Okay, so you’ve made a mistake and it’s time to fess up to the regulator and tidy up the mess. What comes first, and how do you go about it? Compliance Consultant Lee Werrell, CEO of Compliance Consulant  with the first of a two-part feature on what to do if the worst should happen


Compliance Consultant LogoIn my experience of firms calling me to explain that they have had an event that requires fixing, a wide array of excuses and reasons are provided to justify the unusual occurrence of the issue at hand. More often than not I am sent a smokescreen covering the real reasons, many times they are not known by the senior management themselves, and a variety of assumptions are made.


Sometimes they know what’s wrong, but they try to cover up the flaws and deficiencies in a bid to save face. Often their remedial plans are merely papering over the cracks because they think it looks good. My job is to ascertain the real facts, the true facts and the impacted business boundaries.

What the Regulator Expects

Now, very few people in business are ever likely not to have problems; mistakes can and will happen all the time, even in the best of UK Financial Services organisations. It could be the discovery of significant accounting or trading errors, market abuse or fraud detection, systems breakdown or a procedure failure where retail customers have not been treated fairly.

In accordance with every firm’s regulatory obligations under the Principles for Businesses, the regulator expects firms to identify their own issues and initiate appropriate remedial action. Ideally this activity should be as early as possible, but whenever people are involved, a complex mix of status, shame, ego and all manner of variables often contorts the issue and often masks it until something breaks.


Identification is often made by analysis of management information or from compliance or internal audit monitoring. However, it may come from another angle, such as a complaint or reconciliation exercise or even implementation of a new system where certain activities or records just don’t add up.

Provided that the firm identifies, appropriately scopes out the issue and takes the necessary remedial action, which may or may not include compensating any affected customers, the final action would be for the firm to notify the regulator of the issue, what it has already done, or what it intends to do – and in what timescale.

Enforcement Powers

In some cases, the regulator may be content with the planned activity and ask to be kept regularly informed of the progress. In other cases, however, the regulator may exercise its enforcement powers where it deems necessary for and in pursuit of its statutory objectives. For the FCA, this means protecting consumers, enhancing the integrity of the UK financial system, and promoting effective competition in the interests of consumers.


There are three routine enforcement powers that the FCA could take – and will, in addition to discussing the situation as appropriate with the PRA for any dual regulated firms:

·       Investigation

·       Remedial action

·       Disciplinary action

Limit the Damage

The greatest mitigation any firm can provide is the acceptance of responsibility of the real issue and causes by senior management. Both of the new regulators in financial services place considerable weight on senior management responsibility. The regulators now believe that a specific action against individuals that hold a significant influence function is likely to have a far greater deterrent effect than actions against firms alone.

Typically, the first hour after identifying your issue, challenge or problem can be critical. Once you have established that the issue was more than a glitch or a one-off occurrence with no material effect on any number of clients, you need to set off on a path of containment and limitation.

Assemble Your Project Team

What you need to do first is to create a project team, which should include senior management, legal and compliance people. Ideally, someone independent of the apparent problem should head it such as a non-exec director, legal or compliance. Within the project team, it is vital that you establish a clear line of communication so that all information given to the project team should be channelled through a single person. In that way that person can monitor, direct and prioritise the information, but should not judge or decide if it goes any further.

If, through the course of business, you need to maintain operations and create any new documents, you should ensure that, where possible, to attract legal professional privilege your procedure includes legal reviews and opinions.

Initially, confine the issues to a small group of senior management until the specifics are established, and the impact has been fully scoped out. Do not communicate to any wider audience, even internally. There is no point in discussing anything with the FCA at this time unless you are up against regulatory requirements to notify. Although the regulator requires to be informed, it may be prudent for any firm to delay telling the regulator for a short while.

A delay for a few days could well be justified by needing to verify initially internal findings, or possibly to brief overseas or other branch management. A courteous and interim telephone briefing confirming that investigations are underway may satisfy the regulator, and the FCA may highlight a specific requirement that it need answers to; but you cannot properly delay notification any longer than that as dim view will surely be taken.

Take expert advice. and do not leave it to off-hand or internal experiential remarks. You need to use an experienced compliance or legal professional with a broad experience who is used to dealing with serious regulatory matters; otherwise you should consult expert external specialists.

Inform the Regulator

Both of the UK financial services regulators place great store in any firm freely and promptly providing information under Principle 11 for Business and the Code of Practice for Approved Persons Principle 4 – primarily because they have limited resources to monitor or assess third party reports. They rely on all firms and institutions to promptly notify them of any positive and negative material developments. In this, the FCA has taken a change of stand from its predecessor; it has moved its focus from being the financial services regulator to now being the regulator of financial services.

With this reliance on the flow of information, the regulators therefore, expect to be told of any significant issues that may be affecting a firm which, on analysis, could indicate systemic problems, management weaknesses or significant failure in systems and controls. These are compounded if they also undermine market confidence, cause material loss in any form, impact a “significant” number of customers or affect the company’s risk profile, resources or reputation.

What Should You Tell the Regulator?

Any report should address each of the regulator’s typical concerns:

·       What went wrong

·       The scale of the issue

·       Is it limited or contained in anyway?

·       The root cause of it

·       What remedial action has been taken

In addition to the answers of these points, the regulator will also be looking for reassurance that senior management are actively concerned in the issue and that a competent and skilled project team has been established with sufficient resources allocated to addressing the issue. Of paramount importance will be confirmation of how the fair treatment of customers is featured in the activity.

Next Month

Part 2, in the September issue of IFA Magazine, will look at what the options are from the regulator’s perspective, under each of the three areas we’ve listed. And we’ll consider ways of avoiding or reducing the impact of any intervention, as well as thinking about what to do if things don’t go in your favour.


Share this article

Related articles

Sign up to the IFA Magazine Newsletter

Trending articles

IFA Talk logo

IFA Talk is our flagship podcast, that fits perfectly into your busy life, bringing the latest insight, analysis, news and interviews to you, wherever you are.

IFA Talk Podcast - listen to the latest episode