Directors of financial services firms hit with £196m in fines in just one year

Directors and officers of financial services firms have been hit with over £196m in large fines from regulatory bodies since 2020, according to research from BLM.

The law firm's analysis revealed that since 2016, 62 fines were handed down to key financial services personnel totalling over £480m. Of the cases tracked over the last five years, 38 were brought against SMEs, 25 of which were micro (with a turnover of up to £2m).

BLM’s D&O Tracker monitors fines from four major UK regulators, including the Financial Conduct Authority, Serious Fraud Office, Information Commissioner’s Office and the Crown Prosecution Service.

The study uncovered an increasing trend towards fines levelled by the ICO for privacy breaches resulting from unsolicited, nuisance marketing activity. This includes a case against American Express, concluded in May 2021, for sending over 4 million marketing emails. Though American Express argued these could be classed as services emails, the ICO ultimately decided the communication was for marketing purposes, fining them £90,000.

Alex Traill, PI partner at BLM, commented: “With the financial services sector tightly regulated, the risk of substantial punitive action in the event of breaches or non-compliance is inevitable. However, this risk can be even greater in the event that a company does not have adequate D&O protection. Fines can be imposed when a company is found not to have adequate insurance to cover the initial fine – creating a double-edged sword through lack of cover.

“As our Tracker data reveals, it’s a particularly pertinent issue for smaller companies. We typically see a coverage gap for SMEs, either through a lack of awareness around D&O protection, or because there’s a belief that the company doesn’t require cover. These figures show that simply isn’t the case, with D&Os of companies of all sizes handed hefty fines or even custodial sentences.

“The ICO fines in particular are concerning. Even though the introduction of GDPR in 2018 has helped to raise awareness of the risks associated with improper data protection or nuisance marketing activity, our research has highlighted that many D&Os are still seeing fines levelled against them as a result of improper activity. Therefore, it’s crucial to have full oversight of every aspect of your business, otherwise D&Os may well end up paying significant sums in the event of improper activity.”

    Share Story:


Cyber physical risks
Property damage as a consequence of cyber attack is often excluded from standard property policies, but as the industrial internet of things expands, so too do the risks. This podcast examines the evolving threat landscape. Published October 2021

Financial institutions were early adopters of cyber security and insurance. Are they still on top of the game?
Managing huge amounts of sensitive data online makes financial institutions a prime target for hackers. As such, the sector was an early cohort for insurers in creating cyber cover. Since then, the market has evolved almost beyond recognition. It continues to challenge itself to this day, complying with rigorous regulatory demands and implementing avant-garde enhancements to keep abreast of the ever-changing risks. Published June 2021