On June 21, the United Kingdom Financial Conduct Authority (FCA) fined Bank of Scotland (BOS) £45.5 million “for failures to disclose information about its suspicions that fraud may have occurred at the Reading-based Impaired Assets (IAR) team of Halifax Bank of Scotland [(HBOS)]” According to the FCA, BOS
identified suspicious conduct in the IAR team in early 2007. The Director of the Impaired Asset Team at the Reading branch, Lynden Scourfield, had been sanctioning limits and additional lending facilities beyond the scope of his authority undetected for at least three years. BOS knew by 3 May 2007 that the impact of these breaches would result in substantial losses to BOS.
Despite that knowledge, the FCA stated, “on numerous occasions” BOS
failed properly to understand and appreciate the significance of the information that it had identified despite clear warning signs that fraud might have occurred. There was insufficient challenge, scrutiny or inquiry across the organisation and from top to bottom. At no stage was all the information that had been identified properly considered. There is also no evidence anyone realised, or even thought about, the consequences of not informing the authorities, including how that might delay proper scrutiny of the misconduct and prejudice the interests of justice.
The FCA made clear that at the time, HBOS’s IAR was not subject to specific rules that the FCA’s predecessor agency, the Financial Services Authority (FSA), imposed on regulated entities, such as “conduct of business rules and complaints handling rules,” because commercial lending “was and still is largely unregulated” in the in the United Kingdom. He FCA, however, maintained that “BOS was required to be open and cooperative with the FSA, and the FSA would reasonably have expected to have been notified of BOS’s suspicions that a fraud may have been committed in May 2007.”
Not until July 2009 did BOS provide the FSA “with full disclosure in relation to its suspicions, including the report of the investigation it had conducted in 2007.” Moreover, BOS “did not report its suspicions to any other law enforcement agency”; rather, the FSA itself reported the matter to the National Crime Agency (then the Serious Organised Crime Agency) in June 2009.
The FCA was unsparing in its criticism of BOS’s failure to report these matters:
If BOS had communicated its suspicions to the FSA in May 2007, as it should have done, the criminal misconduct could have been identified much earlier. The delay also risked prejudice to the criminal investigation conducted by Thames Valley Police. Full disclosure would also have allowed the FSA, at an earlier opportunity, to assess BOS’s response to the issue and its approach to customers and complaints.
Ultimately, in 2010 the FSA appointed investigators to begin looking at BOS’s misconduct. The FCA noted, however that that investigation was “placed on hold” in 2013 “at the request of Thames Valley Police . . . until after the criminal prosecution of relevant individuals had been completed.” The regulatory investigation was only restarted by the FCA in February 2017, when six individuals – including Scourfield, two of Scourfield’s business associates David and Alison Mills, and HBOS executive Mark Dobson – were sentenced to prison terms for their roles in the fraud.
In addition, the FCA announced that on June 20, it had banned Scourfield, Dobson, and David and Alison Mills “from working in financial services due to their role in the fraud at HBOS Reading.” For each of the first three persons, the FCA found that he “is not a fit and proper person to perform any function in relation to any regulated activity,” as his conduct “has demonstrated a serious lack of honesty and integrity.” For Alison Mills, the FCA found that she is not a fit and proper person because she “has engaged in a financial crime offence.”
Note: The FCA’s announcement does not make clear that its actions represent the final enforcement actions stemming from what The Guardian called an “extensive scheme” – in which Scourfield, Dobson, and David and Alison Mills all played key roles – “that drained the bank and small businesses of around £245m and left hundreds of people in severe financial difficulties.”
Financial crimes compliance teams in United Kingdom financial institutions should take note of the FCA’s actions in this case for two reasons. First, they generally reflect the importance that regulators in multiple countries are attaching to financial firms’ timely reporting of suspicious transactions or conduct. Second, these actions provide a precedent for the FCA to fine a financial firm or other regulated entity for failure to report certain suspicious activity, even if that entity is not clearly required to file a Suspicious Activity Report, if the FCA determines that the entity’s failure to report constituted a failure to “to be open and cooperative” with regulators regarding that suspicious activity.