Regulatory Implications For Hedge Funds: What Does this Mean for Your Personal Liability?

After the financial crisis: the changing approach to regulation

”There is a view that people are not frightened of the FSA. I can assure you that this is a view I am determined to correct. People should be very frightened of the FSA”. These were the words of Hector Sants who was then the Chief Executive of the Financial Services Authority in a 2009 speech which defined the FSA’s change in style following the financial crisis which had begun in 2008.

Elsewhere in his speech, Mr Sants spoke about a new style of regulatory supervision which was to be “intrusive” and “direct”. The regulator would in future be looking to second-guess the strategies of firms and make “judgments on the judgments of others”. The new regime would be “outcomes-focused”, meaning that the regulator would concentrate on what would be the likely result of the firm’s actions. The “old” regulatory approach, which relied on assessing whether a firm had complied with detailed rules, was considered outmoded because it was backward looking. It told you what had gone wrong yesterday, whereas the new approach was firmly fixed on the future, to get firms to anticipate and deal in advance with the future effect of their actions on consumers and markets.

The Financial Conduct Authority (FCA) took over the conduct side of regulation from 2013 and has pursued much of the FSA’s agenda. Shortly after it was created, CEO Martin Wheatley launched the FCA’s work on “behavioral economics”, indicating that the FCA is keen to understand the factors that cause people to behave in the way that they do. Although aimed in particular at understanding the roots of consumer behavior, the regulator’s focus on cultural change in firms suggests that behavior in firms is also relevant.

As part of its focus on behavior, the FCA realized that it needed to adjust its approach to enforcement. In the past, the FSA’s approach had generally been to take action against the firm when problems occurred. However, this may not be sufficient to change the behavior of the people who work in firms, even at senior level. The idea of the “rolling bad apple” developed: executives could be involved with regulatory failings at one firm and then move on to perpetrate similar failings elsewhere. The FCA realized that the actions of a firm are no more than the collective actions of people representing the firm.

The approved persons regime

The FCA has always had the power to take enforcement action against individuals within firms as well as against the firms themselves. Under the “approved persons” regime, individuals who carry on certain “controlled functions” within firms must be individually approved by the regulator in order to do so. For example, being a “director” or “partner” of a regulated firm requires approval, as does being the Chief Executive or the Compliance Officer. Acquiring approved person status opens a senior executive to the possibility of personal enforcement action. The FCA can, in appropriate circumstances, issue a financial penalty against individual approved persons. In extreme situations the regulator can prohibit an approved person from holding a controlled function with any regulated firm. When the FCA issues such a prohibition, the career of the person censured is to all intents and purposes over, at least in financial services. And the pain caused by the financial penalties can be severe also.

The standards imposed by the FCA can be extreme. In late 2014, the FCA issued a prohibition order against Jonathan Burrows. Mr Burrows was a Managing Director at Blackrock Asset Management. In 2013, he was stopped at the ticket gates in Cannon Street Station where he “admitted to evading his rail fare on a number of occasions”. The FCA concluded that “by knowingly evading the fare for his train journey on a number of occasions Mr Burrows has demonstrated a lack of honesty and integrity and, as such, he has failed to meet the FCA’s Fit and Proper Test for Approved Persons”. This case shows that the conduct of an approved person is relevant even outside his day to day role.

The FCA standards

When assessing a person’s fitness and propriety for an approved person role, the FCA will have regard to the applicant’s:

• honesty, integrity and reputation
• competence and capability
• financial soundness

Where a firm is a significant market player, the FCA will interview applicants for approved person roles. These interviews are extremely important for the FCA in forming its view of the applicant’s fitness and propriety and they can be gruelling in style. There are many anecdotal cases where the FCA has said that it is minded not to approve the candidate concerned, leading the nominating firm to withdraw the application – once the FCA has announced its intention not to approve the individual most firms take the view that they would prefer not to have the adverse publicity that a public decision would entail. Even where approval is forthcoming, it is not unusual for it to come with conditions attached to it, perhaps requiring the applicant to take a particular training course, or to familiarize himself or herself with various aspects of the firm’s business.

Once approved, the individual must comply with the FCA’s Statements of Principle and Code of Practice for Approved Persons. Any actions against approved persons will be based on the Statements of Principle which are as follows:

1. An approved person must act with integrity in carrying out his accountable functions.

2. An approved person must act with due skill, care and diligence in carrying out his accountable functions.

3. An approved person must observe proper standards of market conduct in carrying out his accountable functions.

4. An approved person must deal with the FCA, the PRA and other regulators in an open and cooperative way and must disclose appropriately any information of which the FCA or PRA would reasonably expect notice.

5. An approved person performing an accountable significant-influence function must take reasonable steps to ensure that the business of the firm for which he is responsible in his accountable function is organized so that it can be controlled effectively.

6. An approved person performing an accountable significant-influence function must exercise due skill, care and diligence in managing the business of the firm for which he is responsible in his accountable function.

7. An approved person performing an accountable significant-influence function must take reasonable steps to ensure that the business for which he is responsible in his accountable function complies with the relevant requirements and standards of the regulatory system.

The Code itself goes into more detail about what the Principles mean.

Statement of Principle 7, which requires compliance with the regulatory system is frequently cited in enforcement cases against individuals and deserves special mention. The effect of this Statement of Principle is to make individual senior managers responsible for compliance in their respective business areas. This is not the Compliance Officer’s responsibility: his role is fundamentally about compliance oversight, rather than securing compliance itself.

The Code clarifies that an approved person breaches Statement of Principle 7 in a number of circumstances, including:

• Failing to take reasonable steps to implement (either personally or through a compliance department or other departments) adequate and appropriate systems of control to comply with the relevant requirements and standards of the regulatory system in respect of the regulated activities of the firm in question. 

• Failing to take reasonable steps to inform himself about the reason why significant breaches (whether suspected or actual) of the relevant requirements and standards of the regulatory system in respect of the regulated activities of the firm in question may have arisen (taking account of the systems and procedures in place).

• Failing to take reasonable steps to ensure that procedures and systems of control are reviewed and, if appropriate, improved, following the identification of significant breaches (whether suspected or actual) of the relevant requirements and standards of the regulatory system relating to the regulated activities of the firm in question.

When things go wrong

Of course, there will always be some enforcement actions against individuals where it is clear that the individual was determined to do wrong. However, there is often a scent of tragedy about regulatory actions against individuals, leading to the thought that the people in question would not have done what they did if they had understood the likely outcome. Few people go into the approved person role intending to run the serious risk of personal enforcement. This in turn suggests that many approved persons are unaware of the standards that apply and how strictly they will be interpreted.

There are many cases on record where the FCA has taken action against individuals and the recent Swinton case is a useful example. The firm itself received a financial penalty of £7.4 million in 2013. The firm’s core products were motor and home insurance products and Swinton was found to have operated a business strategy to maximize the sale of insurance add-on products attached to the core products. The FCA said that:

“... the root cause of [the regulatory] failings was the aggressive sales strategy that Swinton adopted... which focused on maximizing sales at the expense of treating customers fairly and putting them at the heart of its business”.

The firm had failed to give customers “adequate information about the add-on products at the point of sale or communicate with customers in a clear, fair and non-misleading way”. Some customers did not even realize they had purchased an add-on product until the firm started taking payment from their bank account. It was suggested in the FCA Notice that the strategy was introduced “to address a general decline in [Swinton’s] income from sales of core products”. Most sales were made by telephone and there were failings found in the structure of call scripts and also in the monitoring of calls.

In 2014 the FCA took action against three senior Swinton executives. The CEO was given a financial penalty of £412,700 along with a prohibition order banning him from holding the Chief Executive controlled function, though he remains eligible to perform other controlled functions. Swinton’s Finance Director and Marketing Director were given financial penalties of £208,600 and £306,700 respectively and each was banned from holding any controlled function for significant influence in any regulated firm. That in effect makes them ineligible for any senior position in financial services. Neither of them had understood that the firm’s profit maximization strategy would lead to a culture that was overly focused on sales and which would put at risk the fair treatment of customers.

Lessons to learn

There are a number of things approved persons can do to reduce the risk of a personal FCA enforcement action being made against them.

1. Make sure they know in detail what the code requires of them. There is a significant amount of detail in the Code of Conduct on what behavior is considered not to meet the Statements of Principle. In addition, there is the Code of Market Practice to consider, which sets out the limits of what amounts to market abuse in the UK. The Codes are under continuous review, so regular refresher training is advisable.

2. Approved persons should be sure they understand the scope of the role they perform. The FCA will hold senior managers accountable for their areas of responsibility so it is important to ensure there is a definitive job description in place that clearly sets out their responsibilities. The approved person should understand how his role fits with the roles of other senior executives, ensuring that there are no unexplained gaps in responsibilities.

3. A personal risk map may be a good idea, to be constructed based on the individual approved person’s responsibilities and how they interact with the FCA’s principal areas of concern.

4. Approved persons should agree with the compliance department what work compliance does and what they must do for themselves. Statement of Principle 7 presumes senior managers are responsible for compliance in their areas of responsibility but it is clear that reliance can be placed on the compliance function to assist. However, this requires agreement and documentation.

Following on from the important issue of personal liability, let’s consider if you really know your hedge fund and how regulators are tackling fraud and increasing trust.

What’s to know? Hedge funds are now an established business within mainstream financial services. There was once a time when the very mention of a hedge fund caused temperatures to rise, anxiety to kick-in and risks to increase. Why were these reactions generated? Primarily because the funds were unregulated and unregulated investment funds were/are all too often associated with fraud. Hedge funds are now an established investment offered and managed by global banks. Investors include institutional bodies and funds invest in funds. Some funds are effectively funds of funds. Nonetheless, the funds, although offered by regulated businesses, remain unregulated. Consequently there is a wide disparity in relation to how other regulated businesses interact with hedge funds.

Whilst the funds themselves remain unregulated, the managers are usually regulated. Indeed, most independent fund managers immediately recognized the importance of regulation in securing the confidence and trust of investors. Thus in the 1990s these managers beat a path to London and New York, in pursuit of regulation. Today, it is similar to the path and objectives of those seeking to offer and trade cyber currencies, such as Bitcoin, within mainstream finance. 

Madoff

Notwithstanding the regulated status of the fund managers, there have been major issues and fraud, perhaps the most famous of which was Madoff Securities, the regulated fund manager owned and controlled by the now infamous Bernie Madoff. Madoff was convicted of fraud and he is now serving a substantial prison sentence — he will die in prison. It is alleged that he defrauded investors of sums between $40 billion and $60 billion. Effectively, the hedge funds managed by Madoff were ‘Ponzi’ frauds and it was only because of the onset of the global financial crisis that Madoff’s fraud came to light, as he was unable to access new capital to maintain the fraud.

Many investors did not know that they were actually invested with Madoff, as the funds of funds model enabled other fund managers to place investments with Madoff, unbeknown to the original investors. Subsequently there have been multiple instances of litigation alleging that fund managers did not undertake adequate due diligence in respect of Madoff’s investment strategy as well as his accounting process. There was never a question of the fund managers not knowing their investors, within what was essentially a financial services supply chain. Thus, whilst Madoff may not have known the identity of some of the investors of funds which had invested with him, he was able to rely upon the regulated fund managers of the other funds to have applied client due diligence (CDD) and ongoing screening.

Examples such as this have led to a situation where anxieties continue to prevail. Questions abound as to how funds and investors are regulated; how the investors are identified; whether the investors are the subject of CDD; whether they are screened against sanctions and politically exposed persons (PEPs) lists; and who the directors/partners of these funds are. 

Can we rely on regulated fund managers?

Given the regulated status of the majority of fund managers, can they be relied upon? The fund managers are subject to the same anti-money laundering (AML) laws and regulations, as well as the same know your customer (KYC) requirements, thus they need to know their investors. It is a crime for fund managers to launder money; it is a crime for fund managers to breach sanctions and therefore, these regulated fund managers implement their own systems and controls.

Notwithstanding all of the above, some regulated firms/ counterparties continue to act with anxiety and apply enhanced levels of due diligence, based upon a notion that hedge funds continue to present an increased level of risk, including AML/ KYC risk. Some major firms determine that it is necessary to request “full” KYC and due diligence, even when such hedge funds are managed by major global financial service businesses regulated in multiple G7 jurisdictions.

It is as though the thinking is the hedge fund found the fund manager, effectively, the fund was walking along the road seeking a manager and behold, the fund stumbled upon a major global financial services business who agreed to regulate them. Of course this farcical charade is a long way from reality. It is the regulated fund manager who drives the process and the relationships and requests the funds to be incorporated. Furthermore, the funds are not incorporated in isolation, they are a component, indeed a vital one, of a wider strategy. The funds become legal vehicles through which parties are invited to invest in a secure, protected, albeit, often high risk and well regulated environment.

The investment strategies and criteria for investors are commonly articulated within comprehensive prospectus documents. The criteria ordinarily incorporate a minimum investment sum, together with strict KYC requirements. KYC, know your investor is core to a regulated fund manager’s process. These processes are often outsourced to established, administration agents who have robust contractual obligations to ensure there is a robust application of KYC . As with major global financial service firms, the fund managers can outsource the process, but not their responsibility or accountability. Nonetheless many counterparties continue to request copies of all corporate documents for hedge funds, together with copies of personal identity documents of the directors/partners of the actual hedge funds, even though such persons are often partners of major law firms. Some go further and request to be provided with names/identity of any 10% to 25% investors in the fund. Not surprisingly, many fund managers reject such requests. Complying with such requests could actually be against the law, if only contract law. Thus, there are some instances where a KYC stand-off results in no business being conducted, leading the fund manager to find an alternative, more accommodating, perhaps more sophisticated counterparty to trade with. 

It's down to the regulator

Hedge funds have grown up, but not everyone in the industry treats them as a mature partner, with whom they are comfortable conducting business. On one level the analysis is simple, the fund managers are global financial services businesses, high street names and therefore they can be relied upon to have performed appropriate CDD, to know their clients and to apply ongoing sanctions screening. On the other hand, there are smaller regulated fund managers, concentrated in London and New York, whose regulated status is critical to the business model and survival. Such fund managers are known to the regulators, who have determined that the people running these businesses are “fit and proper”, they have the required competence and financial credibility and further that they have no criminal record. Thus, having successfully navigated the multiple obstacles which stand in the way of securing a regulated status, a counterparty can rely upon the fund manager and leverage the due diligence applied to the fund manager by the regulator.

To those of you resisting this proposal, perhaps the actual allocation of risk will persuade you to this way of thinking. There are several forms of risk here, but the primary risk must rest with a regulator who, having undertaken due diligence, then confers regulated status to a firm and individuals. In the event that it transpires that the firm and individuals undertake criminal conduct, the primary risk rests with the regulator.

Turning to imminent regulatory changes, let’s outline some important issues that hedge fund managers need to be aware of.

With not long to go live – January 3rd, 2017 – we have seen the two primary pieces of legislation, the Markets in Financial Instruments Directive (MiFID II) and the Markets in Financial Instruments Regulation (MiFIR in force from July 2014), and a full round of the secondary implementing measures from the European Securities and Markets Authority (ESMA), in December 2014. Whilst there are some important issues, such as the use of dealing commissions (softing) still to be settled (we expect further detail from ESMA and the FCA in due course), the overall picture is becoming clearer. In this summary of the MiFID II reforms from the perspective of buy-side managers, here are the “top five” areas that will need addressing: 

1. The recording of telephones and electronic communications: investment manager exemption to end 

Not strictly speaking a MiFID II reform, but a bombshell delivered by the FCA in March 2015 in its Discussion Paper (DP15/3) on the conduct of business and organization issues arising from MiFID II. Current FCA rules allow for discretionary investment managers to dis-apply the recording requirement where a conversation or communication is with another firm itself subject to the obligation (e.g. an FCA-regulated broking firm) or with firms not subject to the obligation, provided these are made only on an infrequent basis and represent a small proportion of the total relevant communications. The FCA proposes to remove both these exemptions, citing the need for a “level playing field” with similar firms. Note also that MiFID II extends the definition of “relevant conversations” that must be recorded to include all those intended to result in a client transaction (previously, those that did), and to increase the retention period from six months to five years. So the recording obligation is getting broader and the retention period longer. If adopted, this will impose significant new technology requirements on many investment managers who currently do not need to record such communications. 

2. Paying for research: an end to bundled commissions 

MiFID II prohibits firms from accepting “fees, commissions or any monetary or non-monetary benefits paid or provided by any third party” – in other words, “inducements” which (as currently interpreted) includes original, meaningful research. At first sight, this points to a total ban on all dealing commission arrangements to pay for company research. Although ESMA’s Technical Advice on this subject (published in December 2014) was initially viewed as a retreat from a total ban, its current proposals still amount to a radical break with past practise. There will be two permissible methods of paying for company research: either the investment manager pays for research itself, or it is paid for out of a “Research Payment Account”. This type of account will have to be operated under strict conditions, including a research budget, based on a reasonable assessment of need, to be pre-agreed with, and funded by, the client, and a regular assessment of the quality of research purchased. Above all, there must be no link between execution volumes and research spend. Opinions vary on whether this spells the end for how Commission Sharing Agreements (CSA) are currently structured – in our opinion (and more importantly the FCA’s) it does.

3. Best execution: new data, new disclosures 

Best execution was a concept introduced to the EU by the first MiFID, but its impact has been patchy, at best. There are difficulties around the objective measurement of best execution in nearly all asset classes save liquid shares (where, by definition, poor execution is unlikely). Hedge fund managers also struggled to see why their performance in this narrow area should be under the microscope when they have every incentive to achieve the best possible returns for their clients. MiFID II should enhance this regime in two ways: first, in the new transparency and publication requirements across a wide range of instruments. These will include a “consolidated tape” of transactions across all EU trading venues, thus greatly enhancing the market participants’ ability to see what is trading and at what price. The execution venues themselves will have to publish annually the quality of execution provided, assessed by factors such as price, costs, speed and likelihood of execution, giving investment managers hard data on which to base their execution venue decisions. Firms themselves (including investment managers) will also have to justify these decisions by publishing annually their top five execution venues in terms of volume and information on the quality of execution actually obtained, thus adding another layer of transparency to underlying investors.

4. Transaction reporting: new data fields and delegation becomes harder 

Note: transaction reporting under MiFID should not be confused with the reporting of derivatives transactions under the European Markets Infrastructure Regulation (EMIR) – EMIR reporting is concerned with systemic risk, whereas MiFID transaction reporting was introduced primarily to assist in the investigation of possible market abuse. Under MiFID II, MiFIR broadens the scope of transaction reporting to all financial instruments traded on an EU trading venue, plus those whose underlying is such an instrument. The previously exempt bonds, interest rates, commodity and FX derivatives thus all come into scope, plus all OTC derivative contracts traded on the new Organized Trading Facilities (OTF). The number of data field increases from the original 23 to 81. These include short sale flags and the ID of either the individual trader or the algorithm responsible for the decision to trade. Delegation of transaction reporting will still be permitted, but this is likely to be harder, particularly in view of the ID requirement. Many investment managers are expected to conclude that taking transaction reporting back in-house is a cleaner solution. At the very least an investment manager will need to understand how its counterparties will comply with the new reporting requirements. 

5. Transparency and how this will affect you 

MiFID II greatly expands the scope of financial instruments caught by pre- and post-trade transparency requirements. Equity-like instruments such as depositary receipts, exchange traded funds (ETF) and certificates are included for the first time, as are bonds, structured finance products, emission allowances and derivatives traded on a trading venue. Trading a UK government bond, for example, post January 2017, will look much more like trading a UK share does now in terms of a visible order book and trade tape. There will still be exemptions for the publishing and reporting of illiquid shares, large orders and transactions (similar to the current MiFID regime for equities). Where this gets interesting (and controversial) is in the calibration of thresholds for such waivers, and particularly the definition of what is liquid. If ESMA gets this wrong, market makers in certain instruments will conclude that greater transparency shifts the risk/reward balance to the point where they withdraw liquidity altogether. If they go too far in either direction, investors could end up paying more, not less, for executing their strategies. We know well, from previous experience, that the devil is in the detail and European legislative packages in their final implemented form can look vastly different from what was originally proposed. There is scope for further evolution between now and 2017 and there are unlikely to be prizes for first movers. However, the broad structure is now largely fixed and the direction of travel is clear. When MiFID came into force in November 2007, its impact was quickly lost in the travails of 2008 and the protections it sought to implement looked outdated very quickly. However, MiFID II is not just about updating legislation to reflect market developments - the opportunity has also been taken to reflect on the financial crisis and so to address two areas that were seen lacking: transparency (both for the client and regulators) and protecting the interests of clients. It is those areas where the impact of MiFID II will be felt most by the investment management community. 

The growth in importance of hedge funds has led to an increase in regulation. Hedge fund managers may now find themselves on the wrong end of a personal enforcement action from the FCA pour encourager les autres. Investing some effort in managing this personal risk is time well spent. Grappling with the detail of existing (AIFMD, EMIR) legislation as well as responding to new regulation (MiFID II) is a tiresome distraction but ignoring it is likely to be a poor strategy. However, dealing with regulation requires a demystification of the industry. The term ‘hedge fund’ means so much and so little and it carries a lot of baggage – possibly the time has come to consciously define a narrower series of fund-types that are more understandable and less frightening to observers of the industry.