Directors of financial services firms hit with £196m in fines in just one year

Directors and officers of financial services firms have been hit with over £196m in large fines from regulatory bodies since 2020, according to research from BLM.

The law firm's analysis revealed that since 2016, 62 fines were handed down to key financial services personnel totalling over £480m. Of the cases tracked over the last five years, 38 were brought against SMEs, 25 of which were micro (with a turnover of up to £2m).

BLM’s D&O Tracker monitors fines from four major UK regulators, including the Financial Conduct Authority, Serious Fraud Office, Information Commissioner’s Office and the Crown Prosecution Service.

The study uncovered an increasing trend towards fines levelled by the ICO for privacy breaches resulting from unsolicited, nuisance marketing activity. This includes a case against American Express, concluded in May 2021, for sending over 4 million marketing emails. Though American Express argued these could be classed as services emails, the ICO ultimately decided the communication was for marketing purposes, fining them £90,000.

Alex Traill, PI partner at BLM, commented: “With the financial services sector tightly regulated, the risk of substantial punitive action in the event of breaches or non-compliance is inevitable. However, this risk can be even greater in the event that a company does not have adequate D&O protection. Fines can be imposed when a company is found not to have adequate insurance to cover the initial fine – creating a double-edged sword through lack of cover.

“As our Tracker data reveals, it’s a particularly pertinent issue for smaller companies. We typically see a coverage gap for SMEs, either through a lack of awareness around D&O protection, or because there’s a belief that the company doesn’t require cover. These figures show that simply isn’t the case, with D&Os of companies of all sizes handed hefty fines or even custodial sentences.

“The ICO fines in particular are concerning. Even though the introduction of GDPR in 2018 has helped to raise awareness of the risks associated with improper data protection or nuisance marketing activity, our research has highlighted that many D&Os are still seeing fines levelled against them as a result of improper activity. Therefore, it’s crucial to have full oversight of every aspect of your business, otherwise D&Os may well end up paying significant sums in the event of improper activity.”

    Share Story:


Cyber risk in the transportation industry
The connected nature of the transport and logistics industries makes them an attractive target for hackers, with potentially disruptive and costly consequences. Between June 2020 and June 2021, the transportation industry saw an 186% increase in weekly ransomware attacks. At the same time, regulations and cyber security standards are lacking – creating weak postures across the board. This podcast explores the key risks. Published April 2022.

Political risk: A fresh perspective
CIR’s editor, Deborah Ritchie speaks with head of PCS at Verisk, Tom Johansmeyer about the confluence of political, nat cat and pandemic risks in a world that is becoming an increasingly risky place in which to do business. Published February 2022.