The recent decision of the UK Financial Conduct Authority to fine Reckitt Benckiser over £500,000 for breaches of its Listing Rules and Disclosure and Transparency Rules provides further reasons for regulatory risk to remain high up on the list of current corporate concerns. Unsurprisingly, business leaders' heightened concerns about compliance arise in part because of the growing volume of new laws and regulations coming out of the financial crisis. But these concerns also exist because of the evolving emphasis among regulators on pursuing companies for procedural failings, as this case illustrates.
In the Reckitt Benckiser case, the FCA ruled that the company should be penalised for having inadequate systems and controls to monitor share dealings by its senior managers, and for failing to properly notify the market about these dealings. In one instance, the custodian of the senior manager's brokerage account had used shares in the account as security for a credit facility made available to the manager. Even though this had been done without the manager's knowledge, the grant of security amounted to a share dealing by the manager for which he needed clearance from the company under the model code on share dealings in the FCA's Listing Rules. The dealing also needed to be notified to the market under the FCA's Disclosure and Transparency Rules. In the second scenario, a manager had generally relied on the company's share plan administrator to notify the company and obtain clearance for share dealings, but certain deals had not been processed by the administrator and had not been notified as a result. When the company was eventually informed about the deals, it notified the market – however, the FCA ruled that the notice was late and did not contain some of the required information, including the exact dates, place and price of the share dealings.
The case is worth noting because the company had in fact provided training on share dealing to its senior managers (albeit not for some time), together with reminders of the periods when they could not deal, and an annual compliance self-certification process. Despite this, the FCA ruled that the company's processes were inadequate to enable it to identify or monitor trading by its senior managers, particularly when this was not done through the share plan administrator. Importantly, it also took the view that the company had not taken steps to reinforce regularly the importance of complying with the model code and the Disclosure and Transparency Rules.
Clearly, there are warnings here for listed companies to ensure that their share dealing clearance procedures are suitable and that training is given regularly, rather than on a one-off basis. But there are perhaps wider lessons too, about the growing willingness among regulators to focus their attentions on a business's systems and procedures.
In some areas, such as with the UK's listed company regime, this is manifesting itself in a new determination by the regulator to pursue companies rigorously for breaches of existing corporate compliance rules. But in others, regulators and legislators are creating new offences targeted specifically at corporate compliance, such as the offence in the UK Bribery Act 2010 that makes a company liable in bribery cases where adequate procedures have not been put in place by the board. More recent moves in this direction include the possible introduction of a new criminal offence of "corporate failure to prevent economic crime", modelled on the Bribery Act, but covering a broader range of activities, which the UK government is considering as part of its UK Anti-Corruption Plan.
It is not hard to see why this approach is popular with regulators. Bringing an action against a company for failing to have adequate procedures has a number of obvious advantages. Not least it can shift the burden away from the regulator having to establish that the failure of an individual, or group of individuals, should be attributed to the company itself. Instead the onus is on the company to show its systems and processes are adequate – a subjective test at the best of times, which it must now satisfy in circumstances where the tacit implication is that they are not.
The message, though, seems clear enough, if less straightforward to implement. The roll-out of compliance procedures, systems and training programmes in an enterprise needs to be an ongoing process, with regular reviews to ensure that they are followed in practice – and that, in the event of failures by individuals, they are robust enough to withstand external scrutiny.