Fine time

UBS (AG) has been fined £8m for failures in systems and controls that enabled four employees to carry out unauthorised transactions involving customer money ‘on at least 39 accounts’.

As is the norm, the fine would have been larger (£10m) but for UBS agreeing to settle at an early stage. Although fairly eye-watering, the fine is only the third largest ever – beaten by Shell in 2004 with a fine of £17m for market abuse and by Citigroup in 2005 with a fine of £13.9m (the FSA maintains a ‘Fines table’ which can be accessed using the link below).

In addition to the fine UBS has paid compensation in excess of US$42.4m to affected customers.

The thrust of the FSA case against UBS (and in the Citigroup case) was based upon breaches of Principle 2 (“A firm must conduct its business with due skill, care and diligence”) and of Principle 3 (“A firm must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems”).

Specific failings are referenced in sections 4.27 and 4.30 of the Final Notice – see link below – including inadequate training; failure to have clear ownership of responsibilities; lack of, or inadequate, documented procedures; and recommendations from internal reviews not being acted upon. If any of that sounds familiar that might be because the Final Notice relating to the recent Barclays case, concerning failures in transaction reporting, referred to the same failings.

Whilst the two firms were involved in completely different activities that gave rise to the respective Enforcement cases, the Notices illustrate areas of weakness that can be common to any firm.