A case study for the digital transformation of a financial institution and why compliance culture plays a big role, too.
This week, the German financial watchdog, the Federal Financial Supervisory Authority or short BaFin, announced that it had imposed an administrative fine against Barclays PLC, the British multinational investment bank and financial services company with headquarters in London.
The fine was actually imposed a week earlier, on 8 June 2020, and was for 700,000 euros. That’s hardly in the same league to the same fines the British banking behemoth has amassed following the Global Financial Crisis of 2007/2008 and over the last decade.
A History of Compliance Fines
Just to recap:
- The financial group was one of five major banks (the others were Citicorp, JPMorgan Chase & Co., The Royal Bank of Scotland plc and UBS AG for sake of completeness) that agreed to plead guilty to felony charges as part of the LIBOR scandal. As a result, the banks agreed to pay criminal fines totaling more than $2.5 billion.
- Related to the same story was the statement by the NYDFS in 2015 that Barclays was to pay $2.4 billion (plus terminate eight additional Bank employees who engaged in misconduct for New York Banking Law violations) in connection with its scheme to manipulate spot trading in the FX market.
- On 18 August 2010, Barclays was ordered to forfeit $298million for sanctions violations.
- And in March 2018, Barclays agreed to pay the United States $2 billion in civil penalties in exchange for dismissal of the Amended Complaint, which was related to Barclays’ underwriting and issuance of residential mortgage-backed securities (RMBS) between 2005 and 2007.
And that is only a small selection of enforcement action against Barclays in the last decade.
Why the fuss?
Considering such numbers, why should you bother then about such a comparatively small fine (it’s still more than most of us make a year, but bearing in mind the average salaries of c-level executives or people responsible on the trading floor as well as Barclays sanction history – well, you get the point)?
It is mainly for two reasons:
- many of the big fines were for massive shortcomings
- there is something to learn here
What’s it about?
The BaFin statement said that on 8 June 2020, the German regulator had imposed an administrative fine amounting to 700,000 euros against Barclays PLC and that the “sanction related of section 130 (1) of the German Act of Breaches of Administrative Regulations (Ordnungswidrigkeitengesetz – OWiG) in conjunction with section 33 (1), section 38 (1) and section 39 (1) of the German Securities Trading Act (Wertpapierhandelsgesetz – WpHG). Barclays PLC had failed to submit notifications regarding voting rights within the prescribed period.”
It’s particular the latter reference that sets out the requirements the bank didn’t comply with. Section 6 of the Securities Trading Act deals with the notification, publication and submission of changes in the proportion of voting rights to the Company Register. The named sections 33, 38, and 39 concern the notification requirements applicable to the party subject to the notification requirement, notification requirements relating to holdings of instruments, and notification requirements applicable to aggregation respectively.
The first paragraph of section 33 the other two sections refer to says that
„Any party (the party subject to the notification requirement) whose shareholding in an issuer whose home country is the Federal Republic of Germany reaches, exceeds or falls below 3 per cent, 5 per cent, 10 per cent, 15 per cent, 20 per cent, 25 per cent, 30 per cent, 50 per cent or 75 per cent of the voting rights attaching to shares belonging to that party by purchase, sale or other means must notify this to the issuer and simultaneously to BaFin without undue delay, and at the latest within four trading days, in compliance with section 34 (1) and (2). 2In the case of depositary receipts in respect of shares, the notification requirement applies only to the holder of the certificates. 3The notification period under sentence 1 begins when the party subject to the notification requirement learns or, in consideration of the circumstances, must have learned, that its percentage of voting rights has reached, exceeded or fallen below the specified thresholds. 4With regard to the beginning of the period, there is an irrefutable presumption that the party subject to the notification requirement learns of this no later than two trading days after reaching, exceeding or falling below the specified thresholds. 5By way of derogation from sentence 3, if a threshold is triggered as a result of events that change the total number voting rights, the period begins as soon as the party subject to the notification requirement has knowledge that the threshold has been triggered, but at the latest when the issuer publishes the disclosure in accordance with section 41 (1).“
The notice does provide more details nor does it specify how exactly Barclays missed the deadline, but it is none the less interesting that it had not managed to comply with a common obligation that has similar equivalents in other jurisdictions. Barclays itself has not published any reference on the story, so we do not know the specifics.
Still, you wouldn’t assume a financial institution like Barclays would get an essential element of corporate communications and regulatory compliance wrong that it would result even in a moderate fine. That relates to the first point we mentioned above: the enforcements actions we mentioned above are based on a massive deficiency in terms of governance and oversight. This seems to be a rather simple and minor aspect and yet it all went wrong, so that the German regulator did not see any other way than to fine the British bank.
Secondly, it gives evidence to the importance to the automation of such processes and the diligence that is necessary in order to adhere to all the regulatory requirements an international banking group needs to adhere to.
What can be done about it?
So, what should have been done to avoid it or rather what can be done from the perspective of any financial institution?
Two aspects spring to mind even without knowing the specifics of the case:
The first is automation of an element like notification of voting rights. The digitalization of compliance and corporate processes has produced many solutions that cover the features required in this case as well as other factors these functions need to address from a purely administrative perspective.
The other is the importance of culture. In most cases, GRC shortcomings stem from a lack of leadership in terms of applying the right processes and expectations from the top down. Culture impacts reputation, which impacts performance, which impacts profit – or in other words: Culture eats Strategy for Breakfast.