DEPP 6.5B The five steps for penalties imposed on individuals in non-market abuse cases

Step 1 - disgorgement

DEPP 6.5B.1GRP

2The FCA3 will seek to deprive an individual of the financial benefit derived directly from the breach (which may include the profit made or loss avoided) where it is practicable to quantify this. The FCA3 will ordinarily also charge interest on the benefit. Where the success of a firm’s entire business model is dependent on breaching FCA3 rules or other requirements of the regulatory system and the individual’s breach is at the core of the firm’s regulated activities, the FCA3 will seek to deprive the individual of all the financial benefit he has derived from such activities.

[Note: For the purposes of DEPP 6.5B, “firm” has the special meaning given to it in DEPP 6.5.1 G.]

3333

Step 2 - the seriousness of the breach1

DEPP 6.5B.2GRP
  1. (1)

    The FCA3 will determine a figure which will be based on a percentage of an individual’s “relevant income”. “Relevant income” will be the gross amount of all benefits received by the individual from the employment in connection with which the breach occurred (the “relevant employment”), and for the period of the breach. In determining an individual’s relevant income, “benefits” includes, but is not limited to, salary, bonus, pension contributions, share options and share schemes; and “employment” includes, but is not limited to, employment as an adviser, director, partner or contractor.

    3
  2. (2)

    Where the breach lasted less than 12 months, or was a one-off event, the relevant income will be that earned by the individual in the 12 months preceding the end of the breach. Where the individual was in the relevant employment for less than 12 months, his relevant income will be calculated on a pro rata basis to the equivalent of 12 months’ relevant income.

  3. (3)

    This approach reflects the FCA's3 view that an individual receives remuneration commensurate with his responsibilities, and so it is reasonable to base the amount of penalty for failure to discharge his duties properly on his remuneration. The FCA3 also believes that the extent of the financial benefit earned by an individual is relevant in terms of the size of the financial penalty necessary to act as a credible deterrent. The FCA3recognises that in some cases an individual may be approved for only a small part of the work he carries out on a day-to-day basis. However, in these circumstances the FCA3 still considers it appropriate to base the relevant income figure on all of the benefit that an individual gains from the relevant employment, even if their5 employment is not totally related to a controlled function5.

    3333
  4. (4)

    Having determined the relevant income the FCA3 will then decide on the percentage of that income which will form the basis of the penalty. In making this determination the FCA3will consider the seriousness of the breach and choose a percentage between 0% and 40%.

    33
  5. (5)

    This range is divided into five fixed levels which reflect, on a sliding scale, the seriousness of the breach. The more serious the breach, the higher the level. For penalties imposed on individuals there are the following five levels:

    1. (a)

      level 1 - 0%;

    2. (b)

      level 2 - 10%;

    3. (c)

      level 3 - 20%;

    4. (d)

      level 4 - 30%; and

    5. (e)

      level 5 - 40%.

  6. (6)

    The FCA3 will assess the seriousness of a breach to determine which level is most appropriate to the case.

    3
  7. (7)

    In deciding which level is most appropriate to a case against an individual, the FCA3 will take into account various factors which will usually fall into the following four categories:

    3
    1. (a)

      factors relating to the impact of the breach;

    2. (b)

      factors relating to the nature of the breach;

    3. (c)

      factors tending to show whether the breach was deliberate; and

    4. (d)

      factors tending to show whether the breach was reckless.

  8. (8)

    Factors relating to the impact of a breach committed by an individual include:

    1. (a)

      the level of benefit gained or loss avoided, or intended to be gained or avoided, by the individual from the breach, either directly or indirectly;

    2. (b)

      the loss or risk of loss, as a whole, caused to consumers, investors or other market users in general;

    3. (c)

      the loss or risk of loss caused to individual consumers, investors or other market users;

    4. (d)

      whether the breach had an effect on particularly vulnerable people, whether intentionally or otherwise;

    5. (e)

      the inconvenience or distress caused to consumers; and

    6. (f)

      whether the breach had an adverse effect on markets and, if so, how serious that effect was. This may include having regard to whether the orderliness of, or confidence in, the markets in question has been damaged or put at risk.

  9. (9)

    Factors relating to the nature of a breach by an individual include:

    1. (a)

      the nature of the rules, requirements or provisions breached;

    2. (b)

      the frequency of the breach;

    3. (c)

      the nature and extent of any financial crime facilitated, occasioned or otherwise attributable to the breach;

    4. (d)

      the scope for any potential financial crime to be facilitated, occasioned or otherwise occur as a result of the breach;

    5. (e)

      whether the individual failed to act with integrity;

    6. (f)

      whether the individual abused a position of trust;

    7. (g)

      whether the individual committed a breach of any professional code of conduct;

    8. (h)

      whether the individual caused or encouraged other individuals to commit breaches;

    9. (i)

      whether the individual held a prominent position within the industry;

    10. (j)

      whether the individual is an experienced industry professional;

    11. (k)

      whether the individual held a senior position with the firm;

    12. (l)

      the extent of the responsibility of the individual for the product or business areas affected by the breach, and for the particular matter that was the subject of the breach;

    13. (m)

      whether the individual acted under duress;

    14. (n)

      whether the individual took any steps to comply with FCA3 rules, and the adequacy of those steps;

      31
    15. (o)

      in the context of contraventions of Part VI of the Act, the extent to which the behaviour which constitutes the contravention departs from current market practice;1

    16. (p)

      1in relation to a contravention of section 63A of the Act, whether the individual’s only misconduct was to perform a controlled function without approval;

    17. (q)

      1in relation to a contravention of section 63A of the Act, whether the individual performed controlled functions without approval and, while doing so, committed misconduct in respect of which, if the individual had been an approved person, the FCA3 would have been empowered to take action pursuant to section 66 of the Act; and

      3
    18. (r)

      1in relation to a contravention of section 63A of the Act, the extent to which the individual could reasonably be expected to have known that they were4 performing a controlled function without approval. The circumstances in which the FCA3 would expect to be satisfied that a person could reasonably be expected to have known that they were4 performing a controlled function without approval include:

      3
      1. (i)

        the person had previously performed a similar role at the same or another firm for which he had been approved;

      2. (ii)

        the person's firm or another firm had previously applied for approval for the person to perform the same or a similar controlled function;

      3. (iii)

        the person's seniority or experience was such that he could reasonably be expected to have known that he was performing a controlled function without approval; and

      4. (iv)

        the person's firm had clearly apportioned responsibilities so the person's role, and the responsibilities associated with it, were clear.

      5. (v)

        the person’s approval was subject to a condition or was granted for a limited period, and they failed to act in accordance with that condition or time limitation.4

  10. (10)

    Factors tending to show the breach was deliberate include:

    1. (a)

      the breach was intentional, in that the individual intended or foresaw that the likely or actual consequences of his actions or inaction would result in a breach;

    2. (b)

      the individual intended to benefit financially from the breach, either directly or indirectly;

    3. (c)

      the individual knew that his actions were not in accordance with his firm’s internal procedures;

    4. (d)

      the individual sought to conceal his misconduct;

    5. (e)

      the individual committed the breach in such a way as to avoid or reduce the risk that the breach would be discovered;

    6. (f)

      the individual was influenced to commit the breach by the belief that it would be difficult to detect;

    7. (g)

      the individual knowingly took decisions relating to the breach beyond his field of competence; and

    8. (h)

      the individual’s actions were repeated.

  11. (11)

    Factors tending to show the breach was reckless include:

    1. (a)

      the individual appreciated there was a risk that his actions or inaction could result in a breach and failed adequately to mitigate that risk; and

    2. (b)

      the individual was aware there was a risk that his actions or inaction could result in a breach but failed to check if he was acting in accordance with internal procedures.

  12. (12)

    In following this approach factors which are likely to be considered ‘level 4 factors’ or ‘level 5 factors’ include:

    1. (a)

      the breach caused a significant loss or risk of loss to individual consumers, investors or other market users;

    2. (b)

      financial crime was facilitated, occasioned or otherwise attributable to the breach;

    3. (c)

      the breach created a significant risk that financial crime would be facilitated, occasioned or otherwise occur;

    4. (d)

      the individual failed to act with integrity;

    5. (e)

      the individual abused a position of trust;

    6. (f)

      the individual held a prominent position within the industry; and

    7. (g)

      the breach was committed deliberately or recklessly.

  13. (13)

    Factors which are likely to be considered ‘level 1 factors’, ‘level 2 factors’ or ‘level 3 factors’ include:

    1. (a)

      little, or no, profits were made or losses avoided as a result of the breach, either directly or indirectly;

    2. (b)

      there was no or little loss or risk of loss to consumers, investors or other market users individually and in general;

    3. (c)

      there was no, or limited, actual or potential effect on the orderliness of, or confidence in, markets as a result of the breach;

      1
    4. (d)

      the breach was committed negligently or inadvertently; and1

    5. (e)

      1in relation to a contravention of section 63A of the Act, the individual’s only misconduct was to perform a controlled function without approval.

Step 3 - mitigating and aggravating factors

DEPP 6.5B.3GRP
  1. (1)

    The FCA3 may increase or decrease the amount of the financial penalty arrived at after Step 2, but not including any amount to be disgorged as set out in Step 1, to take into account factors which aggravate or mitigate the breach. Any such adjustments will be made by way of a percentage adjustment to the figure determined at Step 2.

    3
  2. (2)

    The following list of factors may have the effect of aggravating or mitigating the breach:

    1. (a)

      the conduct of the individual in bringing (or failing to bring) quickly, effectively and completely the breach to the FCA's3 attention (or the attention of other regulatory authorities, where relevant);

      3
    2. (b)

      the degree of cooperation the individual showed during the investigation of the breach by the FCA3, or any other regulatory authority allowed to share information with the FCA3;

      33
    3. (c)

      whether the individual took any steps to stop the breach, and when these steps were taken;

    4. (d)

      any remedial steps taken since the breach was identified, including whether these were taken on the individual’s own initiative or that of the FCA3 or another regulatory authority;

      3
    5. (e)

      whether the individual has arranged his resources in such a way as to allow or avoid disgorgement and/or payment of a financial penalty;

    6. (f)

      whether the individual had previously been told about the FCA's3concerns in relation to the issue, either by means of a private warning or in supervisory correspondence;

      3
    7. (g)

      whether the individual had previously undertaken not to perform a particular act or engage in particular behaviour;

    8. (h)

      whether the individual has complied with any requirements or rulings of another regulatory authority relating to the breach;

    9. (i)

      the previous disciplinary record and general compliance history of the individual;

    10. (j)

      action taken against the individual by other domestic or international regulatory authorities that is relevant to the breach in question;

    11. (k)

      whether FCA3 guidance or other published materials had already raised relevant concerns, and the nature and accessibility of such materials;

      3
    12. (l)

      whether the FCA3 publicly called for an improvement in standards in relation to the behaviour constituting the breach or similar behaviour before or during the occurrence of the breach;

      31
    13. (m)

      whether the individual agreed to undertake training subsequent to the breach; and1

    14. (n)

      1in relation to a contravention of section 63A of the Act, whether the person's firm3 or another firm3 has previously withdrawn an application for the person to perform the same or a similar controlled function or has had such an application rejected by the FCA3.

      333

Step 4 - adjustment for deterrence

DEPP 6.5B.4GRP
  1. (1)

    If the FCA3 considers the figure arrived at after Step 3 is insufficient to deter the individual who committed the breach, or others, from committing further or similar breaches then the FCA3 may increase the penalty. Circumstances where the FCA3 may do this include:

    333
    1. (a)

      where the FCA3 considers the absolute value of the penalty too small in relation to the breach to meet its objective of credible deterrence;

      3
    2. (b)

      where previous FCA3 action in respect of similar breaches has failed to improve industry standards. This may include similar breaches relating to different products (for example, action for mis-selling or claims handling failures in respect of ‘x’ product may be relevant to a case for mis-selling or claims handling failures in respect of ‘y’ product);

      3
    3. (c)

      where the FCA3 considers it is likely that similar breaches will be committed by the individual or by other individuals in the future;

      3
    4. (d)

      where the FCA3 considers that the likelihood of the detection of such a breach is low; and

      3
    5. (e)

      where a penalty based on an individual’s income may not act as a deterrent, for example, if an individual has a small or zero income but owns assets of high value.

Step 5 - settlement discount

DEPP 6.5B.5GRP

The FCA3 and the individual on whom a penalty is to be imposed may seek to agree the amount of any financial penalty and other terms. In recognition of the benefits of such agreements, DEPP 6.7 provides that the amount of the financial penalty which might otherwise have been payable will be reduced to reflect the stage at which the FCA3 and the individual concerned reached an agreement. The settlement discount does not apply to the disgorgement of any benefit calculated at Step 1.

33