Background

The campaign by the Financial Conduct Authority (“FCA”) to root out non-financial misconduct in the financial services industry first achieved visibility with the letter sent by Megan Butler (then, FCA Executive Director of Supervision) to the Women and Equalities Committee of the House of Commons in September 2018 in the context of sexual harassment in the workplace.  In this letter Megan Butler expressed the view that non-financial misconduct can be a “fit and proper” issue for individuals but also that “sexual harassment and other forms of non-financial misconduct can amount to a breach of our Conduct Rules, which include the requirement to act with integrity”. 

Since that time numerous reinforcing statements have been made by the FCA and the Prudential Regulation Authority (“PRA”), such as the FCA’s ‘Dear CEO letter’ to wholesale general insurers in January 2020 in which the FCA expressed the view that:

“How a firm handles non-financial misconduct throughout the organisation, including discrimination, harassment, victimisation and bullying, is indicative of a firm’s culture.”

“…. a senior manager’s failure to take reasonable steps to address non-financial misconduct could lead us to determine that they are not fit and proper. We expect firms and the Boards of firms to take this into account when considering the suitability and performance of (potential) senior managers and other senior leaders.”

The FCA has successfully completed enforcement action against a number of individuals working in financial services who have committed criminal sexual misconduct outside of the workplace, imposing prohibitions from their working in regulated roles.  However, though the FCA has expressed a close interest in non-financial misconduct, it has not yet (save in the notorious Flowers case) taken enforcement action relating to in-work non-financial misconduct, or non-criminal non-financial misconduct outside the “workplace”.  Instead it has relied on authorised firms to be self-policing, though with plenty of active attention from the FCA where issues have been notified to it.  The FCA has also used the gateway of senior manager approved person applications to push back where it has had conduct concerns.

Senior individuals at the PRA and Bank of England have expressed similar views and these regulators have shared with the FCA a more assertive supervisory focus on non-financial misconduct.  This culminated in the joint Discussion Paper (DP21/2, published July 2021) of the Bank of England, PRA and FCA on “Diversity and inclusion in the financial sector – working together to drive change”.

How should firms assess whether a case of non-financial misconduct is a breach of Conduct Rules or a “fit and proper” issue?

Firms have faced considerable uncertainty when seeking to follow the regulators’ messaging about non-financial misconduct because of a lack of clear guidance.  The available FCA guidance on behaviour that may constitute a breach of the Conduct Rules or impugn a person’s “fit and proper” status (in the COCON and FIT sections of the FCA Handbook respectively) provides no examples of non-financial misconduct.  This makes it very difficult for regulated firms to know whether they should be determining that any particular instance of non-financial misconduct is a Conduct Rule breach and/or or a fit and proper issue, particularly if the conduct takes place outside of work, or is unrelated to the person’s work role.

Many firms, as part of their culture transformation measures, have implemented staff codes of conduct that expressly reference non-financial misconduct as being unacceptable, sometimes extending to out of work conduct.  However, that does not mean that a firm is necessarily on firm ground in categorising such behaviour as a regulatory fit and proper issue or a Conduct Rule breach, with the consequences that has for notifying the regulator, inclusion in regulatory references and the potential significant impact on future employment of the individual in a regulated role.

This uncertainty means that a wide range of different approaches are being taken amongst regulated firms. In DP21/2 the regulators acknowledged that firms may benefit from regulatory guidance on when and how non-financial misconduct should be treated as a regulatory matter.  The regulators indicated that a consultation paper would be published with policy proposals arising from DP21/2 by the end of Q3 2022 but this has yet to happen 

In other professions, the regulators have been more active, for example on 1 September 2022, the Solicitors Regulatory Authority published guidance on how sexual misconduct would fit within its regulatory framework. This states that “Not all sexual behaviour raises a regulatory issue” but goes on to explain that “a person must not abuse their professional position to initiate or pursue an improper sexual or emotional relationship or encounter with a client, a colleague or anyone else. At all times individuals must make sure that their conduct preserves and justifies clients' and colleagues' trust in them, as well as the public's trust in the profession.”

The guidance acknowledges that “Sexual misconduct might take place in the workplace and be directly relevant to an individual's professional life and their professional standing [but] the line between an individual's private and professional life can begin to get blurred, making judgments about whether any conduct constitutes a regulatory matter more difficult.” 

Some sexual misconduct allegations, totally removed from legal practice might still be so serious that the SRA consider that they raise a regulatory issue because the alleged acts damage public confidence in the profession, such as criminal convictions for sexual offences.  The FCA has taken this approach in a number of enforcement cases where individuals have been prohibited from working in financial services, though the Upper Tribunal in the Frensham case criticised this approach.

But, whilst it may be sensible for the FCA/PRA in promulgating “formal” guidance on non-financial misconduct to take a similar approach to the SRA,  we cannot know for sure what that guidance will cover.  Further, there will be a consultation process, so it will be quite some time before such guidance finally comes into force.

In the meantime, how should firms approach this conundrum?

Behaviour connected to work

The Conduct Rules apply only in relation to the performance of functions relating to the firm’s activities, so there would need to be a sufficiently close connection between the non-financial misconduct, the work functions of the individual concerned and the activities of the firm for the Conduct Rules to be engaged.  Consequently, it is generally accepted that the Conduct Rules do not cover behaviour that is in private life unconnected with the workplace.  For workplace related behaviour, note that it is not only a potential breach of Conduct Rule 1 (integrity) that is an option for consideration but also Conduct Rule 2 (due care, skill and diligence).  For example, in the case of bullying, this could bring into question the competence and capability of an individual to perform a management role.

What is the workplace?

Beware, there have been numerous employment law cases, predominantly in respect of Christmas parties and the like that have given a wide interpretation to the workplace and the EHRC Employment Statutory Code of Practice suggests:

"The phrase 'in the course of employment' has a wide meaning: it includes acts in the workplace and may also extend to circumstances outside such as work-related social functions or business trips abroad. For example, an employer could be liable for an act of discrimination which took place during a social event organised by the employer, such as an after-work drinks party….”

Behaviour with no connection to the workplace

Even where there is behaviour with no connection to the workplace there may still be a potential fit and proper issue.  However, the Upper Tribunal on appeal from an FCA decision to prohibit an individual as a result of his criminal non-financial misconduct (the Frensham case, mentioned above) commented:

• “the basis on which the Authority seeks to link [his] lack of personal integrity to his professional role on the basis of the nature of the offence alone is speculative and unconvincing”;
• “the Authority has not clearly linked the facts of the case to the relevant regulatory provision, in this case integrity”
• “the Authority’s guidance does not make it clear that particular offences are considered by the Authority to be so serious that without more they would automatically disqualify the person from working in the industry”.

These comments signpost the importance of clear formal guidance on non-financial misconduct from the FCA/PRA, which we are hoping will be issued as a follow-up to DP21/2,  so that regulated firms can be confident whether particular behaviour should be designated as a fit and proper issue or not.

Things to consider when conducting an investigation into allegations of non-financial misconduct

What type of investigation?

It may sound overly simplistic, but one of the first things to consider is who is best placed to conduct the investigation and why? What policy is triggered (if at all)? Complaints may be received under a firm’s grievance or disciplinary procedures, or through whistleblowing hotlines, or just because there is too much ‘noise’ around a person or team.

Getting this early planning wrong can be expensive. Atrium Underwriters Limited were hit by a record fine from Lloyds for non-financial misconduct in the spring of 2022. The firm was fined over £1 million and one charge related to the way Atrium investigated the misconduct, with Lloyds finding that the investigation failed to comply with Atrium’s own internal policies and procedures and was inadequate – failing to protect the employee who made the complaint. The firm’s fine was reduced from £1,500,000 because of mitigating factors, including that Atrium subsequently engaged an independent third party to investigate the matters and then took prompt action to implement the third party’s recommendations.

There is no ‘one size fits all approach’. Often, where the main concern is the risk of employment litigation and subsequent sanction by the regulator, an “open” investigation (meaning confidential but not covered by legal privilege) may be most appropriate, to allow the employee an opportunity to review all of the evidence against them and state their case. Conversely, where there are wider concerns, for example a fear of potential multi third party litigation, a report covered by legal advice privilege may be more suitable. In such circumstances and where appropriate, legal privilege can always be waived on a limited basis as regards the regulator.

In some circumstances, more than one investigation may be appropriate, for example, conduct a privileged investigation into potential concerns of a systemic nature so that the findings can be kept ‘sealed’ to avoid disclosure in third party litigation. Decisions will need to be made throughout the process to determine what needs to be disclosed to the regulators. But, any fair employee disciplinary process by a firm will require a subsequent open report / investigation, the findings of which can be shared with the individual employees within the framework of the firm’s disciplinary processes. 

Decisions about who is best placed to conduct such an investigation are surprisingly easy to get wrong. For example, in late 2019 a magic circle law firm and their investment bank client failed to sufficiently document and evidence the purpose of an investigation into an alleged serious sexual assault and to clarify whether or not it was conducted under legal advice privilege. The Employment Tribunal determined that the resulting investigation report did not attract legal advice privilege, because it was unclear if the lawyers were appointed simply for their expertise in conducting sensitive investigations, or to ensure that the report was subject to legal privilege.

Whether a firm should seek to assert legal privilege over any documents generated by the investigation team during the investigation into non-financial misconduct will often depend on how likely is it that this material could be relevant to third party litigation and potentially damaging if disclosed in it.  As regards any subsequent enforcement investigation by the PRA or the FCA, the regulators would normally expect firms to voluntarily disclose to them working papers such as notes of interviews conducted.

Can you apply privilege to any investigation?

Sadly, no.

Litigation privilege: Often an internal investigation where culture, D&I or non-financial conduct is the issue, will be taking place at a time when litigation will not be in contemplation and as such “litigation privilege”  is unlikely to apply. This is also likely the case if the regulators have simply   expressed an interest in the matter.

 A good example of this approach is the State of Qatar v Banque Havilland [2021] EWHC 2172 (Comm). In this case, the State of Qatar alleged that the bank participated in a conspiracy with one of its employees and other banks to (amongst other things) manipulate Qatari-issued currency and bonds.  In 2017 a bank employee had prepared a presentation describing elements of the plan for manipulative trading. The  presentation was subsequently leaked in the press in November 2017.

For our purposes the important facts were that:

• the bank notified the regulators in Luxembourg and London and commissioned an investigation into how the presentation came into being and how it had been leaked to the press and the investigation report was provided to the bank’s regulator in Luxembourg; and

• the Bank received a letter from lawyers acting for Qatar requesting that the Bank put in place a “litigation hold” on its documents.

The litigation hold letter was sent after the Bank had commissioned the investigation but before the investigation report was issued and the Bank argued that this helped demonstrate that ‘litigation was reasonably in contemplation’. The Judge in the matter held that unless there was evidence that the Bank’s purpose had changed over time, it was important to consider the bank’s purpose in instructing the investigators at the time the instruction was given. In this case, that was before the litigation hold letter was issued and the court found that there was no evidence that the Bank anticipated a claim when the investigation was instigated.

So, if the investigation is taking place at a time when the regulator has only recently been notified about the issue, though regulatory proceedings in due course may well be possible, at an early stage the regulator may simply be asking for information and may not have signalled that enforcement action for a regulatory breach is under consideration, in which case, a firm will be reliant upon asserting “legal advice” privilege. 

Legal advice privilege: can cover communications between solicitors and the individuals within a firm who have been defined as the “client” (for the purposes of the investigation) but there must also be the giving or receiving legal advice.

Even where the internal investigation report is itself covered by legal advice privilege, beware, because notes of interviews with employees made by a solicitor will be susceptible to disclosure.  In general the courts have found that if a lawyer creates a verbatim record of an interview, that record will not be protected by privilege (High Court – Property Alliance Group v RBS 2015).  There may be some hope, as the court confirmed in the subsequent RBS Rights Issue litigation (RBS Rights Issue Litigation [2016] EWHC 3161 (Ch)), that if the client can identify some “attribute of or addition to the relevant Interview Notes which distinguishes them from verbatim transcripts or reveals from an evident process of selection the trend of legal advice being given” – in other words, if the lawyer adds their own thoughts and comments to the document – then those lawyer’s notes may perhaps be protected by legal advice privilege. This is a tricky area and one on which careful legal analysis will be needed throughout the investigation process. The Court of Appeal decision in Jet2.com, which drew various principles of privilege together, held that “where the legal and non-legal content can be identified, then the document or communication can be severed: the parts covered by legal advice privilege will be non-disclosable (and redactable), and the rest will be disclosable.”

Some further considerations

Consider what policy or procedure the complaint triggers and comply with the policy, but do also reflect on whether the regulatory dimension and the legal and reputational risk may mean that a firm’s standard approach to internal investigations may not be appropriate. The correct mix of technical expertise must be within, or available to, the investigation team:

• One of the first considerations, particularly if allegations involve a senior manager, will be whether or not there is an obligation to notify the regulators and, if so, how to do it. This means the technical input of compliance and/or legal experts will be needed. 

The issue of what needs to be reported to the regulators, when and how to do it, must be kept under constant review.

• In a case that is so serious that regulatory enforcement action could follow in due course, the regulators may wish to understand and comment upon the investigation scope and methodology, which means the firm will need expert legal advice.

• Consider where serious, and so potentially criminal, sexual misconduct is alleged whether specialist legal assistance may be needed, particularly in relation to the collection and preservation of evidence and when conducting the interview with the injured party.

• If the in-house legal team or external legal counsel is to be involved with the aim of covering the investigation work product with legal advice privilege, then they must have a significant advisory input into the conduct of the investigation.

• Where email, electronic messaging and recordings of telephone calls need to be reviewed, determining a proportionate approach often involves tricky judgement calls where the rationale needs to be carefully documented. Appropriate IT expertise, which may or may not be available in-house, will be needed to conduct the document search and collection process in a way that does not damage valuable metadata.

• Ensuring fair dealing, appropriate confidentiality and lack of prejudice for individuals who are the subject of the investigation and for victims is particularly difficult in cases of non-financial misconduct. These issues must be carefully addressed in the approach to gathering evidence, including conducting and documenting interviews.

Conclusion

In order to design and conduct an investigation into non-financial misconduct correctly and effectively, a combination of technical compliance and employment law expertise needs to be deployed throughout.  The combination of the inherently sensitive and personal nature of non-financial misconduct allegations with the potential regulatory consequences for the firm and individuals involved is much trickier to navigate than a straightforward technical compliance breach issue on the one hand or employee performance issue on the other. Often difficult judgment calls need to be made and getting these wrong can prove expensive.

DAC Beachcroft’s financial regulation and employment law experts are highly experienced in ensuring our clients follow a sound approach to the conduct of internal investigations, mitigating the risks and achieving successful and satisfactory results.  We frequently advise clients on making initial notifications to regulators and subsequent dialogue about the progress and results of investigations.  We would be delighted to speak to you further about this area of our work.