This document is from our Archive and no action should be taken in reliance on it without specific legal advice. Prev Publications Next Date 23 September 2010 Enforcement Watch Issue 2 | September 2010 This edition of Enforcement Watch looks both at the messages of the enforcement cases in the last few months and at what changes on the horizon are likely to mean for firms and individuals in the shape of future enforcement. Download PDF - 159 KB View Flipbook version Editor's Note The FSA gets tough on the client money rules Photo-Me fined for delay in disclosing... FSA Fines former Northern Rock Finance Director FSA penalises RBS for long running breaches of... Zurich fined for data loss in South Africa SocGen fined for significant breach of the transaction reporting rules The FSA fines Goldmans £17.5m Adam Epstein Partner Editor's Note The last few months have been interesting times in the world of enforcement. The FSA has continued to act tough. It has imposed some truly staggering fines, well in excess of those last year, with many of the fines for systems and controls failings. This has been combined with an announcement that the FSA will be disbanded, with new regulators planned and a new Economic Crime Agency mooted. This edition of Enforcement Watch looks both at the messages of the enforcement cases in the last few months and at what changes on the horizon are likely to mean for firms and individuals in the shape of future enforcement. I hope you find it useful. On the Horizon Enforcement after the abolition of the FSA At his Mansion House speech on 16 June this year, the Chancellor announced plans to reform the regulatory system. He then put more flesh on the bones in the detailed Treasury consultation paper published on 26 July. A brief summary so far as it relates to enforcement is set out below. Essentially, the Government is to break up the FSA and to replace it with two new authorities. There will be a new subsidiary of the Bank of England, a Prudential Regulation Authority (PRA). This will be responsible for the prudential supervision of firms carrying out at least the following activities: deposit taking, insurance and dealing in investments as principal. A further new body will be created, called the Consumer Protection and Markets Authority (CPMA). This will be responsible for conduct of business of all firms (including those regulated by the PRA). In addition, for those firms not regulated by the PRA, it will also be responsible for their prudential supervision. Finally, the CPMA will also be responsible for dealings in the markets and also market conduct more generally e.g. market abuse. To date, only the framework has been set out. The Treasury is consulting on various aspects of the new regulation and, in due course, detailed legislation and rule making will need to follow. In the meantime, what are the enforcement implications of what we have seen to date? Both the PRA and the CPMA will have enforcement powers. This is likely to create challenges for the Government, as well as for the regulated community. It remains to be seen how well integrated the two approaches will be and what they will mean for those regulated by both authorities. The indications are that in certain respects the PRA will have pre-eminence. The Government will need to ensure that the appropriate gateways for sharing information are in place between the authorities. The two authorities will themselves need to ensure a consistency in approach, not least for those activities that straddle the remit of the two agencies. Although rather better in recent years, our experience of FSA enforcement remains that cases can move slowly and that decision making can be inconsistent. If two authorities are involved, there is clearly potential for this to get worse. Enforcement remains a cornerstone of the regulatory regime. The FSA has become a much more muscular regulator and has in the process won some real plaudits for being so. All the indications are that the credible deterrence type of approach will be carried over into the new authorities. We expect most FSA enforcement staff to be transferred into the CPMA. There is likely to be a third organ of enforcement. A serious economic crime agency has been mooted, although whether it will happen and its precise ambit remain unclear at this stage [See link to Serious Crime Agency] Consistency issues also arise as far as each of authorisations, permissions and approval of controlled functions is concerned. For example, although those firms falling within the PRA ambit will be authorised by the PRA, their permissions for conduct of business will be given by the CPMA. We will need to see quite how the authorities will make this work in practice where they are looking to vary permissions or restrict authorisation. Similarly, certain individuals will need to be approved by both of the authorities to perform controlled functions. The authorities will need to ensure a consistency of approach so far as granting approvals is concerned, and a joined up approach to disciplining individuals. The FSA currently has Own Initiative Variation of Permission powers (OIVOP), which can work in an extremely draconian way. The Treasury consultation talks of the possibility of enhancing these powers, but with no detail yet of how that might be achieved. It should not be forgotten that the plans will take some time to achieve. The Government rather ambitiously is looking to put it all on a statutory basis by 2012. So, whilst the timetable is fairly swift in relative terms, these changes will not be coming into force tomorrow. A new Economic Crime Agency? The Government first proposed in April of this year the creation of a new Economic Crime Agency to tackle white collar crime. Such an agency would bring the criminal prosecutions of different bodies under the roof of one new agency. It is not currently clear what structure such agency would have if it does go ahead. It certainly could have a difficult relationship with the FSA or the new CPMA [See Enforcement after the abolition of the FSA]. For example, as far as market abuse is concerned, the FSA currently has powers to bring both “civil” proceedings and their criminal equivalent. During the course of its investigations, it decides which are the more appropriate proceedings. If a new Economic Crime Agency is created, how will it be decided which offence to pursue, and how will evidence gathering be handled between the two agencies? The Economic Crime Agency would presumably bring criminal prosecutions. Could it be intended that it also brings the civil equivalent? If so, will it have the expertise to do so and how will that fit what the FSA/CPMA does in terms of market conduct? The Treasury consultation in July on the new regulatory architecture made passing reference to the issue. It was careful to make it clear that everything was up for grabs: "The Government proposes to consider, as part of possible wider reforms to the approach to tackling economic crime, whether to transfer responsibility for prosecuting criminal offences involving insider dealing, other forms of market abuse and other criminal law breaches which the FSA currently prosecutes to a new Economic Crime Agency (ECA). This will be subject to separate consultation in due course." So, nothing is in and nothing is out. It may be that this comes from a concern about the expensive and costly reforms taking place. It also no doubt partly reflects the recent success of the FSA’s enforcement activities. In other words, given the FSA’s successes, does the Government really want to hand over responsibilities to a new untried and untested body? Criminal prosecutions going through the system The FSA continues to look at pursuing cases through the criminal courts. In a speech at the end of June this year, Margaret Cole revealed that at that stage: the FSA were prosecuting 12 people in four insider dealing cases; the FSA were prosecuting a defendant who had pleaded guilty to conspiracy to commit insider dealing in return for a SOCPA plea-bargain; 14 other individuals had been arrested and had their premises searched; a further 4 individuals had been charged with conspiracy to make misleading statements under s.397 FSMA. Shortly after that speech, the FSA announced that Anjam Ahmad had been sentenced to 10 months imprisonment (suspended), 300 hours community service and a fine of £300,000 for insider dealing offences. On 9 September 2010, the FSA announced that it had arrested a man on suspicion of money laundering and providing false information in connection with suspected insider dealing. We await further developments. Credible deterrence and market cleanliness The FSA continues to talk about achieving "credible deterrence”. All the indications are that its policy of credible deterrence is set to continue unabated. Where will it choose to focus its efforts in this respect? A stated key part of "credible deterrence" is tackling market abuse. The FSA’s comments on market cleanliness give an interesting clue about where it may focus attention. The FSA records and analyses abnormal pre-announcement price movements. The FSA has been keen to stress that these movements do not provide a precise measure of the level of suspected insider dealing. This is no doubt true. Nevertheless, the figures do potentially provide some insight into it. In its Annual Report published in June of this year, the FSA stated that abnormal pre-announcement price movement data had remained stable (ie relatively high) over the previous few years, including for 2009. What was interesting was that the FSA recognised that these figures could indicate that levels of market abuse were still too high. We should expect to see a redoubling of efforts in relation to market abuse in this area. Performing controlled functions without approval In the first edition of Enforcement Watch, we highlighted that, in future, the FSA will be able to punish individuals who perform controlled functions without approval, rather than simply the firms that permitted them to do so [See A new Financial Services Act to beef up enforcement]. In this respect, there was an interesting enforcement case in June of this year. In that case, Vantage Capital Markets LLP (VCM), an interdealer broker, was fined £700,000 for allowing a Mr Hassell to carry out a controlled function without approval. Although VCM described Mr Hassell as a "consultant", the FSA concluded that he was in reality performing the controlled function of partner. This is a case that very much looks towards the future. On one level, by taking the case and imposing the substantial level of fine that it did, the FSA was telling the market how seriously it takes the matter of approvals to perform controlled functions. But there is a deeper level. Personal liability is important to the FSA’s message of credible deterrence. The sub-text of this case is that, in future, when the FSA has additional expanded powers against individuals as a result of the new Act, individuals had better ensure that they do not breach the approval requirements. We fully expect the FSA to come down very hard on individuals for such failings in the future. The FSA gets tough on the client money rules 25 May, 4 June 2010: In early June, the FSA meted out three substantial fines for breaches of the client money rules. In the case of JP Morgan, this action resulted in the largest ever fine imposed by the FSA (£33.32m), sending a clear and deliberate signal. Details of the cases JP Morgan Following the creation of JP Morgan Chase & Co, staff had mistakenly assumed that JP Morgan Securities Ltd (JPMSL) Treasury would continue to segregate futures and options client money. In fact, from 1 November 2002, there was a failure to distinguish between such client money and JPMSL's own money. The error was only detected on 8 July 2009. There immediately followed an internal investigation, following which the error was rectified. The FSA were informed on 10 July 2009. The money at stake was very substantial indeed, with the average amount of unsegregated money standing at $8.55bn. At its height, it stood at $23bn. Further, the problem went undetected for some seven years. The FSA recognised that the breaches were not reckless or deliberate and that JPMSL had acted promptly on discovering the breach and worked co-operatively with the FSA. The firm was found to be in breach of Principle 10 (firms must arrange adequate protection for clients’ assets) and the Client Money Rules (CASS). It was fined a record £33.32m (including a stage 1 discount). The penalty was expressed to be equivalent to 1% of the average amount of unsegregated client money. Close Investments Limited (CIL) Close Investments Limited manages a number of unregulated collective investment schemes. From January 2008, a new process was put in place for the payment of distributions to investors. A number of Distribution Accounts were set up. 21 of these should have been set up as client accounts, but were not. CIL failed to identify the error until January 2010, when one of the Distribution Accounts was overdrawn. As a result of CIL’s failure, 2384 investors had been exposed to risk. The largest amount at risk at any one point was £2.2m. Between January 2008 and 2010, the aggregate amount at risk was £8.2m. The FSA recognised that CIL had reported the issue to the FSA, that it had reviewed and revised its client money procedures and that it was co-operative with the FSA throughout. The FSA found CIL to be in breach of Principles 10 (firms must arrange adequate protection for client's assets) and 3 (adequate risk management systems), and of the CASS rules. It imposed a financial penalty of £98,000 (including a 30% stage 1 discount). Rowan Dartington & Co Limited (RD) RD’s principal business activity is providing equity stock broking services for retail clients. In addition, it offers "margined business services". Although the details in the case are somewhat dense, in essence, they boil down to the following key issues: RD failed properly to test its new software in advance so that it could be sure that it was suitable at the time of introduction. as a result of the above failure, client money was put at risk between May 2007 and December 2008, during which time it was unable properly to carry out cash reconciliations. Thereafter, because of the backlog of discrepancies, RD still could not be certain that client money was appropriately segregated nor that its individual client balance calculations were accurate. RD failed to take into account equity balances with "intermediate brokers" when calculating its client money requirement. between 13 May 2007 and 16 September 2009, RD failed to obtain confirmation that client money given to third parties would be held on trust. Between 13 May 2007 and 16 September 2009, RD held between £62.6m and £89.9m of client money. On average, it held £73m. The FSA found that Principle 2 (Skill, care and diligence) and Principle 10 (protecting clients’ assets) had been breached. It also found that the CASS rules had been breached. RD did not gain from the breaches, which were neither deliberate nor reckless. Further, RD informed the FSA about the issues with the software and the potential breaches of CASS rules "promptly" after it became aware of them. RD fully co-operated with the FSA and took steps to improve its processes. The FSA imposed a financial penalty of £511,000 (including a 30% stage 1 settlement discount). This was expressed to represent approximately 1% of RD’s average holding of client monies in the relevant period. Comment on the cases The segregation of client money has always been a cornerstone of the regulatory regime. It is perhaps not surprising that the current climate has highlighted the issue. When firms become insolvent, there is a clamour by investors to get to the front of the queue. This itself has given rise to high profile judicial pronouncement (with which this firm has been involved) over who is entitled to client money and who is entitled to money that should have been designated as such. It is against this backdrop that the FSA has come down hard on these client money cases. It characterised the JPSML case as involving insolvency risk to investors that was unprecedented in scale (the JPMSL fine represents the largest ever fine imposed by the FSA). What is also interesting is that two of the three fines were based on 1% of the average amount of client money held during the period. Although it is in no sense a tariff or a precedent, such a figure may come to have some form of persuasive precedent value. Photo-Me fined for delay in disclosing inside information 21 June 2010: In the largest fine of its type the FSA imposed a fine of £500,000 on Photo-Me for creating a false market in its shares by virtue of a breach in the disclosure rules. Details of the case Photo-Me International plc (PMI) is listed on the main Stock Exchange list. In late 2006, it made announcements to the market that created the expectation that it would benefit from the winning of large sales contracts and from strong minilab sales. These announcements generated market expectations which were a key factor underpinning PMI’s share price. In January and February 2007, PMI received inside information which suggested that one of its hoped-for contracts would probably not materialise and which indicated that sales in January 2007 were far lower than expected. This information clearly indicated to PMI that it would not be able to fulfil the market's expectations. PMI failed until its board meeting of 1 March 2007 to consider the impact on the market expectation of the information it had received. It failed to make an appropriate announcement until 2 March 2007. Following the announcement, the PMI share price fell by 24%. The FSA determined that the information withheld from the market was “inside information” which should have been disclosed as soon as possible under the Disclosure Rules. Failure to do so was a breach of those rules and Listing Principle 4 (creating a false market in shares). The FSA imposed a fine of £500,000. Comment Disclosure cases are few and far between. Nevertheless, proper disclosure is fundamental to the operation of the markets. The account in the Final Notice suggests that PMI went to some considerable effort in trying to resist the claims of the FSA. It submitted two sets of written representations, a legal opinion, two sets of additional expert evidence, as well as making oral representations to the RDC, all without the case being settled. The FSA appear to have been keen to secure a victory. PMI then referred the case to the Tribunal but, following settlement discussions, withdrew its reference. We will never know the content of such discussions and what lead PMI ultimately to withdraw. Nevertheless, it is instructive to note that this was the largest fine of its type to be issued by the FSA. In the context of future enforcement activity, it is interesting to read the case in tandem with the FSA's statistics about the lack of improvement in market cleanliness statistics The FSA Fines former Northern Rock Finance Director 27 July 2010: The FSA has fined and imposed a prohibition order on David Jones for misreporting mortgage arrears figures. Details of the Case Jones was the Finance Director at Northern Rock. He was in charge of the Debt Management Unit (which dealt with management of the secured loan book) and the Credit Management Information Unit which provided information on matters including arrears and possessions in the secured loan book. Jones became aware (from David Baker the deputy CEO) [see Baker Case in Enforcement Watch First Edition] in January 2007 that there was a problem with the data relating to loans in arrears of 3 months or more. Specifically, where a possession order had been made but where physical possession had not yet been obtained, the loans did not appear either in the arrears figures or the actual possession figures. Accordingly, for example, in the 2006 accounts, some 1,917 loans had not been reported. The data was used by management and, ultimately, for reporting to the market. Jones satisfied himself that these cases were taken into consideration in Northern Rock's provision for bad debts and therefore he saw no need for the Annual Accounts to reflect his discovery. Jones then agreed a system whereby these cases would be recognised as possessions over a period of 6 months. In the meantime, to Jones' knowledge, Northern Rock made presentations and releases to the markets which inaccurately stated the position with regard to arrears and possessions. The FSA accepted that Jones’ conduct needed to be viewed in the context of his overall behaviour during the period. They also took into account the impact of the financial crisis on the firm and the fact that the crisis became Jones’ priority. However, they determined that Jones demonstrated a serious lack of integrity in the manner in which he dealt, meaning that he could not be considered a fit and proper person. This constituted a breach of Principle 1 (integrity in carrying out a controlled function) of the FSA's principles for approved persons. The FSA found that: when informed that 1,917 cases had been omitted from the impaired loan figures, he failed to ensure that all senior management of the firm were aware of the position; he agreed on a course of action which was not transparent and did not have immediate effect; he knew that the reported impaired loans figures in the 2006 annual accounts and the 2007 interim accounts were inaccurate as they did not include pending possession figures. He was also aware that the Assets and Liabilities Committee (“ALCO”) was considering inaccurate information regarding the impaired loans figures and that misleading statements were made by the firm to external parties including market analysts; and although he attended monthly ALCO meetings, he did not specifically bring the issue to the attention of all ALCO members. The FSA made a prohibition order against Jones and imposed a financial penalty of £320,000 (reduced from £400,000 because of a stage 2 reduction). Comment There is no doubt a story to be told about Jones’ position. For example, he argued that he believed that the executive directors of ALCO were aware from April 2007 that there were a number of loans in default which were not reported in either the arrears or the possession figures. Neither this, nor any of his other arguments, were tested in front of the RDC as Jones settled the matter prior to any hearing. The case provides a further example of the FSA’s determination to hold individuals accountable as part of its policy of credible deterrence. They specifically commented that: "This is a message to all FSA approved persons, that they must take their individual responsibilities seriously at all times, or suffer the consequences." It is part of a suite of Northern Rock cases to emerge so far, the other two having been in respect of David Baker (former deputy chief executive) [see Baker Case in Enforcement Watch First Edition] and Richard Barclay (former credit director). The FSA penalises RBS for long running breaches of the money laundering regulations 2 August 2010: The FSA imposed a £5.6m penalty for major and long-standing failures at RBS, Coutts and Ulster Bank (together "RBSG"). Details of the case RBSG were found to have breached regulation 20 (1) of the Money Laundering Regulations 2007 (“the Regulations”) by not having in place for over one year adequate policies and procedures to prevent the flow of funds to persons on a list of financial sanctions targets maintained by HM Treasury. RBSG was during the period one of the largest processors of foreign payments of all UK banks. The particular failures related to the following: A failure to properly implement and monitor the system used to check customers and payments against the Treasury's list. This meant that certain categories of payments (e.g. incoming cross-border payments and certain payments by customers) were not screened. A failure in the automatic screening system which meant that the majority of trade finance SWIFT messages generated in international trade transactions were not screened. A failure to record adequate information about corporate clients’ directors and beneficial owners and to ensure that these individuals were not on the Treasury’s list. A failure to ensure that the “fuzzy matching” feature of the screening system (used to identify close matches to people on the Treasury's list) was maintained. As a result, over time, the "fuzzy matching" system operated far less effectively. Under regulation 42(2) of the Regulations, the FSA may not impose a penalty where there are reasonable grounds for it to be satisfied that all reasonable steps were taken and all due diligence was exercised to ensure that the Regulations were not breached. RBS Group Security and Fraud division were aware of the deficiencies in RBSG systems. However, RBSG did not act sufficiently promptly on their findings, which were known for one year before any action was taken. A firm of Accountants was appointed to benchmark the screening software. However, the recommendations of the Accountants were not acted upon swiftly. The FSA took the view that the RBSG shortcomings gave rise to an unacceptable risk that RBSG could have breached the financial sanctions regime. By way of example of the scale of the RBSG operations, during 2007, it processed £7.6 trillion of inward Euro payments and £8.6 trillion of outward Euro payments. In mitigation, the FSA took into account that they were informed promptly as soon as the current management became aware of the failings. RBSG then took the appropriate steps to improve their policies and procedures. The FSA imposed a financial penalty of £5.6m (including a 30% stage 1 discount). Comment When the FSA came into existence soon after 9/11, money laundering was towards the top of its list of priorities. Over time, the issue dropped out of the spotlight. The FSA still has of course the reduction of financial crime as one of its statutory objectives, as well as the maintaining of market confidence. The RBSG fine is the largest fine imposed by the FSA in pursuit of its financial crime objective. It is also the first fine imposed by the FSA under the Money Laundering Regulations 2007. The RBSG case has brought money laundering back into sharp focus. Footnoted Rules Regulation 20 (1) of the Money Laundering Regulations 2007 provides that policies and procedures regarding customer due diligence, internal control and monitoring and management of such procedures, are established to prevent activities relating to money laundering and terrorist financing. Zurich fined for data loss in South Africa 19 August 2010: Zurich has been fined £2,275,000 following the loss of data by Zurich South Africa. Details of the case Zurich’s UK insurance business outsourced the processing of certain data to Zurich South Africa. Under the outsourcing agreement, Zurich UK had the right to monitor how Zurich South Africa was performing. Zurich South Africa itself entered into a subcontract (albeit without consent from Zurich UK). On 11 August 2008, one of Zurich South Africa’s subcontractors lost an unencrypted back-up tape. The tape contained information relating to 46,000 Zurich policy holders. There was no evidence that this data was misused or otherwise compromised. Zurich UK did not become aware of the incident until one year afterwards. It informed the Information Commissioner and the FSA promptly upon becoming aware, and appointed independent investigators to conduct an examination of what went wrong. The FSA was involved in setting the terms of Zurich’s investigations and was involved throughout them. Zurich has, since the incident, reformed the systems and controls it relies upon in relation to data security. The FSA found that Zurich UK failed in a number of respects: failure to carry out a continuing assessment of the risks associated with the outsourcing by failing to carry out adequate due diligence on the data security procedures of Zurich South Africa and its subcontractors; failure to obtain adequate management information from Zurich South Africa to identify, measure, manage and control security and financial crime risks; Zurich UK relied on the fact that Zurich South Africa would comply with Zurich group policies, without considering whether this unquestioning reliance was sufficient; failure to put in place reporting lines, which had the result that the incident was reported late; and failure properly to allocate responsibility and reporting lines for data security within Zurich UK. Zurich's failures exposed its customers to the risk of financial crime. This conduct constituted a serious breach of Principle 3 (Management and Control), SYSC 3.1.1R and SYSC 3.2.6R. The FSA fined the UK branch of Zurich Insurance plc the sum of £2,275,000 (taking into account a 30% discount for early settlement). Comment Data compromise has in recent times become a hot topic. Whilst others have in the past been fined, this fine is the highest levied to date on a single firm for data security failings. In this case, whilst the number of customers at risk was reasonably large, what no doubt weighed more heavily in the FSA's thinking was the failure of systems and controls associated with it. These controls apply both in respect of overseeing internal and external arrangements. Systems and controls is increasingly becoming a hot enforcement topic for the FSA, as a number of the cases covered in this edition of Enforcement Watch demonstrate. Footnoted rules: Principle 3 of the FSA's Principles for Businesses: "a firm must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems"; SYSC 3.1.1R: "a firm must take reasonable care to establish and maintain such systems and controls as are appropriate to its business"; and SYSC 3.2.6R "a firm must take reasonable care to establish and maintain effective systems and controls for compliance with applicable requirements and standards under the regulatory system and for countering the risk that the firm might be used to further financial crime." SocGen fined for significant breach of the transaction reporting rules 25 August 2010: Societe General fined £1.575m following its failure to report some 18.8m transactions. Details of the case Between November 2007 and February 2010, Societe General (SG) either failed to report, or inaccurately reported, 18.8m of its 23.5 million reportable transactions. After the failure came to light, SG hired external consultants to review the processes in place, conducted an internal review of past reporting, developed a process to ensure full and accurate reporting going forward and co-operated fully with the FSA. The FSA found that SG had acted in breach of its SUP 17 reporting requirements. SG also failed to retain and have available all relevant transaction reporting data, in breach of FSA rules to retain the data and make it available for at least five years. The FSA determined that SG’s failure was significant and warranted a significant penalty that would send a strong deterrent signal to the market. The FSA imposed a financial penalty of £1.575m (including a 30% discount for Stage 1 settlement). Comment In a sense, the case is nothing new. It is one of a number of recent significant transaction reporting cases (See First Edition of Enforcement Watch). The level of fine, however, is substantial and firms should take note of it. Transaction reporting is of course significant to the FSA. Transaction reports are used to detect and investigate suspected market abuse, insider trading and market manipulation, and these are key focuses of the FSA. The backdrop against which the case took place was the regular information given to firms by the FSA in its “Market Watch” publication. Should any further transaction misreporting cases pass through the system, one can expect the FSA to come down hard on them, especially against the background now of a reasonably large number of actions having been taken in respect of transaction reporting. The FSA fines Goldmans £17.5m 9 September 2010: Goldman Sachs were fined £17.5m following internal reporting failures and failures to report to the FSA regarding the SEC’s investigation of Fabrice Tourre. Details of the Case The Goldman Sachs Group includes a London-based entity (GSI) and a New York-based entity (GSC). GSC created a CDO product, Abacus, which in the UK was marketed by GSI. Fabrice Tourre was originally employed by GSC. He was part of the team at GSC which put Abacus together and which prepared the marketing materials. Tourre transferred to GSI in October 2007 and thereafter became an FSA approved person (CF30). In August 2008, the SEC began to seek information and documents regarding Abacus. This included GSI documents and evidence from GSI personnel. In July 2009, the SEC served a Wells Notice on GSC. In September 2009, the SEC served a Wells Notice on Tourre. The fact of the SEC investigation and the Wells Notices were known about by GSC's legal and compliance teams and also importantly by a number of senior managers and approved persons at GSI. The individuals at GSI assumed that, because Goldman Sachs Group was a global firm, other teams in GSI would be briefed if they needed to know. In fact, GSI’s systems and controls were not adequate to ensure that the information was provided to GSI’s compliance team. Those individuals in GSC with knowledge of the SEC investigation and the Wells Notices focused exclusively on the regulatory implications for GSC and did not consider what the regulatory implications for GSI might be. In April 2010 the SEC commenced proceedings in the United States against both GSC and Tourre. At that point, GSI Compliance was made aware of the position. The FSA found that GSI had breached Principle 2 (skill, care and diligence), and Principle 3 (management and control). GSI failed to have in place systems and controls to ensure that information was communicated to its compliance team, so that it in turn could consider what to disclose to the FSA about the SEC investigation and the Wells Notices (for example, regarding the fitness and propriety of Tourre to perform a controlled function). The FSA also found that GSI had breached Principle 11 (relations with regulators) by failing to inform them about the Wells Notice in relation to Tourre, which went to his fitness and propriety. Senior managers at GSI knew about this notice but failed to consider what regulatory impact this might have on GSI or to inform GSI compliance about it. Due to early settlement, the fine was reduced from £25m to £17.5m. Comment There are a number of important messages here. First, systems and controls is increasingly becoming a hot topic in enforcement, as a number of the cases covered in this edition of Enforcement Watch demonstrate. Second, regulatory reporting is very important to the FSA. Firms effectively act as front line policemen by self reporting, and the FSA is showing the importance it places on firms properly reporting to it. This case is one where the firm failed to report a matter which it might have been thought the FSA was already aware of. However, as the FSA literature has always made clear, this is no reason not to report. Third, the FSA will take seriously a firm's failure to report on an ongoing basis matters that go to the fitness and propriety of its approved persons. The level of the fine leaves firms in no doubt about the strength of FSA feeling.