Ashurst | Judith Seddo | Philip LintonDuncan LiddellTim WestLynn DunneRhiannon WebsterAdam Jamieson | Andris IvanovsTom Cummins | Anna VargaCrowley Woodford | Nathan Willmott

A new pragmatic approach from the Serious Fraud Office

As my partners predicted, the new provisions of the Economic Crime and Corporate Transparency Act 2023 concerning attribution of criminal liability to corporates and the failure to prevent fraud offence have been debated by our clients: how might these new tools be used; what greater exposure might they give rise to; and whether (and if so, how) firms’ financial crime programmes need uplifting. Prosecutors consider these powers game-changers; they feature in the SFO’s latest Strategy and recently Nick Ephgrave, SFO Director, said he wanted to be the first organisation to bring a prosecution for failure to prevent fraud. Before coming into force, guidance will need to be published (which has been delayed due to the recent General Election) and a period of time allowed for implementation, so these questions are likely to stay alive for the coming months.

Also on the SFO Director’s mind is the financial incentivisation of whistleblowers, particularly bearing in mind the large fines the US achieves as a result of whistleblows. The Director deplores the under-use of cooperating defendants in the UK (under existing powers) and, again, is looking to the US where the mindset is an expectation of an early guilty plea, which, if adopted here, would “allow us to get justice more quickly.” The new Secretary of State for Foreign, Commonwealth and Development Affairs, David Lammy, recently expressed his support for rewarding and incentivising whistleblowers. This may therefore form part of a criminal justice legislative change under the new Labour government.

Mr Ephgrave wants to adopt a more pragmatic, robust approach to investigation and case management, utilising new powers and tools (and continuing to call for more), to obtain evidence more swiftly and deploy resources on cases likely to go the distance. One key takeaway is that an effective whistleblowing system is increasingly important, key to what prosecutors expect, something that allows firms to deal with risks raised proactively, mitigating the risk that whistleblower reports will be raised externally.

APP fraud: a heightened focus on receiving banks and PSPs

In January, we predicted a heightened focus on the adequacy of the steps taken by banks and other Payment Service Providers (PSPs), following the discovery of fraudulent transfers from their clients’ accounts, to help retrieve the misappropriated funds. Since then, in March, we saw the CCP Graduate School claim come to judgment in which the so-called “retrieval duty” survived summary judgment for a second time (the first time being in the Philipp case at the Supreme Court). Conversely, in June, in the Larsson case, the High Court struck out tortious claims against a receiving PSP for an alleged failure to detect and prevent the fraudulent scheme – strictly not a retrieval duty decision – but illustrative of the Court’s reluctance to extend duties of care in cases of APP fraud. We still think that retrieval duty claims are difficult and particularly fact-dependant. But on any view, a heightened focus this year-to-date at least.

The UK Digital Markets, Competition and Consumers Act 2024: key points for financial services firms

The UK Digital Markets, Competition and Consumers Bill (DMCC) received Royal Assent on 24 May 2024. The DMCC introduces widespread changes to competition law and consumer law enforcement in the UK, as well as a new regime regulating designated Big Tech companies. While further rules and guidance are required, we expect the key reforms to enter into force later this year. Financial services firms fall within the scope of the DMCC Act, and it is worth firms being aware that:

  • The CMA will have the power to amend, supplement and revoke remedies imposed following a market investigation. It will also be able to impose financial penalties of up to 5% of a company’s global turnover for failing to comply with market investigation orders / undertakings.
  • The CMA will be able to directly enforce consumer law through administrative proceedings and will be able to impose fines of up to 10% of global turnover (and up to £300,000 on individuals).
  • New consumer law protections have also been introduced in relation to drip pricing and fake reviews, and the DMCC expands the characteristics to be taken into account in considering vulnerable persons when assessing the “average consumer” (e.g. recognising that vulnerability may be context dependent).

Whilst only the CMA will be able to directly enforce consumer law (and issue penalties), other consumer law regulators (such as Trading Standards and the FCA) will be able to seek to impose financial penalties by applying for court orders. In other words, as is currently the case, regulators will be able to apply for court orders to remedy breaches of consumer law, which, once the DMCC enters into force, may include a requirement to pay a fine (capped at 10% of worldwide turnover). It remains to be seen how the CMA and FCA will interact in relation to the enforcement of consumer law provisions once the CMA has its new powers.

New developments in consumer law and the likely impact on class action claims

At the time of our article in January, an amendment to the (then) DMCC Bill was being considered which proposed the introduction of an opt-out collective actions regime for breaches of consumer law. This amendment was ultimately not included in the DMCC. The status quo therefore remains of only infringements of competition law being able to be brought on an opt-out basis in the Competition Appeal Tribunal.

This means that we will continue to see the outer boundaries of competition law being explored by claimant law firms and funders, and a continuation of the trend of standalone consumer law claims being dressed up as competition law infringements.

In the long run, the DMCC may, however, also increase the risk profile of banks to class and group actions. As Duncan says, the DMCC enables the CMA to directly enforce consumer law through administrative proceedings – which brings the CMA’s consumer law powers in line with its existing competition law powers.

It also means that, once the CMA’s new enforcement powers come into effect, we will begin to see more regulatory findings for infringements of consumer law. Such regulatory findings have consistently proved fertile ground for group and class actions, providing inspiration for opt-out competition law claims (such as the class action against Apple for issues concerning iPhone batteries) as well as opt-in group claims in the High Court (e.g. the diesel emissions group litigation which has also involved providers of motor finance).

In-house counsel at financial institutions with consumer facing businesses will therefore need to ensure that compliance functions responsible for implementing the changes to consumer law brought about by the DMCC are also across the possible follow-on class and group action risks. Early intervention in issues as they arise (e.g. by voluntary customer remediation) has great potential in avoiding attracting the interest of claimant law firms and funders later down the line, and therefore mitigating class and group action risks.

Restructuring plans and directors’ liability for wrongful trading

Following on from our view that there would be more restructuring plans under Part 26A of the Companies Act 2006, that looks indeed to be the case with 13 plans last year and 10 already in 2024 and more in the offing. What is becoming increasingly clear, and which was not necessarily the intention when the legislation was implemented, is the ever more adversarial nature of the proceedings. Not only are we seeing lengthier and contested expert evidence under CPR Part 35, we have also seen the first successful security for costs application in a Part 26A (or Part 26) context. We anticipate, at least in the short term, that parties will be approaching their restructuring strategy with a firm eye on the litigation and positioning themselves to succeed on that using tools more commonly used in Part 7 litigation. Those in-house litigators who advise restructuring / distressed desks will therefore need to be familiar with what options may be available. In addition, we anticipate that we may see lobbying for the adoption of an absolute priority rule such that the court can force shareholders to give up their equity, although that would require proper consultation within the industry.

We have also recently seen a very rare case of directors being made liable for wrongful trading in the highest damages award since the legislation was introduced in 1986 – in a recent case arising out of the sale of BHS. What boards and their advisers should take notice of is that the directors were found liable for misfeasant trading (a breach of s.172 of the Companies Act 2006 to promote the interests of the company and consider the interests of their creditors), pursuant to which the judge decided that the directors should have put the company into insolvency much earlier than the wrongful trading duty arose.

In-house lawyers should be considering what this means for directors going forwards – in particular, whether they should expect to see directors being challenged more frequently for having failed to put a company into an insolvency process at an earlier stage. In reality, the true position may be that the BHS judgment is confined to its facts which, on any view, were extreme. Our current conversations are seeing people more reluctant to take on directorship roles in light of this judgment. This is certainly not the legislative intention so how this develops is of interest to all who take board appointments and advise boards.

It’s out with the DPDI Bill and Private Members’ Bill on AI, and in with the Digital Information and Smart Data Bill

As a result of the recent General Election on 4 July 2024, the Data Protection and Digital Information Bill (DPDI Bill) and Private Member’s Bill on AI did not make it to the ‘wash up’ period and were therefore both dropped.

In the recent King’s speech, the Digital Information and Smart Data Bill was announced, which promises to facilitate data sharing to enhance public services and this could bring real benefits to the economy and society as a whole – although the UK will have to strike the right balance here in protecting individuals’ rights, as well as remaining in step with Europe in data protection generally. Unlike the previous government’s agenda there is no reference to doing away with EU derived data protection legislation but instead this government proposes more targeted reforms concerning the powers of the ICO and removing restrictions making it easier for allowing data for research purposes.

The increasing frequency and severity of cyberattacks has clearly struck home with the new administration and measures to improve the UK’s ability to withstand and deal with this threat are being put on a statutory footing with the Cyber Security and Resilience Bill. Noteworthy from these proposals is the suggestion that there will be compulsory notification of ransomware demands. If the proposed legislation goes ahead as outlined, it will be striking to see how the statistics around ransomware attacks potentially jump in the face of mandatory reporting, given that the widely held view to date is that current statistics are not representative of the reality.

It’s noticeable that no specific legislation on AI is proposed as yet save a brief mention of the consumer protection angle in the Product Safety and Metrology Bill and a reference in relation to the Digital Information and Smart Data Bill of “targeted reforms to some data laws that will maintain high standards of protection where there is currently a lack of clarity impeding the safe development and deployment of some new technologies” In the future we are promised regulation for the “most powerful” models, although it’s not clear yet how this will be defined and whether it is likely to reflect risk, like the EU approach, or computing power, following the US lead.

FCA Enforcement’s new approach to investigation speed, case-cutting and the ‘naming and shaming’ debate

In January we predicted that the FCA’s Enforcement division would begin defining its new strategy, with a real focus on actively reducing their case portfolio in order that it could begin achieving faster enforcement outcomes. We have seen this playing out in practice, with the FCA opening far fewer investigations than in previous years, whilst they attempt to ‘clear the decks’ (the FCA reported opening just 11 enforcement cases into authorised firms in the financial year 2023/24). Whilst we anticipated there might be some changes around the publicity of FCA Enforcement’s investigations, the boldness of the FCA’s ‘naming and shaming’ proposals took us and many others by surprise. We are yet to see where the FCA will come out following its policy consultation, and whether there will be a u-turn, but the level of industry (and political) pushback was unprecedented.

We are also still awaiting the FCA’s new rules on non-financial misconduct and these are not expected until the Autumn. In the meantime, how firms are handling NFM continues to be a focus for FCA supervisors and firms need to be ready to evidence that their conduct framework is ready for navigating the new rules in practice, including ensuring that rigorous fit and proper assessments are conducted, conduct of staff is monitored carefully, staff grievances and whistleblows are investigated appropriately and that serious conduct matters are escalated (including to the FCA) where appropriate.

A focus on systems and controls enhancements and jurisdictional conflicts arising from parallel Russian proceedings

Sanctions continues to be an important focus for financial services firms and whilst this wasn’t a topic that my colleagues covered directly in January, it is one that will undoubtedly keep in-house teams in banks busy in the coming months. Financial institutions will increasingly turn their attention to testing and enhancing their sanctions related policies and procedures, as they look to address the lessons learnt from the FCA’s industry-wide assessment of firms’ systems and controls and mitigate the risk of coming into the crosshairs of U.S. sanctions by unwittingly supporting Russia’s military-industrial base. This will involve reviews of historical implementation of sanctions and re-assessments of sanctions risks posed by particular business relationships and may result in detection of inadvertent sanctions breaches. Financial institutions will want to promptly report such breaches to OFSI and other relevant authorities to demonstrate a robust commitment to compliance.

Moreover, financial institutions involved in potential or ongoing disputes with Russian parties will continue to face heightened risks from jurisdictional overreaches by Russian courts. The Russia sanctions and resulting unravelling of business relationships with Russian parties have spurred a flurry of disputes. As expected, Russian parties are increasingly resorting to Article 248 of the Russian Arbitrazh Procedural Code which confers exclusive jurisdiction on the Russian courts over disputes arising from Russia sanctions or involving Russian sanctioned persons. As shown by the Unicredit Bank v RusChemAlliance case, there is a significant risk of Russian courts assuming jurisdiction over such disputes in contravention of the contractually agreed dispute resolution mechanism and granting interim relief, including freezing Russian assets of Western businesses. Financial institutions with threatened or ongoing disputes with Russian parties arising from the Russia sanctions will want to carefully consider how best to uphold the contractual dispute resolution mechanisms and manage the risk of any parallel Russian proceedings.

The FCA’s new anti-greenwashing rules and the threat of climate-related investigations

The FCA anti-greenwashing rule, which we mentioned in January, is now in force. The rule applies to all FCA-authorised firms that offer financial products and services to clients in the UK. That includes financial promotions that authorised firms communicate or approve for unauthorised persons, including overseas products and services where the promotion is approved in the UK. The FCA also published its finalised non-handbook guidance about the rule (FC24/3). This finalised guidance emphasises that the rule is intended to complement and be consistent with PRIN, COBS and the Consumer Duty and all authorised firms need to meet the anti-greenwashing rule from 31 May 2024. As such, all firms should now incorporate the finalised guidance as part of their marketing / financial promotion processes.

While we consider that it may take some time before the FCA investigates potential breaches of this rule, it is worth noting that a recent freedom of information request by ClientEarth has revealed the FCA does have one active climate-related investigation, albeit it does not appear to be related to greenwashing allegations. ClientEarth’s scrutiny of the FCA is a sage reminder of another prediction we made that NGO activism shows no signs of abating. The momentum and pressure they are bringing to bear is considerable. Not only do they have banking institutions in sight, they are also applying pressure on regulators to police their perimeter, urging them to investigate climate-related claims by, for example, the UK’s big high-street banks. And that may speed-up what is otherwise a fairly slow process.

Challenges around redundancy, return to the office and the use of AI in employment processes

In our previous update, we predicted that in-house disputes teams at banks may well be busy dealing with the fallout from situations where restructuring or collective redundancy exercises may not have been handled correctly in the continuing uncertain economic environment. We have certainly seen an uptick in employment activity around restructuring. Equally, our prediction regarding staff challenges on returning to the office is certainly coming true. We are increasingly assisting clients on remote or flexible working arrangements especially since changes were introduced to the statutory flexible working regime earlier this year making the right to make a request a day 1 right. This is because clients are aware that the stakes can potentially be high with possible discrimination claims if they get it wrong.

Additionally, with generative AI increasingly being adopted by businesses to create efficiencies in the employment lifecycle, we expect to see this create some novel challenges for litigation teams in the coming years. Globally, we are seeing increased scrutiny on the use of AI in recruitment processes in particular, where businesses should be cautious of the risk of discrimination claims from unsuccessful applicants where their rejection is attributable to bias in the AI system. Similar concerns and potential claims will likely start to arise in other parts of the employment life cycle as AI becomes more heavily integrated, for example in use of AI for redundancy selection. More generally, where AI systems pose a potential threat to employees’ roles, this is likely to create some employee relations concerns, and businesses should be aware of the potential constructive dismissal risks where AI is used to effectively replace someone’s job.

PRA enforcement: the pros and cons of the Early Account Scheme

While we have seen some quite active enforcement activity by the PRA against banks and their senior management leading to a number of public outcomes, those investigations pre-dated the introduction of the PRA’s Early Account Scheme (EAS) and so just six months in it is too early to get an accurate feel for the level of take-up of the new process. However, we have been running some engaging case studies on the EAS with a range of clients which have highlighted that there are a range of genuinely novel issues that litigation teams at banks are having to think through. These include the pros and cons of the difficult issue of whether to request an EAS, and if an EAS is agreed then what steps the bank can take to support its current and former employees who are to be interviewed as part of the process to ensure both the integrity of the process and ensuring that the bank’s people are adequately prepared and protected. These are not straightforward issues and present some real dilemmas for in-house litigation teams at banks.

This article first appeared on Lexology. You can find the original version here.