What should businesses do if a regulator comes knocking? What are the best practices when it comes to how to act during an investigation? And how can organisations maximise their chances of getting the best outcome with as little disruption as possible?
Traditional banks have long understood that the stringent nature of FS regulation means strong relationships with regulators are a huge asset. Newer entrants into the industry can learn from this approach – whether they are fintechs; businesses from retailers to dentists that now fall under the FCA’s control because they process payments; or challenger banks that are now under the control of both the PRA and FCA.
These relationships, and the knowledge needed to build them, are especially important if or when the worst comes to the worst and the business is investigated by the regulator. The wrong action, or reaction, can have a huge impact on the result of any investigation. If regulators sense they are being given the bare minimum or the organisation involved is being overly defensive, the result can be costly in-depth investigations that take years to resolve and end in large fines.
So what should businesses do if a regulator comes knocking? What are the best practices when it comes to how to act during an investigation? And how can organisations maximise their chances of getting the best outcome with as little disruption as possible?
No quick fixes in FS regulation
If a firm finds it has attracted the interest of a regulator such as the FCA – for instance, if it is investigated by the enforcement team or receives a request for information from the supervisory arm – the first step is to assess the problem. This involves reviewing the request or notice of investigation and connecting it with related ongoing projects or actions. Does the investigation or request relate to issues that have already been identified within the company? Are there whistle-blowers involved? Has it already been brought to the attention, or will it need to be, of other regulatory or law enforcement agencies – both here or in other jurisdictions?
There could be a temptation to see if there is a quick fix that could solve the issue there and then. Yet it’s unlikely that any such silver bullet exists – and given that the regulators are already interested, taking quick action might look too much like trying to paper over any problems. Worse still, a knee-jerk reaction might lead to mistakes that put the organisation in more jeopardy. Instead, taking the time to digest the situation will pay dividends later and allow the business to ensure it ceases any activity that might have been seen as contrary to FS regulation.
Creating the right team to deal with investigations
Once the problem has been assessed, organisations must put together an internal team to lead and manage the investigation. This should include a senior executive with regulatory responsibilities for the relevant areas, to ensure responsibility and visibility at the top of the business. It should also include representatives from Compliance; Legal; Finance; IT; Human Resources, to ensure that best practice is followed at all times; the appropriate Risk Teams, to advise on the business’s exposure; and finance. The precise members will depend on the nature of the issue – businesses should take legal advice to clarify exactly who is needed at the outset to ensure the right people are engaged.
Regardless of the team’s members, consistency throughout the investigation is essential. This will ensure the business is communicating seamlessly with the regulator and reduce the chances for any confusion or inaccurate information to leak out. This won’t always be possible, especially given that investigations can be measured in years – meaning some employees may move on. To minimise disruption during any team changes, important information and minutes of meetings should be documented so that replacement members have all the information they need. The business should exercise caution when recording this information and seek legal advice as to the appropriateness of creating documentary records – as any premature, inaccurate conclusions that are recorded and later shared can create huge problems for the investigation. At the same time, such documents may end up being disclosable in civil proceedings that may be commenced against the organisation by third parties – which again could result in embarrassing and confusing information leaking out.
One of the first tasks for this team should be securing important evidence so that it can be used as appropriate, and there cannot be any suggestion of improper behaviour. The relevant data has to be stored correctly – so that it cannot be altered or lost – and backed up in case the worst does happen. At the same time, anyone who is a subject of investigation should have their IT access locked down so that they cannot be accused of acting to influence the investigation itself. Failing to do this, and leaving data vulnerable to deletion or modification, won’t improve the relationship with regulators.
How to maintain a good relationship with investigators
Whilst assessing the problem, organisations should closely review the requests they receive from the regulator. At this stage it’s important to be as helpful as possible whilst still negotiating on key issues. The attitude to this “negotiation” is crucial. While in some situations business may reward a hostile approach, with regulators not only does it pay to be as open and cooperative as possible, it is a regulatory obligation to do so. At the same time, this obligation should be balanced with pushing back when necessary, such as where the regulator is factually mistaken, as long as the business remembers the overall aim of cooperation.
As such, organisations should make sure that when a regulator asks for information, they are given what they need to answer their questions – which may be much more than what they have asked for. Indeed, providing a fuller picture at the outset may result in the regulator determining at an early stage to drop its investigation. Showing openness and cooperation at this stage, and having the understanding of FS regulation necessary to share the right information, can go a long way to building a positive relationship.
Conversely, choosing to withhold information or being overly defensive can cause problems that vastly outweigh any initial benefit. For instance, regulators can force organisations to share the information they need as part of any investigation – meaning there is no value in holding back. Similarly, a lack of cooperation may directly lead to the regulator commencing or continuing an investigation by raising suspicions. The regulator might even commence a lengthy and costly “skilled person review”, which would result in external investigators spending months or even years inside the organisation at the business’s cost.
With this in mind, open cooperation is by far the smart business move. Not least because it will stand the company in good stead later on in the investigation process, when it comes to settlement discussions.
How to communicate about the investigation
A good relationship with regulators is important, but businesses should also be thinking about the impact any investigation will have on their brand. In all likelihood any investigation will end up as public knowledge, so it’s important to manage this from the outset. Businesses need to prevent leaks – particularly of sensitive information, or of inaccurate rumours that could harm the investigation. As a result, employees need to be kept informed not only of progress when appropriate, but also of their responsibilities.
Businesses must also be aware of their obligations to inform investors, customers, partners and other regulators of any investigation and ensure they do so as required. It is crucial that such communications are not made in the heat of the moment in order to avoid speculation or unintended admissions of guilt.
If approached carefully an effective communication strategy can be used to build trust with the wider business community and help avoid potential investors getting cold feet. Throughout this process, the business needs to remember that the information it shares, and the way it is presented, will not only affect its own reputation, it will also impact the regulator’s view. Framing updates in a certain way might make the business look better, but if the regulator sees them as inaccurate or harmful to its own reputation, they may do more harm than good. Ultimately, the aim should be to show that the business respects and abides by FS regulation.
Demonstrating FS regulation best practice
To recap, organisations should keep the following in mind as part of their initial response if a regulator comes calling:
- Assess the problem – does immediate action need to be taken? Knee-jerk reactions are rarely helpful.
- Create an internal team – who will work with the regulator and communicate with them, and how will you ensure continuity?
- Retain and ringfence documentation– and be mindful of creating new, and potentially inaccurate, documentation.
- Work with and not against the regulator – they are not the enemy so do not be defensive, instead focus on fulfilling your regulatory obligations.
- Remember the impact on the brand – be mindful of how you present the investigation internally and externally.
Any relationship with a regulator will be give and take. It’s unlikely that any investigation will be an easy process to manage, but adopting the right approach at the outset will help to smooth the process and will assist in achieving a sensible and effective result to any investigation. Often initial steps are taken with great urgency. However, there is real value in ensuring that these steps are taken in a considered way and are mindful of the circumstances of the individual case. Mistakes in the early stages can be difficult to rectify and may lead to greater costs at a later date. The fact is that taking a measured and proactive approach to any investigation is the key to minimising long-term disruption and costs, and maintaining your brand’s reputation.