRO Unit is the department at PwC responsible for dealing with
internal reports of suspicious activity (“internal SARs”), and for making onward
disclosure to the National Crime Agency (“NCA”) through suspicious activity
reports (“SARs”) which financial institutions and other professionals including
auditors are obliged to make when they suspect that a person has engaged in
money laundering or terrorist financing.
4.24.
That same day, after a telephone call with the Audit Team, the MLRO Unit told the
Audit Team to submit an internal SAR on LCF within three working days unless
they were awaiting any further information to substantiate their suspicion or bring
clarity to the matter.
4.25.
Later that day, on 20 September 2016, the Audit Team emailed Risk Management,
copying in the Legal Team, to confirm that contact had been made with the MLRO
Unit and that they intended to complete an internal SAR that evening. The MLRO
Unit also expected to receive an internal SAR based on the information provided.
4.26.
PwC had written guidance on submitting an internal SAR at the time of the LCF
Audit (“the PwC SAR Guidance”) which stated that information which causes a
member of PwC to know, suspect, or have reasonable grounds to know or suspect,
that someone is engaged in money laundering (including suspicions relating to
persons connected to or employed by the client, or counterparties to a transaction
with the client) should be reported to the MLRO Unit as soon as practically possible
once a suspicion is formed. The guidance also provided examples of what may be
reported, including “refusal by a client to provide information you have requested
without a legitimate explanation”.
4.27.
The Audit Team did not seek further information to substantiate their suspicion,
instead sending a completed internal SAR to the MLRO Unit on 20 September
2016, describing the ongoing struggle to obtain information from LCF.
4.28.
Throughout the LCF Audit, the Audit Team believed the information requested
from LCF was “very straightforward” and “deliverables that you would expect to
get on every audit” but the information was not forthcoming or easy to obtain,
and when it was received it was incomplete. The Audit Team believed the missing
information might be relevant to their concerns about whether LCF may have been
involved in a potential fraud.
4.29.
On 27 September 2016, the approach for several audit tests were changed or
abandoned due to the lack of audit evidence provided by the client.
4.30.
On 3 October 2016, the Audit Team informed the Legal Team and Risk
Management that they believed they had sufficient and appropriate audit evidence
to sign off the audit. The next day, the Audit Team was asked to attend an urgent
meeting with the Legal Team and Risk Management to review the audit file and
answer questions. In the following days, the Audit Team received further audit
evidence from LCF and a hot file review was carried out by an independent auditor
at PwC on 8 and 9 October 2016 before the audit could be signed off.
4.31.
By 10 October 2016, PwC had satisfied itself that it was appropriate to sign an
unqualified (clean) audit opinion for the 2016 Accounts. Even if that meant that
PwC no longer subjectively believed that LCF was involved in fraudulent activity
(as to which the Authority does not need to make a finding and makes no finding)
its obligation to report its previous reasonable belief as to fraud remained.
5.
FAILINGS
5.1.
The regulatory provisions relevant to this Notice are referred to in Annex A.
5.2.
During the LCF Audit, PwC (through the Audit Team) formed a reasonable belief
that LCF might have been involved in fraudulent activity in that:
5.2.1.
by 8 September 2016, PwC suspected LCF might be involved in fraudulent
activity, in large part due to the lack of co-operation from LCF and the
extreme amount of basic audit information which had been requested but
not provided, the aggressive behaviour of a senior individual at LCF with
complete control of its day-to-day operations, and the fact that
information that LCF had provided to the Audit Team had been discovered
to be inaccurate and/or incomplete (see paragraphs 4.11 to 4.15); and
5.2.2.
by 13 September 2016 at the latest, PwC’s suspicions continued to be
such that they were concerned about potentially tipping off LCF and
sought advice on the content of a draft email for LCF and the extent to
which they wanted to be drawn on their questions in in-person meetings
with LCF (see paragraphs 4.16 to 4.20 above); and
5.2.3.
by 20 September 2016 PwC’s suspicion was such that the matter had
been discussed with Risk Management, the Legal Team and reported to
the MLRO Unit both verbally and by the submission of an internal SAR
(see paragraphs 4.22 to 4.27 above).
5.3.
PwC understood that if it suspected an authorised firm was involved in fraudulent
activity that would potentially: (a) mean there might have been a contravention
of a relevant requirement and/or that the firm concerned might not be satisfying
the threshold conditions (including, e.g. the firm’s duty to conduct its business
with integrity and/or to establish and maintain controls for countering the risk of
being used to further financial crime and also the suitability requirement to be a
fit and proper person); and (b) be a matter of material significance to the
Authority in determining whether to exercise, in relation to the firm concerned,
the functions conferred on the Authority by or under the Act.
5.4.
In the circumstances, PwC should have promptly reported its reasonable beliefs
to the Authority (as well as the facts and matters giving rise thereto) pursuant to
Regulation 2 and section 342(6) of the Act. These provisions do not require an
auditor to investigate fully whether their suspicions are conclusively established,
nor to wait for an extensive period to see if their suspicions are allayed before
making a report (although in any event the Audit Team waited at least 11 days
before resolving to make an internal SAR). On the contrary, where the matter
giving rise to the duty to report casts doubt on the integrity of those charged with
governance or their competence to conduct the business of a regulated entity, the
auditor is to make the report to the regulator as soon as practicable (see Annex
B and, in particular, paragraph 14 of ISA (UK) 250B therein).
5.5.
However, in breach of Regulation 2 and section 342(6) of the Act, at no point
during the Relevant Period did PwC communicate to the Authority its reasonable
belief that LCF might have been involved in fraudulent activity.
6.
SANCTION
6.1.
The Authority’s policy for imposing a financial penalty is set out in Chapter 6 of
DEPP. DEPP 6.5A sets out the details of the five-step framework that applies in
respect of financial penalties imposed on firms. As per DEPP 6.5.1G for the
purpose of DEPP 6.5 to 6.5D and DEPP 6.6.2 G the term “firm” includes auditors.
Step 1: disgorgement
6.2.
Pursuant to DEPP 6.5A.1G, at Step 1 the Authority seeks to deprive a firm of the
financial benefit derived directly from the breach where it is practical to quantify
this. The Authority has not identified any financial benefit that PwC derived from
its breach.
6.3.
The figure after Step 1 is therefore £0.
Step 2: the seriousness of the breach
6.4.
Pursuant to DEPP 6.5A.2G, at Step 2 the Authority determines a figure that
reflects the seriousness of the breach. Where the amount of revenue generated
by a firm from a particular product line or business area is indicative of the harm
or potential harm of its breach, the Step 2 figure will be based on a percentage of
the firm’s revenue from the relevant products or business area.
6.5.
The Authority considers that the revenue generated by PwC is not an appropriate
indicator of the harm or potential harm caused by its breach and there is no
alternative indicator of harm or potential harm. Pursuant to DEPP 6.5A.2G(13),
the Authority has determined the appropriate Step 2 amount by taking into
account those factors which are relevant to an assessment of the level of the
seriousness of the breach.
6.6.
In assessing the seriousness level, the Authority takes into account various factors
which reflect the impact and nature of the breach, and whether it was committed
deliberately or recklessly. The Authority considers the following factors to be
relevant to the seriousness of PwC’s breach:
(i)
Factors relating to the impact of the breach
The Authority does not hold PwC directly responsible for the losses
resulting from LCF’s collapse. However, by failing to report its reasonable
belief about potential fraud at LCF, PwC failed to make the Authority aware
of information which may have been materially significant to it.
(ii)
Factors relating to the nature of the breach
Auditors of regulated firms, by the nature of their work, have a unique
insight into how those firms are run and managed. As such, they play an
important role in alerting the Authority to issues that may be of material
significance to it as they are required to do under Regulation 2. Speed of
reporting issues is vitally important given the potential consequences of
consumer harm, financial crime, or other risks to the Authority’s
objectives.
During the LCF Audit, PwC formed a reasonable belief that LCF may have
been involved in fraudulent activity but failed to report that belief (and
information and opinions relating thereto) as required at any point during
the Relevant Period.
PwC’s breach was serious. PwC was aware that LCF offered high risk bonds,
was experiencing (and targeting) rapid growth, and was targeting retail
investors. Furthermore, in light of (amongst other things) LCF’s failure to
co-operate (including the extreme amount of basic information which had
been requested but not provided) and LCF’s provision of inaccurate and/or
misleading information to PwC, the Audit Team had suspicions that LCF
might be involved in a potential fraud from very early on in the audit. PwC
failed to report its suspicions or the facts and matters that gave rise to
them to the Authority at any point during the Relevant Period.
(iii)
Factors relevant to whether the breach was reckless or deliberate
PwC’s breach was not reckless or deliberate.
6.7.
DEPP 6.5A.2G(11) lists factors that are likely to be considered “level 4 or 5
factors”. Of these, the Authority considers the following factor to be relevant:
(i)
The breach created a significant risk that financial crime would be
facilitated, occasioned or otherwise occur by not reporting the potential
risk of fraud to the Authority.
6.8.
DEPP 6.5A.2G(12) lists the factors that are likely to be considered “level 1 or 2 or
3 factors”. Of these, the Authority considers the following factors to be relevant:
(i)
Little, or no, profits were made or losses avoided as a result of the breach.
(ii)
The breach was committed negligently.
6.9.
Taking all of the above into account, the Authority considers the seriousness of
the breach to be level 3. The Step 2 figure is £15,000,000.
Step 3: mitigating and aggravating factors
6.10.
Pursuant to DEPP 6.5A.3G, at Step 3 the Authority may increase or decrease the
amount of financial penalty arrived at after Step 2, but not including any amount
to be disgorged as set out in Step 1, to take into account factors which aggravate
or mitigate the breach.
6.11.
The Authority has determined that there are no aggravating or mitigating factors.
6.12.
The figure after Step 3 is therefore £15,000,000.
Step 4: adjustment for deterrence
6.13.
Pursuant to DEPP 6.5A.4G, if the Authority considers the figure arrived at after
Step 3 is insufficient to deter the firm who committed the breach, or others, from
committing further or similar breaches, then the Authority may increase the
penalty.
6.14.
The Authority considers that the Step 3 figure of £15,000,000 represents a
sufficient deterrent to PwC and other auditors and so has not increased the penalty
at Step 4.
6.15.
The figure after Step 4 is therefore £15,000,000.
Step 5: settlement discount
6.16.
There is no settlement discount. The figure after Step 5 is therefore £15,000,000.
6.17.
The Authority therefore hereby imposes a total financial penalty of £15,000,000
on PwC for contravening section 342 of the Act and Regulation 2.
7.
PROCEDURAL MATTERS
7.1.
This Notice is given to PwC under and in accordance with the section 390 of the
Act.
7.2.
The following statutory rights are important.
Decision maker
7.3.
The decision which gave rise to the obligation to give this Notice was made by the
Settlement Decision Makers.
Manner and time for payment
7.4.
The financial penalty must be paid in full by PwC to the Authority no later than
30 August 2024.
If the financial penalty is not paid
7.5.
If all or any of the financial penalty is outstanding on 1 day after the date above,
the Authority may recover the outstanding amount as a debt owed by PwC and
due to the Authority.
7.6.
Sections 391(4), 391(6) and 391(7) of the Act apply to the publication of
information about the matter to which this Notice relates. Under those provisions,
the Authority must publish such information about the matter to which this Notice
relates as the Authority considers appropriate. The information may be published
in such manner as the Authority considers appropriate. However, the Authority
may not publish information if such publication would, in the opinion of the
Authority, be unfair to PwC or prejudicial to the interests of consumers or
detrimental to the stability of the UK financial system.
7.7.
The Authority intends to publish such information about the matter to which this
Final Notice relates as it considers appropriate.
Authority contact
7.8.
For more information concerning this matter generally, contact Gareth Buttrill at
the Authority (email: gareth.buttrill@fca.org.uk).
Financial Conduct Authority, Enforcement and Market Oversight Division
ANNEX A
RELEVANT STATUTORY AND REGULATORY PROVISIONS
Financial Services and Markets Act 2000
1.
The Authority’s statutory objectives, set out in section 1B(3) of the Act, include the
integrity objectives (protecting and enhancing the integrity of the UK financial
system).
2.
Pursuant to section 206(1) of the Act, if the Authority considers that an authorised
person has contravened a requirement imposed on him by or under the Act, it may
impose on him a penalty, in respect of the contravention, of such amount as it
considers appropriate.
Section 342 of the Act
3.
Section 342 information given by auditor or actuary to a regulator:
“(1) This section applies to a person who is, or has been, an auditor of an authorised
person or recognised investment exchange, appointed under or as a result of a
statutory provision.
(2) This section also applies to a person who is, or has been, an actuary acting for
an authorised person and appointed under or as a result of a statutory provision.
(3) An auditor or actuary does not contravene any duty to which he is subject
merely because he gives to a regulator—
(a) information on a matter of which he has, or had, become aware in his capacity
as auditor of, or actuary acting for, the authorised person or recognised investment
exchange, or
(b) his opinion on such a matter,
if he is acting in good faith and he reasonably believes that the information or
opinion is relevant to any functions of that regulator.
(4) Subsection (3) applies whether or not the auditor or actuary is responding to a
request from the regulator.
(5) The Treasury may make regulations prescribing circumstances in which an
auditor or actuary must communicate matters to a regulator as mentioned in
subsection (3).
(6) It is the duty of an auditor or actuary to whom any such regulations apply to
communicate a matter to a regulator in the circumstances prescribed by the
regulations.
(6A) If the authorised person concerned is a credit institution or an investment
firm, and an auditor or actuary communicates a matter to a regulator in accordance
with the regulations, the matter must be disclosed simultaneously to the
management body of the authorised person, unless there are compelling reasons
not to do so.
(7) The matters to be communicated to a regulator in accordance with the
regulations may include matters relating to persons other than the authorised
person or recognised investment exchange concerned.
(8) In subsection (6A) “credit institution” and “investment firm” have the same
meaning as in Article 4(1) of the capital requirements regulation.”
Section 345 of the Act
4.
Section 345 disciplinary measures:
“(1) Subsection (2) applies if it appears to the FCA that an auditor or actuary to
whom section 342 applies—
(a) has failed to comply with a duty imposed on the auditor or actuary by rules
made by the FCA, or
(b) has failed to comply with a duty imposed under this Act to communicate
information to the FCA.
(2) The FCA may do one or more of the following—
(a) disqualify the auditor or actuary from being the auditor of, or (as the case may
be) from acting as an actuary for, any authorised person or any particular class of
authorised person;
(b) disqualify the auditor from being the auditor of any recognised investment
exchange or any particular class of recognised investment exchange;
(c) publish a statement to the effect that it appears to the FCA that the auditor or
(as the case may be) actuary has failed to comply with the duty;
(d) impose on the auditor or actuary a penalty, payable to the FCA, of such amount
as the FCA considers appropriate.
(3) If an auditor or actuary has been disqualified by the PRA under section
345A(4)(a), the FCA may disqualify the auditor or actuary, so long as the
disqualification under that provision remains in force, from being the auditor of, or
(as the case may be) from acting as an actuary for—
(a) any FCA-authorised person,
(b) any particular class of FCA-authorised person,
(c) any recognised investment exchange, or
(d) any particular class of recognised investment exchange.
(4) In subsection (3) “FCA-authorised person” means an authorised person who is
not a PRA-authorised person.
(5) Where under subsection (2) or (3) the FCA disqualifies a person from being the
auditor of an authorised person or recognised investment exchange or class of
authorised person or recognised investment exchange and that authorised person
or recognised investment exchange is also, or any person within that class is also,
a recognised clearing house or recognised CSD, the FCA must —
(a) notify the Bank of England, and
(b) notify the disqualified person that it has made a notification under paragraph
(a).
(6) The FCA may remove any disqualification imposed under paragraph (a) or (b)
of subsection (2) if satisfied that the disqualified person will in future comply with
the duty in question.
(7) The FCA may at any time remove any disqualification imposed under subsection
(3).”
Financial Services and Markets Act 2000 (Communications by Auditors)
Regulations 2001 (SI 2001/2587) (“the Reporting Regulations”)
5.
Regulation 2: Circumstances in which an auditor is to communicate:
“(1) An auditor to whom section 342 … of the Act applies must communicate to the
FCA information on, or his opinion on, matters mentioned in section 342(3)(a) … of
the Act (matters of which he has, or had, become aware in his capacity as auditor
of an authorised person or recognised body or as auditor of a person who has close
links with an authorised person or recognised body) in the following circumstances.
(2) The circumstances are that —
(a) the auditor reasonably believes that, as regards the person concerned—
(i) there is or has been, or may be or may have been, a contravention of any
relevant requirement that applies to the person concerned; and
(ii) that contravention may be of material significance to the FCA in determining
whether to exercise, in relation to the person concerned, any functions conferred
on that regulator by or under any provision of the Act other than Part VI;
(b) the auditor reasonably believes that the information on, or his opinion on, those
matters may be of material significance to the FCA in determining whether the
person concerned satisfies and will continue to satisfy the threshold conditions […];
(c) the auditor reasonably believes that the person concerned is not, may not be
or may cease to be a going concern;
(d) [ …]
(e) [ …]”.
6.
Under Regulation 1 of the Reporting Regulations, “relevant requirement” is and was
at all material times defined as meaning (as relevant here):
“a requirement which is imposed by or under any provision of the Act other than
Part VI (listing) and which relates to authorisation under the Act (whether by way
of permission under Part 4A of the Act or otherwise) or to the carrying on of any
regulated activity”.
7.
In referring to the “threshold conditions” the Reporting Regulations are referring to
the minimum conditions that all authorised firms are required to satisfy. As relevant
here all authorised firms are required to satisfy the Authority that they are fit and
proper having regard to all the circumstances including whether those who manage
the firm’s affairs have adequate skills and experience and act with probity (COND
2.5.1A of the Authority’s Handbook).
RULES AND GUIDANCE
Relevant requirements
8.
The following were “relevant requirements” that applied to LCF during the Relevant
8.1
Principle 1 – “A firm must conduct its business with integrity.”
8.2
SYSC 6.1.1 R - “A firm must establish, implement and maintain adequate policies
and procedures sufficient to ensure compliance of the firm including its
managers, employees and appointed representatives (or where applicable, tied
agents) with its obligations under the regulatory system and for countering the
risk that the firm might be used to further financial crime.”
9.
As per PERG 3.2.2R Principle 1 applies to the communication and approval of financial
promotions which if communicated by an unauthorised person without approval would
contravene section 21(1) of the Act.
10. As per SYSC 1 Annex 1 Part 2.13 R SYSC 6.1.1R applies with respect to the carrying
on of unregulated activities in a prudential context, which is the context in which the
activities carried on by a firm have, or might reasonably be regarded as likely to have,
a negative effect on matters including the integrity of the UK financial system and the
ability of the firm to meet the “fit and proper” test in threshold condition 2E and 3D
(Suitability).
DEPP
11. Chapter 6 of DEPP, which forms part of the Authority’s Handbook, sets out the
Authority’s statement of policy with respect to the imposition and amount of financial
penalties under the Act. In particular, DEPP 6.5A sets out the five steps for penalties
imposed on firms.
12. The Enforcement Guide sets out the Authority’s approach to taking disciplinary action.
The Authority’s approach to financial penalties and suspensions (including restrictions)
is set out in Chapter 7 of the Enforcement Guide.
ANNEX B
EXTRACTS FROM THE INTERNATIONAL STANDARD ON AUDITING
ISA (UK) 250A
1.
Paragraph A10: “As the financial reporting consequences of other laws and regulations
can vary depending on the entity’s operations, the audit procedures required […] are
directed to bringing to the auditor’s attention instances of non-compliance with laws
and regulations that may have a material effect on the financial statements.”
2.
Paragraph 28: “If the auditor has identified or suspects non-compliance with laws and
regulations, the auditor shall determine whether the auditor has a responsibility to
report the identified or suspected non-compliance to parties outside the entity.”
ISA (UK) 250B
3.
Paragraph 14: “When the matter giving rise to a statutory duty to make a report direct
to a regulator casts doubt on the integrity of those charged with governance or their
competence to conduct the business of the regulated entity, the auditor shall (in the
UK, subject to compliance with legislation relating to “tipping off”) make the report to
the regulator as soon as practicable and without informing those charged with
governance in advance.”
4.
Paragraph A25: “In assessing the effect of an apparent breach, the auditor takes into
account the quantity and type of evidence concerning such a matter which may
reasonably be expected to be available. If the auditor concludes that the auditor has
been prevented from obtaining all such evidence concerning a matter which may give
rise to a duty to report, the auditor would normally make a report direct to the
regulator as soon as practicable.”
5.
Paragraph A34: “Speed of reporting is essential where the circumstances cause the
auditor no longer to have confidence in the integrity of those charged with governance.
In such circumstances, there may be a serious and immediate threat to the interests
of depositors or other persons for whose protection the regulator is required to act;
for example where the auditor believes that a fraud or other irregularity may have
been committed by, or with the knowledge of, those charged with governance, or have
evidence of the intention of those charged with governance to commit or condone a
suspected fraud or other irregularity.”