Regulation  

How to respond to an FCA enforcement investigation

  • Describe some of the current challenges with FCA enforcement action
  • Summarise various steps to mitigate FCA enforcement investigations
  • Explain the role of human stories
CPD
Approx.30min
How to respond to an FCA enforcement investigation
The first steps in a company’s response to any FCA enforcement investigation will be the most important (Mykhailo Polenok/Dreamstime)

It is the moment any corporate leader dreads. The ping of an email, the clap of an envelope on the desk. A nondescript and suitably discreet subject line — maybe just “Private & Confidential”.

You open it and realise the Financial Conduct Authority has questions for you and your business. What now? How should you respond?

Communications from the FCA do not have to induce fear, but sometimes they do. When receiving a letter requesting information on a potential breach or notifying of enforcement action, getting your company in the best position to respond promptly, clearly and firmly is key. 

Article continues after advert

The first steps in a company’s response to any investigation will be the most important. We consider the FCA’s approach to enforcement and how companies can get on the front foot as soon as the dreaded letter lands. 

Data, data, data

You will need to have been under a rock to have not heard how the FCA is becoming a “data-led regulator”. In addition to its “traditional” processes for identify market misconduct, the FCA has committed significant time and resource to developing methods to identify potential and realised customer harm.

A recent example is the well-documented intervention on guaranteed asset protection insurance. This intervention limited the sale of Gap insurance, following the review of the performance metrics of these products. These metrics showed a disproportionately small percentage of customer payouts while providing an inversely disproportionate distribution of commissions. 

The FCA’s increased reliance on data is central to its approach to enforcement. Where there is clear data, the regulator has a quantifiable measure of how serious an issue is and whether an investigation can be justified. Where there is no, or insufficiently precise, data on key issues, the FCA may decide to probe further in search of what could be hiding in the darkness.

So, while data may illuminate problems for the FCA to investigate, companies with clear data are often able to marshal this as a force for good to dissuade the regulator from enforcement action. 

The development of rich datasets may be a reason behind the recent influx of surveys and information requirements issued to companies — most notably an information request on the management of non-financial misconduct within the insurance market. 

Making the cut 

The FCA can only prosecute a finite number of investigations each year. Therefore, only the most egregious cases of misconduct will result in enforcement action. 

Therese Chambers, co-leader of the FCA’s enforcement division, outlined its aspiration to work on a “streamlined portfolio of cases through [which the FCA] can deliver the greatest deterrent impact, acting at pace”.

Some may feel encouraged by the apparent determination to move beyond the glacial pace of enforcement actions past and the closure of cases without a viable outcome. Nevertheless, what is more telling is the rising threshold for misconduct being subject to enforcement action.