On November 7, 2018, the Bank of England’s Prudential Regulation Authority (“PRA”) handed down rare individual penalties when it imposed fines on two high-level former executives of a UK subsidiary of a Japanese financial institution (the “UK Subsidiary”) for failing to timely inform the PRA of regulatory enforcement matters in the United States. The PRA levied a fine on the former chair (the “Chair”) of the UK Subsidiary and a former Non-Executive Director of the UK Subsidiary (the “NED”), for violating PRA Statement of Principle 4 by failing to inform the Bank of England that the Chair had been implicated in an enforcement action by the New York State Department of Financial Services (“DFS”) and would likely be subject to certain penalties and restrictions.1 The PRA concluded that the failure to disclose this information impeded its ability to assess the fitness and propriety of the Chair, and therefore warranted penalties. The Chair and NED agreed to settle the PRA’s investigation for £22,700 and £14,945, respectively. See Akira Kamiya, Bank of England Prudential Regulation Authority 1.2 (Nov. 7, 2018) (final notice); Takami Onodera, Bank of England Prudential Regulation Authority 1.2 (Nov. 7, 2018) (final notice).
In 2014, the DFS conducted an investigation into the Japanese financial institution’s New York subsidiary (the “NY Subsidiary”). The investigation related to the NY Subsidiary’s alleged violations of economic sanctions regarding its US Dollar business. As a general matter, such investigations are considered “Confidential Supervisory Information” and require the consent of DFS before they are disclosed to any third parties.
In connection with that investigation, the NY Subsidiary retained a forensic firm (the “Firm”) to conduct a transaction review and generate a report, which was shared with the DFS. After DFS and the NY Subsidiary settled this sanctions-related matter, DFS concluded that additional penalties were warranted since the NY Subsidiary allegedly “pressure[d]” the Firm to remove certain information from its report. Onodera
Notice at 2.8. DFS and the NY Subsidiary entered into a consent order to resolve these allegations, which was signed on November 18, 2014. A provision of this consent order was that the NY Subsidiary would take disciplinary action against certain executives, including the Chair, who formerly worked at the NY Subsidiary and who, as a result of the settlement, would not be permitted to conduct U.S. banking activities at the NY Subsidiary or any affiliated companies. Id
. at 2.11.
The PRA was first notified of the DFS investigation into the NY Subsidiary and the implications for the Chair on November 18, 2014, shortly after the DFS consent order was public.
The PRA concluded that both the Chair and the NED were aware of the potential personal consequences of the DFS action before the consent order was published, but failed to notify the PRA. This was considered a breach of the PRA’s Statement of Principle 4, which at the time, read: “An approved person must deal with the FCA, the PRA and other regulators in an open and cooperative way and must disclose appropriately any information of which the FCA or the PRA would reasonably expect notice.” Kamiya
Notice at 2.2. This rule required disclosure even “in the absence of any request or enquiry from the PRA.” Id
. at 3.4. The PRA made these conclusions notwithstanding its determination that both individuals believed they needed to maintain information regarding these potential settlements confidential, given the confidentiality of DFS’ investigation. Kamiya
Notice at 3.12(3); Onodera
Notice at 2.16.
The PRA concluded that the Chair was in breach of Principle 4 as of November 6, 2014, when he was informed that his banking activities in the U.S. might be restricted, but failed to make the same report to the PRA. Kamiya Notice at 2.20. The NED was considered in breach of Principle 4 as of October 6, 2014, when he learned from another executive that the DFS had requested that the NY Subsidiary “dispense appropriate internal disciplinary actions” against certain individuals, which included the Chair. Id. at 2.13, 2.14. The PRA found that the NED violated Principle 4 by failing to report the potential disciplinary actions against the Chair to Institution personnel responsible for PRA reporting in a timely fashion. Id. at 2.14.
The PRA considered a number of facts in reaching this decision, including that while the NED disclosed some information to Institution personnel on November 11, the disclosure was too far delayed and excluded material details, id
. at 1.13(2); that while the NED was instructed that the UK Subsidiary’s parent company would make the required regulatory notifications, he still had a duty to notify control personnel within the UK Subsidiary, “regardless of assurances or instructions received from other companies within the Group[,]” id
. at 1.13(4); and that the NED eventually received advice from UK counsel to notify the PRA at, or around the time of, the DFS allegations being made public (and had previously been advised by US counsel to ensure that any disclosures to UK counsel were as limited as possible). Id
. at 1.57. The PRA considered this latter factor, among others, “to be particularly important” in determining the seriousness of the breach, but did not elaborate on exactly how it affected the outcome. Id
. at 1.12(7).
Take-Aways From PRA Order
The PRA Orders are notable in a number of respects.
First, these penalties reinforce the importance of acting quickly to notify regulators when required. For example, with respect to the Chair’s penalty, the period during which the PRA did not have the information the Chair had was only 12 days (between November 6 and November 18, 2014). The PRA emphasized, however, that the failure to alert it to the looming enforcement action inhibited its ability to make any contingency plans prior to the DFS’ public announcement, and that regulated firms must deal with it in an “open and cooperative manner.” Kamiya
Notice at 3.2.
Second, each action is another example of regulators making clear they must be kept informed of material information, even if other regulators seek to limit or prohibit disclosure. Here, the PRA took action against the individual employees notwithstanding their good faith and grounded belief that the DFS prohibited disclosure of the action. In this regard, the PRA’s decision underscores the importance of considering all potential reporting obligations when negotiating with US regulators (both foreign and domestic). To the extent those conflict, then it is good practice to confer with external counsel and seek carve-outs, or waivers of confidentiality provisions, from any restrictions that one regulator puts on ongoing negotiations. See Kamiya
Notice at 3.6 (“Where individuals have, or think they may have, competing or conflicting multi-jurisdictional regulatory responsibilities, they must ensure that they promptly and properly consider their responsibilities to UK regulators, including the PRA.”). The same would be true where a pending foreign matter could trigger a notification requirement to a US regulator. To the extent disclosure to a US regulator is required or warranted, it is good practice to consult with external counsel to ensure that any confidentiality obligations to the foreign regulator are appropriately addressed. These situations can be fact-specific and depend on the regulators’ customary practices and any legal restrictions that may be placed on pending investigations.
Failure to notify the regulators promptly of material information has resulted in the imposition of fines by the FCA and the PRA previously. In 2015, the FCA censured a large bank for failing to notify either the PRA or itself of intended changes to its senior managers and the reasons behind those changes.2
Without notification, a proper consideration and assessment of the management of the firm was deemed impossible. Moreover, another large bank was interpreted as “failing to deal with the regulator in an open and cooperative way” for refusal to inform the FCA about a report commissioned by the German regulator, BaFin, in relation to the LIBOR scandal.3
This case emphasized that despite fulfilling the requirements of one regulator, a company could still be held in breach by a regulator in another jurisdiction.
Third, these PRA actions should emphasize to US regulators that parallel and overseas disclosure requirements are real and potentially carry serious consequences both to institutions and to individual executives if they are found to have refrained from disclosure for fear of violating US confidentiality restrictions.
And finally, the action against the NED demonstrates the importance of following internal reporting policies and procedures, as the NED was not personally responsible for reporting to the PRA, but was penalized for not reporting to the PRA, but was penalized for not reporting internally to the responsible person.