Collective and individual accountability

176. On the extent to which the Board of the FCA was responsible for the events of 27 and 28 March, Simon Davis concluded that:

The position of the FCA, so far as regulated firms are concerned, is that the Board should be responsible for the overall policy for the identification, control and release of price-sensitive information.

The Governance Memorandum document adopted by the Board on 1 April 2013 (referred to in paragraphs 6.8, 6.9 and 6.10 above) reserves to the Board the maintenance of a sound system of internal controls and internal risk management.

The Board therefore bears collective responsibility for the inadequate controls which exist in relation to the identification, control and release of price-sensitive information.[239]

177. As far as the Executive Committee of the FCA was concerned, he concluded that:

The ExCo bears collective responsibility, together with the Board, for the inadequate controls which exist, but also bears collective responsibility for the failure to address the issues of price-sensitive information or market impact, or any other possible consequences of the revised approach to the Business Plan. It also bears collective responsibility for the pursuit of an inadequately controlled pre-briefing strategy and for the failure to react urgently and effectively on 28 March.[240]

178. We asked Clive Adamson whether he considered that Mr Davis's criticisms of the Board and the Executive Committee were appropriate. He said:

In themselves they are appropriate. It does raise quite difficult issues to think through about the governance of the organisation and who is accountable for what, particularly when put against the other provisions of the new senior managers' regime, which clearly we are in the process of working through. That does need to be thought about very carefully, I think.[241]

Mr Adamson suggested that the Chairs of the Risk and Audit Committees should have clear responsibility, "as we would expect for a regulated firm".[242]

179. The Senior Managers Regime, to which Mr Adamson referred in his evidence, was originally proposed by the Parliamentary Commission on Banking Standards, as the "Senior Persons Regime". It was intended to replace the current Approved Persons Regime, which the PCBS had concluded was "a complex and confused mess" that failed "to perform any of its varied roles to the necessary standard". In particular, the PCBS concluded that the APR did not "ensure that individual responsibilities are adequately defined".[243]

180. The Commission recommended that its proposed Senior Persons Regime should "provide far greater precision about individual responsibilities than the system that it replaces":

The new Senior Persons Regime must ensure that the key responsibilities within banks are assigned to specific individuals who are aware of those responsibilities and have formally accepted them. The purposes of this change are: first, to encourage greater clarity of responsibilities and improved corporate governance within banks; second, to establish beyond doubt individual responsibility in order to provide a sound basis for the regulators to impose remedial requirements or take enforcement action where serious problems occur. This would not preclude decision-making by board or committee, which will remain appropriate in many circumstances. Nor should it prevent the delegation of tasks in relation to responsibilities. However, it would reflect the reality that responsibility that is too thinly diffused can be too readily disowned: a buck that does not stop with an individual stops nowhere.[244]

181. The Senior Managers Regime was part of the Financial Services (Banking Reform) Act 2013. In July 2014, the FCA and PRA published a joint consultation paper in which they set out how they planned to implement the new regime. This included the following proposals for a 'Responsibilities Map':

The regulators propose to issue rules and guidance requiring firms to prepare, maintain and update a 'Responsibilities Map': a single document that describes the firm's management and governance arrangements.

Responsibilities Maps should also set out how responsibilities have been allocated, including whether they have been allocated to more than one person.

A key purpose of the Responsibilities Map is to ensure that, when looked at collectively, the allocation of responsibilities to a given firm's Senior Managers (as set out in their respective Statements of Responsibilities) does not leave any gaps in accountability.

A clear, comprehensive Responsibilities Map may also provide evidence that a firm is satisfying its obligation to have robust governance arrangements, which include a clear organisational structure with well defined, transparent and consistent lines of responsibility[…]

The FCA and PRA also propose requiring annual confirmation, from the firm's board, that there are no gaps in the allocation of responsibilities within the firm.[245]

182. In February 2015, the FCA and PRA published a joint paper which set out the approach they intended to take to the application of the Senior Managers Regime to non-executive directors in banking. This made clear that the regime would apply to those non-executive directors with specific responsibilities—including the Chairman, the Chair of the Audit Committee and the Chair of the Risk Committee.[246]

183. Simon Davis reached conclusions about the responsibility of certain individuals for the events of the 27 and 28 March. However, it is not clear from his report where individual responsibility lies for the failures of the FCA's Executive Committee and Board. Instead, he concludes that the Board and the Executive Committee are collectively responsible for their respective failures. This is a well-rehearsed and unfortunate mantra. The Committee has heard it often from regulated firms, and particularly banks. One of the key conclusions of the Parliamentary Commission on Banking Standards was that "a buck that does not stop with an individual stops nowhere". The Commission made recommendations intended to establish beyond doubt where individual responsibility lies at the very top of banks, which are now on the statute book as the Senior Managers Regime for banks. The FCA (together with the PRA) has brought forward detailed proposals for the operation of that regime. As the regulator, it should be capable of demonstrating that it is applying standards at least as high to its own senior managers. Mr Davis should have paid closer attention to individual responsibility in reaching his conclusions.

184. In response to recommendations of the Parliamentary Commission on Banking Standards, the FCA and PRA have proposed, as part of the Senior Managers Regime for banks, a 'Responsibilities Map': a single document that describes a firm's management and governance arrangements and allocates specific responsibilities to senior individuals. The Committee recommends that the FCA, and the PRA, draw up a 'Responsibilities Map' which allocates key responsibilities to individuals in their respective organisations. This document should be published. It should be compliant as far as possible with the SMR that the regulators require of banks.

Role of the Board

185. The FCA's website says that "the FCA Board keeps a close watch on how our business is operating and holds us accountable for the way we work."[247] A paper adopted by the Board, which describes the corporate governance of the FCA, describes the Board as follows:

The Board is the Governing Body of the FCA. It sets the FCA's strategic aims and ensures that the necessary financial and human resources are in place for the FCA to meet its statutory objectives. It provides leadership of the organisation within a framework of prudent and effective controls which enables risk to be assessed and managed. It also reviews management performance. The Board sets the FCA's own behavioural standards, for example through the Code of Conduct and the Corporate Responsibility Policy.[248]

This paper lists the different elements of the Board's role, which include "overseeing the discharge by the executive management of the day to day business of the FCA", "setting appropriate policies to manage risks to the FCA's operations and the achievement of its regulatory objectives" and "seeking regular assurance that the system of internal control is effective in managing risks in the manner it has approved". [249]

186. The Board delegates some of its functions to sub-committees. At the time of Simon Davis's report, these included:

The FCA's Audit Committee (the "Audit Committee"), whose responsibilities include reviewing and providing assurance to the Board on matters including the effectiveness of the FCA's internal controls. The Audit Committee's members as at 28 March 2014 were Sir Brian Pomeroy (Chair), Ms Davidson, Mr Harker and Mr McAteer; and

The Risk Committee, whose responsibilities include reviewing and exercising oversight of the risks to the FCA's statutory objectives and making recommendations to the Board in relation to such risks. The Risk Committee's members as at 28 March 2014 were Mr McAteer (Chair), Ms Fletcher, Ms Platt and Sir Brian Pomeroy.[250]

187. The FCA told Simon Davis that its Audit Committee had approved an audit plan for 2014/15 on 6 March 2014. This plan included, as an item to be reviewed in the period January to March 2015:

Effectiveness of the internal and external communications strategy: This review will focus on the strategic approach to, and the key controls over, internal and external FCA communications including prioritisation of messages and alignment with organisational strategy.[251]

188. We asked Simon Davis whether he had had an opportunity to review the Board's risk register. He said that he had, but that he was "virtually certain it did not have anything of any relevance" to the events of 27 and 28 March.[252] He told us that he had interviewed the Chair of the Audit Committee, Sir Brian Pomeroy, and that the Audit Committee had:

[…] looked at the internal controls within the UKLA so far as those related to the management of price sensitive information—and that was based, as I understand it, on the starting point that that is the part of the organisation which is most likely to have price-sensitive information regularly coming within it—but that work had not yet taken place in relation to any other areas of the organisation. I have not concluded that this was a failing on the part of the audit committee. What I have said is that the audit committee should now get on with it and look very much at that area.[253]

189. In his oral evidence, Clive Adamson explained to us that risks were not normally discussed by the FCA's Board. Instead, the Board received an oral report from the Chair of the Risk Committee. He could not recall an incident like that of 27 and 28 March having been identified as a risk. He explained that "the tone and contents of communications and the risks arising from that are embedded in each piece of work, rather than a general risk about tone."[254] On the question of what lessons could be learned by the FCA from this incident, he believed that "the board did not have sufficient oversight over the control framework in the organisation".[255] He proposed that "at least the question should be asked whether the board should have more intensive oversight over the executive".[256]

190. Asked for his assessment of the Board's management, in the light of the events of 27 and 28 March, John Griffith-Jones told us that he considered it to be "unlikely or negligibly possible that the board could have spotted what was about to happen happening".[257] Instead, Mr Griffith-Jones considered that the key question was whether the Board was "as effective as we could be or should be around systems and controls and, in particular, around risks".[258] He acknowledged that, while the Board did have a risk register, "the risk register did not have on it the precise thing that happened".[259] He said that the most relevant risk on the risk register was "risk number 1544, which read, "Before the incident, reputation is damaged due to classified information being leaked by employees"."[260] He conceded, however, that this risk was focussed more on "illegitimate use of leaking as opposed to inadvertent use of leaking."[261]

191. John Griffith-Jones accepted that "the risk register is clearly defective or was defective at that time in this particular locale."[262] He thought that there were two reasons for this:

One is that as a board it is more difficult to establish what is not there that should be rather than to review what is there and comment on whether it is precisely stated. The fact is it was not there.

The second supporting reason at least that affects my view is I was aware from the day I joined the organisation how much attention was paid to controlling information in the building, not the press part of it but everything else. I was rather aware of a high degree of understanding about price sensitivity, somewhat mistaken as it turns out. The combination of it not being there and a feeling that this was not an area that was underrepresented in importance I suppose gave us a false degree of comfort.[263]

192. Mr Griffith-Jones told us that the Board had conducted a review of its own effectiveness at the end of the FCA's first year in operation—that is, shortly after the events of 27 and 28 March occurred. He described this as "just the coincidence of timing".[264] He said that this review had produced, in his view, "a satisfactory answer".[265]

193. Simon Davis concluded that the FCA's Board was responsible for the inadequacy of the FCA's controls on the identification, control and release of price sensitive information. But it is also clear from Mr Davis's report that the Board of the FCA failed in its oversight of the FCA's executive and that it failed to identify the risks inherent in the FCA's communications strategy—risks that materialised on 27 and 28 March. It is therefore surprising that the Board's review of its own effectiveness, conducted shortly after this incident, produced what its Chairman described as a "satisfactory answer". The Board must, as a matter of urgency, commission an external organisation to conduct a review of its practices and effectiveness. This review should consider in particular the Board's approach to the identification and management of risk. The results of this review should be published.

240   Simon Davis, Clifford Chance, 'Report of the Inquiry into the events of 27/28 March 2014 relating to the press briefing of information in the Financial Conduct Authority's 2014/15 Business Plan', 20 November 2014 (published 10 December 2014), para 19.11 Back

241   Q 190 Back

242   Q 192 Back

243   Parliamentary Commission on Banking Standards, First Report of Session 2013-14, Changing banking for good, HL Paper 27-I/HC 175-I, paragraph 564 Back

244   Parliamentary Commission on Banking Standards, First Report of Session 2013-14, Changing banking for good, HL Paper 27-I/HC 175-I, paragraph 616 Back

245   Financial Conduct Authority and Prudential Regulation Authority, Joint Consultation on 'Strengthening Accountability in Banking', 30 July 2014, paras 2.67-2.71 Back

246   Financial Conduct Authority and Prudential Regulation Authority, Joint Consultation on 'Approach to non-executive directors in banking and Solvency II firms & Application of the presumption of responsibility to Senior Managers in banking firms', February 2015, para 1.2 Back

247   FCA, The Board, accessed 25 February 2014 Back

248   FCA, Corporate Governance of the Financial Conduct Authority, published May 2014 Back

249   FCA, Corporate Governance of the Financial Conduct Authority, published May 2014 Back

250   Simon Davis, Clifford Chance, 'Report of the Inquiry into the events of 27/28 March 2014 relating to the press briefing of information in the Financial Conduct Authority's 2014/15 Business Plan', 20 November 2014 (published 10 December 2014), paras 16.10.1 and 16.10.2 Back

251   Simon Davis, Clifford Chance, 'Report of the Inquiry into the events of 27/28 March 2014 relating to the press briefing of information in the Financial Conduct Authority's 2014/15 Business Plan', 20 November 2014 (published 10 December 2014), para 7.47 Back

252   Q 109 Back

253   Q 110 Back

254   Q 183 Back

255   Q 189 Back

256   Q 190 Back

257   Q 560 Back

258   Q 560 Back

259   Q 560 Back

260   Q 561 Back

261   Q 561 Back

262   Q 564 Back

263   Q 565 Back

264   Q 559 Back

265   Q 559 Back