Whether you are a claimant seeking to recover damages or a regulator seeking to exact punishment, your legal advisers are likely to tell you fairly early on in the recovery process that, unless you can demonstrate, as a minimum, “failures to exercise due skill, care and diligence” on the part of members of senior management at the relevant time, your case is unlikely to succeed.
Regulators and claimants in the UK have learnt the bitter truth of this, often to their considerable cost and embarrassment. They have also had to take on board the associated but equally inconvenient truth that a large and spectacular business provides no greater assurance of success.
When Proceedings Against Senior Management Fail
There have been plenty of examples of high-profile business failures followed either by unsuccessful proceedings against senior management or no proceedings at all. Equitable Life and Northern Rock spring to mind.
On the regulatory and enforcement front, the recent failure by the Financial Conduct Authority (as it now is) to dissuade the Upper Tribunal from exonerating the former chief executive of UBS UK Wealth Management from allegations that he had failed to improve compliance is another example of the same rule in operation. In that case, the Upper Tribunal found that the former CEO had taken all reasonable steps to oversee systems and controls in the short period he had been in his role.
Another example of the same phenomenon about which I blogged recently was a decision of the English Commercial Court in favour of the directors of Madoff Securities International Limited in a claim brought against them by its liquidators for breach of duty. In that case the judge made some pointed criticisms about the way in which the claim had been brought and steadfastly refused to apply hindsight. The fact that Bernie Madoff turned out to be the largest fraudster in corporate history did not in and of itself raise a presumption as to the culpability of those who were associated with him.
(For yet another example of the same thing see my earlier blog about the criticism earned by the Department of Trade and Industry from the trial judge after its failed attempt to disqualify the former directors of Farepak the failed Christmas hamper company.)
All of these defeats in the struggle to visit damages or other punishments on senior management have not gone unnoticed. The political climate created here in the UK and elsewhere by a succession of high-profile business failures is such that regulators and legislators have been looking for some time at ways in which to tilt the playing field in this blame game decisively in their favour.
The Financial Conduct Authority is now requiring senior executives within the regulated sector to make quite sweeping statements or “attestations” on a variety of subjects including as to the regulatory compliance of their firm’s systems and controls. The director of supervision at the FCA has been quite clear as to the purpose behind this new approach. He said:
If we find a particular problem has not been addressed, the attestation would make it easier to take enforcement action. That is part of the point.
To similar effect, in June 2013 the FCA’s director of enforcement said:
You will probably already have seen an increasing emphasis from our supervisors on getting senior management to attest… this is all part of focussing our attention – and yours – on the responsibility and accountability of senior management.
The real prize here for the FCA is, however, that it potentially enables them to bridge the evidential gap on the “due skill, care and diligence” test.
Let’s assume that a CEO signs an attestation in year 1 to the effect that the firm’s systems and controls are appropriate. In year 4 the business fails and in year 5 the FCA starts proceedings against the CEO in which it relies on the attestation as evidence of failure by the CEO to exercise due skill, care and diligence in year 1. Their case will, in effect, be that the business failed due to systems and controls failings and that the CEO’s liability for these failings must therefore stem from his or her negligent attestation of their worth in year 1.
So what can be done about this? The problem for companies in the regulated sector is that whilst the legal basis for this type of request may seem unclear, a refusal to provide any form of attestation may attract the unwelcome and intrusive application by the FCA of its investigative powers.
One can well imagine the FCA saying that if a CEO is not in a position to attest as to the worth of the firm’s systems and controls, that must mean he or she believes they may in some way be defective. In practice, what seems to happen is that the terms of the attestations are negotiated prior to signature and (one hopes) a reasonable compromise is reached.
Some Potential Coverage Traps
Interesting questions surround this new requirement including some potential coverage implications in a D&O insurance context. For example some policies contain a provision to the effect that the insured must do nothing to prejudice the position of insurers. Might insurers contend that by signing a sweeping attestation, the director has prejudiced his defence and therefore insurers’ position? Might insurers argue that in signing an attestation, knowing it to be untrue, a director should be deprived of cover at least from the point at which there is a finding or admission to that effect? Alternatively, could they say that signing an attestation amounted to deliberate conduct, the consequences of which were therefore uninsurable?
Although some of these arguments may sound far-fetched, when the stakes are high enough you often find a significant number of matters thrown into in a reservation of rights letter.