MiFID Review - Liabilities and Sanctions
28 January 2011
The review is intended to address market developments since MiFID's implementation in November 2007 and also responds to concerns arising out of the financial crisis in relation to investor protection, the regulation of OTC trading and the oversight and transparency of commodity derivatives markets.
The deadline for comments on the consultation is 2 February 2011 with a view to the Commission bringing forward a formal proposal in Spring 2011.
For an overview of the MiFID review see MiFID review. This article considers the proposal to introduce liability for breaches of MiFID, and to enhance supervisory sanctions such as administrative and criminal fines.
Civil liability of investment firms
The Commission seeks views on whether MiFID should be reformed to require Member States to introduce a principle of civil liability for firms that infringe MiFID rules. Civil liability would complement the administrative sanctions which Member States are already required by MiFID Article 51(1) to implement. The Commission suggests that civil liability should follow breaches of MiFID infringements generally, but would be particularly relevant "in areas concerning the relationship between firms and clients and where specific obligations towards the client are foreseen" such as information requirements, the suitability and appropriateness tests, reporting requirements, best execution and client order handling.
Under English law, investment firms are already potentially directly liable to "private persons" (effectively retail investors) for breach of statutory duty under FSMA s150. A s150 claim is typically available to a "private person" in respect of a breach of the FSA's Conduct of Business Rules (including the rules that implement MiFID in the areas mentioned by the Commission). The claimant must show that the relevant rule breach caused him or her loss.
Scope of civil liability - retail clients only?
It is not clear from the consultation paper, however, whether the Commission currently intends that a principle of civil liability should be restricted to retail clients, or whether a civil claim should be available to investors more generally. On the one hand, the Commission refers to allegations by retail clients about firms' breaches of conduct of business rules as a justification for taking legislative action. On the other hand, it indicates elsewhere in the consultation paper that it considers revisions to the MiFID client classification framework may be justified to extend some of the existing MiFID investor protections to types of client who currently do not receive them. In particular, the Commission is seeking views on whether municipalities should be excluded from being classified as 'eligible counterparties', and whether the presumption that professional clients have necessary levels of experience and knowledge to understand the risks of transactions should be abolished (or limited to "less complex financial instruments"). "Alleged mis-selling practices" involving professional clients are referred to specifically as a potential justification for revising the client classification regime (apparently a reference to a number of high profile mis-selling cases involving financial institutions and EU public bodies which have emerged from the financial crisis). If civil liability is to follow breaches of redrawn and extended investor protection provisions, the effect in England could be to extend a cause of action to professional clients who would not currently be able to found a claim on FSMA s150.
It is hoped that any revision to MiFID to introduce a principle of civil liability will not require Member States to create civil causes of action for investors other than retail clients. In particular, professional clients are in a qualitatively different position from retail clients with respect to their capacity to analyse the risks they are assuming, to negotiate rights and obligations at arm's length, and to obtain redress in the event they suffer loss. Professional clients acting on an equal footing should retain the right to contract freely and decide how to allocate risks between themselves, a point which has been emphasised by the English courts in a number of recent high profile cases.
There would also appear to be little justification for extending a cause of action to professional clients when many Member States already have existing well developed laws of civil responsibility (eg contract and tort in England) which make firms liable to their clients for behaviour which would also constitute a breach of MiFID rules. National courts may also already take into account regulatory requirements (including MiFID requirements) when considering the standard of care required of investment firms under existing causes of action.
Moreover, in the event that a proposed new high level principle is introduced requiring eligible counterparties to act 'honestly, fairly and professionally', we suggest that civil liability should not follow for breach of that principle. The concepts of 'fairness' and 'professionalism' in particular are not meaningful boundaries for liability in the context of transactions executed by eligible counterparties.
We would also suggest that the Commission restricts any requirement to implement civil liability to core areas of MiFID relating to investor protection. In other areas of MiFID, particularly where Member States are not required to impose obligations specifically on firms, there would seem to be less justification for a principle of civil liability. In these areas, competent authorities are typically better placed to act. Civil liability should not replace administrative sanctions in these areas, and Member States should not be required to implement multiple remedies (civil and administrative). These are areas where Member States may legitimately decide that only their competent authorities should have the right to take action against firms, to avoid large numbers of unnecessary legal claims.
In summary, a widely drawn principle of civil liability could produce serious adverse consequences for investment firms. At worst, requiring Member States to make civil causes of action available to professional clients as well as to retail clients, could promote significant uncertainty about the extent of counterparties' rights under existing deals negotiated at arm's length. It could give rise to moral hazard, and destabilise EU markets by encouraging vexatious claims where the market moves against a professional client’s position. It will therefore be important to consider the Commission's detailed proposals when these are published later in the year.
Supervisory powers and sanctions
The Commission's objective is to increase the effectiveness of regulatory enforcement and supervision across the EU. It proposes a series of revisions to MiFID designed to enhance the availability and effectiveness of administrative sanctions. It also seeks views on whether Member States should be required to implement criminal offences and sanctions for the most serious infringements of MiFID, and whether regulators should be required to publish sanctions for infringements. We look at each of these in turn below, but begin with two general observations.
First, whilst the Commission seeks views on the key areas in which it considers revisions to MiFID are required, it also gives relatively little detail in the consultation paper about the actual measures contemplated, even in areas which are likely to be of significant interest to firms (such as minimum amounts for administrative fines). In many areas, the Commission clearly expects to carry out further work before developing detailed legislative proposals. It is therefore difficult to assess the impact in England of some of the measures proposed at this stage.
Secondly, there is clearly an overlap in this area between proposed reforms to MiFID and proposed reforms to other EU financial services legislation. In particular, the Commission's separate communication 'Reinforcing Sanctioning Regimes in the Financial Services Sector' (the Sanctions Communication), published on the same date as the MiFID consultation paper, proposes amongst other matters that sanctioning provisions be implemented in each EU financial services legislative act. Although they are separate documents aimed at different issues, the MiFID consultation and the Sanctions Communication are part of the same legislative programme and there is a substantial level of commonality between the two. On 21 January 2011, the Commission also published a 'roadmap' relating to its sanctions initiative, indicating that it intends to carry out further impact assessment work in March 2011.
Entry into private premises to seize documents
The Commission proposes that regulators in each Member State should have the power to seek judicial authorisation to enter private premises and to seize documents relevant for enforcement action. As the Commission points out, this would in effect involve strengthening the existing powers in Article 50 of MiFID that Member States are required to make available to regulators.
Under English law, the FSA may apply to court for warrants to enter premises and remove documents. The basic scheme in the UK is that a warrant may be issued where a person has failed to comply with a prior information request made under relevant legislation or where requesting information by those means is impractical or risks the evidence being destroyed, hidden or changed. It is usually executed by a police officer acting alongside officials from the regulator. From an English law perspective, the addition to Article 50 of MiFID of a search and seizure power exercisable under similar conditions would seem reasonably uncontroversial.
In a sensitive area such as this, which may see individuals or companies forcibly deprived of their property, the amendments to Article 50 will need to be carefully drawn. Warrants are a valuable tool for regulators but, given their intrusive nature, it is arguable that they should only be obtainable:
- under the supervision of a judge located in the Member State in which it is proposed that the warrant will be executed; and
- provided that strict conditions clearly laid out in relevant legislation are met.
Administrative measures and sanctions
The existing Article 51 of MiFID requires Member States to ensure that appropriate administrative measures can be taken, or administrative sanctions can be imposed on firms, for failure to comply with the provisions of MiFID. It requires that these measures be 'effective, proportionate and dissuasive'. Beyond this, however, under the current regime Member States have considerable discretion about the sanctions applicable.
Pointing to the fact that sanctions vary widely across Member States, and are considered weak in some, the Commission considers that "the MiFID regulatory framework could possibly specify the existing provisions [sic] on administrative sanctions". In effect, the Commission's proposal is to reform MiFID to define the minimum set of measures that meet the 'effective, proportionate and dissuasive' test, and in the process create a minimum regulatory 'toolkit' available to regulators across the EU.
The Commission proposes that at least the following administrative measures should be available to national regulators:
- injunctions to put an end to an infringement;
- temporary prohibition of an activity;
- suspension or replacement of members of the management or supervisory bodies or of the bodies; and
- the possibility of issuing public notices on the websites of national regulators.
From an English law perspective, the powers listed by the Commission are already available to the FSA, with the exception of the power to 'replace' members of the management or supervisory bodies. In effect, the FSA currently has a right of dismissal and a right of veto over the management of regulated firms, but not a right of appointment. It may be regarded as a good balance. The Commission's proposal would otherwise seem unlikely to result in radical changes to the regime in English law.
A potential benefit of a minimum 'toolkit' of this kind is that it could increase the scope for a cross-border firm facing enforcement action in more than one Member State to negotiate with more than one regulator at the same time. Much depends, however, on whether regulators who gain new powers are prepared to use them, or whether they will prefer to follow more familiar avenues of enforcement.
It would be unfortunate if MiFID were to be reformed in such a way that national regulators who already have all or most of these powers lose discretion over the remedies to be applied for particular breaches of MiFID. National regulators who are responsible for enforcement action should decide which sanctions are appropriate for any given breach.
Minimum amounts for administrative fines
This is of key importance to determining the impact of this proposal. Both the MiFID consultation paper and the Sanctions Communication strongly suggest, however, that the Commission considers the deterrent effect of fines to be a significant consideration.
The Commission's approach in both the MiFID consultation paper and the Sanctions Communication appears to have been influenced by work carried out in February 2009 by CESR, which surveyed criminal and administrative sanctions available in different Member States for breaches of MiFID. CESR's paper highlighted very considerable differences across the Member States in this area. A measure of harmonisation could promote certainty for firms. It is important, however, that national regulators retain discretion over:
- which sanction to impose (and in particular, discretion over whether to impose a fine or not); and
- the level of any fine above the minimum.
It may not always be appropriate for a fine to be imposed in the case of every breach of a MiFID rule. Examples include:
- minor, technical or inadvertent rule breaches;
- where the effect of a fine might be to make a firm insolvent; or
- where the cost to a firm of compensating affected investors is already very substantial and an effective deterrent in itself.
There are also potential risks for firms associated with a regime of minimum fines, apart from the obvious issue of the levels at which such fines would be set. Risks include:
- the risk that regulators would lose discretion in the area, reducing the scope for firms to negotiate a fine with the regulator based on the specific circumstances of the case;
- the risk of distorting the way in which national regulators take enforcement action because larger fines are available for some types of breach than others; and
- the introduction of complexity into the enforcement process (particularly if there are to be separate minima for different categories of breach).
In light of these considerations, we suggest that the Commission should consider whether as an alternative to a regime of minimum fines it should issue non-binding guidance illustrating the levels of fine that the Commission considers would give effect to EU policy in the event of different types of MiFID breach. The aim of such guidance would be to assist national regulators in their work. This may nevertheless allow national regulators to retain discretion to tailor a fine to a particular case.
It would seem that the Commission is contemplating further work in this area (both in relation to MiFID and other EU financial services legislation). The detail of the Commission's legislative proposals will be important to assessing the potential impact of this proposal in England.
The consultation paper records that the Commission is currently considering whether Member States should make criminal sanctions available for the most serious infringements of MiFID. This is a further area in which there is some commonality between the MiFID consultation paper and the Sanctions Communication.
The MiFID consultation paper gives little detail about which new offences are contemplated although an example given by the Commission is the provision of investment services whilst unauthorised, which is already a criminal offence in England. It is not clear, however, whether the Commission is contemplating creating criminal offences other than to police the regulatory perimeter.
The Commission recognises in the MiFID consultation paper that sanctions generally should be proportionate to the gravity of the infringement. The Sanctions Communication also indicates that the Commission accepts that not all types of violations in the financial services area may be considered sufficiently serious to warrant criminal sanctions.
The ability of the EU institutions to create criminal offences is also limited by the Treaty on the Functioning of the European Union. In this context, the European institutions are entitled to establish minimum rules with regard to the definition of criminal offences and sanctions only where it is essential to ensure the effective implementation of EU policy. The justification for any new offences would need to be considered case by case. The creation of any new offences may not be 'essential', particularly where there are other effective non-criminal sanctions available.
Again, it is expected that the Commission will do further work in this area, and the detail of the Commission's proposals will be important to assessing their impact in England. There are already a number criminal offences in English law which a person may commit by behaving in a way that would also breach MiFID. For example, there are a number of specific criminal offences in FSMA relating to non-compliance with authorisation requirements (eg carrying on or purporting to carry on a regulated activity without authorisation or exemption, or making false claims to be authorised or exempt). In addition there are more general offences such as making misleading statements contrary to FSMA s397 and widely drawn fraud offences under the Fraud Act 2006. Money laundering offences under Proceeds of Crime Act 2002 may also be relevant. There are also other important offences in the financial services field, such as the insider dealing offences under Criminal Justice Act 1993, which are not specifically related to MiFID but which are of importance to the question of what constitutes an effective and proportionate sanctions regime for breach of financial services legislation.
As the Commission points out, criminal offences may have a powerful deterrent effect. However, there are significant differences in the traditions of different Member States with regard to the criminal law. Notwithstanding the European institutions' powers to specify minimum rules with regard to criminal sanctions, in practice requiring Member States to implement a suite of new criminal offences for breaches of MiFID potentially risks promoting divergence not harmonisation. In particular, the evidential burden and approach of criminal courts to sentencing differs across the EU. Moreover, civil liability may follow criminal sanctions as part of the same proceedings in some Member States but not in others. Consideration should be given to how civil liability arising from criminal sanctions will interact with the separate principle of civil liability which the Commission proposes for MiFID. The creation of new criminal offences may give rise to greater civil liability for firms in some Member States than others. Finally, the use of the criminal law and criminal sanctions requires to be justified, and the creation of a suite of new criminal offences (beyond policing the regulatory perimeter) may not be justified where there are already effective administrative or other non-criminal sanctions in place.
Disclosure of sanctions by regulatory authorities
The Commission proposes to reform MiFID so that national regulators will be required to disclose to the public on their websites "every measure or sanction that would be imposed" for infringements of MiFID, except in certain narrowly defined cases. The Commission's proposal appears to be that the current Article 51(3) of MiFID should be reformed to remove the discretion that regulators currently enjoy about whether to publish sanctions that have been imposed on firms, and, subject to a "narrowly defined cases" exception, make publication mandatory.
Clearly, from the perspective of an investment firm, publicity about a breach may be a sanction in itself. We suggest it is right that such a sanction should be available to national regulators, but the better view is that like all remedies, it should be a discretionary one, to be used by a national regulator as appropriate.
If publication of sanctions and measures is to become mandatory, however, we suggest that there would be sound reasons for not drawing the proposed exception too narrowly. The concept of "narrowly defined cases" may simply be aimed at preserving the existing carve out from Article 51(3) of MiFID, which allows national regulators not to publish measures or sanctions taken against firms where to do so "would seriously jeopardise the financial markets or cause disproportionate damage to the parties involved". If so, it may be too narrow to accommodate existing practice in Member States, such as the current exemption in England which allows the FSA not to publicise enforcement action where in its opinion to do so would be "prejudicial to the interests of consumers". Moreover, it may be appropriate to introduce some form of de minimis exception, as national regulators may have sound reasons for not publishing every routine or minor sanction or measure. In particular, private warnings can be a very effective regulatory tool for the FSA in appropriate cases, saving both the firm and the FSA the time and expense of enforcement proceedings in minor or borderline cases.
Under English law, where the FSA has taken enforcement action against a firm and issued a final notice, it is already required by FSMA s391 to publish such information about the matter to which those notices relate as it considers appropriate. It may not publish information, however, if publication of it would, in the FSA's opinion, be "unfair to the person with respect to whom the action was taken or prejudicial to the interests of consumers". The FSA's stated position is that it will consider the circumstances of each case, but in practice it usually publishes final notices. A requirement to publish decision notices (which are issued at an earlier stage in the enforcement process) was implemented by the Financial Services Act 2010, and the FSA has recently consulted (Consultation Paper 10/23) on its approach to publication of such notices. A policy statement is expected from the FSA shortly.
The impact of the Commission's proposal in England is likely to depend on how widely the "narrowly defined cases" exception is drawn at EU level, and the extent to which the interests currently protected by FSMA s391(6) qualify as "narrowly defined cases".
The Commission is considering whether appropriate whistleblowing mechanisms should be established to incentivise individuals and firms to report infringements to regulators. Whistleblowing schemes can provide a valuable source of information for regulators and assistance for investment firms in assuring themselves about the proper operation of the business, and many large institutions do run such schemes.
From an English law perspective, Principle 11 of the FSA's Principles for Businesses, and Principle 4 of the Statements of Principle for Approved Persons, already provide an important incentive for firms and regulated individuals to provide information to the FSA. It is arguable that MiFID should not be reformed to make complex schemes mandatory where to do so would impose an unnecessary burden on, or disproportionate cost to, firms. Moreover, individual employees should not be discouraged from reporting infringements to a firm's internal Compliance or Legal functions before approaching an external regulator.
This bulletin is part of a series of updates and comment produced by Allen & Overy LLP on the review of MiFID. To see all of Allen & Overy's publications relating to the MIFID review, please visit www.allenovery.com/mifid.