Final Notice

On , the Financial Conduct Authority issued a Final Notice to Mr James Edward Staley

1

FINAL NOTICE

Date:

11 May 2018

1.
ACTION

1.1.
For the reasons given in this Final Notice, the Authority hereby imposes on Mr

James Staley a financial penalty of £321,200 pursuant to section 66 of the Act.

1.2.
Mr Staley agreed to settle at an early stage of the Authority’s investigation and

therefore qualified for a 30% (stage 1) discount under the Authority’s executive

settlement procedures. Were it not for this discount, the Authority would have

imposed a financial penalty of £458,900 on Mr Staley.

2.
SUMMARY OF REASONS

2.1.
Mr Staley was appointed CEO of Barclays Group on 1 December 2015, and

performed this role throughout the Relevant Period. He was approved by the

Authority to carry out the SMF1 (Chief Executive) function at Barclays under the

Senior Managers Regime. The role of a CEO is an important one, and includes

setting an example to the firm’s employees, and communicating to them the

Board’s expectations in relation to the firm’s culture, values and behaviours.

2.2.
As part of his role Mr Staley was required to comply with Individual Conduct

Rule 2 (ICR2), which provided that he must act with due skill, care and

diligence. As set out more fully in this notice, the Authority considers Mr Staley

2

failed to comply with ICR2 in the way he acted in response to an anonymous

letter that Barclays received raising concerns about its hiring process.

2.3.
On 21 June 2016, a member of the Group Board received the First Letter. The

letter’s anonymous author was expressed to be a Group shareholder; it raised

concerns regarding Employee A, the Group’s process for hiring him and Mr

Staley’s role in dealing with those concerns at a previous employer1. On 23 June

2016, Mr Staley was asked by a member of the Executive Committee and

another senior Group employee to address the Group Board in respect of the

First Letter.

2.4.
Mr Staley considered that the First Letter fell outside of the firm’s

Whistleblowing Policy as its author did not purport to be a Group employee. He

believed the author was likely someone outside of the Group with whom he had

worked previously, and that the allegations were false and submitted for

malicious reasons. Mr Staley was concerned the allegations were an attack on

Employee A, and that they could undermine his ability to hire senior individuals

from competitor firms, which was an important part of his strategy for the

Group.

2.5.
On 23 and 26 June 2016, Mr Staley discussed the First Letter with two

individuals outside of the Group. He also disclosed a copy of the First Letter to

one of these individuals. Mr Staley did this as they were friends of Employee A

and he thought they could act as a support for him if the First Letter became

public.

2.6.
On 24 June 2016, the Group received a Second Letter expressing similar

concerns to the First Letter. Mr Staley recognised the Second Letter could fall

within the scope of the Group’s Whistleblowing Policy as it purported to come

from an employee, and so did not attempt to identify its author. Mr Staley

became increasingly concerned the Letters may be part of a campaign aimed at

undermining his hiring strategy. On 28 June 2016, with a view to pre-empting

further allegations being made, Mr Staley instructed Group Security to try to

identify the First Letter’s author. Whilst Mr Staley recognised there was a real

1 For the avoidance of doubt, the Authority makes no comment on the accuracy of the allegations made in

relation to Employee A in either of the First or Second Letters referred to in this notice.

3

possibility the Letters were sent by the same people, he believed they were

outside of the Group; he failed to appreciate the real risk that the authors of

both Letters were Group employees.

2.7.
On 29 June 2016, Mr Staley was told that Group Compliance might be treating

the First Letter as a whistleblow, and was advised by senior colleagues

(including from Group Compliance) not to attempt to identify its author. He

accepted this advice. Group Security was also told to cease its efforts to identify

the author of the First Letter, which it did.

2.8.
Following a request from Mr Staley for an update, on 8 July 2016 Group

Compliance updated Mr Staley on its investigation into the allegations in the

First Letter. Group Compliance told Mr Staley that the allegations about the

recruitment process appeared to be unsubstantiated and that Group Compliance

expected to conclude its investigation shortly. Mr Staley mistakenly understood

this to mean the First Letter was no longer being treated as a whistleblow.

However, he failed to confirm this expressly with Group Compliance, and also

failed to inform Group Compliance that he intended to resume steps to try to

identify the First Letter’s author. Following that discussion, Mr Staley instructed

Group Security to resume its efforts to identify the First Letter’s author.

2.9.
The Authority considers that, in the circumstances, Mr Staley failed to act with

due skill, care and diligence as required by ICR2.

2.10.
Mr Staley was the subject of (and a key witness in relation to) aspects of the

complaint made by way of the First Letter. Whilst Mr Staley viewed the

complaint as unjustified and submitted for malicious reasons, he also believed

that there was some factual basis for the historic allegations in relation to

Employee A – the complaint was therefore not one that could be immediately

dismissed. A CEO exercising due skill, care and diligence ought in the

circumstances to have identified that:

(1)
He had a conflict of interest in relation to the First Letter, and should have

taken particular care to maintain an appropriate distance from the

investigation into it. This included not taking steps (i) to involve himself in

the investigation of the complaints in the First Letter, which risked

interfering (and being perceived as interfering) with Group Compliance’s

investigation process or (ii) which could be seen to be seeking to put

pressure on the complainant to withdraw or not repeat their complaint.

(2)
There was a real risk that he would not be able to form an objective view

on how Barclays should respond to the First Letter.

(3)
Once the complaint was in the hands of Group Compliance, it was

important that Group Compliance retained control over its investigation.

2.11.
Mr Staley failed to identify any of these matters, and instead allowed his own

interest in the complaint to override his objectivity. As a result, he failed to take

appropriate steps to mitigate the conflict of interest he had in connection with

the First Letter – instead, he sought to direct some of the steps taken by

Barclays in connection with the First Letter.

2.12.
In particular, by involving himself in the investigation of the First Letter Mr

Staley
risked
compromising
the
independence
of
Group
Compliance’s

investigation process by instructing Group Security to try to identify the author

of the First Letter, a step he took without consulting other colleagues (including

those in Group Compliance with conduct of its investigation). Mr Staley’s failure

to exercise impartial judgement is further evidenced by his decision to discuss

the First Letter with two individuals outside of Barclays; in doing so he failed to

maintain (and to be seen to be maintaining) an appropriate distance from the

formal investigation into that letter.

2.13.
Further, from 29 June 2016 Mr Staley was on notice that the First Letter was

being treated by Barclays as a potential whistleblow. As a non-expert in

whistleblowing, Mr Staley ought to have recognised that he needed to consult

explicitly with those in Barclays who had primary responsibility for (and an

expertise in relation to) whistleblowing. He did not do so. In particular, Mr

(1)
failed to obtain express confirmation (either in the 8 July 2016 discussion

or in writing afterwards) that the First Letter was not a whistleblow and

that it was permissible for steps to be taken to identify its author;

5

(2)
failed to inform Group Compliance (either in the 8 July 2016 discussion or

afterwards) that he intended to attempt to identify the First Letter’s

author; and

(3)
instead relied on his own misunderstanding of the 8 July 2016 discussion,

without making any formal record of the discussion and his reasons for re-

instructing Group Security to try to identify the First Letter’s author.

Given the conflict of interest and his lack of objectivity as set out above, Mr

Staley acted unreasonably in proceeding in this way and, in doing so, risked

undermining confidence in Barclays’ whistleblowing policy and the protections it

afforded to whistleblowers.

2.14.
Further, in light of the Second Letter Mr Staley ought to have recognised that

there was a real possibility (given the similarity in the allegations they

contained) that the First Letter also fell within the scope of Barclays’

Whistleblowing Policy. A CEO exercising due skill, care and diligence in these

circumstances would have appreciated that identification of the First Letter’s

author could not be handled in isolation from the Second Letter – attempting to

identify the First Letter’s author or to put pressure on them to withdraw or not

repeat their complaint risked leading back to and putting pressure on the author

of the Second Letter, who Mr Staley had recognised (correctly) could fall within

the scope of the Group’s Whistleblowing Policy. Had Mr Staley consulted

properly with his colleagues (in particular Group Compliance) he would have

appreciated this risk.

2.15.
Given the crucial role of the CEO, the standard required of Mr Staley under ICR2

is more exacting than for other employees. Where (as happened here) the CEO

is faced with circumstances that undermine or risk undermining the impartiality

of their judgement, they need to ensure that appropriate standards of

governance (including independence of decision-making) are maintained.

2.16.
Further, whistleblowers play a vital role in exposing poor practice and

misconduct in the financial services sector. It is critical that individuals who wish

to raise concerns feel able to speak up anonymously and without fear of

retaliation. Mr Staley’s actions fell short of the standard of due skill, care and

diligence expected of a CEO in a regulated firm: he risked compromising the

value of an important resource by which the financial services industry and

6

regulators can identify poor behaviours. That risk was exacerbated given the

high profile of Mr Staley and Barclays within the financial services industry.

2.17.
The Authority hereby imposes on Mr Staley a financial penalty of £321,200

pursuant to section 66 of the Act.

3.
DEFINITIONS

3.1.
The definitions below are used in this Notice:

‘the Act’ means the Financial Services and Markets Act 2000

‘the Americas Division’ means the division which runs the Group’s businesses in

North, Central and South America

‘the Authority’ means the body corporate previously known as the Financial

Services Authority and renamed on 1 April 2013 as the Financial Conduct

‘BAC’ means the Board Audit Committee of Barclays Bank Plc, which derives its

authority from, and reports to, the Group Board

‘Barclays’ means Barclays Bank Plc, the entity authorised by the PRA and

regulated by the Authority and the PRA which has regulatory permissions

through which its Barclays UK and Barclays International divisions conduct the

majority of their UK based regulated activity

‘Barclays International’ is Barclays’ transatlantic wholesale and consumer bank

‘Barclays UK’ is Barclays’ UK personal and business bank

‘Barclays Values and Behaviours’ are a set of positive values and behaviours set

out in Barclays' code of conduct against which the performance of Group

employees is assessed

‘CEO’ means Chief Executive Officer

7

‘DEPP’ means the section of the Authority’s Handbook entitled Decision

Procedure and Penalties Manual

‘Employee A’ means the Barclays employee who was the subject of various

allegations in the Letters

‘Executive Committee’ means the Group Executive Committee of Barclays

‘First Letter’ means the letter dated 15 June 2016 addressed to the Chairman of

the Group Board from an author using the pseudonym ‘John Q. Public’ and

identifying themselves as an anonymous representative of a long-term

institutional shareholder of Barclays

‘GCWT’ means the Global Compliance Whistleblowing Team which is part of the

I&W Team

‘Group’ means Barclays Group which includes Barclays, Barclays UK and

‘Group Board’ means the Board of Directors of the Group

‘Group Compliance’ means the Compliance function of the Group

‘Group Legal’ means the Legal function of the Group

‘Group HR’ means the Human Resources function of the Group

‘Group Security’ means the Security function of the Group

‘Handbook’ means the Authority’s Handbook of rules and guidance

‘ICR 2’ means Individual Conduct Rule 2

‘the I&W Team’ means the Investigations & Whistleblowing team within Group

‘Letters’ means the First Letter and Second Letter collectively

‘PCBS’ means the UK Parliamentary Commission on Banking Standards

‘PRA’ means the Prudential Regulation Authority

‘PIDA’ means the Public Interest Disclosure Act 1998

‘Policy Statements’ means the Authority’s Policy Statement 15/24 and the PRA

Policy Statement 24/15 both published on 6 October 2015

‘the Relevant Period’ means 1 June 2016 to 5 September 2016

‘Second Letter’ means the undated anonymous letter addressed to an employee

in the Group’s Americas Division, received by the Group’s office in New York on

24 June 2016, the authors of which identified themselves as employees of

‘the Tribunal’ means the Upper Tribunal (Tax and Chancery Chamber)

‘US’ means the United States of America

‘UK’ means the United Kingdom

‘Whistleblowing
Policy’
means
version
3.1
of
the
“Raising
Concerns

(Whistleblowing) Global Policy” dated July 2015, the Group’s whistleblowing

policy in place at the time of receipt of the Letters

4.
FACTS AND MATTERS

Overview of the Group’s corporate structure during the Relevant Period

4.1.
The Group is a trans-Atlantic consumer, corporate and investment bank. During

the Relevant Period it was comprised of Barclays UK, which conducts UK

personal and business banking, and Barclays International, which is made up of

its Corporate Banking business, Investment Bank, Barclaycard operations

outside the UK and its Private Bank and Overseas Services. Barclays Bank Plc is

the entity authorised by the PRA and regulated by the Authority and PRA which

has regulatory permissions through which its Barclays UK and Barclays

International divisions conduct the majority of their UK based regulated activity.

4.2.
During the Relevant Period the Group Board reported to the Chairman of

Barclays, and consisted of the CEO (Mr Staley), the Chairman, Deputy Chairman

and Senior Independent Director, the Group Finance Director, the Company

Secretary and eight non-executive directors. Mr Staley also chaired the Group

Executive Committee which consisted of the Heads of various significant

business units and functions within the Group.

The role and expectations of the CEO

4.3.
The CEO is the most senior executive director on the board, and therefore has a

crucial role to play in ensuring that their firm meets the standards expected of

it. A CEO is expected to identify conflicts of interest and be appropriately alert

to potential whistleblowing situations. As such, they are expected to

demonstrate the highest standard of integrity and to act with due skill, care and

diligence in carrying out their functions.

4.4.
The CEO has responsibility for proposing strategy to the board and for delivering

the strategy as agreed. Further, the CEO has, with the support of the executive

team, primary responsibility for setting an example to the firm’s employees, and

communicating to them the expectations of the board in relation to the firm’s

culture, values and behaviours.

4.5.
Further, a CEO of an authorised firm must comply with ICR 2, acting with due

skill, care and diligence at all times in performing their role. The standard is an

objective one and requires a CEO to exercise the degree of due skill, care and

diligence as a reasonable CEO would exercise in like circumstances.

4.6.
The steps that a person needs to take to comply with ICR 2 will be informed by,

amongst other things, the circumstances, the specific nature of their role and

their experience. Given the crucial role of the CEO, the expectations of the CEO

will be more exacting than for other employees of their firm. This is consistent

with the CEO’s responsibility for setting an example to the firm’s employees. For

example, where a CEO is faced with circumstances that might undermine the

impartiality of their judgement, they need to ensure that appropriate standards

of probity and governance are maintained.

Barclays’ whistleblowing function

4.7.
During the Relevant Period, the I&W Team was a sub-function of Group

Compliance. The Head of the I&W Team reported to the Group Head of

Compliance. The I&W Team was responsible for:

(1) facilitating the reporting of ‘Inappropriate Conduct’ (defined in the

Whistleblowing Policy as “Behaviour and/or practices counter to Barclays

Values and Behaviours involving Barclays or its Employees, which relate to

wrongdoing or unethical behaviour”);

(2) triaging reports of Inappropriate Conduct and co-ordinating the investigation

of valid reports;

(3) escalating
serious
instances
of
Inappropriate
Conduct
to
senior

management;

(4) providing dedicated support to and protection of employees who report

Inappropriate Conduct;

(5) setting a framework for investigations of Inappropriate Conduct;

(6) analysing the outcome of investigations (without taking responsibility for the

direction or conduct of any required remediation); and

(7) providing periodic management information of valid reports of Inappropriate

Conduct to senior management.

4.8.
The I&W Team consisted of a whistleblowing team, a number of investigation

teams and an operations team. The Director of the whistleblowing team

reported to the Head of the I&W Team and had primary responsibility for

determining whether a concern was a whistleblow or not on a day-to-day basis.

If they had any queries or issues regarding this determination, they could

discuss these with the Head of the I&W Team. The whistleblowing team received

reports alleging inappropriate conduct, registered these and allocated them to

the appropriate area, for example, an investigations team, Human Resources or

Compliance.

4.9.
The key events as described in this Notice took place during a time when the

Authority’s regulatory regime in relation to whistleblowing was changing.

4.10.
From 31 December 2006 to 6 September 2016 the Authority’s Handbook

provided guidance in relation to whistleblowing by reference to the legal

requirements in PIDA. The purpose of this guidance was not to provide a

comprehensive guide to PIDA, but to remind firms of the provisions of PIDA, and

to encourage them to consider adopting and communicating to workers

appropriate internal procedures for handling workers’ concerns as part of an

effective risk management system. Further, from 2 April 2015 the PRA

introduced various requirements relating to whistleblowing processes in the

General Organisational Requirements section of its Rulebook.

4.11.
Following the PCBS’s recommendations in 2013, the Authority brought into

effect new rules to formalise firms’ whistleblowing procedures. A detailed

summary is contained in Annex A to this Notice, but in overview:

(1) From 7 March 2016, firms were required to appoint a whistleblowers’

champion, who had responsibilities (broadly speaking) for overseeing the

integrity, independence and effectiveness of the firm’s policies and

procedures on whistleblowing. This included overseeing the firm’s transition

to its new whistleblowing arrangements to comply with the new rules taking

effect from 7 September 2016.

(2) From 7 September 2016, the revised whistleblowing regime came into full

effect with enhanced requirements as to the arrangements that a firm must

put in place for the disclosure of reportable concerns by whistleblowers. As

at that date the following terms were used:

(a) ‘Whistleblower’ which referred to ‘any person’ who has disclosed or

intends to disclose a ‘reportable concern’ (i.e. not just workers).

(b) ‘Reportable concern’ which was defined to include: (a) anything that

would be the subject-matter of a protected disclosure, including

beaches of rules; (b) a breach of the firm’s policies and procedures;

and (c) behaviour that harms or is likely to harm the reputation or

financial well-being of the firm.

4.12.
The events which are the subject of this Notice fall within the period where

Barclays’ obligations in relation to whistleblowing were as referred to in

paragraph 4.10 above, save that Barclays was required to also have a

whistleblowers’ champion and to be working towards implementation of the

wider regime by the 7 September 2016 deadline. However, given that the

Authority’s rules on whistleblowing were in flux a CEO in the circumstances in

which Mr Staley found himself in, in the Relevant Period ought to have been

particularly sensitive to whistleblowing issues.

The Group’s policy on whistleblowing


4.13.
The Group’s Whistleblowing Policy during the Relevant Period applied to all

employees of any entity within the Group. The Whistleblowing Policy strongly

encouraged employees to speak up about behaviours and practices that

contradict the values of the Group and relate to wrongdoing or unethical

behaviour. The Whistleblowing Policy defined such behaviours and practices as

‘Inappropriate Conduct’, including, but not limited to, the following examples:

(1) A material breach of any laws or regulations applicable to the Group.

(2) Anything that is significantly detrimental to the Group, its employees or its

customers.

(3) Suppression or concealment of any of the behaviours or practices that

constituted Inappropriate Conduct under the policy.

4.14.
The Whistleblowing Policy sought to facilitate the ability for employees to raise

concerns confidentially and, where permitted, anonymously. The Whistleblowing

Policy defined an ‘Employee’ as “All employees and workers of any entity within

Barclays...”.

4.15.
The Whistleblowing Policy only allowed for one exception to the rule that the

identity of an anonymous whistleblower should be protected: where the I&W

Team found that the allegations made by the whistleblower were false and

submitted for malicious reasons, then steps could be taken to identify the

whistleblower and take disciplinary action against them. In practice, Group

Compliance decided whether there were grounds to identify an anonymous

whistleblower and directed any resulting activity to that end.

4.16.
The Whistleblowing Policy protected employees of the Group from being

“(directly or indirectly) dismissed, demoted, suspended, threatened, harassed or

subject to Detriment because they have reported Inappropriate Conduct”.

4.17.
In practice, the I&W Team took a cautious approach to whether an anonymous

report was classified as a whistleblow; further, when investigating reports the

I&W Team did not differentiate between reports from internal and external

sources. This was in part because of the difficulty in determining whether an

anonymous whistleblow in fact came from an employee or an external source.

4.18.
Mr Staley understood that the key principle of the Group’s whistleblowing policy

was to make employees feel comfortable bringing conduct or control issues to

the attention of the Group and voiced his support for that goal in his

communications with Group employees. During the Relevant Period, Mr Staley

was aware that employees of the Group could report conduct issues

anonymously and that the reason for this was to protect them against any

potential retaliation. Mr Staley correctly understood that at that time the

whistleblowing policy applied to Group employees and not external parties.

4.19.
Further, Mr Staley was aware that the scope of the regulatory regime in relation

to whistleblowing was expanding in the way set out in paragraph 4.11(2) above.

For example, on 28 July 2016 Mr Staley attended a Group Board meeting at

which the application of the Group’s whistleblowing policy to anonymous

correspondence was noted. One of the agenda items for this meeting was the

Group Board’s approval for various changes to the Terms of Reference of the

BAC (which is an internal committee that reviews and audits, amongst other

things, the effectiveness of the Group’s whistleblowing procedures). The Group

Board approved those changes, which included the addition of the requirement

for the BAC to “ensure that management has internal arrangements in place to

handle any type of whistleblowing disclosure by any person (including

anonymous disclosures) [emphasis added]”.

Chronology of Events

Receipt of the First Letter

4.20.
On 21 June 2016, one of the members of the Group Board received the First

Letter, the author of which identified themselves as ‘John Q. Public’ and a long-

term institutional shareholder of the Group. The First Letter raised concerns

regarding the appointment by the Group of Employee A, including concerns of a

personal nature about Employee A, Mr Staley’s knowledge of and role in dealing

with those issues at a previous employer, and the appropriateness of the

Group’s recruitment process for appointing Employee A. The First Letter was

stated to have been copied to other members of the Group Board, but not Mr

Staley.

4.21.
On 21 June 2016, the First Letter was forwarded to Group Compliance. On

receipt of the First Letter (and unknown to Mr Staley at the time), Group

Compliance considered it to be a whistleblow and the I&W Team subsequently

opened a whistleblowing case into allegations contained in the First Letter.

4.22.
On or before 23 June 2016, Mr Staley was told about, and provided with a copy

of, the First Letter. When Mr Staley first read the First Letter he did not consider

it to be a whistleblow as he thought it highlighted an issue about the hiring of

Employee A rather than a conduct issue, purported to come from a shareholder

rather than an employee of the Group, related to an event that did not happen

at Barclays and, in his view, the allegations it contained were false and

malicious. Mr Staley believed the author of the First Letter was someone who

had worked with Employee A and Mr Staley at a former employer.

4.23.
However, Mr Staley believed that certain of the historic allegations in relation to

Employee A were correct. Further, certain of the matters underlying the

complaints in the First Letter were factually accurate – in particular, Mr Staley

had instigated Employee A’s hiring by Barclays (although he had not played a

part in the bank’s interview and hiring process) and he had been aware of some

of the allegations concerning Employee A when he worked at a previous

employer. (For the avoidance of doubt, the Authority makes no comment in this

Notice on the accuracy of the allegations in the Letters relating to Employee A.)

4.24.
On 23 June 2016, Mr Staley was asked by a member of the Executive

Committee and another senior Group employee to address the Group Board in

respect of the First Letter. Mr Staley informed the Group Board:

(1) of the background to the personal issues relating to Employee A alleged in

the First Letter and that they were historic;

(2) of the steps he had taken to ensure a suitable HR recruitment process

(which he was not involved in) was conducted before Employee A was hired;

(3) that the decision to hire Employee A had not been taken by him; and

(4) that he was confident Employee A remained a good hire for the Group.

4.25.
On 23 June 2016, Mr Staley emailed a copy of the First Letter to a friend and

former colleague of Mr Staley and Employee A. On 26 June 2016, Mr Staley

discussed the First Letter with another friend and former colleague of Mr Staley

and Employee A. Neither of these individuals were employees of the Group. Mr

Staley corresponded with these individuals regarding the First Letter to set up a

support network for Employee A in case the First Letter became public.

Receipt of the Second Letter

4.26.
On 24 June 2016, a Barclays Group office in New York received the Second

Letter, which was addressed to an employee in the Americas Division and sent

anonymously (albeit it was purported to have been drafted by a group of

Barclays’ employees). The Second Letter expressed similar concerns relating to

Employee A as those in the First Letter.

4.27.
Mr Staley was aware of the Second Letter by 28 June 2016. Mr Staley

considered that the Second Letter could fall within the scope of Barclays’

whistleblowing policy as it purported to come from a Group employee, and so

did not take any steps to identify its author (even though he considered it likely

its author was also the author of the First Letter). Mr Staley believed that, rather

than the First Letter being an isolated incident, the Letters were potentially part

of a campaign to attack both Employee A and Barclays. This raised in Mr

Staley’s mind the need to find a way to stop this campaign by finding out who

was sending the Letters, proving that they were not whistleblows and that their

contents were false.

4.28.
In light of the similarity in the allegations they contained, Mr Staley recognised

that there was a real risk that both Letters had been sent by the same people.

He considered that these individuals were outside of the Group (at the previous

employer referred to in paragraph 4.23 above). However, he failed to recognise

the real possibility that both Letters were sent by Group employees.

4.29.
On 29 June 2016, the I&W Team logged the Second Letter as a whistleblowing

case on the case management system (this was unknown to Mr Staley at the

time).

First instruction by Mr Staley to Group Security to try to identify the author of
the First Letter

4.30.
Mr Staley considered it important to the strategy and future of the Group that it

be able to hire and retain senior people, and he was worried that the First Letter

might compromise his ability to do that. He also thought that the Group had an

obligation to protect the wellbeing and integrity of its employees, and

considered the First Letter was an attempt to “assassinate” the character of

4.31.
Given his concerns, on 28 June 2016 Mr Staley asked Group Security to get the

First Letter from Group HR and to try to identify its author (one of the functions

of Group Security was to conduct investigations relating to internal and external

security threats against the Group). Mr Staley approached Group Security as he

had prior interactions with it in relation to other security matters. Group

Security asked Group HR for the First Letter and informed Mr Staley that it had

done so. However, Group Security did not receive a copy of the First Letter

following this (or a subsequent) request.

4.32.
On 28 June 2016, Group Security also contacted colleagues based in the US to

inform them that they may be required to examine a letter and envelope to

identify the author and to ask them to check what options might be available to

identify the sender of a letter via their contacts in the US.

Internal discussions and events in relation to the Letters

4.33.
In a meeting on 29 June 2016 involving the Group Head of Compliance, Group

General Counsel, Group Human Resources Director and Mr Staley’s Chief of Staff

Mr Staley was advised that:

(1) it was generally not a good idea to try to identify the author of an

anonymous letter;

(2) Group Compliance might consider that the First Letter was a whistleblow;

(3) if the Letters were considered to be whistleblows, they would have to be

dealt with in accordance with the Whistleblowing Policy and Mr Staley should

not get involved; and

(4) as the Letters could be considered to be whistleblows, Mr Staley should not

try to identify the authors.

4.34.
This meeting was the first occasion on which Mr Staley understood that the First

Letter might be treated as a whistleblow.

4.35.
Although frustrated, Mr Staley accepted this advice and did not take further

steps to try to identify the author of the First Letter at this point. The I&W Team

told Group Security it was not acceptable to trace the author of an anonymous

letter. Group Security had not at that time taken any specific steps to identify

the author, and told the Barclays’ employees in the US that their help in

attempting to identify the author of an anonymous letter was no longer needed.

4.36.
On 5 July 2016, Mr Staley received the Whistleblowers’ Champion Monthly

Report for June 2016 from the I&W Team, which included a high level summary

of significant whistleblowing cases opened by the GCWT in that month. The

report included two linked case references alongside a brief description that

referred to an anonymous letter containing allegations that an employee had

historically behaved in a manner contrary to the Group’s values. The two linked

cases were references to the I&W Team’s investigations in relation to the

Letters.

4.37.
On 7 July 2016, Mr Staley asked his office to seek an update from the I&W

Team as to whether the Letters were whistleblows. The I&W Team confirmed to

Mr Staley’s office that they were treating the Letters as whistleblows. Mr Staley

and his office do not recall whether this was communicated to him at this time.

4.38.
On 8 July 2016, Mr Staley received an oral update from Group Compliance about

the recruitment process for appointing Employee A and the treatment of the

First Letter as a whistleblow. Mr Staley was told that the investigation had yet

to formally conclude, but that the allegations around the recruitment process in

the Letters appeared to be unsubstantiated; Group Compliance told him that

this was not a circumstance in which it would try to identify the author of the

Letters.

4.39.
Mr Staley does not recall details of what was said on the telephone call of 8 July

2016. However, he mistakenly understood that he was being told by Group

Compliance that, as the allegations appeared to be unsubstantiated, the First

Letter was no longer being treated as a whistleblow, and so concluded that it

was within his authority as CEO to decide how to proceed in relation to it.

However, even though he was aware of the sensitivities and risks to the Group

in tracing the source of anonymous correspondence from the discussion on 29

June 2016, Mr Staley did not seek express confirmation from Group Compliance

that (i) the First Letter was no longer being treated as a whistleblow or (ii) it

was permissible to try to identify its author. Mr Staley failed to inform Group

Compliance that he intended to resume steps to try to identify the First Letter’s

author. Had Mr Staley taken those steps, he would have identified that Group

Compliance was still treating the First Letter as a whistleblow and that any steps

to identify its author were for Group Compliance to take.

4.40.
Following the call on 8 July 2016, Group Compliance recorded that Mr Staley had

been updated and that there were no follow up issues or concerns.

Resumption of attempt to identify the author of the First Letter


4.41.
On 11 July 2016, Mr Staley told Group Security that he had received clearance

to try to identify the author of the First Letter and asked Group Security to

engage with his office. Mr Staley did not inform his fellow Group Board or

Executive Committee members, Group Compliance (including the I&W Team),

Legal or HR of this instruction nor did he seek their advice/assistance on its

implementation.

4.42.
On 12 July 2016, Mr Staley’s office sent a copy of the envelope of the First

Letter to Group Security which then arranged for the original envelope to be

sent to a Barclays employee in the US who engaged with their contacts in the

US to try and identify the author. On 27 July 2016, these contacts provided the

Barclays employee in the US with the date, time, location and cost of the

purchase of postage for the First Letter. This information was circulated to

Group Security and Mr Staley on the same day.

4.43.
On 2 August 2016, Mr Staley sent a text message to Group Security asking for

an update on the attempt to identify the author of the First Letter. Group

Security responded saying that it was seeking to obtain video footage of the

purchase of the postage for the First Letter from US contacts.

4.44.
On 3 August 2016, Group Security informed Mr Staley that it had been unable to

identify the author of the First Letter and that it could not obtain the video

footage. Mr Staley replied to Group Security, asking if there was any way it

could attempt to respond to the author of the First Letter. On 5 August 2016,

Group Security confirmed that this would not be possible.

4.45.
The Authority has not identified any further communications after 5 August 2016

between Group Security and Mr Staley relating to identifying the author of the

First Letter.

4.46.
By 13 September 2016, the I&W Team had substantively concluded its

investigation and made a finding that the allegations in the Letters were

“unsubstantiated” and that “nothing untoward [had] been identified”. The I&W

Team formally closed the two linked cases in respect of the First and Second

Letters on 9 January 2017.

4.47.
In early 2017, Barclays’ Board became aware of Mr Staley’s attempt to identify

the author of the First Letter. Barclays conducted its own investigation into the

matter and also reported it to the Authority and PRA.

4.48.
Mr Staley apologised to the Barclays Board for his error in becoming involved

with, and not applying appropriate governance around, the attempt to identify

the author of the First Letter, and in taking action to attempt to identify the

author of the First Letter.

5.
FAILINGS

5.1.
The regulatory provisions relevant to this Notice are referred to in Annex A.

5.2.
Mr Staley was the subject of (and a key witness in relation to) aspects of the

complaint made by way of the First Letter. Whilst Mr Staley viewed the

complaint as unjustified and submitted for malicious reasons, he also believed

that there was some factual basis for the historic allegations in relation to

Employee A – the complaint was therefore not one that could be immediately

dismissed. A CEO exercising due skill, care and diligence ought in the

circumstances to have identified that:

(1) He had a conflict of interest in relation to the First Letter, and should have

taken particular care to maintain an appropriate distance from the

investigation into it. This included not taking steps (i) to involve himself in

the investigation of the complaints in the First Letter, which risked

interfering (and being perceived as interfering) with Group Compliance’s

investigation process or (ii) which could be seen to be seeking to put

pressure on the complainant to withdraw or not repeat their complaint.

(2) There was a real risk that he would not be able to form an objective view on

how Barclays should respond to the First Letter.

(3) Once the complaint was in the hands of Group Compliance, it was important

that Group Compliance retained control over its investigation.

5.3.
Mr Staley failed to identify any of these matters, and instead allowed his own

interest in the complaint to override his objectivity. As a result, he failed to take

appropriate steps to mitigate the conflict of interest he had in connection with

the First Letter – instead, he sought to direct some of the steps taken by

Barclays in connection with the First Letter.

5.4.
In particular, by involving himself in the investigation of the First Letter Mr

Staley
risked
compromising
the
independence
of
Group
Compliance’s

investigation process by instructing Group Security to try to identify the author

of the First Letter, a step he took without consulting other colleagues (including

those in Group Compliance with conduct of its investigation). Mr Staley’s failure

to exercise impartial judgement is further evidenced by his decision to discuss

the First Letter with two individuals outside of Barclays; in doing so he failed to

maintain (and to be seen to be maintaining) an appropriate distance from the

formal investigation into that letter.

5.5.
Further, from 29 June 2016 Mr Staley was on notice that the First Letter was

being treated by Barclays as a potential whistleblow. As a non-expert in

whistleblowing, Mr Staley ought to have recognised that he needed to consult

explicitly with those in Barclays who had primary responsibility for (and an

expertise in relation to) whistleblowing. He did not do so. In particular, Mr

(1) failed to obtain express confirmation (either in the 8 July 2016 discussion or

in writing afterwards) that the First Letter was not a whistleblow and that it

was permissible for steps to be taken to identify its author;

failed to inform Group Compliance (either in the 8 July 2016 discussion or

afterwards) that he intended to attempt to identify the First Letter’s author;

and

(2) instead relied on his own misunderstanding of the 8 July 2016 discussion,

without making any formal record of the discussion and his reasons for re-

instructing Group Security to try to identify the First Letter’s author.

Given the conflict of interest and his lack of objectivity as set out above, Mr

Staley acted unreasonably in proceeding in this way and, in doing so, risked

undermining confidence in Barclays’ whistleblowing policy and the protections it

afforded to whistleblowers.

5.6.
Further, in light of the Second Letter Mr Staley ought to have recognised that

there was a real possibility (given the similarity in the allegations they

contained) that the First Letter also fell within the scope of Barclays’

Whistleblowing Policy. A CEO exercising due skill, care and diligence in these

circumstances would have appreciated that identification of the First Letter’s

author could not be handled in isolation from the Second Letter – attempting to

identify the First Letter’s author or to put pressure on them to withdraw or not

repeat their complaint risked leading back to and putting pressure on the author

of the Second Letter, who Mr Staley had recognised (correctly) could fall within

the scope of the Group’s Whistleblowing Policy. Had Mr Staley consulted

properly with his colleagues (in particular Group Compliance) he would have

appreciated this risk.

5.7.
Given the crucial role of the CEO, the standard required of Mr Staley under ICR2

is more exacting than for other employees. Where (as happened here) the CEO

is faced with circumstances that undermine or risk undermining the impartiality

of their judgement, they need to ensure that appropriate standards of

governance (including independence of decision-making) are maintained.

5.8.
Further, whistleblowers play a vital role in exposing poor practice and

misconduct in the financial services sector. It is critical that individuals who wish

to raise concerns feel able to speak up anonymously and without fear of

retaliation. Mr Staley’s actions fell short of the standard of due skill, care and

diligence expected of a CEO in a regulated firm: he risked compromising the

value of an important resource by which the financial services industry and

regulators can identify poor behaviours. That risk was exacerbated given the

high profile of Mr Staley and Barclays within the financial services industry.

6.
SANCTION

6.1.
The Authority’s policy for imposing a financial penalty is set out in Chapter 6 of

DEPP. In respect of conduct occurring on or after 6 March 2010, the Authority

applies a five-step framework to determine the appropriate level of financial

penalty. DEPP 6.5B sets out the details of the five-step framework that applies

in respect of financial penalties imposed on individuals in non-market abuse

cases.

6.2.
Pursuant to DEPP 6.5B.1G, at Step 1 the Authority seeks to deprive an individual

of the financial benefit derived directly from the breach where it is practicable to

quantify this.

6.3.
The Authority has not identified any financial benefit that Mr Staley derived

directly from the breach.

6.4.
Step 1 is therefore £0

Step 2: the seriousness of the breach

6.5.
Pursuant to DEPP 6.5B.2G, at Step 2 the Authority determines a figure that

reflects the seriousness of the breach. That figure is based on a percentage of

the individual’s relevant income. The individual’s relevant income is the gross

amount of all benefits received by the individual from the employment in

connection with which the breach occurred, and for the period of the breach.

6.6.
Consistent with DEPP 6.5B.2G(2), as Mr Staley was employed as CEO for less

than 12 months prior to the breach, his relevant income has been calculated on

a pro rata basis to the equivalent of 12 months’ relevant income – the Authority

therefore considers Mr Staley’s relevant income to be £4,589,048.62.

6.7.
In deciding on the percentage of the relevant income that forms the basis of the

step 2 figure, the Authority considers the seriousness of the breach and chooses

a percentage between 0% and 40%. This range is divided into five fixed levels

which represent, on a sliding scale, the seriousness of the breach; the more

serious the breach, the higher the level. For penalties imposed on individuals in

non-market abuse cases there are the following five levels:

Level 1 – 0%

Level 2 – 10%

Level 3 – 20%

Level 4 – 30%

Level 5 – 40%

6.8.
In assessing the seriousness level, the Authority takes into account various

factors which reflect the impact and nature of the breach, and whether it was

committed deliberately or recklessly. DEPP 6.5B.2G(12) lists factors likely to be

considered ‘level 4 or 5 factors’. Of these, the Authority considers the following

factor to be relevant:

(1) Mr Staley holds a prominent position within the financial services industry as

CEO of one of the largest global banks. The breach is therefore aggravated

by his prominent position within the industry.

6.9.
DEPP 6.5B.2G(13) lists factors likely to be considered ‘level 1, 2 or 3 factors’.

Of these, the Authority considers the following factors to be relevant:

(1) No profits were made or losses avoided either directly or indirectly as a

result of Mr Staley’s actions.

(2) There was little or no loss or risk of loss to consumers, investors or other

market users individual and in general as a result of Mr Staley’s actions.

(3) Mr Staley committed the breach negligently.

6.10.
In light of the impact of Mr Staley’s conduct on the Authority’s strategic and

operational objectives, taking all of the above factors into account the Authority

considers the seriousness of the breach to be level 2 and so the Step 2 figure is

10% of £4,589,048.62.

6.11.
Step 2 is therefore £458,904.86.

Step 3: mitigating and aggravating factors

6.12.
Pursuant to DEPP 6.5B.3G, at Step 3 the Authority may increase or decrease the

amount of the financial penalty arrived at after Step 2, but not including any

amount to be disgorged as set out in Step 1, to take into account factors which

aggravate or mitigate the breach.

6.13.
The Authority considers that the following factor aggravates the breach:

(1) The volume of materials which had been published prior to the breach, which

emphasised the importance of whistleblowing, highlighted the potential risk

of conflicts of interest in connection with whistleblowing, and called for

enhanced corporate governance within the financial services industry –

including the PCBS’s recommendations in 2013 and the subsequent policy

statements published by the Authority on 6 October 2015 (which brought

into effect new rules to formalise firms’ whistleblowing procedures).

6.14.
The Authority considers that the following factors mitigate the breach:

(1) Mr Staley has a good compliance history and does not have a previous

disciplinary record.

6.15.
Having taken into account these aggravating and mitigating factors, the

Authority considers that no adjustment should be made to the figure at Step 2.

6.16.
Step 3 is therefore £458,904.86.

Step 4: adjustment for deterrence

6.17.
Pursuant to DEPP 6.5B.4G, if the Authority considers the figure arrived at after

Step 3 is insufficient to deter the individual who committed the breach, or

others, from committing further or similar breaches, then the Authority may

increase the penalty.

6.18.
The Authority considers that the Step 3 figure of £458,904.86 represents a

sufficient deterrent to Mr Staley and others, and so has not increased the

penalty at Step 4.

6.19.
Step 4 is therefore £458,904.86.

Step 5: settlement discount

6.20.
Pursuant to DEPP 6.5B.5G, if the Authority and the individual on whom a penalty

is to be imposed agree the amount of the financial penalty and other terms,

DEPP 6.7 provides that the amount of the financial penalty which might

otherwise have been payable will be reduced to reflect the stage at which the

Authority and the individual reached agreement. The settlement discount does

not apply to the disgorgement of any benefit calculated at Step 1.

6.21.
The Authority and Mr Staley reached agreement at Stage 1 and so a 30%

discount applies to the Step 4 figure.

6.22.
Step 5 is therefore £321,233.40.

6.23.
The Authority hereby imposes a total financial penalty of £321,200 on Mr Staley

for breaching ICR2.

7.
PROCEDURAL MATTERS

7.1.
This Notice is given to Mr Staley under and in accordance with section 390 of the

Act. The following statutory rights are important.

Decision maker

7.2.
The decision which gave rise to the obligation to give this Notice was made by

the Settlement Decision Makers.

Manner and time for payment

7.3.
The financial penalty must be paid in full by Mr Staley to the Authority no later

than 25 May 2018.

If the financial penalty is not paid

7.4.
If all or any of the financial penalty is outstanding on 25 May 2018 the Authority

may recover the outstanding amount as a debt owed by Mr Staley and due to

the Authority.

7.5.
Sections 391(4), 391(6) and 391(7) of the Act apply to the publication of

information about the matter to which this notice relates. Under those

provisions, the Authority must publish such information about the matter to

which this notice relates as the Authority considers appropriate. The

information may be published in such manner as the Authority considers

appropriate. However, the Authority may not publish information if such

publication would, in the opinion of the Authority, be unfair to you or prejudicial

to the interests of consumers or detrimental to the stability of the UK financial

system.

7.6.
The Authority intends to publish such information about the matter to which this

Final Notice relates as it considers appropriate.

Authority contacts

7.7.
For more information concerning this matter generally, contact Martha Stokes at

the Authority (direct line: 020 7066 0894 /email: Martha.stokes@fca.org.uk).

Financial Conduct Authority, Enforcement and Market Oversight Division

Annex A – Relevant statutory and regulatory provisions

1. RELEVANT STATUTORY PROVISIONS

1.1.
The Authority’s operational objectives are set out in section 1B of the Act and

include the objectives of securing an appropriate degree of protection for

consumers, protecting and enhancing the integrity of the UK financial system,

and promoting effective competition in the interests of customers.

Disciplinary action: approved persons

1.2.
Section 66 of the Act provides that the Authority may take action against a

person if it appears to the Authority that he is guilty of misconduct and the

Authority is satisfied that it is appropriate in all the circumstances to take action

against him.

1.3.
Section 66A of the Act provides that for the purposes of action by the Authority

under section 66, a person is guilty of misconduct if any of conditions A to C is

met in relation to the person. Section 66A(2) sets out Condition A, which from

6 July 2016 stated that:

‘(a)
the person has at any time failed to comply with rules made by the FCA

under section 64A, and

(b)
at that time the person was –

(i)
an approved person,

(ii)
an employee of a relevant authorised person, or

(iii)
a director of an authorised person.’

1.4.
For the period 10 May 2016 to 5 July 2016, section 66A(b) extended only to an

approved person or an employee of a relevant authorised person.

1.5.
Section 66(3)(b) of the Act provides that if the Authority is entitled to take

action against a person under section 66, it may publish a statement of his

misconduct.

1.6.
Sections 66A(9) and 71A of the Act defines a relevant authorised person as a UK

institution which:

(c)
meets condition A or B, and

(d)
is not an insurer.

1.7.
Condition A is that the institution has permission under Part 4A to carry on the

regulated activity of accepting deposits.

1.8.
Condition B is that:

(1)
the institution is an investment firm;

(2)
it has permission under Part 4A to carry on the regulated activity of

dealing in investments as principal; and

(3)
when carried on by it, that activity is a PRA-regulated activity.

2. RELEVANT REGULATORY PROVISIONS

2.1.
Relevant Handbook Provisions

Individual Conduct Rules

2.2.
The Code of Conduct Sourcebook (COCON) was issued under section 64A of the

Act. COCON sets out the rules of conduct which apply to individuals within the

scope of COCON.

2.3.
Chapter 2 of COCON sets out the Individual Conduct Rules. COCON 2.1.2

provides that a person to whom the Individual Conduct Rules apply, must act

with due skill, care and diligence.

2.4.
Chapter 18 of SYSC sets out the Authority’s requirements on firms in relation to

whistleblowing.

Relevant provisions: in force from 31 December 2006 to 6 March 2016

2.5.
SYSC 18.1.2G states that the purposes of SYSC 18 are:

(1)
to remind firms of the provisions of PIDA; and

(2)
to encourage firms to consider adopting and communicating to workers

appropriate internal procedures for handling workers' concerns as part of

an effective risk management system.

2.6.
It clarifies that “worker” includes, but is not limited to, an individual who has

entered into a contract of employment.

2.7.
SYSC 18.1.3G states that the guidance in this chapter concerns the effect of

PIDA in the context of the relationship between firms and the Authority. It is not

comprehensive guidance on PIDA itself.

Relevant insertions into SYSC 18: in force from 7 March 2016 to date

2.8.
In addition to the version of SYSC 18 referred to above the following provisions

came into effect (and remained in effect after 7 September 2016).

SYSC 18.4: The whistleblowers’ champion

2.9.
SYSC 18.4.3R requires that a firm must assign the responsibilities set out in

SYSC 18.4.4R to its whistleblowers’ champion.

2.10.
SYSC 18.4.4R requires a firm to allocate to the whistleblowers’ champion the

responsibility for ensuring and overseeing the integrity, independence and

effectiveness of the firm’s policies and procedures on whistleblowing (see SYSC

18.3 (Internal Arrangements)) including those policies and procedures intended

to protect whistleblowers from being victimised because they have disclosed

reportable concerns.

2.11.
SYSC 18.4.6G provides that the role of a whistleblowers’ champion, before the

introduction of his or her responsibilities under those provisions of SYSC 18

30

which are to come into force on 2 October 2016, includes oversight of the firm’s

transition to its new arrangements for whistleblowing.

2.12. SYSC 18.4.6G was amended on 1 June 2016 to change the date on which the

provisions of SYSC 18 were to come into force, to 7 September 2016.

2.13.
New definitions were inserted into the Handbook’s glossary on 7 March 2016,

(1)
‘Whistleblower’:

‘Any person that has disclosed, or intends to disclose, a reportable

concern:

(i)
to a firm; or

(ii)
to the FCA or the PRA; or

(iii)
in accordance with Part 4A (Protected Disclosures) of the

Employment Rights Act 1996.

A person is not necessarily a whistleblower if they use a channel other

than the internal arrangements set out in SYSC 18.3.’

(2)
‘Reportable concern’:

‘A concern held by any person in relation to the activities of a firm,

(i)
anything that would be the subject-matter of a protected

disclosure, including breaches of rules;

(ii)
a breach of the firm’s policies and procedures; and

behaviour that harms or is likely to harm the reputation or financial well-

being of the firm.’

Relevant provisions: in force from 7 September 2016 to date

2.14.
From 7 September 2016, the guidance in SYSC 18 that had been in force from

31 December 2006 to 6 March 2016 was replaced. Relevant sections of the

revised SYSC 18 are set out below.

SYSC 18.1: Application and purpose

2.15.
SYSC 18.1.2G was amended to provide that the purposes of chapter 18 are to:

(1)
set out the requirements on firms in relation to the adoption, and

communication to UK-based employees, of appropriate internal procedures

for handling reportable concerns made by whistleblowers as part of an

effective risk management system (SYSC 18.3);

(2)
set out the role of the whistleblowers’ champion (SYSC 18.4);

(3)
require firms to ensure that settlement agreements expressly state that

workers may make protected disclosures (SYSC 18.5) and do not include

warranties related to protected disclosures;

(4)
outline best practice for firms which are not required to apply the

measures set out in this chapter but which wish to do so; and

(5)
outline the link between effective whistleblowing measures and fitness and

propriety.

SYSC 18.3: Internal arrangements

2.16. SYSC 18.3 requires that firms have appropriate and effective whistleblowing

arrangements in place.

2.17.
SYSC 18.3.1R provides that:

(1)
A firm must establish, implement and maintain appropriate and effective

arrangements for the disclosure of reportable concerns by whistleblowers.

(2)
The arrangements in (1) must at least:

(a)
be able effectively to handle disclosures of reportable concerns

including:

(i)
where the whistleblower has requested confidentiality or has

chosen not to reveal their identity; and

(ii)
allowing for disclosures to be made through a range of

communication methods;

(b)
ensure the effective assessment and escalation of reportable

concerns by whistleblowers where appropriate, including to the

Authority or PRA;

(c)
include reasonable measures to ensure that if a reportable concern

is made by a whistleblower no person under the control of the firm

engages in victimisation of that whistleblower;

(d)
provide feedback to a whistleblower about a reportable concern

made to the firm by that whistleblower, where this is feasible and

appropriate;

(e)
include the preparation and maintenance of:

(i)
appropriate
records
of
reportable
concerns
made
by

whistleblowers and the firm’s treatment of these reports

including the outcome; and

(ii)
up-to-date written procedures that are readily available to the

firm’s UK-based employees outlining the firm’s processes for

complying with this chapter;

(f)
include the preparation of the following reports:

(i)
a report made at least annually to the firm’s governing body

on the operation and effectiveness of its systems and controls

in relation to whistleblowing (see SYSC 18.3.1R); this report

must maintain the confidentiality of individual whistleblowers;

and

(ii)
prompt reports to the Authority about each case the firm

contested but lost before an employment tribunal where the

claimant successfully based all or part of their claim on either

detriment suffered as a result of making a protected

disclosure in breach of section 47B of the Employment Rights

Act 1996 or being unfairly dismissed under section 103A of

the Employment Rights Act 1996;

(g)
include appropriate training for:

(i)
UK-based employees;

(ii)
managers of UK-based employees wherever the manager is

based; and

(iii)
employees responsible for operating the firms’ internal

arrangements.

Decision Procedures and Penalties manual (DEPP)

2.18.
The Authority’s policy on the imposition of a financial penalty or public censure is

set out in Chapter 6 of DEPP.

2.19.
DEPP 6.2.1G provides that the Authority will consider the full circumstances of

each case when determining whether or not to take action for a financial penalty

or public censure. The guidance sets out the following non-exhaustive list of

factors that may be relevant for this purpose, and notes that there may be other

factors, not listed, that are relevant:

(1)
DEPP 6.2.1G(1): The nature, seriousness and impact of the suspected

breach, including (amongst others) whether the breach was deliberate or

reckless, the duration and frequency of the breach, the amount of any

benefit gained or loss avoided as a result of the breach, the loss or risk of

loss caused to consumers or other market users, and the nature and

extent of any financial crime facilitated, occasioned or otherwise

attributable to the breach;

(2)
DEPP 6.2.1G(2): The conduct of the person after the breach, including

(amongst others) how quickly, effectively and completely the person

brought the breach to the attention of the Authority or another relevant

regulatory authority, the degree of co-operation the person showed during

the investigation of the breach, any remedial steps the person has taken in

respect of the breach, the likelihood that the same type of breach

(whether on the part of the person under investigation or others) will recur

if no action is taken, and the nature and extent of any false or inaccurate

information given by the person and whether the information appears to

have been given in an attempt to knowingly mislead the Authority;

(3)
DEPP 6.2.1G(3): The previous disciplinary record and compliance history of

the person;

(4)
DEPP 6.2.1G(4): The Authority’s guidance and other published materials;

(5)
DEPP 6.2.1G(5): Action taken by the Authority in previous similar cases;

and

(6)
DEPP 6.2.1G(6): Action taken by other domestic or international regulatory

authorities.

2.20.
DEPP 6.2.4G notes that disciplinary action against senior managers of firms and

other individuals is one of the Authority’s key tools in deterring firms and

individuals from committing breaches.

2.21.
In addition to the general factors outlined in DEPP 6.2.1G, DEPP 6.2.6G sets out

the following non-exhaustive list of some additional considerations that may be

relevant when deciding whether to take action against an individual under

section 66 of the Act:

(1)
the individual's position and responsibilities. The Authority may take into

account the responsibility of those exercising significant influence functions

or designated senior management functions in the firm for the conduct of

the firm. The more senior the individual responsible for the misconduct,

the more seriously the Authority is likely to view the misconduct, and

therefore the more likely it is to take action against the individual;

(2)
whether the most appropriate regulatory response would be disciplinary

action against the firm, the individual or both;

(3)
whether disciplinary action would be a proportionate response to the

nature and seriousness of the misconduct by the individual.

2.22.
DEPP 6.4.1G provides that the Authority will consider all the relevant

circumstances when deciding whether to impose a penalty or issue a public

censure.

2.23. DEPP 6.4.2G notes that the criteria for determining whether it is appropriate to

issue a public censure rather than impose a financial penalty include those

factors that the Authority will consider in determining the amount of penalty set

out in DEPP 6.5A to DEPP 6.5D.

2.24.
DEPP 6.4.2G sets out a non-exhaustive list of factors that may be of particular

relevance when the Authority determines whether it is appropriate to issue a

public censure rather than impose a financial penalty. These factors include:

(1) whether or not deterrence may be effectively achieved by issuing a public

censure (DEPP 6.4.2G(1));

(2) if the person has made a profit or avoided a loss as a result of the breach,

this may be a factor in favour of a financial penalty, on the basis that a

person should not be permitted to benefit from its breach (DEPP 6.4.2G(2));

(3) if the breach is more serious in nature or degree, this may be a factor in

favour of a financial penalty, on the basis that the sanction should reflect the

seriousness of the breach; other things being equal, the more serious the

breach, the more likely the Authority is to impose a financial penalty (DEPP

6.4.2G(3));

(4)
if the person has a poor disciplinary record or compliance history (for

example, where the Authority has previously brought disciplinary action

resulting in adverse findings in relation to the same or similar behaviour),

this may be a factor in favour of a financial penalty, on the basis that it may

be particularly important to deter future cases (DEPP 6.4.2G(6)).


© regulatorwarnings.com

Regulator Warnings Logo