The Financial Conduct Authority and the Prudential Regulation Authority (together, the “Regulators”) have jointly fined Barclays’ CEO, Jes Staley, a total of £642,430. The fine was imposed for Mr Staley’s repeated attempts to uncover the identity of an anonymous whistleblower, which constituted a failure to act with the due skill, care and diligence the Regulators expect from a CEO. The case was observed with interest as the first brought by financial regulators under the UK’s Senior Managers Regime. The Regulators chose not to impose more severe sanctions (which could have involved the removal of Mr Staley from his role) after failing to find that Mr Staley was guilty of any deliberate wrongdoing.
The incident dates back to June 2016 when an anonymous letter was sent to Barclays’ board purportedly from a Barclays’ shareholder. The letter raised concerns about Barclays’ appointment of an employee whose recruitment had been instigated by Mr Staley (the “Employee”). The Employee has been widely reported as being Tim Main, a former colleague of Mr Staley from his days at JP Morgan. Some of the concerns in the letter were of a personal nature, and the letter went on to deal with Mr Staley’s knowledge of and role in dealing with those issues at a previous employer. Although (unbeknownst to Mr Staley) the letter was dealt with as a whistleblow by Barclays Compliance department, Mr Staley shared the letter with two individuals outside of Barclays in order to set up a support network for the Employee in case the letter should become public.
Later that month, Barclays received a second anonymous letter voicing similar concerns in relation to the Employee. This letter was expressed as being from a group of Barclays’ employees. Mr Staley considered both letters were part of a campaign to attack the Employee and Barclays and that they were sent by someone outside of the firm. Mr Staley requested Barclays Group Security identify the author of the first letter, but was informed that both letters were considered whistleblows, and was advised against trying to uncover the identity of the author. Although Mr Staley accepted this advice initially, he later resumed trying to uncover the author of the first letter via Barclays Group Security, after mistakenly forming the conclusion that Barclays’ investigations had revealed the allegations in the letters were unsubstantiated and that the correspondence was no longer being treated as a whistleblow. Mr Staley was not successful in his attempts to uncover the identity of the author of the first letter.
Once Barclays’ board became aware of Mr Staley’s attempt to identify the author of the first letter, the matter became the focus of an internal investigation and was reported to the Regulators.
The Regulators’ Decision
In their Final Notices, the Regulators stated that Mr Staley made serious errors of judgement, in particular:
- he should have maintained an appropriate distance from the internal investigation into the letters given his conflict of interest,
- he should not have taken steps to identify the author of the letters, and
- given his lack expertise around whistleblowing matters, Mr Staley should have explicitly consulted those with relevant knowledge and responsibility for whistleblowing within Barclays and obtained express confirmation from them that his proposed actions were permissible.
The Regulators found Mr Staley’s conduct to be a breach of the requirement to act with due skill, care and diligence (Individual Conduct Rule 2.1.2). Mr Staley was adjudged to have made an honest mistake, and was not found to be in breach of the requirement to act with integrity (Individual Conduct Rule 2.1.1), nor were there any findings that he lacked the fitness and propriety to perform his role (which would have resulted in his removal as CEO).
Whilst the Regulators acknowledged that Mr Staley made no personal gain from events, they viewed his misconduct as sufficiently serious for each to impose a penalty of 10% of his annual income (although as Mr Staley agreed to settle at an early stage he qualified for a 30% reduction in the overall fine). Barclays has also announced that it has reduced Mr Staley’s compensation for 2016 by £500,000.
Additionally, Barclays has agreed to enhanced reporting requirements under which it must inform the Regulators on an annual basis how it handles whistleblowing, with personal attestations required from those Senior Managers responsible for the relevant systems and controls. The increased scrutiny of Barclays’ whistleblowing procedures will apply until the end of 2020 and is the first measure of its kind applied to a regulated firm in relation to whistleblowing.
Mr Staley becomes the first CEO to be fined by the Regulators and to remain in his job. The lengthy duration of the Regulators’ investigation (over a year) is an indication of the difficult balancing act they faced in deciding the appropriate response to Mr Staley’s conduct. Mr Staley’s removal would have disrupted the operation of a major financial institution, yet there was a need for any sanctions to be commensurate with the gravity of Mr Staley’s wrongdoing.
The level of the fine imposed by the Regulators has provoked a mixed reaction – in some quarters it has been criticized as being too lenient, as it is arguable whether the fine and censure will act as an effective deterrent to senior employees at other financial institutions. Similarly, a number of recent scandals to hit the headlines have shown the value of whistleblowing (the Panama Papers, the data harvesting scandal involving Cambridge Analytica etc.) – regulators have a duty to give sufficient protection to whistleblowers’ interests and anonymity. However the Regulators’ sanction reflects the fact they did not find any deliberate wrongdoing by Mr Staley (nor any basis to question his integrity or his fitness and propriety for his positon).
The fine imposed on Mr Staley comes recently after the publication by the European Commission of a draft Directive intended to fortify safeguards for whistleblowers in the EU by offering protection for those who blow the whistle on breaches of certain types of EU legislation (including financial services legislation).
Nevertheless, there remains a stark divide between the current approaches to whistleblowing by authorities in the UK and the US (not least in respect of the financial incentives offered to whistleblowers in the US under the Dodd-Frank Act). Indeed, in 2017 the SEC made whistleblower awards of nearly $50 million. This is reflected in the relative numbers of whistleblowers reported in each jurisdiction. For example, the SEC received over 4,400 whistleblowing tips in 2017, up by almost 50% since 2012. In contrast the number of annual whistleblowing reports to the FCA has fallen consistently since reaching a high of 1,340 in 2014/15, and numbered 900 in the year ending 31 March 2017.
A difference in outlook between transatlantic regulators may yet be exposed in Mr Staley’s case, as the New York Department of Financial Services is also investigating his transgressions. It will be instructive to see whether its findings and/or sanctions correlate with those of the Regulators.