When Barclays Chief Executive Jes Staley was fined more than £642,000 by the Financial Conduct Authority and Prudential Regulation Authority in 2018 for failing to respond appropriately to a whistleblowing letter received two years earlier, it underscored the potential risks executives personally face for compliance shortcomings.
In 2020 more than 200 individuals were fined just under $100 million by regulatory authorities around the world for compliance breaches related to anti-money laundering and MiFID, according to a report published by Fenergo1. The founder of US virtual currency provider Helix and Coin Ninja alone accounted for almost two thirds of that, hit with a whopping $60 million fine from the US Financial Crimes Enforcement Network (FinCEN) for his company’s lack of due diligence around AML checks.
And it is not just fines individuals risk being exposed to. In Spain, four employees of a Chinese bank were sentenced to between three and five months in jail on top of fines totaling $25.5 million, according to Fenergo.
Some banks have also started holding senior executives to account even for incidents outside of their immediate orbit in an effort to set an example about why conduct matters to the overall organization. Goldman Sachs, for instance, cut the pay of its CEO, Chief Operating Officer and Finance head for the bank’s role in the 1MDB scandal. Even though those individuals were not involved in, or aware of the wrongdoing that took place, they were accountable as senior individuals for they had taken reasonable steps in effectively controlling the business they are responsible for.
These chunkier penalties come as global regulators step up their efforts to hold executives to account for compliance failings. In the UK, the FCA introduced the Senior Managers and Certification Regime (SMCR) in 2016 to improve the culture of compliance across financial services organizations and to encourage behavioral change among employees—as well as to ensure regulatory penalties are not just written off as a cost of doing business.
Other countries have also introduced similar measures to hold individuals to account. Australia, for instance, implemented the Banking Executive Accountability Regime (BEAR) in 2018, which is set to be extended this year with the passing of the Financial Accountability Regime (FAR), which includes potential fines for executives up to $750,000 and the possibility of permanent bans preventing individuals from working in the financial services industry.
Meantime, Ireland is planning to introduce its Senior Executive Accountability Regime (SEAR), while the US Securities and Exchange Commission (SEC) has also increased its focus on individuals, stating that individual accountability is critical to an effective enforcement program. For example, in 2018, the SEC fined Tesla CEO Elon Musk with securities fraud for tweeting misleading statements about taking his electric vehicle company private.
Against that backdrop, financial institutions need to ensure they have effective controls and procedures in place to not only safeguard their organizations from financial or reputational damage but also their executives from personal liability. As remote working increases the complexity of compliance by removing a layer of in-person oversight, the risk of employees engaging in illicit behavior or other bad conduct has increased—meaning senior managers, now more than ever, need their firm’s compliance culture to be both robust and consistent across the entire organization, front to back throughout the business.
Under FCA rules, senior managers themselves are expected to take all reasonable steps to ensure the business they are responsible for is controlled effectively. That means having a clear understanding of the potential risks and how those might manifest, and then demonstrating all reasonable steps have been taken through transparency over front to back risk and control measures.
But this is not just about potential fines or legal peril for individuals. At its extreme, shoddy compliance oversight can threaten the very existence of a business. Take Nick Leeson and the collapse of Barings Bank in 1995. Poor compliance standards allowed Singapore-based derivatives trader Leeson to rack up more than $1 billion in losses through fraudulent trades, landing Leeson with a six-and-a-half year prison sentence—and causing the demise of the 233-year-old British merchant bank.
Learn more about how your organization can improve risk management and ensure accountable senior managers are better protected. Download.