FINAL NOTICE

ACTION

1. For the reasons given in this notice, and pursuant to section 206 of the Financial

Services and Markets Act 2000 (“the Act”), the FSA imposes on UBS AG (“UBS”) a
financial penalty of £29.7 million in respect of breaches of Principles 2 and 3 of the
FSA’s Principles for Businesses (the “Principles”). These breaches occurred between
1 June 2011 and 14 September 2011 (the “Relevant Period”) in the Global Synthetic
Equities (“GSE”) business conducted from the London Branch of UBS (the “London
Branch”).

2. UBS agreed to settle at an early stage of the FSA’s investigation. UBS therefore

qualified for a 30% Stage 1 discount under the FSA’s executive settlement
procedures. Were it not for this discount, the FSA would have imposed a financial
penalty of £42.4 million on UBS.

SUMMARY OF REASONS

3. During the Relevant Period, UBS breached Principle 3 by failing to take reasonable

care to organise and control its affairs responsibly and effectively, with adequate risk
management systems and breached Principle 2 by failing to conduct its business from
the London Branch with due skill, care and diligence.

4. These breaches became apparent when UBS discovered that a UBS employee, Kweku

Adoboli (the “Trader”) on the Exchange Traded Funds desk (the “Desk”) in the GSE
trading division had amassed substantial losses amounting to $2.3 billion through his
trading.

5. On 14 September 2011, the Trader was arrested. He was subsequently tried on an

indictment containing two counts of fraud by abuse of position and four counts of
false accounting. On 20 November 2012, the Trader was convicted of the two counts
of fraud by abuse of position and acquitted of the four counts of false accounting. He
was sentenced to 7 years’ imprisonment.

6. The losses were incurred primarily on exchange traded index future positions. The

underlying positions were disguised by the use of offsetting strategies which had no
economic reality and no associated external risk position. These strategies involved a
combination of late bookings of real trades, booking unmatched (i.e. fictitious) trades
to internal accounts and the use of deferred settlement trades for which there was no
external counterparty (i.e. also fictitious).

7. During the Relevant Period, there was insufficient focus on the key risks associated

with unauthorised trading within the GSE business conducted from the London
Branch which resulted in significant control breakdowns which allowed the
concealment to remain undetected for an extended period of time.

8. In particular, in relation to the GSE business conducted from the London Branch,

UBS failed to:

i.
adequately supervise the GSE business with due skill, care and diligence;

ii.
put adequate systems and controls in place to detect the unauthorised trading in
a timely manner; and

iii.
have adequate focus on risk management systems and to sufficiently escalate or
take sufficient action in respect of identified risk management issues.

DEFINITIONS

9. The definitions below are used in this Final Notice.

“Break” means an item which does not reconcile between one system and another or
between one counterparty and another

“DEPP” means the Decision Procedure and Penalties Manual

“ETF” means Exchange Traded Funds

“GBSOV” means Global Balance Sheet Ownership Verification process, a reconciliation
process undertaken at month end

“GSE” means Global Synthetic Equities

“SCP” means Supervisory Control Portal

“the Act” means the Financial Services and Markets Act 2000

“the Desk” means the ETF Desk

“the FSA” means the Financial Services Authority

“the London Branch” means the London Branch of UBS AG

“the Principles” means the FSA’s Principles for Businesses

“the Tribunal” means the Upper Tribunal (Tax and Chancery Chamber)

“UBS” means UBS AG

STATUTORY AND REGULATORY PROVISIONS

10. The FSA is authorised, pursuant to section 206 of the Act, to impose a penalty of such

amount as it considers appropriate in the circumstances, if it considers that an
authorised person has contravened a requirement imposed on him by or under the Act.

11. Pursuant to section 2(2) and sections 3 and 6 of the Act, two of the FSA’s statutory

objectives are maintaining confidence in the financial system and the reduction of
financial crime.

12. Principle 2 of the Principles states that:

“A firm must conduct its business with due skill, care and diligence”.

13. Principle 3 of the Principles states that:

“A firm must take reasonable care to organise and control its affairs responsibly and
effectively, with adequate risk management systems”.


14. The FSA’s approach to exercising its enforcement powers to impose a financial

penalty on an authorised person is set out in the Enforcement Guide (“EG”).

RELEVANT CONTEXT

Rogue trading incident 2008

15. As a result of an incident of rogue trading at Société Générale, on 11 March 2008, the

FSA published issue 25 of its Market Watch Newsletter (“Market Watch”) in which it
highlighted the measures firms should consider when reviewing the systems and
controls which protect them against rogue trader risks. Market Watch considered:

i.
Front Office culture and governance;

ii.
trading mandates and limits;

iii.
culture and challenge within the control functions; and

iv.
risk management and limits.

16. Further information was provided in issue 29 of Market Watch in which the FSA

highlighted the key issues which had arisen in the course of their discussions with
firms around their systems and controls to prevent and detect unauthorised trading.

17. The FSA considers that firms that conduct trading activities should be vigilant to the

risks arising from unauthorised trading activities given the systemic risks that such
events pose to firms and the wider financial system.

Recent enforcement action

18. On 5 August 2009 UBS was fined £8 million (discounted from £10 million for early

settlement) in respect of breaches of Principles 2 and 3 of the Principles within the
London Branch’s international wealth management business. In particular, the
enforcement action identified the following failures:

i.
to provide an appropriate level of supervision;

ii.
to challenge appropriately the employees in question; and

iii.
to implement effective remedial measures in response to several warning signs
that occurred during the course of its business.

19. The FSA has an expectation that firms should give consideration as to whether the

system and control deficiencies identified in an enforcement action are applicable to
other business areas within the same branch and whether remedial action is necessary.

FACTS AND MATTERS

The UBS Business Division

20. UBS is a major global financial group with its headquarters in Zurich. Since early

2009, UBS has operated four business divisions which includes the Investment Bank
(“UBS IB”). UBS IB has three distinct business areas, one of which is Global
Equities.

Global Synthetic Equities (“GSE”)

21. At the beginning of 2011, Global Equities was restructured and the GSE trading

division was created to combine the synthetic equity products traded across Global
Equities into a single business sector. GSE was brought together by the amalgamation
of existing businesses within Global Equities.

The Exchange Traded Funds Desk (“the Desk”)

22. The Desk was one of the last desks to be transferred into the new GSE trading

division in April 2011. The products traded by the Desk were cash equities, equity
futures and equity index futures. The Desk also had a mandate to undertake
proprietary trading. Shortly after its transfer to GSE, the Desk limits were set at $50
million net delta overnight and $100 million net delta intraday.


Identification of the Issues

23. On 14 September 2011 UBS became aware that substantial unauthorised trading had

been carried out on the Desk. After taking urgent action to close out UBS’s positions
relating to the unauthorised trading, the losses incurred by UBS were calculated at
$2.3 billion (the “Loss”). UBS promptly notified the City of London Police, the FSA
and the Swiss Financial Market Supervisory Authority (“FINMA”).

Independent Investigation

24. On 22 September 2011 the FSA and FINMA requested that UBS appoint an

independent person to conduct an investigation into the circumstances surrounding the
Loss on the Desk which was incurred during the Relevant Period (“the Independent
Investigation”).

25. The Independent Investigation was primarily focused on the Relevant Period and

identified that the true underlying loss making positions were concealed by the use of
fictitious off-setting trades which appeared to be profitable. However, these trades had
no economic reality and no associated external risk position. The following sets out
the Independent Investigation’s findings on the strategies used to conceal the
unauthorised trading in the trade capture systems:

i.
The booking of unmatched trades to internal counterparties: the Front Office
risk system allowed internal futures trades to be booked to a generic
counterparty of ‘internal’ and did not require an automatic mirror trade or
identification of the particular internal counterparty.

ii.
The late booking of trades: Genuine external futures trades were booked into
the futures settlement system but were late in being booked into the Front
Office risk system which allowed manipulation of the profit and loss.

iii.
The use of false ETF trades, including false ETF trades with a deferred
settlement date, false trades at off market prices and amendments to the prices
of ETFs: There was no automatic filter in the trade input systems which
identified off market or large notional transactions and the amendment of a
price in the Front Office risk system did not alter the price in the Front Office
deal capture system.

The risk control environment

26. UBS designed and operated a number of risk control processes to prevent

unauthorised trading. There were three main lines of defence within these risk control

processes. The first line focused on the supervision and oversight of the trading desk
within Front Office and the verification and settlement of trades, undertaken by the
Operations Division. The second line focused on specific risk control tasks within the
Finance, Risk and Compliance Divisions. The third line was the Group Internal Audit
undertaken by UBS.

27. The Independent Investigation identified significant control breakdowns during the

Relevant Period which allowed the concealment to remain undetected. In summary,
the Independent Investigation found that:

i.
Front Office supervision was inadequate, with reported desk limits breaches
which were not adequately acted upon by line management.

ii.
The level of co-operation and co-ordination between front and back office was
not adequate and there was an insufficient level of understanding of the trading
activities “front to back”. This led to a lack of sufficient enquiry and clarity of
accountability between functions.

iii.
The back office function teams relevant to the Desk demonstrated a lack of
capability to effectively identify, challenge and escalate significant and
sustained control issues.

28. The following sets out the Independent Investigation’s findings in relation to each of

the three lines of defence:

Supervision of the Desk

29. The Desk was transferred into the GSE Division in April 2011, having previously sat

within the Cash Equities Division. The transfer of the business groups and their
supporting infrastructure into the GSE Division began in early 2011. In relation to the
Desk, transfer of the supporting infrastructure was deliberately intended to be a
phased handover. It was intended to be completed in advance of September 2011 but
was incomplete when the losses were identified.

Supervision issues

30. Prior to the Desk’s transfer into the GSE Division, the Desk was supervised by a

London based supervisor who sat in close proximity to the trading desk. After the
transfer into the GSE Division the Desk was supervised by a US based supervisor.
However, the previous supervisor continued to receive some of the supervisory
reports, despite having no ongoing supervisory responsibilities over the desk.

Increase in revenue

31. The net revenue recorded by the Desk increased significantly between 2010 and the

first and second quarters of 2011. In 2010, the net revenue of the Desk was $9 million
for the year. In the first quarter of 2011 it had risen to $21 million and by the second
quarter of 2011 it stood at $52 million. This increase in revenue was several times

7


greater than the increase in the risk limits of the Desk. The Desk’s line management
did not make any enquiries into how the increase in revenue was being generated,
although some increase in revenues was expected after the transfer to GSE and the
increase in risk limits.

Desk limits

32. Between 23 June and 15 July 2011 the Desk breached the desk risk limits set by the

Desk supervisor on four occasions. These breaches were escalated to various
individuals within the Front Office. On one of these occasions, the Desk's supervisor
congratulated the desk for the profit made that day, but made clear that the Desk
needed his or the Global Head of GSE's permission to have a risk position in excess of
the limits and informed his supervisor. On another of these occasions, the Trader
sought permission from one of his supervisors for holding an overnight position in
excess of his risk limit. On the other two occasions, no specific action was taken and
no detailed investigation was undertaken into the underlying reasons for those
breaches.

Breaks arising from the Desk

33. On 8 August 2011 the Desk’s line management were informed that the reconciliations

process had uncovered breaks arising from the Desk as a result of the late booking of
external futures trades. The Desk supervisor informed the Operations Division that he
had spoken to the Trader and the positions would be booked out by him that day. He
did not seek any further explanation from the Trader as to how or why the position
had arisen.

34. On 19 August 2011 the Desk supervisor was notified that there were breaks

developing on one-sided internal futures. The Trader’s explanation for this was that he
was building a position for an ETF provider. He had been too busy to book the new
ETFs and so had been incorrectly booking internal futures instead of ETFs to replicate
the correct risk position of the forthcoming ETF trades. The Desk’s line management
considered this practice to be unacceptable, and reinforced this in writing to the
Trader, but it was not properly investigated.

System failures

35. In addition to the personal supervision of the Desk, UBS also utilised a specifically

developed computer system called the Supervisory Control Portal (SCP) to aid in risk
control supervision. The SCP was fed by various underlying UBS computer systems,
including the trading desk deal capturing systems and the Front Office risk systems.
The SCP showed details of profit and loss reports, risk reports and could also create
reports for the review and approval of cancelled, amended and late trades. The
following illustrates some of the SCP’s deficiencies:

i.
the report for cancelled, amended or late ETF trades was sent to the previous
desk supervisor who had no ongoing supervisory responsibilities over the Desk;

ii.
the report feature was not functioning in respect of futures trades until 26
August 2011; and

iii.
from 26 August 2011, the report in respect of futures trades was only sent to the
traders on the Desk and they were not therefore approved by the Desk’s
supervisory management.

36. In addition to the creation of alerts, the SCP had the ability for items to be flagged by

the Operations Division for specific review by the supervisor. This was a manually
operated feature which appears not to have been utilised by the Operations Division
despite the fact that there were a high number of alerts generated by the system.

The Operations Division

37. The purpose of the Operations Division was to establish and maintain an appropriate

and robust control environment in order to ensure the completeness and accuracy of
the trade population, as well as to ensure its integrity with relevant systems,
counterparties and inter-company. In particular the Operations Division held
responsibility for confirmations, reconciliations and end of day reporting (including
cancelled, amended and late trades).

Efficiency versus control

38. Within UBS the Operations Division acted as a facilitation division rather than having

a specific risk control mandate, providing a logistic support role and working closely
with the Front Office to resolve and clear any trading breaks. There was a culture of
helping the traders to clear breaks on the basis of the explanations they provided as
opposed to challenging the traders and questioning whether their explanations were
correct. As such their primary focus appears to have been on driving efficiency as
opposed to more control based activities.

Historical perceptions

39. The effectiveness of the Operations Division to exercise and control the Desk

throughout the Relevant Period may have been undermined in the following ways:

i.
The fact that some Middle Office staff aspired to roles in the Front Office may
have generated behaviours aligned to Front Office interests rather than those
required to exercise effective control. The Independent Investigation did not
consider specific individuals in its findings.

ii.
The Desk was previously identified as generating a large number of breaks
across various controls operated by the Operations Division. There appears to
have been an expectation from junior personnel in the Operations Division
involved with the Desk that it would generate a significant number of breaks,
leading them not to investigate further or escalate breaks caused by the trading
activity to management.

The Reconciliations Process

40. The reconciliations process undertaken by the Operations Division did reveal some of

the breaks created by the unauthorised trading. The lack of an internal counterparty to
the one sided internal futures was identified by two internal reconciliations performed

by the Operations Division and one transaction appeared as an exception on the
Operations Division’s daily reconciliation from mid July until August 2011, when the
Trader reversed the position. The Trader’s explanation for the breaks was accepted by
a junior member of the Operations Division without adequate challenge, further
analysis or upward escalation. The break was cleared in August 2011 without further
investigation from the Operations Division and was therefore not identified to Product
Control.

The Finance Division

41. In relation to unauthorised trading, the key role undertaken by the Finance Division

was that of Product Control. Their role was to understand and validate the profit and
loss and the related trading positions.

Profit & Loss suspensions

42. Product Control could suspend or adjust profit and loss to reflect booking errors, trade

capture timing differences and the delayed pricing of marks. These suspensions were
typically communicated to Product Control by the Trader and were not separately
identified as part of the daily profit and loss report until 18 August 2011. Profit and
loss suspensions to the value of $1.6 billion were requested by the Trader during the
course of August 2011. These suspensions were not adequately challenged by or
escalated within Product Control by the junior product controller.

Desk profitability

43. The profit and loss recorded by the Desk in respect of proprietary trading increased

significantly between 2010 and the first and second quarters of 2011. Product Control
did not seek any detailed explanation as to how this increase in profitability was being
created, and conducted no analysis of the drivers and size of the underlying intra-day
positions.

Global Balance Sheet Ownership and Verification process (GBSOV)

44. Product Control was also responsible for running the GBSOV process. This process is

intended to identify “Amounts Under Investigation” and “Amounts At Risk”. Any
unsubstantiated, aged, questionable or doubtful items should be highlighted for a
management review. However, on occasions this process did not act to reveal the
nature of the underlying activity. By way of example:

i.
The July GBSOV revealed a break of CHF209 million arising from the Desk.

ii.
By 11 August 2011, the closing date for the July GBSOV, the break still had
not been cleared.

iii.
On 19 August 2011 the break was escalated to senior personnel within GSE.

iv.
On 24 August 2011 the Trader was formally asked to provide an explanation
for the break (although he had been asked for an explanation previously

through a dialogue with Operations and Product Control). This was
subsequently discussed at a meeting of the Finance London Operational Risk
Committee. The Committee concluded that no amounts were deemed to be at
risk.

v.
On 31 August 2011 the Trader cleared the break and the Operations Division
confirmed the positions as flat on 1 September 2011.

The Risk Division

45. In July 2008 Operational Risk Control undertook a detailed review with the aim of

assessing UBS’s exposure to a significant loss as a result of unauthorised trading (the
“Rogue Trader Review”). The catalyst for the review was a significant rogue trading
incident which occurred at Société Générale in January 2008. The Rogue Trader
Review included a consideration of the information provided by the FSA as part of
issue 25 of its Market Watch.

46. Operational Risk Control concluded that, while unauthorised trading could not be

prevented in its entirety, no evidence was found in 2008 of control deficiencies within
UBS that could be systematically exploited over an extended period as part of a rogue
trading incident. However, the review identified the following areas of weakness:

i.
cancel and amend reports were proving ineffective as a way of identifying
abnormal trading patterns;

ii.
Front Office supervision was hampered due to a lack of effective management
information being provided to supervisors;

iii.
there were weaknesses related to the culture of challenge required in the
logistic and control functions; and

iv.
there was a suggestion to undertake a specific review into the controls in place
for the ETF area of the business given its added complexity.

47. The findings of the Rogue Trader Review were provided to the FSA who were

satisfied with UBS’s proposals to remediate those areas in which control weaknesses
had been identified.

48. In December 2010, Operational Risk Control completed a follow up review of the

Rogue Trader Review (the “Second Review”). In relation to the areas of weakness
identified above the follow up review concluded as follows:

i.
the SCP had been implemented, providing trading activity reports and alerts to
supervisors for follow up and it had increased the capability of supervisors to
identify abnormal trading patterns;

ii.
management reporting and supervision in the Front Office had improved, due
in part to the implementation of the SCP which had improved the capabilities
of supervisors to properly supervise the Front Office;

iii.
the weaknesses related to the culture of challenge in the logistics and control
functions had been addressed through communication and training; and

iv.
further investigation and discussion had determined that a review of the ETF
business was not required because the Desk had been in scope for a recent GIA
audit.

49. Notwithstanding that Operational Risk had reviewed the risk of rogue trading and

implemented programs designed to reduce the risk through the strengthening of
processes and internal controls, nevertheless control failures arose during the relevant
period.

50. Group Internal Audit acted as an independent examination of UBS’s risk

management, control and governance processes, with a view to improving their
effectiveness. They reported directly to the Chairman of the Board of Directors and to
the Risk Committee.

51. The Independent Investigation conducted only a limited review of relevant audit

reports. In June 2010, Group Internal Audit identified the following issues:

i.
project plans or goals were necessary for improving the end of day process or
accuracy of supervisory alerts, in particular, implementing red flag analyses and
reporting;

ii.
lack of effective procedure for delegation by desk supervisors of supervisory
responsibility during leave or absence;

iii.
a failure to ensure desk supervisors always received the necessary reports to
perform their role; and

iv.
an absence of monitoring by Compliance over the use of the SCP by
supervisors in relation to irregular alerts.

52. Group Internal Audit graded these issues as “Other”, the grade below significant and

indicating that they were medium risk. Issues rated as “Other” were not escalated to
the Board Risk and Audit Committees. In addition, such issues could be closed by
Group Internal Audit on an evidential rather than substantively tested basis. All of the
issues in the June 2010 audit were resolved to the satisfaction of GIA.

53. In the audit report of July 2011 a “significant” issue was identified in respect of the

agreement of responsibilities between Equities and Operations management to review
completeness of the system feeds generating alerts within the SCP and the
implementation of filters applied to late, cancelled and amended trades before
producing SCP alerts. This was rated as “Senior Leadership Action Required”. The
deadline for action was 31 December 2011, so had not been completed by the time the
unauthorised trading was discovered.

ANALYSIS OF THE FAILINGS

54. UBS’s breaches of the Principles can be grouped into two separate categories:

i.
breaches of Principle 3 (risk management systems and controls); and

ii.
breaches of Principle 2 (due skill, care and diligence).

Principle 3 (risk management systems and control)

55. Principle 3 required UBS to establish and maintain such systems and controls as were

appropriate to its business.

56. By reason of the facts and matters set out below, the FSA considers that UBS

breached the requirements of Principle 3 by failing to put in place systems and
controls to adequately mitigate the risk that its employees would undertake
unauthorised trading, and where such unauthorised trading was carried out, to detect
the trading in a timely manner.

57. The following failings were specifically identified in the Independent Investigation.

The FSA agrees with the principal findings of the Independent Investigation and
considers that these findings constitute a breach of Principle 3:

First line of defence

i.
The SCP system operated by UBS to assist in risk management of the Desk was
not effective in controlling the risk of unauthorised trading.

ii.
The trade capture and processing system also had weaknesses, which were
exploited in order to conceal the unauthorised trading. The system allowed
trades to be booked to an internal counterparty without sufficient details, there
were no effective methods in place to detect trades at material off-market prices
and there was a lack of integration between systems.

iii.
There was an understanding amongst personnel supporting the Desk that the
Operations Division’s main role was that of facilitation. Their main focus was
on efficiency as opposed to risk control and they did not adequately challenge
the Front Office.

iv.
The reconciliations process undertaken by the Operations Division was not
robust enough, and there was a failure to properly escalate issues to the Desk’s
supervisory management or the Finance, Risk or Compliance Divisions.

Second line of defence

v.
Product Control had responsibility for running the GBSOV process. However,
this process was not sufficiently robust to reveal the nature of the underlying
activity causing the breaks in the balance sheet.

58. For the reasons set out above, the FSA considers that UBS was in breach of Principle

3 during the Relevant Period in that it failed to take reasonable care to:

i.
organise and control its affairs responsibly and effectively, with adequate risk
management systems;

ii.
establish and maintain systems and controls that were appropriate to that
business; and

iii.
establish and maintain effective systems and controls for countering the risks
posed by unauthorised trading.

Principle 2 (due skill, care and diligence)

59. Principle 2 required UBS to act with due skill, care and diligence in conducting its

business.

60. By reason of the facts and matters detailed below, the FSA considers that UBS

breached the requirements of Principle 2 by failing to ensure that the necessary skill,
care and diligence was applied across the business to ensure the prevention of
unauthorised trading. To the extent that UBS had systems and controls in place to
prevent or detect unauthorised trading, UBS failed to ensure that such systems and
controls were fully complied with and implemented in the business.

61. The following findings were specifically identified or reflected in the Independent

Investigation. The FSA agrees with the principal findings of the Independent
Investigation and the FSA considers that these failings constitute a breach of Principle
2:

First line of defence

i.
The transfer of the Desk into the GSE Division took place in an incomplete and
unsystematic manner. The underlying support and control functions for the
Desk did not transfer to GSE at the same time as the Desk itself. The phased
handover was incomplete at the time the losses were identified.

ii.
The post transfer supervision arrangements for the Desk were poorly executed
and ineffective. The SCP reports for cancelled, amended and late trades were
not provided to the new desk supervisor post transfer.

iii.
The Desk breached the risk limits set for their desk without being disciplined
for doing so. This created a situation in which risk taking was not actively
discouraged or penalised by those with supervisory responsibility.

iv.
There was insufficient scrutiny by the Front Office management of
explanations provided by the trading desk for breaks arising during the
reconciliations process. Further, the Front Office management failed to
adequately investigate the increased revenue being generated by the Desk to
satisfy themselves that there were no risk issues associated with the increased
profitability.

v.
The Operations Division failed to adequately analyse how the breaks identified
as part of the reconciliation process were subsequently cleared. Furthermore,
much of the Management Information provided by the Operations Division was
designed to support efforts to improve efficiency and the cleanliness of the
control environment rather than to identify trends and patterns at the Desk
and/or trader level that may have indicated potential unauthorised trading
activity.

Second line of defence

vi.
Product Control failed to investigate the underlying reasons for the substantial
increase in profitability of the Desk despite the fact that this could not be
explained by reference to the end of day risk positions. The product controllers
responsible for the Desk accepted requests for significant profit and loss
suspensions without challenging the suspensions or escalating the request to
their superiors, prior to 18 August 2011. The combined factors of unexplained
profitability and large profit and loss suspensions should have indicated the
need for greater scrutiny.

62. For the reasons above, the FSA considers that UBS was in breach of Principle 2

during the Relevant Period, as it failed to conduct its business with due skill, care and
diligence.

SANCTION

Financial penalty

63. The FSA’s policy for imposing a financial penalty is set out in Chapter 6 of DEPP. In

respect of conduct occurring on or after 6 March 2010, the FSA applies a five-step
framework to determine the appropriate level of financial penalty. DEPP 6.5A sets out
the details of the five-step framework that applies in respect of financial penalties
imposed on firms.

Step 1: disgorgement

64. Pursuant to DEPP 6.5A.1G, at Step 1 the FSA seeks to deprive a firm of the financial

benefit derived directly from the breach where it is practicable to quantify this. The
FSA has not identified any financial benefit that UBS derived directly from its breach.
Step 1 is therefore £0.

Step 2: the seriousness of the breach

65. Pursuant to DEPP 6.5A.2G, at Step 2 the FSA determines a figure that reflects the

seriousness of the breach.

66. In assessing the seriousness level, the FSA takes into account various factors which

reflect the impact and nature of the breach, and whether it was committed deliberately
or recklessly. DEPP 6.5A 2G (5)-(7) sets out the factors the FSA will consider in
deciding which level of seriousness is most appropriate. Of these, the FSA considers
the following factors to be relevant:

i.
The effect on the market: market confidence was put at risk, given the sudden
announcement to the market and size of the losses announced.. Negative
announcements, such as this, put at real risk the confidence investors are
prepared to have in financial markets.

ii.
The breach revealed serious or systemic weaknesses in the firm’s procedures,
management systems and internal controls relating to part of the firm’s
business: UBS’s breach revealed serious weakness in the risk management
procedures, systems and controls.

iii.
The scope for financial crime to occur as a result of the breach: the Trader in
question has been convicted of two counts of fraud by abuse of position as a
result of the unauthorised trading.

67. Taking all of these factors into account, the FSA considers this to be a serious breach

and it is appropriate to apply a level 4 (15%) percentage. The FSA has decided that it
is most appropriate to use revenue figures for the GSE trading division for the 12
month period prior to September 2011 (excluding the losses suffered by UBS as a
result of the unauthorised trading). Therefore, the step 2 figure at level 4 is £42.4
million.

Step 3: mitigating and aggravating factors

68. Pursuant to DEPP 6.5A.3G, at Step 3 the FSA may increase or decrease the amount of

the financial penalty arrived at after Step 2, but not including any amount to be
disgorged as set out in Step 1, to take into account factors which aggravate or mitigate
the breach.

69. The FSA considers that the following factors aggravate the breach:

i.
The firm’s previous disciplinary history: In November 2009 UBS was fined £8
million for failings in relation to the systems and controls around the

international wealth management business conducted with non-UK resident
clients in the London branch of UBS. While the circumstances of the case and
the particular control failings involved were different from the current matter,
the enforcement action identified the following failures:

(a) to provide an appropriate level of supervision over customer-facing

employees;

(b) to challenge appropriately the employees in question; and

(c) to implement effective remedial measures in response to several

warning signs that occurred during the course of its business.

The FSA has an expectation that firms should give consideration as to whether
the issues identified in an enforcement action are applicable to other business
areas within the same branch and whether remedial action is necessary. In this
case UBS failed to give such proper consideration.

ii.
Whilst the FSA’s investigation has focussed on the Relevant Period, the
Independent Investigation has identified unauthorised trading, and the use of
concealment mechanisms, from December 2008. Whilst the levels of
unauthorised trading were much lower than in the Relevant Period, as were the
associated profits and losses, there was however a consistent use of
concealment mechanisms from this date.

70. The FSA considers that the following factors mitigate the breach:

i.
No losses were suffered by clients or other third parties.

ii.
UBS was the subject of fraudulent trading. The Trader received a custodial
sentence of seven years’ imprisonment.

iii.
The conduct of the firm and its senior management in bringing the breach
promptly to the attention of the FSA, FINMA and the City of London Police
and fully co-operating with them throughout their investigations, which
allowed for timely and effective resolution.

iv.
UBS agreed to engage an independent firm to conduct a substantive
investigation into the unauthorised trading incident, expending considerable
resources (approximately £16m to date) in doing so. UBS’s new senior
management has committed significant resources to undertake an extensive
programme of remediation.

v.
UBS has taken disciplinary action against employees who were involved in the
events which gave rise to the regulatory breach, including clawing back
bonuses and withholding 50% of their deferred compensation from relevant
individuals in an aggregate amount of more than £34m.

vi.
FINMA has also taken action against UBS in relation to the breach which is the
subject of this Notice and UBS has undertaken to comply with the separate
requirements imposed on it by FINMA.

71. Having taken into account these aggravating and mitigating factors, the FSA considers

that, on balance, no adjustment is made to the Step 3 figure. Accordingly, the Step 3
figure remains at £42.4 million.

Step 4: adjustment for deterrence

72. Pursuant to DEPP 6.5A.4G, if the FSA considers the figure arrived at after Step 3 is

insufficient to deter the firm who committed the breach, or others, from committing
further or similar breaches, then the FSA may increase the penalty. The FSA considers
that the Step 3 figure of £42.4 million represents a sufficient deterrent to UBS and
others, and so has not increased the penalty at Step 4.

Step 5: settlement discount

73. Pursuant to DEPP 6.5A.5G, if the FSA and the firm on whom a penalty is to be

imposed agree the amount of the financial penalty and other terms, DEPP 6.7 provides
that the amount of the financial penalty which might otherwise have been payable will
be reduced to reflect the stage at which the FSA and the firm reached agreement. The
settlement discount does not apply to the disgorgement of any benefit calculated at
Step 1. The FSA and UBS reached agreement at Stage 1 and so a 30 % discount
applies to the Step 4 figure. Step 5 is therefore £29.7 million.

74. The FSA therefore imposes a total financial penalty of £29.7 million on UBS for

breaching Principles 3 and 2.

PROCEDURAL MATTERS

Decision maker

75. The decision which gave rise to the obligation to give this Notice was made by the

Settlement Decision Makers.

76. This Final Notice is given under, and in accordance with, section 390 of the Act.

Manner and time for payment

77. The financial penalty must be paid in full by UBS to the FSA by no later than 10

December 2012, 14 days from the date of the Final Notice.

If the financial penalty is not paid

78. If all or any of the financial penalty is outstanding on 11 December 2012, the FSA

may recover the outstanding amount as a debt owed by UBS and due to the FSA.

79. Sections 391(4), 391(6) and 391(7) of the Act apply to the publication of information

about the matter to which this notice relates. Under those provisions, the FSA must
publish such information about the matter to which this notice relates as the FSA
considers appropriate. The information may be published in such manner as the FSA
considers appropriate. However, the FSA may not publish information if such
publication would, in the opinion of the FSA, be unfair to you or prejudical to the
interests of consumers.

80. The FSA intends to publish such information about the matter to which this Final

Notice relates as it considers appropriate.

FSA contacts

For more information concerning this matter generally, contact Helena Varney (020
7066 1294), Philip Annett (020 7066 0534) or Eleanor Searley (020 7066 9076).

FSA Enforcement and Financial Crime Division