Skip to main content

Regulators are getting ‘up close and personal’ – with everyone

September 25, 2017

Following criticism of their ineffectiveness during the financial crisis, regulators have switched to establishing the personal accountability of individuals – at all levels
Financial, Executive and Professional Risks (FINEX)

Across the globe, there is unprecedented focus on personal accountability in financial services firms. It is no longer the case that regulators are content simply to react when things go wrong or to limit their focus to the board. Following criticism of their ineffectiveness during the financial crisis, regulators have switched their attention to establishing the personal accountability of individuals – at all levels. In this article we explore what such ‘up close and personal’ tactics actually mean for senior personnel and what you can do about it.

A regulatory focus on individual accountability

Since the 2008 financial crisis, regulators have called for (and started to deliver on) an increased focus on the actions of individuals within regulated firms. In May 2015 Christine Lagarde, Managing Director of the International Monetary Fund, said: “Ultimately, we need more individual accountability. Good corporate governance is forged by the ethics of its individuals. That involves moving beyond corporate ‘rules- based’ behaviour to ‘values-based’ behaviour. We need a greater focus on promoting individual integrity”.

Perhaps the clearest such statement of personal accountability came from the US Department of Justice in April of this year:

Worldwide, regulatory initiatives focusing on the accountability of senior individuals are being developed or implemented, including the Manager-in-Charge Regime by the Hong Kong Securities and Futures Commission and the Senior Manager and Certification Regime (SMCR) in the UK.

Regulators are not restricting their focus solely to individuals who work at the top of large globally significant banks. As the 2017 announcement by the UK’s Financial Conduct Authority (FCA) to extend the SMCR to all regulated firms demonstrates, the individual accountability and liability is an issue that will have an impact on everyone.

In October 2015, the UK government announced its intention to extend the SMCR to all sectors of the financial services industry, including asset management2. In July 2017, the FCA published its proposals for this extension3.

The key features of the extended SMCR are in line with the original regime applied to banks, namely:

  • An approval regime focused on senior management, with requirements on firms to submit documentation on the scope of these individuals’ responsibilities and for firms to make sure that a senior manager is suitable to do their job
  • Some new responsibilities (‘Prescribed Responsibilities’) that some firms will need to allocate to their senior managers
  • A statutory requirement for senior managers to take reasonable steps to prevent regulatory breaches in their areas of responsibility
  • A requirement on firms to certify as fit and proper any individual who performs a function that could cause significant harm to the firm or its customers, both on recruitment and annually thereafter
  • A power for the regulators to apply enforceable rules of conduct to any individual who can impact their respective statutory objectives. The conduct rules apply to both regulated and un-regulated financial services activities             

According to the FCA, the largest and most complex firms (less than 1% of firms regulated by the FCA) will be subject to an ‘enhanced regime’. Such firms, like the banks, will also need to produce responsibilities maps and handover procedures and will need to make sure that there is a senior manager responsible for every area of their firm (overall responsibility).

Implementation of the extended regime is now forecast for summer 20184. Regardless, individuals working in asset management companies will want to move quickly to understand their individual responsibilities under the new regime and what support their firms can give them. As Mark Steward, Director of Enforcement and Market Oversight at the FCA, described the SMCR: “The regime embraces a very simple proposition – a senior manager ought to be responsible for what happens on his or her watch” .

What we assume

Most of us will lead productive and (hopefully) well- remunerated professional lives and will never be unfortunate enough to find ourselves caught up in a major regulatory investigation. From my dealings in this area I know that the natural assumption among this majority is that, provided they have not done anything dishonest or recklessly stupid, the organisations that employ them will stand by them in the event of trouble and their personal liability is threatened. In such circumstances, the protection typically relied upon by employees is the indemnity policy and/or directors and officers liability insurance (D&O) provided by the employer.

But how safe is this assumption? Before reviewing what protection indemnities and D&O actually provide, it makes sense to look at how the nature of regulatory investigations has impacted the dynamics of the employer/employee relationship in recent years.

The reality of regulatory investigations: divide and conquer

In times of stress, such as when faced with a regulatory or criminal investigation, cracks can quickly appear between the interests of individuals and the organisations that employ them. This is because the priority for the organisation under investigation will be to establish how bad things are, remedy the problem and move on as quickly as is feasible so as to protect the organisation’s brand and reputation. In contrast, for the individuals involved the priority will be arguing the reasonableness of actions taken (or not taken) so as to defend their personal position and escape liability. It is not surprising that in such situations, a regulatory investigation can pursue an approach of divide and conquer.

The UK case of FCA v Macris illustrates this divergence in priorities. The case stemmed from the infamous London Whale case in which JP Morgan Chase was fined £137 million. Mr. Achilles Macris was the bank’s International Chief Investment Officer at the relevant time. While not named personally in the FCA’s Notice, he complained that it did in effect ‘identify’ him through the phrase ‘CIO London management’ and that he had been denied an opportunity to make representations in his defence. Although the Supreme Court ultimately ruled in favour of the FCA, its judgment highlighted the potential for the divergence of interests between the employer and its executives:

It is not only case law that shows the divergence of interests between employer and employee. Regulatory enforcement guidelines, such as the current edition of the US Attorney’s Manual, tell a similar story that board members, senior executives or indeed any employee cannot simply assume that they will be looked after by the organisations they serve.

With such enforcement guidelines, if firms need to surrender the needs of an individual as the price for reaching a corporate resolution with a regulator and closing an investigation, the needs of the many may well outweigh the needs of the few, or indeed the one.

Seen in this context, it is even more important for individuals to understand what protection the traditional forms of indemnity and D&O provide and the gaps that may exist in that protection.

Indemnification and insurance products: mind the gap

Although the exact details will vary by underwriter, the most common trigger for a covered insurance claim in this area is an allegation made against an individual to the effect that he or she has committed a wrongful act in a management or executive capacity. The two key protection products for senior managers and directors are D&O and indemnity policies. My research shows the following key gaps in protection from D&O and indemnity policies.

Gaps in D&O Gaps in indemnity policies
Applies to directors and officers only. Applies to all employees and officers of a company who are not also directors (or statutory auditors).
D&O is designed to respond to liability for claims (including defence costs) made and investigations commenced against directors in a particular period of insurance. As such it provides limited, if any, protection in the absence of a claim or investigation directly involving the individual concerned.

Cover is often complex and comes with built-in restrictions and exclusions.
An individual has no automatic right to indemnity. Such rights to indemnity as he or she may have, may be further limited by:

(a) statutory restrictions
(b) the terms of any relevant contract (or deed poll)
(c) the company’s willingness and appetite to indemnify based on:
(i) its perception of the facts on the ground in each case, and
(ii) whether the senior manager is still in post when the indemnity is called upon.Applies to all employees and officers of a company who are not also directors (or statutory auditors).
The insurance limits themselves are usually shared between a large group of individuals that is not restricted to senior executives (and often includes the company itself). Hence the limits are prone to rapid depletion and even exhaustion. The company indemnity will be worthless in the event of company insolvency. The indemnity may not continue after the individual has ceased to be employed. Even if it does, the terms may not be as generous.

Many good D&O policies will provide protection to directors who are either the target of a regulatory investigation or who are required to attend an interview in the context of such an investigation. Unfortunately, once senior employees are already caught up in an investigation it may be of little comfort to them to know they can access legal advice. The real win is to avoid being caught up in the investigation in the first place. In addition, those who have left the organisation at the time of the investigation may not be covered; if the individual does secure some cover from their former employee, it may be less generous than when they were an employee even though the regulator’s investigation will be no less exacting. For example, the UK regulator (the FCA) has powers to commence enforcement actions six years (and sometimes longer) after the relevant regulatory breaches are alleged to have occurred.

What can you do?

Issue D&O policy Indemnity policy
Coverage Which employees are covered? What are the conditions for access? Under what conditions can the firm refuse to provide indemnity?
Access to the protection policy Is access dependent on a failure or refusal by the company to indemnify you? Does it cover all legal expenses, including independent legal advice?
What restrictions are imposed on your ability to select lawyers? What restrictions are there in the conduct and control of any personal defence by you? Can you get an advance for all defence costs and legal representation expenses pending resolution of any dispute between the company and the insurers?
Protection timescales What protection do you have against future claims if you retire or resign during the policy period? What protection do you have if the company is the subject or object of mergers and acquisitions activity?

The issues of responsibilities, reporting lines and insurance protections may need to be addressed in meetings with HR colleagues, lawyers or insurance specialists. This investment of effort will be valuable as it will help you identify any gaps and agree the means to address them. For example, even if you find that the costs of legal representation in the context of regulatory investigations are not currently covered by the policies purchased by your employer, there are good solutions in the marketplace that will provide such cover including the LEAP policy offered by Willis Towers Watson8. Such a hope for the best/ plan for the worst approach will secure the peace of mind necessary to return your focus to the challenges of the day job.

This article was originally authored by Francis Kean.


The United States Department of Justice, ‘Attorney General Jeff Sessions Delivers Remarks at Ethics and Compliance Initiative Annual Conference’, April 2017
2 The FCA’s consultation also impacts incoming branches of non-UK firms that have permission to carry out regulated activities in the UK. Therefore, this consultation may be of interest to non-UK firms and to other regulators.


Executive Director
Coverage Specialist, FINEX

Contact Us