Evidence heard in Public

Questions 2992 - 3068



This is an uncorrected transcript of evidence taken in public and reported to the House. The transcript has been placed on the internet on the authority of the Committee, and copies have been made available by the Vote Office for the use of Members and others.


Any public use of, or reference to, the contents should make clear that neither witnesses nor Members have had the opportunity to correct the record. The transcript is not yet an approved formal record of these proceedings.


Members who receive this for the purpose of correcting questions addressed by them to witnesses are asked to send corrections to the Committee Assistant.


Prospective witnesses may receive this in preparation for any written or oral evidence they may in due course give to the Committee.

Oral Evidence

Taken before the Parliamentary Commission on Banking Standards

on Tuesday 29 January 2013

Members present:

Mr Andrew Tyrie (Chair)

Baroness Kramer

Mr Andrew Love

Mr Pat McFadden

Lord McFall of Alcluith

Examination of Witnesses

Witnesses: Tracey McDermott, Director of Enforcement and Financial Crime, Financial Services Authority, and Graham Nicholson, Chief Legal Adviser and Adviser to the Governor of the Bank of England, examined.

Q2992 Chair: Thank you very much to both of you for coming to give evidence to the Commission this afternoon on this tricky subject. Could I begin, Tracey McDermott, by asking you why, apart from the Pottage and the Cummings cases, there have been so few actions against the most senior executives at large banks?

Tracey McDermott: The reasons are partly to do with the difficulties of establishing the evidence when you have large organisations in which a number of decisions are, quite properly, made by committees, so attributing individual responsibility for those decisions can be difficult. They are also partly to do with the problems of complexity in structures and a lack of clarity in structures about which senior management are directly responsible for individual decisions. They are also partly about the fact that the test for taking enforcement action is that we have to be able to establish personal culpability on the part of the individual, which means falling below the standard of reasonableness for someone in their position. The way in which our guidance is drafted makes it very clear that we will not hold somebody to account simply because there is a failure on their watch, particularly if they have properly delegated and so on.

We have been focused on this for some time. We have taken the two actions that you referred to. Obviously, Cummings resulted in a final notice. Pottage resulted in the tribunal deciding that actually Mr Pottage had behaved in accordance with the standards. We have also taken some other action against senior individuals at large firms, but not the banks. An individual called Mr Kumagai, who was a CEO of Mitsui, was fined last year and prohibited for failures in running that institution. We also took action against an individual called Corr, who was involved in Welcome Finance and the listed entity Cattles, in relation to issues around the markets. So there are a few cases, but they are a relatively small number, despite us having focused on this quite hard.

Q2993 Chair: You listed three main reasons. Others will go into some of this in more detail, but let’s just have a quick look at each of those. Just taking the middle of the three that you cited: the problem in identifying who is actually responsible in the decision-making process. Can’t regulators put in place rules that require them to set out clearly, each time they take a decision, who carries the can for what? If that is the case-it seems to me perfectly possible for that to be done; it is done in the military when decisions are taken, as well as in many other walks of life-why have not the regulators already put that in place?

Tracey McDermott: I don’t think you could have a rule specifying that every single decision has to have a person attached to it. One of the issues in a lot of these cases is that to found disciplinary action, it is not usually one decision-it is a whole series of decisions. What the regulator can do-this is one of the things we are focused on at the moment-is to try to ensure that there is more clarity of responsibility for decision making. One of the problems we often find when we start enforcement action is that we start asking questions and people can’t tell us who was in charge. One of the things we are piloting at the moment is doing what we are calling a SIF audit, where we are asking firms to tell us specifically who is responsible for particular major areas of their business. Obviously, we are coming at it from a conduct perspective. We can do that within the existing guidance, but I am not sure that a specific rule would be particularly easy to draft, because as so many millions of decisions are made each day, you wouldn’t necessarily want to get into all of those.

Q2994 Chair: We will not go into the detail of that now in any case; this is just an initial round of questions.

On the question of individual versus corporate responsibility, again, why can’t it be clearly understood, if you are the most senior man, that you are carrying responsibility, that it is your job to go and find out how those decisions are being taken, and that if you do not know, you could, none the less, be responsible?

Tracey McDermott: There is a distinction between what you might call accountability and culpability. At the moment, the guidance is based around personal culpability, rather than simply saying that we will hold someone to account just because it happens on their watch. In fact, we specifically say the opposite. There are issues around fairness if you simply say that you are responsible for everything that happens, regardless of whether you had done everything in your power to prevent that happening, but there is a ground in between where we are now and that extreme, as you articulated it, which is where we need to be looking for the future.

Q2995 Chair: I am sure you accept that one of the reasons why the public are so deeply upset is not just because they have written a huge cheque, but because a number of people seem to have walked away with a very great deal of money, even though they appear to have committed wrongdoing by any common-sense use of that term, yet seem not to have been punished. You do accept that that is a major problem that we have at the moment in public life and in financial life?

Tracey McDermott: Yes, I think it is an issue of very serious concern to us as regulators, as well as to the public generally. We need to ensure that people not only get the upside, but suffer some of the downside. We have not been able to hold people to account. As I have said, this is about the evidence. We can only take disciplinary action in accordance with our rules and processes at the time and in accordance with the evidence. You are rightly asking whether that is sustainable for the future, and I think that the answer is no. The question is where we go to next. I reiterate that it is very important to ensure that the rights of individuals are also protected through this process, and the fairness of the process needs to be something that stands up to challenge.

Q2996 Chair: We would like to see a few individuals prosecuted so that those protections of the individual can come into play, because it seems that they have not very much so far and that seems to be part of the problem.

You are recognising that there is a deep problem-and a wider one-of public perception. Clearly you speak on behalf of a collective and you have to get decisions through your organisation, but have you got a back pocket full of suggestions of how we can do this? If you want to spill them this afternoon in the privacy of this room, we would be very grateful to hear them.

Tracey McDermott: And the millions of people watching on the internet.

The question of how we make the SIF regime, as we have been calling it, or the approved persons regime more effective is something that we have spent quite a lot of time discussing within the FCA as part of our planning for how we move to the future. There is a commitment across the senior management of the FCA-it is not just me saying this-to make this something that can work better. That is about not just the back end of enforcement and prosecution, but how we make the regime work from the moment of authorisation so that people realise that being an approved person comes with responsibilities and duties that are wider than the duties to your shareholder. It is about how we supervise-the point you made earlier-how we actually ensure that firms are focusing on who is responsible and then how we discipline. I do not have a magic wand; I do not think that there is one, to be perfectly honest. In large organisations, when you are talking about judgments, competence and standards of negligence, it will always be tricky, but we could probably make it easier for ourselves by focusing more on it from cradle to grave, not just at the enforcement end, and also through some of the suggestions we have talked about in our submission, such as extending the ability to take action against people who may not be approved and potentially giving ourselves more time to do these cases when we investigate them. There are definitely things that we can think about, but there are tricky issues around fairness and human rights that also need to be factored into it.

Q2997 Chair: And you are agreeing too, are you, that the approved persons regime has been something of a toothless tiger?

Tracey McDermott: I don’t think I would say that it is a completely toothless tiger. An interesting figure-in relation not to large banks, but to other enforcement actions-shows that we took more disciplinary action against individuals last year than we did against firms.

Q2998 Chair: I am sorry. I should have qualified that by saying, "With respect to these senior executives."

Tracey McDermott: In relation to the large institutions-the large banks and other large financial institutions-it has proved extremely difficult to get at the people at the top.

Q2999 Chair: I have been told repeatedly privately that it is easier for you to get at the little guys; it is the big guys you have trouble with.

Tracey McDermott: The evidence is much easier. The smaller the organisation and the more straightforward the lines of accountability, the clearer the evidence typically is, so I would accept it is easier. That does not mean that we have not put a lot of effort into trying, but clearly we need to look at it again to ensure that it can be effective against the bigger firms as well.

Q3000 Lord McFall of Alcluith: When did the FSA start to establish an accountability chain of command for companies? In response to the Chairman, you mentioned individuals being made responsible. When did you start making an accountability chain of command so that you knew who was responsible, because that seems a very recent thing?

Tracey McDermott: It is quite a recent thing in a formal sense, and it is in a formal sense that we need to do it. Clearly, in individual instances, with individual supervisors and individual firms, there will have been discussions, but in the past couple of years-I can write to you with the precise date, but I am afraid I do not know it-we have started asking, when we ask the firm to take remedial action, for instance after a visit, for the name of the person who is going to be accountable for the delivery of that.

As I said, we have started piloting with one firm what we have called a SIF audit, saying "Who is responsible for x?", when x might be complaints handling or something else.

Q3001 Lord McFall of Alcluith: I find it astonishing that the FSA had not established an accountability chain of command from the very beginning. I put it to you that, as an institution, you have been subject to regulatory capture. When I say regulatory capture, I am talking about the process being repeatedly directed away from the public interest towards the interests of the regulated industry.

Tracey McDermott: I would not accept that.

Q3002 Lord McFall of Alcluith: Why don’t you accept it? Look at the litany of charges: at HBOS, one person has been charged; on PPI, one person has been charged-and it was a furniture shop, not a bank. I would suggest to you, Ms McDermott, that the public interest is not being served by the FSA. Whether it is cultural capture or whatever, the FSA has been subservient to the interests of this industry.

Tracey McDermott: On a slight technical point, it is actually seven individuals in relation to PPI, but they are not large banks, so it is not really substantively-

Q3003 Lord McFall of Alcluith: Exactly. But the large banks are responsible for what could be £40 billion-in other words, a systemic problem for the banks.

Tracey McDermott: The point I accept-I accepted it in response to the Chairman’s question-is that we have not been as effective as we want to be and we need to be in the future in holding individuals to account. The point I do not accept is that that is due to regulatory capture. I think that we have learned a lot over the past number of years. Maybe you could say, "Yes, we should’ve done this right from the beginning," but we did not think that was necessary then. We are trying to do it now, so I do not think that this is because of regulatory capture.

Q3004 Lord McFall of Alcluith: Why didn’t you think it was necessary to hold individuals to account? Give me your definition of good corporate governance. What is it?

Tracey McDermott: I will have to think about that one, sorry. I suppose my definition of good corporate governance would be an organisation that is well run and well managed, in accordance with proper ethical and business corporate standards. I do not think that we ever said-

Q3005 Lord McFall of Alcluith: Okay. That being the case, I will give you Bob Diamond’s definition of good corporate governance: doing things when others are not looking. That comes from the top, but you, as an organisation, have failed to tackle those at the top. We have seen a litany of people before us on that. You are really playing about at a middle level and groping about in terms of holding people accountable.

I think it needs some-almost dramatic-statement by the FSA to say, "Well, we have been remiss in the past. We have been captured by this industry and therefore there is something that we have got to do to show that we are independent and we have an integrity of our own." I would suggest to you that the integrity of the FSA has been lacking, whether we are talking about PPI or holding people accountable.

Tracey McDermott: I am sorry, but I simply cannot accept that the FSA has been lacking in integrity or that the FSA has been subject to regulatory capture.

Lord McFall of Alcluith: Operational integrity.

Tracey McDermott: The FSA has attempted to hold people accountable. I would accept, as I have already said, that we have not succeeded at doing that. We are now looking to see how we can do that better. You can say that we should have done that sooner-that is an absolutely fair point-but I do not think that it is fair to say that that was down to regulatory capture or a lack of integrity on the part of the FSA.

Q3006 Lord McFall of Alcluith: How confident are you that you will be able to hold individuals to account in the future, and that when something goes wrong, it will be those people at the top who take the responsibility, rather than those further down the line?

Tracey McDermott: I am absolutely confident that we will be doing everything we can to try to do that.

Q3007 Lord McFall of Alcluith: That is not an answer.

Tracey McDermott: These cases will always be difficult. The reality is that it is always going to be difficult to take cases against individuals when you are looking at issues of competence. It is something which has a huge amount of focus for us, as I have said, across the organisation; not just enforcement. I am confident we will do better.

Q3008 Lord McFall of Alcluith: All right. The thing is that for constituents-I am not an MP any longer-if an individual had excess drink on a Saturday night and broke the window of the local Co-op, they would be in the sheriff court, or whatever the equivalent court is here, and therefore a fine or an imprisonment would be handed out. There is a clarity in terms of the law in that area. You are telling me that when it comes to millions or billions of pounds, a lack of clarity means that there is no guarantee or no disposition towards prosecution, and it is something we will just have to live with.

Tracey McDermott: No, I am not saying that. Actually, I think that if you look at our track record, as I have already said, we fined more individuals than firms last year. We also sent 11 people to prison, primarily for insider dealing. Prior to 2009, that offence had largely not been prosecuted in this country, and had not been prosecuted successfully. We have shown that we can do that. That took a huge amount of work and effort, and a huge amount of building up our resources.

We are applying the same approach to SIFs, but a case of someone breaking a window, in which the evidence is actually relatively simple, is very different compared with looking at, for instance, the collapse of a major financial institution with regard to how the decisions were made and which had causal links. I am not saying that as an excuse, but I am simply saying that there is not a direct analogy.

Q3009 Lord McFall of Alcluith: Okay. Regarding HBOS, why was just one individual singled out there, given that there was a corporate responsibility? What was so special about just one individual?

Tracey McDermott: The reason we took action against Mr Cummings was in accordance with what we have been trying to do-and what I think this Commission is saying it wants us to do-which is to hold senior management to account. We looked at the issues around the corporate part of HBOS because that was where very significant parts of the losses were, and we were satisfied that we had the evidence in relation to that to demonstrate personal culpability on the part of Mr Cummings. We therefore took action against him, as set out in the notice.

Q3010 Lord McFall of Alcluith: Yes, but Mr Cummings went to the board and his decisions were verified by the board. Do you agree with that?

Tracey McDermott: Mr Cummings went to the board and his decisions were looked at by the board, but Mr Cummings, as we set out in the notice, was the person who had the detailed expertise in that area of business. He was the one who was providing information to the board, and the board placed a great deal of reliance on his expertise as the person who was running corporate and the person who knew that business better.

Q3011 Lord McFall of Alcluith: So are you saying the board was misled?

Tracey McDermott: I think we do not go so far as saying the board was misled; I think we say that Mr Cummings was personally responsible because he understood the business better and was responsible for the decisions that were being made.

Q3012 Lord McFall of Alcluith: And those who heard that information were not responsible, even though they should have made up their mind and they had obligations under Acts of Parliament.

Tracey McDermott: We have not concluded that people other than Mr Cummings were personally culpable.

Q3013 Mr McFadden: Ms McDermott, I want to continue on this theme of the balance between individual and corporate responsibility. When you gave evidence a couple of weeks ago, you said something that I think disturbed some of us and got us thinking. You had been asked specifically about the UBS investigation and why the trail had not gone higher. You said: "What you do in an investigation is follow where the lines of inquiry take you… you will start working up from the bottom to get through the process, and see which direction you are pointed in, in terms of who are the people with responsibility and who are the people who are aware." I want to ask you about this question of awareness and ignorance. It looks as though there is an incentive for senior people and directors in banks to be ignorant of what is going on in the company, because when the regulators come calling-if your approach is to follow the e-mail trail and who was taking part in a particular chatroom conversation-if, as a senior staff member or director, I can make sure there is nothing with my name on it, you do not come after me, according to this philosophy of investigation. Do you accept that ignorance is serving senior staff and directors well when it comes to that style of enforcement action?

Tracey McDermott: I think it is important to bear in mind two things: the purpose of enforcement actions as opposed to other regulatory action-enforcement investigations as opposed to discussions you may have in a supervision context-and also different sorts of investigations. In relation to LIBOR, we were looking at specific misconduct by a large number of individuals. When you looked at the way that was done and the way the systems and so on worked, there was actually no reason to believe that the senior management would be involved, and it was clear that the trail was going to peter out there.

If you are looking at a case such as with Cummings and HBOS, you are looking at the way in which the firm was managed and run, and you do talk to senior management. If people cannot show you that they have appropriately delegated and appropriately understood their committees, there would be a course of action against them. It is very much a case-specific issue. I entirely understand the point that if you can put up a "hear no evil, see no evil" defence and that gets you off the hook, that would not be a desirable course of events. That was not what I was trying to say. I was trying to say that in an investigation, when you are using your full powers, you obviously follow the evidence.

Q3014 Mr McFadden: I am disturbed in a way by this, because you are repeating this. In the LIBOR situation, as you said a couple of weeks ago, you follow the e-mail and audit trail of who knew what. It cannot be right. We are told that there is a model with three lines of defence to ensure compliance with the rules in banks, with front-line staff being the first line, compliance units being the second line-I will leave them aside at the moment, but they have obviously had serious failures in this-and the third line being the board. It cannot be right if the defence of the third line of defence is, "We did not know what was going on in our company."

Every senior person from UBS who was sitting where you are now said that a couple of weeks ago. They all said they knew about your enforcement action only when they read it in the newspapers. I find it disturbing that that modus operandi can be legitimate for senior staff. We are talking here about two chief executives of the UBS Investment Bank, and you are basically saying that they are okay to say that and that you do not follow it when there is no e-mail trail leading to them. That cannot be right in terms of compliance, governance or leadership.

Tracey McDermott: I am not intending to say that an e-mail chain is the only thing that takes you there.

Q3015 Mr McFadden: Why did you never question any of those senior staff?

Tracey McDermott: We did not question any of those individuals because there was no evidence that they had any knowledge. That was not just due to the e-mails; it was due to the way in which the system worked and the way in which the submission process worked, which we did investigate in detail. It was due to the evidence we had from people we did interview. The reality is that there are things that go wrong within firms that the senior management will not know about-that is a fact.

Q3016 Mr McFadden: But don’t you take a view as a regulator about what that says about the culture and the leadership in the organisation?

Tracey McDermott: And that was why I was distinguishing at the beginning of my answer between what you do within the context of an enforcement investigation, when you are seeking to gather evidence to take disciplinary action, and what you do in relation to supervision and regulation. I think that I said when I was here before that I was surprised that they had said that that was the first time they had heard anything about it, but I am not on the supervisory side, so I am not able to question and challenge that.

As part of our normal supervisory interaction-certainly, this will be part of the FCA’s interaction going forward-part of the discussions with senior management are about what happened and what that shows. Actually, this is not the only problem that UBS has had; there have been several problems. What does it show about the culture, what does it show about the controls and what does it show about the management?

In several instances, that might get you to say, "Actually, there is enough here to show that there has been a failure." In other cases, it might be about saying, "Well, there is not necessarily a failure for which you are culpable in a disciplinary sense, but clearly you need to shape up and sort things out." I absolutely agree that there is a place for the regulator to be talking to senior management to understand why they know what they know, and why they don’t know what they don’t know-sorry, that is a rather inarticulate sentence, but you get the point-but that is not necessarily what you do in the context of a disciplinary investigation.

Q3017 Mr McFadden: I still think there is a gap here-both a philosophical gap and a gap in practice. If you are effectively saying that, in an enforcement action-I don’t want to put words in your mouth; you can sum it up in your own way-you do not regard it as your job to go to senior management unless there is evidence of their direct involvement in the malpractice, that lets them off the hook with regard to leadership, compliance and culture. I am afraid it renders this concept of three lines of defence absolutely worthless.

Tracey McDermott: What I am trying to say-possibly not very well-is that it depends on a case-by-case assessment. In some cases, the first people you talk to are the senior management; in other cases, they are not. You have to make a judgment in relation to the facts of the case and where you believe the evidence is going to take you. You can spend an awful lot of time talking to a lot of people and producing nothing that actually takes your investigation any further forward. You have to have a balance. If you are doing an investigation, the purpose for which investigators are appointed is to investigate with a view to taking appropriate disciplinary action. There has to be a balance between the amount of time you spend focusing on certain aspects and the amount of time you spend on others. That will depend on the nature of the case.

Q3018 Mr McFadden: Do you think the current system of enforcement is fit for purpose?

Tracey McDermott: The current system of enforcement in what sense?

Mr McFadden: The system that you have been describing to us and how you operate it.

Tracey McDermott: I think the way in which we operate the system is fit for purpose. You have to bear in mind that enforcement action is about gathering evidence; it is not simply about holding people to account.

Q3019 Mr McFadden: Do you think the system is fit for purpose?

Tracey McDermott: I think the system is fit for purpose. As I have already said, there are issues around our ability to hold senior individuals to account-we need to look at that-but I don’t think that is due to the enforcement process not being fit for purpose.

Q3020 Mr McFadden: Can I ask you one final thing? Last week we had the US regulators in here-or in one of these rooms where we live. In summary, they said they ban north of 100 people a year from working in the banking industry. Their powers go from the chief executive of the bank right to the front person on the desk selling an insurance policy or whatever. When they ban someone, they are not just banned from an approved function; they are banned from working anywhere in the industry. Don’t those numbers, and that breadth and scope of application, show a huge contrast between what is happening there and the handful of individuals you have been able to take enforcement action against in the UK?

Tracey McDermott: No, I don’t think they do, actually. It may not surprise you to know that I spoke to Richard Osterman after he gave evidence to make sure I understood the exact nature of what they were doing. In terms of our numbers, we have prohibited more than 250 individuals in the last few years-39 last year; 70-odd the year before.

Q3021 Mr McFadden: What is the nature of the prohibition?

Tracey McDermott: The prohibitions vary. The majority are what we would call a full prohibition, which basically says you cannot do anything connected with any firm that does regulated activity. It is not just that you cannot do a control function; it is actually wider. Sometimes there are partial prohibitions, which say only control functions, or even only certain control functions-senior management control functions, for instance. If it is a competence question rather than an integrity question, we may determine that somebody is not fit to be a CEO, but okay to be an adviser. In a disciplinary context, we have also cancelled the permissions of about 42 small firms.

The big distinction between the FDIC’s actions and ours is that the FDIC’s constituents are largely smaller institutions. As you know, the US has a significantly higher number of banks than we do-I know that is another question that the Commission is particularly interested in-a much higher number of bank failures, and a much more sophisticated resolution regime for those small banks. They are focused on the smaller institutions for which, as I have already said, it is actually much easier to find evidence. That is a practical matter, because the chains of command are shorter. If you look at the larger US institutions-the ones that failed, such as Lehman’s, or those that were bailed out-there has not been any enforcement action that I am aware of, and I have checked this with the Americans, against the senior management of those institutions.

Q3022 Mr McFadden: So you don’t really see much difference in approach between the UK and the US in these matters.

Tracey McDermott: I think that historically there has been a very significant difference in approach between the US and the UK, in that the US has historically used enforcement far more actively as one of the tools that the regulator uses. We have changed in that regard significantly over the past few years, and we do use our powers to prohibit people. Their numbers are still bigger, even with the numbers I have given-they are not huge orders of magnitude bigger, but they are slightly bigger than ours. That, I think, is a product of the size and scale of the business.

Q3023 Baroness Kramer: I am going to stay with this, if I may, because I am quite troubled by what still seems to be an inherently passive approach to the use of enforcement powers. I lived in the United States for some years and saw-not within the banking industry, but outside of it-enforcement bodies investigating alleged misdoing. Part of the discovery process in each of the cases that I am aware of was that they immediately interviewed senior management and chief executives, typically with lawyers present and frequently under oath. It was seen as absolutely crucial to get a discovery process that was complete and also one that was a deterrent.

I look back at UBS. As Pat McFadden said, we heard testimony from one executive after another saying that they were so separated from the enforcement action that they did not even know that it was taking place. They appeared not even to know that the underlying LIBOR abuse was taking place, despite everything in the newspapers-they thought it clearly couldn’t possibly have been affecting their bank-and they were full of surprise at the articles that they had read just weeks previously. You look at the history of UBS, and it is one crisis after another: wealth management, the purchase of the highly flawed sub-prime book, LIBOR manipulation by traders of yen LIBOR, and manipulation of LIBOR in order to enhance the public reputation of the bank. All that, for a period of time, benefited those executives by producing the profitability that contributed to their absolutely massive salaries and bonuses, yet no enforcement during any of that period appears even to have put one of those individuals to interview, and you are defending that whole strategy and approach. I find that exceedingly difficult.

Is there any thought in your head that, had there been an attempt at enforcement that chose a forceful attitude towards discovery, perhaps at the time of the first of these abuses, we might not have had the later abuses, and there might have been the capacity to force that bank to make sure that the supervisory side was aware that a structure was in place whereby, essentially, senior management were not managing the bank at all, as far as we can tell?

Tracey McDermott: May I say two things in response to that? First, the action we took against UBS, as I know you are very well aware, was taken in conjunction with action taken by the CFTC and the DOJ. All the interviews that were done in relation to UBS, and indeed other cases, were done jointly by the relevant regulators. The US adopted the same approach to discovery in relation to UBS as we did. That is the approach that you take in an enforcement case.

Q3024 Baroness Kramer: I just want to ask you about that. When we raised that question at the earlier hearing, I think it may have been Mr Sants-I do not want to put words in his mouth-who left me with the impression that I had been very wrong in suggesting that the United States was taking a lead role in this, and that it was in fact the UK authorities, the FSA, that took the lead role and therefore essentially determined that framework and parameter.

Tracey McDermott: I cannot quite recall the specific exchange. The points that we were trying to make were that this investigation was not something that the US did and we just tagged on at the end. This has been very much something that we have been doing with the US-certain aspects we have been leading and certain aspects they have been leading. As for interviews-decisions on whom to interview, when to interview them, where to interview them and how that is done-they have been done jointly. That is partly for reasons of efficiency, because it is far more efficient to have one set of interviews than three or four. It is also partly for fairness to the individuals, but that has been an investigation strategy. It has not been the case that the CFTC has been saying that it would like to interview people and we have been saying, "Oh no, please don’t interview them." There are a number of very experienced investigators-the FSA, the CFTC and the FBI from the DOJ-deciding who should be interviewed in terms of gathering the evidence. It is not a situation where the US and the UK have a completely different approach in relation to this specific case.

In relation to the firm and the action that was taken, the firm-as I have said, I am not a supervisor and as into the detail as others might be-had a number of changes of management over that period, several of which were responses to regulatory pressure and failures that had happened. Clearly, it is very apparent now that they did not get it right until later. I am not sure whether it would have made a difference had we interviewed the people who were already being pushed out of the door at an earlier stage.

Q3025 Baroness Kramer: What I am concerned about is whether there is some kind of regulatory deference to senior executives and board members that makes it far more comfortable to tackle the narrowest possible question that can be asked, rather than using an enforcement perspective that looks at the broadest possible question that could be asked. That is what it sounds like.

Tracey McDermott: This is, again, not to do with regulatory deference. I can assure you that my team and I have absolutely no qualms about talking to very senior individuals and board members, and interviewing them-we do that on a daily basis. But there is a question in each individual case as to what is the appropriate route. One of the things that we are focused on is ensuring that cases do not become sprawling things that never actually reach a conclusion, and that means that you have to focus on which areas that you want to spend your energy on. Clearly, senior management is an area that we have focused on, and it is an area in which, in many cases, we do interview CEOs and senior management. It depends on the nature of the case and on the judgment made, but it is not to do with regulatory deference. I am confident that there is no one in my area who has ever decided not to interview someone because they are senior.

Q3026 Baroness Kramer: If you were looking at this again-coming at it from this end of the telescope, rather than from the end where you started-would you still constrain your investigation to the range that you used in the actuality?

Tracey McDermott: In relation to LIBOR specifically, we would focus where we have focused. I do not think that the individuals who are sitting before you would have been people whom we would have interviewed. There is a perfectly valid and wider question as to knowing the extent of failures across different parts of the UBS business, and whether there could be a different approach going forward to how you look at cumulative failures and what that says in terms of looking at root causes. That is something that we are consciously looking at now in relation to other firms, but I do not think that we would have done something different in relation to LIBOR.

Q3027 Mr Love: Ms McDermott, the FSA’s written evidence to the Commission says that "allocating responsibilities across significant influence functions" will "provide a firmer starting point for taking formal enforcement action against individuals where shortcomings are material". How far can we hope to go with that?

Tracey McDermott: As I have said, it will always be difficult when you are talking about judgments and questions of whether something was reasonable in all the circumstances, but we believe that that will make it easier. It will certainly give you a better starting point, in terms of enforcement action. Possibly more importantly than that, picking up on a point made earlier by Lord McFall, it will also mean that the firms themselves may be more focused on who is actually accountable. That may mean that they take more care in the way in which they do things. I would certainly hope that it will make a difference, but I do not think I can tell you that there is a panacea that is going to make this easy, because it is always going to be tricky.

Q3028 Mr Love: Let’s look back: would having allocated responsibilities over the past 10 years have made it easier to take enforcement action? For example, when the banks got into trouble, or over PPI mis-selling, would that have made a material difference to the enforcement role you were playing?

Tracey McDermott: It could have done. Obviously, each situation would be very much fact-specific, but clearly if you had someone who you could point to who was responsible for assessing the PPI complaints process as part of the remedial action, and if the firm continued to fail to deal with complaints properly, that would make it easier to identify the person you should start with. It then almost becomes a question of them having to establish why what they did was reasonable, as opposed to rooting around. So, yes, it would have made it easier, but I cannot categorically say that it would be a silver bullet, because I do not think that one exists.

Q3029 Mr Love: How about broadening the range of individuals who should be covered by the approved persons regime. Do you think that that would help?

Tracey McDermott: The reason we have asked for that, and why I think it would help, is not so much to do with the very senior management within large banks, because they would already be within the approved persons regime. It would actually deal with a potential gap in the bit between those at the front line, customer-facing, and those in the boardroom, where quite often those people do not need to be approved under the current regime. We can still prohibit them-we can take action to ban people if they are not fit and proper, whether they are approved or not-but we cannot fine them or take disciplinary action against them. So you will have situations where, for instance, some of the individual derivative traders in LIBOR will have been approved and others won’t, so some of them might be liable to be subject to a fine, but others will not.

We are proposing that it would be useful if the situation was such that if you work within a financial institution doing regulated activities, regardless of whether you need to be formally approved or not-obviously there are lots of costs in the formal approval process-you should be liable for discipline. That may have the added benefit that if you are applying a regulatory code to all individuals, you would expect them to be told about it, which may help to drive up standards of professionalism and make people realise that there is a wider picture to what they are doing than just what they do on a day-to-day basis to make money for the bank.

Q3030 Mr Love: Let me take a specific example of why we are interested in widening the scope. We have tried to find out who was responsible for product design, particularly in PPI, but have not been able to do so. Would widening the scope of those covered help us to find out who is actually responsible for the failures in banks?

Tracey McDermott: That is probably more to do with the first point about clearer lines of accountability. On the question of identifying, from a conduct perspective rather than a prudential perspective, one of the areas where you would want to ask who is actually responsible would be around product design. Another would be around complaints handling and so on. It is about the accountability.

Q3031 Mr Love: Only in the sense that, as far we could gauge, some of the people who were responsible for what went wrong with PPI were quite far down the food chain, if I can put it that way. If you don’t cover widely, you won’t be able to find out who takes responsibility.

Tracey McDermott: There are two separate aspects. One is whether you can identify the person or people at all. The second question is then whether you can take action against them, which will depend on whether they are approved in the current process.

Q3032 Mr Love: I should like to go back to the question that Mr McFadden asked earlier. You gave a robust response in defence of the FSA and UK regulation. America has "institution-affiliated parties"-a very wide definition. Is that something you think might have some merit in a UK context?

Tracey McDermott: Is that in their receivership context? The FDIC obviously has a role as receiver of failed banks, as well as its role as regulators. I must admit that I am not entirely clear what an "institution-affiliated party" means.

Chair: I think it is for all their activities.

Q3033 Mr Love: Effectively, as I understand it, it goes right from the top to anybody affiliated. It also covers people who are not employees but may have had some responsibilities.

Tracey McDermott: That is helpful. Sorry, I am not familiar with that.

I think it would be useful if people who are basically doing regulated activities-doing banking activities-are covered. Exactly how you do that and whether you formally register and approve them, or whether you simply have a power to take disciplinary action, is worth further discussion and exploration. Obviously there is a significant cost both to the regulator and the industry of approving everybody and having them on the register. If the main reason is because you want to be able to discipline them, there may be different ways of doing that. Certainly, I think the concern that some people may be within the net and others may be outside it, for reasons that are not always immediately obvious, is an issue for us.

Q3034 Mr Love: Can I come on to criminal sanctions, on which you have taken a rather negative view, in practical terms? Coming back to the point made by Lord McFall, do you think that the FSA is taking sufficiently into account the public interest in these matters? There has been significant public concern about the failures of banks, the amount that people earn and how they got away with the public subsidy that has had to be put into our banks. People feel that the sanctions are not serious enough. Was that a consideration for the FSA?

Tracey McDermott: I think the issue with any sanction is that in order for it to be meaningful, it has to be something that is enforced and enforceable. As you have already pointed out during this session, even the regulatory sanctions at the moment we have not been able to enforce. A criminal offence will have a real deterrent impact and satisfy public concerns only if it can be practicably prosecuted. There are some big issues of fairness and individual rights in relation to criminalising bad business decisions. There are various stages along the spectrum in relation to business decisions, but it is a very big step to say that we should criminalise incompetence or negligence. It is a much wider question than simply whether the public are angry about this.

Q3035 Chair: What about recklessness?

Tracey McDermott: Recklessness is much more familiar to the criminal law, so it is less of an issue. You can be prosecuted for recklessness. I think that then comes to moving away from the slightly more philosophical point to perhaps a slightly more practical point. In relation to RBS, we were not able to find evidence in order to take action on a regulatory basis against senior individuals there. That would not necessarily be any easier to do in a criminal scenario. If the evidence is not there, it will not be there for criminal cases in the same way as it won’t be there for regulatory cases. You can debate whether we got that call right or wrong, but ultimately the evidential standard is higher in criminal cases rather than lower.

Q3036 Mr Love: I understand that it is for practical reasons that the FSA remains sceptical, but you used to be sceptical about insider trading and whether you could take criminal proceedings rather than civil proceedings. You have discovered that, with sufficient input of resource, that has proven possible, and I suspect that you will be even more successful in the future because you have given it priority. Wouldn’t giving this priority increase the possibility that you could take a criminal charge against the people responsible for the failure of banks?

Tracey McDermott: I am not sure we were necessarily sceptical about insider dealing per se. We thought that the civil route was a power given to us in 2001 to take market abuse proceedings, and we thought that would be a better route, but then we decided that it actually was not. We are very much on side with the idea that criminal proceedings can have a greater deterrent effect. As I said, we invested a significant amount of time and resource into the investigations we did into the failed banks, but we were not able to establish the evidence necessary to take regulatory action, so even if there had been a criminal offence on the statute book, that would not have got us there.

Clearly, if Parliament decides to introduce a criminal offence here, we will do our utmost to try to ensure that we position ourselves to be able to prosecute that effectively, but a note of caution has to be sounded that this will not be an easy offence to prove. If we think about similar corporate offences around fraudulent trading, wrongful trading and so on against directors, they are relatively rarely prosecuted.

Q3037 Mr Love: Let me ask a final question. You have now got a bank of experience from investigating various banks and you are just about to conclude a further report. From that experience, are there any other practical changes in the powers available to you that would significantly ease the challenge that you face in taking a criminal prosecution?

Tracey McDermott: I think there is a question, as I mentioned at the beginning, about us looking at our guidance on the statements of principle for approved persons. I think there is a question, which has been legitimately raised by the degree of public concern, about accountability around whether we have given ourselves too much of a self-denying ordinance in terms of when we will take action, in the sense that on personal culpability, we have said, "Primary responsibility is with the firm and we will not take action just because something goes wrong on your watch." There are good, logical reasons for all those things.

Where we are now means that we need to revisit that and ask, "Is that right? Is it right for all institutions? Are there other institutions where we should have a different approach?" That is something we want to look at, and it is something that, going into the FCA and the PRA, we will be focusing on. That does not necessarily require a legislative change. If we decided to make changes of that nature, they would be very, very controversial, so we would need to know that there was genuine public support for them. There is a very important part of ensuring that fairness to individuals is preserved in the process.

Chair: You mentioned public support. I think it is common ground that we have got to do something, and it is common ground that we do not have public confidence at the moment, so there is quite a lot of ground to make up here.

Q3038 Baroness Kramer: Ms McDermott, in your evidence, you stated that although you have a range of enforcement powers, what you currently cannot do, but might find beneficial, is "to prohibit an individual from performing a controlled function on an interim basis." Could explain to us what value that would add?

Tracey McDermott: This is something that was touched on in the previous session when we were talking about the individuals who are still under investigation for matters relating to LIBOR. Currently, if somebody is in the industry and is still working, in order to stop them working, we have to take disciplinary action, we have to prohibit them and we have to prove that they are not fit and proper. That process requires us to conclude our investigation and to provide the individual with evidence of our conclusions. It gives them an opportunity to make representations: first, through the regulatory decisions committee, which is an FSA committee but independent of the enforcement division and mainly made up of people from outside the FSA; and then, subsequently, through the tribunal.

I have a couple of examples to show the time process. Even if you take the time from the end of the RDC process-the end of the FSA’s internal decision making-through the tribunal, we have a case when it took one individual, Mr Betton, two years and 11 months to go through that. Until that process is finished, he is not prohibited. That is an extreme example, but most cases take well over a year and usually closer to two years in the tribunal.

There is therefore a long period of time in which although we, as the regulator, have determined that we think that somebody is not fit and proper, they are actually not formally prohibited. Many of them may not be working in the industry any more, and many employers will dismiss them at least at the end of our decision-making process, if not before, but as they are not on the register as prohibited, the warnings to the public who may deal with them are not there. That is the key issue: there can be an extended period when someone we have serious concerns around is still on the register.

Q3039 Baroness Kramer: We were quite fascinated that you wanted to prohibit them only from controlled functions, which could leave people able to come into the building, access systems and work with colleagues. Is that just a misreading of what you said?

Tracey McDermott: It may be a misreading or a miswriting. The question of the extent and nature of any prohibition-interim or otherwise-would depend on the particular circumstances. When we talk about controlled functions, that is a technical term in legislation, but if your controlled function is, for instance, the customer function, that is about not just talking to customers, but everything you do in relation to servicing that customer. In that case, being in the building and talking to colleagues would be captured by that. What would not be captured is, perhaps, an administrative function and so on.

We would be looking for the power to impose a prohibition of an order that was appropriate in the circumstances, so if we want somebody to have absolutely nothing to do with any regulated activity, we ought to be able to achieve that. We may have miswritten it.

Q3040 Baroness Kramer: Mr Nicholson-you have been able to sit very quietly up to this point-the US banking regulators have a mechanism under which the regulator can enter into a formal and public written agreement with the bank, signed by each of the directors, whereby the bank agrees to remedy certain deficiencies. Is that something that the FSA could do, if it chose, under its current remit?

Graham Nicholson: As a voluntary agreement, following the identification of problems, I do not see why not. It would not be an enforcement mechanism, although I stand to be corrected by Tracey.

Tracey McDermott: The equivalent in the UK mechanism would be a variation of permission, which can be voluntary, which means it is agreed, or can be an own-initiative variation of permission, which means that the regulator forces it. Those things would normally be published on the register. In practice, most of those sorts of agreements would not be a formal part of our process in the way that they are in the US.

Q3041 Baroness Kramer: Is there a reason for that? Would it strengthen your hand and help you to deal with an issue we have raised-the "Nothing to do with me, guv’" directors who feel totally detached from the situation?

Graham Nicholson: There is a new provision in the recently passed Act that will give the two regulators the right to make requirements of individual firms, which is not limited to the changes of permissions that the firm has, but a requirement to do something or to stop doing something. That tool could be used in these circumstances, too.

Q3042 Baroness Kramer: Would it require the individual relationship that the US gets by getting the signature of the directors, with individual board members more accountable, in a sense, for the consequences?

Graham Nicholson: The requirement notice of itself binds the institution. The directors are not individually party to that notice, as it were, but clearly they have a responsibility for complying with it and ensuring that the bank or other financial institution to which it is subject complies with that requirement.

Tracey McDermott: One thing that has been a cultural difference between the US and the UK, and possibly also the Australians, is the degree of formality in the way in which the regulator has engaged. A lot of the time in the UK, if you can get an outcome without using formal powers, that would typically be the starting point, whereas certainly in Australia, the starting point would be that you always use formal powers. One of the issues there is that the use of formal powers might be something that is escalated more apparently to the board than if you are using a more informal arrangement, or the seriousness may strike home to the board. Again, there is a question of whether we should use formal powers more frequently, as a supervisory tool rather than necessarily an enforcement tool, and actually use the formal legislation rather than just an agreement.

Q3043 Baroness Kramer: Following this trend, in your oral evidence on 10 January, you referred to the FSA’s approach in naming specific individuals and requiring them to undertake "remedial work". That sounds almost like community service. I think that you called that a "small step". Is that a mechanism that you are looking at to create this trail of personal responsibility? Can you enlighten us about your thinking a bit more?

Tracey McDermott: "Remedial action" is probably a very regulatory term, but quite often you will find problems in a firm and you will want the firm to fix them. The firm will agree to fix them, sometimes with the involvement of a third-party consultant. The step that we have been taking is to say, "Actually, we want somebody to be on the hook for making sure that remedial action is done properly so that if we come back and discover that, in fact, it was not done properly, we know who to start our inquiries with." It is a step towards making people more personally accountable.

Q3044 Baroness Kramer: You are thinking of that within a management chain, presumably.

Tracey McDermott: Yes. Clearly, if the person whose name was put on the letter as responsible is the office cleaner, we might go back and question it but, to some extent, it would be down to the firm to say, "This is the senior executive who we put responsible for this." It would not necessarily be the CEO, but we would expect it to be someone of sufficient seniority for it to be reasonable for them to be responsible for it. One advantage of that is that it gives us the first person to ask questions of. We also hope that it will focus their minds on the fact that, if things go wrong and they are not getting the resources or the support they need, or if people are not doing what they are supposed to do, they should push that up, if they need to.

Q3045 Lord McFall of Alcluith: Going back to the beginning a little, you have induced a sense of hopelessness in us by your responses about UBS to Pat McFadden and Andy Love when you said, "There is no panacea to make it easy." From my point of view, it will continue the perverse situation where regulators like yourself find themselves in the front of parliamentary Committees in the future, when it should be the individuals responsible. I know that resources are stretched with the FSA, and that you cannot compare the industry, but is there not an issue with the banking industry being the only industry in the country that has to comply with regulation? Everyone else has to obey, but they have to comply. Maybe I can use a dog analogy. If I take my dog out for a walk in the park, and it bites somebody, I get done because it has bitten. If I take my dog for a walk in the park and I am with my mates, and no one can see who has the dog on the lead, and it bites somebody, I will get charged because I own the dog; it doesn’t matter that I am in a crowd.

To use the dog analogy, the FSA are charged with going to leader of the bank, but lots of people run the bank and at the end of the day, you have to go round and see everyone else. That puts you in a hopeless situation. I want to see a regulator where it flips the responsibility, where you do not get the opprobrium for coming before parliamentary Committees, but you get the accountability by individuals in the bank so that you can pin them. It makes your job easier, and maybe we get less regulation at the end of the day and more corporate responsibility from the company. I am really trying to help you.

Tracey McDermott: And I would be very happy not to be coming to Committees quite as regularly as I am at the moment. I did not mean to induce a sense of hopelessness, so I apologise if I did. What I think is important is that we are realistic about the fact that this is difficult. If I can draw on the insider dealing experience again, it was not an easy process to get to where we are now.

The first few cases we took were challenged to the Court of Appeal, to the Supreme Court. We were challenged on whether we had the power to prosecute; we were challenged on whether it was fair to prosecute; we were challenged on everything. We go into this with our eyes open. The point I am trying to make is that there is not a simple solution that is there and we can just turn the page and say, "Right, this is how it is going to do now." There are things we can do and we are committed to trying to do them, but we are in for the long haul. I don’t feel hopeless about the future. I am actually quite excited that we can do things better.

Q3046 Lord McFall of Alcluith: I acknowledge the progress enforcement has made. As Chairman of the Treasury Committee in the previous Parliament I gave support to that. I know that you have done well. I am asking whether Parliament can help you in some way. This Parliamentary Commission is at a juncture. If there is something that we can do for the longer term that can help you, that would be important.

Tracey McDermott: I think the things we have asked for are small points but potentially significant. Maybe I should suggest the bigger thing is done through legislation. We are probably able to do more within our existing guidance and rule book that would make it easier for us. There is a question as to whether you could take an approach that reverses the burden of proof, which probably would need to be legislative, to say, "If it’s your dog, we assume it’s your fault, unless you can tell us it’s not." That is worth exploring.

At the risk of again inducing a sense of hopelessness, which I am not trying to do, I think there are significant issues around fairness in relation to those things that have to be thought through. I don’t say that because I am captured by the regulator; I say that because I see part of my job as being an enforcer to ensure that the fairness of the process is upheld.

Q3047 Lord McFall of Alcluith: That is very helpful. Perhaps you could add to it and write to us. That would be helpful for us with our final report.

Mr Nicholson, the consultation period on the draft policies does not close until 28 February 2013. How confident are you that the PRA will be in a position to pursue enforcement action where needed, as soon as a legal cut-off takes place?

Graham Nicholson: I think we will be in a position to do that on day one. The important thing to realise is that dividing the two regulators in the way that will happen at the beginning of April does not mean that we will not be very joined-up in the way we approach enforcement. Most of the issues that will interest us as the prudential regulator, particularly those related to integrity, will be of equal interest to Tracey and her colleagues. I am confident that we will work well together. We will rely to some extent on her resources and experience.

I see enforcement, in the context of the PRA, as being closely related to supervision. I think you will see from our supervision approach document published in the autumn that our focus is very much on accountability, on the management of risks, and the duty of directors, not simply to look at their bottom line but to ensure that they run a safe and sound institution. We have clear objectives in that respect and that will inform everything that we do.

Q3048 Lord McFall of Alcluith: The previous regime was criticised in areas of underlap and overlap, of one lot not talking to the other. Obviously, that is an issue for you. What reassurance can you give us that there will not be any underlap and overlap, and that there will be a synchronised approach by the PRA and the FCA?

Graham Nicholson: Some of the underlap that people were concerned about was on the financial stability side-the macro and the micro-and I think the new structure should fix that. As far as the potential underlap between the PRA and the FCA is concerned, we have our memorandum of understanding and statutory requirements for co-operation. We have work-ups and detail below the level of the rather broad MOU, particularly in relation to enforcement actions. They can be taken forward in one of three ways: by both regulators together or by each individually.

Q3049 Lord McFall of Alcluith: And you will not succumb to regulatory capture?

Graham Nicholson: I think I would be surprised if that were the case.

Chair: We just hope you notice.

Graham Nicholson: The culture of the banks is pretty robust in that regard.

Q3050 Lord McFall of Alcluith: And Tracey, is the enforcement division reliant on supervisors to start an investigation? Can you trigger enforcement in response to whistleblowing or complaints?

Tracey McDermott: The main area where we trigger our own enforcement action is in relation to unauthorised business, which all comes directly from consumers who have been targeted by Ponzi schemes, land banks and the like. In relation to work that is referred to us from other areas, as we have discussed, we work with supervision and markets in terms of identifying and agreeing the approach to dealing with particular risks that we have identified. If a whistleblower complaint comes in, it goes through a triage process between the whistleblowing and supervision teams. If enforcement is one potential likely outcome, there is a discussion with my team about whether it is a case that we should look at for enforcement.

One thing that we have done quite a bit to improve in the last year, and intend to continue to improve as we go into the FCA, is to try to ensure that we have a better picture of the widest intelligence, because people get what I would call lower case "i" intelligence from all sorts of places, such as their interaction with firms and consumers. Bringing that together better is critical to making the FCA work. We would not get a complaint coming into me and then me saying, "I am going to start an enforcement investigation without talking to my colleagues in supervision or markets about what they know about it and whether it is something that we should be investigating." It is very much an ongoing dialogue. Again, one of the things that we want to do more in the FCA is to be more joined up.

Q3051 Lord McFall of Alcluith: Lastly, during an investigation, enforcers might identify issues that were missed by a bank’s supervisors or situations where their judgment was poor. How do you ensure that such issues get raised and result in change, rather than being swept under the carpet to protect a regulator’s reputation?

Tracey McDermott: The FSA has been very good at ensuring that things do not get swept under the carpet. One of the things that an enforcement investigation has to do is to ensure that factors that are in favour of the individual or the firm are taken into account as well. Inevitably, where there has been interaction with supervision, which the firm thinks is in its favour, that will be part of it. In terms of how we communicate those lessons internally, it is very much through going back to the head of department or the director of the relevant area in supervision to say, "This is what has come out in this case. We need to think about whether that is just an individual making a mistake or whether it is something about our process and system that does not work." Feedback loop is a horrible phrase, but we do talk to people about what we find in our cases.

Q3052 Mr McFadden: May I ask you about the current investigation? I know you cannot tell us anything about the content of an enforcement notice that has not yet been published, but there has been speculation for some weeks in the press that the publication of a report on RBS and LIBOR is imminent. Can you tell us anything about the timing of that, or when we can expect it?

Tracey McDermott: I am afraid that I cannot tell you anything more. It is public that RBS is under investigation. RBS have also said publicly that they are optimistic that they will reach a resolution before they publish their results, which is at the end of February. I do not think I can say anything more than that.

Q3053 Chair: Mr Nicholson, is the PRA going to have a whistleblowing hotline?

Graham Nicholson: I think we share one with the FCA.

Q3054 Chair: I am bit worried when you begin that with "I think." I hoped that you would know quite a bit about it.

Graham Nicholson: That is my understanding. I think that whistleblowing, as a subject, is of less interest to a prudential regulator that is looking at the safety and soundness of the institution and the decisions that it is taking. We are not dealing with the public and the conduct side in the same way that the FCA is, so I think there is a qualitative difference, but I equally accept that we need to have those sorts of facilities.

Q3055 Chair: Are you sure that that is right? Someone in bank A thinks what bank B is doing could create contagion for the whole system and wants to talk to someone and to know whom to talk to. Is that not exactly what we need-some sort of confidential line to a regulator or an agent?

Graham Nicholson: Those discussions can take place whether there is a confidential line or not.

Chair: Sorry, what did you say?

Graham Nicholson: I think that those sort of conversations can take place whether there is a formal line or not. In the example you gave-

Q3056 Chair: I am sorry to interrupt several times. We have just been through this huge crisis, and those conversations did not take place. We had a whole string of institutions running into crises, with other institutions knowing that there were problems inside them, and nothing happened. Nobody was informed and the crisis escalated, and eventually we had a much bigger problem to clear up than we would otherwise have had. We are addressing very clearly here, in the conversation we are having, something that we need to draw lessons from.

Graham Nicholson: If the question is, "How do we learn from bank A about problems in bank B?", that is something I would have to respond to you on subsequently, when I have identified the precise mechanisms we have in mind. But I am confident that as part of the supervisory process, we would be expecting to identify those situations.

Q3057 Chair: I hope you understand the reason why I am saying that I am not at all confident in the replies you have given. It worried me quite a bit that you are not even quite confident that there is a whistleblowing operation; you only understand that there is, and you have not had direct contact with it. You don’t think that it is going to be of much use for prudential supervision.

Graham Nicholson: I am not saying that I don’t think it is much use. I think the need for it is perhaps greater when we are dealing with conduct matters than prudential matters. I entirely accept the point that we need to have mechanisms that can properly inform us about problems that we need to be aware of.

Q3058 Chair: Tracey McDermott, do you think it would be possible to create an offence, or at least a regulatory transgression of some type, for an individual, in some cases, who clearly knew information, and unambiguously you could show knew information, that should have been passed on? In other words, one could create an obligation to whistleblow in certain circumstances.

Tracey McDermott: There already is an obligation to whistleblow for approved persons. Principle 4 of the principles for approved persons provides that you must bring to the attention of the FSA anything you would reasonably expect us to be interested in. The same obligation applies to firms in relation to principle 11.

Q3059 Chair: But it is wholly ineffective though, isn’t it-almost wholly ineffective? Again, we have had very little use of it in the early stages of this crisis.

Tracey McDermott: Very little use of the ability-

Chair: Of whistleblowing.

Tracey McDermott: Actually, I will not categorise that as whistleblowing, because that would be an open disclosure. We get a large number of whistleblowing reports that are useful. Most of them are not about big-picture or macro-economic things; they tend to be more detailed, around particular individual processes. But firms and, as I said, individuals are obliged to bring things to our attention if they think they are of interest to us, and we have taken disciplinary action against some firms in relation to failures under P11.

Q3060 Chair: But not individuals.

Tracey McDermott: Not individuals. We probably have taken action against one or two individuals, but not a large number. One of the difficulties in trying to incentivise whistleblowers is that taking disciplinary action against people who may have made a judgment that they didn’t think it was right to tell you is not necessarily the way you are going to incentivise them. But it is certainly an area that is important, and we could strengthen that.

Q3061 Chair: Taking the UBS case, there were nine years of market abuse or the rigging of markets, with dozens of people involved, and probably many dozens who knew about it, but no whistleblowing. Correct?

Tracey McDermott: Yes, that’s true.

Q3062 Chair: So isn’t something pretty seriously wrong with the incentive structure here? This power of yours to have a go at someone who knows something but doesn’t act on it doesn’t seem to be very effective.

Tracey McDermott: I think that what you find when you investigate cases is that the people who knew about it and didn’t do anything-LIBOR may be slightly different in this regard-are typically more directly involved and the action you take against them is typically for their involvement in the main conduct, as opposed to their failure to tell us. So there are cases where you could take a P4 case, but actually the main thing you take it a market abuse case, or something of that ilk.

I think that it probably demonstrates that there is something wrong with the culture more than that there is something necessarily wrong with the incentive structure. The incentive structure is part of it, but I think it says about the culture that people did not think that that was the right thing to do. I saw the evidence from the GMC talking about good doctors watching bad doctors do bad things. I think that that is the same problem that we have had, and I agree that that it is something we need to focus on. I will go away thinking about whether we should be more aggressive in the use of P4 in relation to that.

Q3063 Chair: Well, we do need to focus on it, and we are looking for ways in which we can generate a great deal more focus on it, because we think it is very blurred at the moment-out of focus.

I have just been discussing, or inviting you to think about, the stick side of the structure on whistleblowers. What about the carrot side? The Americans have a reward structure for whistleblowing that can enable whistleblowers to share in the fine.

Tracey McDermott: Yes. They have had that for a considerable period of time in relation to tax issues and for a much shorter time in relation to regulatory issues. It is a very interesting scheme. When they first introduced it, we talked to the SEC about it, and we have talked to the SEC subsequently about how it is working. I think the position is that it is still a little too early for it to tell, within a regulatory context, how it works.

In relation to the UK, there are some particular cultural differences, in terms of the way in which the court system works and the value that is placed on whistleblower evidence, or evidence of co-operating witnesses. That is very different in the US, because they are used to that, but it is not something with which the UK courts are very comfortable. There are also issues around moral hazard in terms of financial rewards, particularly if you are talking about-again, I am using LIBOR as an example-a situation in which you pay a well-paid derivative trader a large sum of money. Is that really where you want to go? At the moment, we would say that we do not think that there is a case made out for significant financial incentives for whistleblowers, but I think that the US experience is something we would want to keep looking at.

Q3064 Chair: We feel that we have arrived at the point where we have got to move from just keeping looking at things to changing a few things, and we have arrived internally at pretty much the point you have made in response to my questions. What we now need are some ideas that will transform whistleblowing into something that is going to be effective, and I am a little concerned that I am not hearing many coming across the room at me now.

Tracey McDermott: Personally, I don’t think that financial incentives for whistleblowers would be the thing that significantly changes the effectiveness of whistleblowing.

Q3065 Chair: What do you suggest?

Tracey McDermott: It goes back-

Chair: You agree with the analysis: the system is defective and something needs to be done, and the time to do it is now.

Tracey McDermott: I am not sure I necessarily agree with the analysis that the system is defective.

Q3066 Chair: The whistleblowing system.

Tracey McDermott: I do not think that the whistleblowing system is defective. The whistleblowing system exists and, in terms of how we treat whistleblowers and act on that information, I think it is effective. A lot of things that get put under the umbrella of whistleblowing are actually not whistleblowing-they are self-reporting or action taken by individuals within firms on an open basis, which is not whistleblowing.

The biggest change to this will be around how you drive a culture within organisations that means that people think it is their duty and their job to identify where there are problems. The point that you made about whether we could make greater use of the obligation that approved people already have is a good one. As I have said, I would like to give some more thought to it and perhaps write to you on that one. I do not think that this is something that will be solved by saying, "Here is a great big sum of money that is available to you if you blow the whistle."

Q3067 Chair: We are listening to what you are saying very carefully. We are still left with the huge problem, however, that these terrible things that have been going on in banks just have not been reported, even though many people have known about them. You talked about culture. Do you think that these whistleblowing reforms need to provide some kind of hotline that can look at wider standards in banks? John McFall has talked about a culture hotline, but should there be at least something for people who may not be sure that an offence has been committed, but are confident that the way in which their firm is conducting itself does not meet reasonable standards?

Tracey McDermott: Certainly, at the moment, if somebody came to us with that sort of concern, we would not say, "That is not a whistleblowing concern, so we are not interested." We would be very interested to hear about that.

Q3068 Chair: I want to draw the meeting to a close now, but perhaps it would be helpful if you could set out on a piece of paper what has been happening, historically, when someone makes a call on the existing lines. What action is taken? Who, and at what level, processes it? What kind of response is there? Perhaps as importantly as anything else, what kind of protection is given to that individual?

Tracey McDermott: I can certainly do that. I will confirm this, but I am pretty certain that our experience is that most whistleblowing comes from small to medium-sized institutions, rather than large ones.

Chair: Reinforcing the problem that Susan and I opened with: it seems that the big fish swim straight past the enforcers, the whistleblowers and everyone else in this story.

Thank you very much for coming to give evidence this afternoon. It has been enlightening-not entirely in a happy way, but in a necessary way-and we are very grateful to you for coming along.

Prepared 4th February 2013