The Financial Conduct Authority (FCA) has fined Charles Schwab UK Ltd (CSUK) £8.96 million for failing adequately to protect client assets, carrying out a regulated activity without permission and making a false statement to the FCA. The penalty incorporates a 30% discount for early settlement.
CSUK is a UK subsidiary of the US headquartered Charles Schwab Corporation group. Prior to 2017, CSUK was in the practice of referring its UK and Swiss customers to another US based group company Charles Schwab & Co., Inc. (CS&C), who would arrange direct brokerage relationships with those customers. However, from August 2017, CSUK changed its business model to provide brokerage and custody services directly to its clients. This necessitated the receipt of client securities on behalf of those clients, and CSUK made arrangements with CS&C for these securities to be held in a segregated client securities account with third party custodians. CSUK also received client monies which were swept from CSUK to CS&C on a daily basis.
The arrangements between CSUK and CS&C amounted to an outsourcing arrangement whereby client monies and securities were managed by CS&C on behalf of CSUK and should have been subject to UK FCA client asset rules. Although CS&C operated in accordance with US client assets rules, UK rules differ and the arrangements did not fully comply. Examples of non-compliance included failure to maintain the right records and accounts, not undertaking appropriate reconciliations and the lack of a resolution pack. In not complying with its detailed rules, the FCA found that CSUK breached Principle 10 which requires that "a firm must arrange adequate protection for clients' assets when it is responsible for them".
The failures were compounded by prior events in August 2016, when in anticipation of the change to its business model, CSUK applied to the FCA for a change of permission to enable it to manage client assets. In making the online application, CSUK ticked the box for "arranging the safeguarding and administration of assets" but failed to also select the permission to "safeguard and administer" assets. This was notwithstanding that CSUK's business plan did identify that it would be carrying out the additional regulated activity of "safeguarding and custody" and that CSUK would retain responsibility under the outsourced arrangement with CS&C. CSUK's mistake meant that it breached section 20 of the Financial Services and Markets Act 2000 (FSMA) which requires firms to carry on regulated activities only in accordance with its permissions.
CSUK did identify the mistake in July/August 2017 and sought to rectify it by applying to vary its permission to include the missing permission to "safeguard and administer". However, in making the application, CSUK did not make clear to the FCA that it was already undertaking the activity, nor address any risks which had arisen from its failure.
The mistake was further compounded during the application process, when in response to a direct question from the FCA, the firm represented that its auditors had confirmed that it had adequate systems and controls in place to manage client money and client asset transactions. In fact, no such confirmation had been provided by the auditors and the FCA found that CSUK had been reckless to make that assertion. In doing so, CSUK breached Principle 11 (the duty to deal with regulators in an open and cooperative way).
The FCA decided that in the circumstances it was appropriate to impose three separate fines on CSUK for what it considered were three distinct failures (£7,138,000 for client asset failings, £709,800 for undertaking activities for which it did not have permission and £1,115,400 for the Principle 11 breach).
Comment
Like many similar cases before it, this is a further example of a multinational falling foul of client asset rules because of failures in the way that different companies in the group interacted with each other to protect client assets. Client asset rules are highly technical in nature and complex arrangements can give rise to complex failures.
The case demonstrates the seriousness with which the FCA treats client asset breaches. Despite CSUK complying with US client asset rules throughout, and the FCA determining that the risk to clients amounted at most to delay and expense in returning client assets rather than the loss of assets, the FCA determined that the seriousness of the case was "level 4" on its 1 to 5 scale of seriousness. The FCA also applied a 10% aggravating factor uplift simply on the basis that this is yet another client assets case and: "The Authority has frequently publicised the importance of arranging adequate protection for clients' custody assets, including through previous enforcement action."
In commenting upon the case, Mark Steward, the FCA's Director of Enforcement made reference to Lehman Brothers and explained that "a lack of client asset protections can easily lead to increased costs to consumers and funds being trapped for long periods of time".
This case is unusual in a different respect because it involves a rare case of the FCA taking action against a firm for breach of s20 FSMA. Whilst it might be argued that CSUK's failure to tick the right box was a technical breach which caused no real detriment to customers, in fact, the FCA considers that operating with the correct permissions is "fundamental to consumer protection and the integrity of the UK financial system" and also merited a level 4 seriousness determination. Having applied its usual formula for level 4 breaches (15% of relevant income), the FCA determined that this did not provide sufficient deterrence and multiplied the penalty by a factor of 3.
The FCA considers that the Principle 11 breach was also level 4 serious – taking particular account of the fact that in its view the breach was reckless. Again the penalty was multiplied by a factor of 3 for deterrence.