Financial services director and officers (D&O) in the UK have been hit with more than £196m in large regulatory fines since 2020, with an increasing trend for action under the GDPR for privacy breaches, finds research from law firm BLM.
The data is taken from BLM’s D&O Tracker, which monitors fines from four major UK regulators – the Financial Conduct Authority, Serious Fraud Office, Information Commissioner’s Office (ICO) and the Crown Prosecution Service.
The tracker shows that the total of large fines against UK financial services D&Os rises to £480m during the last five years.
Since 2016, 62 fines were handed down to key financial services personnel, with 24 D&Os receiving sentences totalling 154 years.
Of the cases tracked during the last five years, 38 were brought against companies classed as SMEs, 25 of these being classed as micro firms with turnover of up to £2m.
BLM said the latest figures from its tracker also reveal an increasing trend towards fines levelled by the ICO for privacy breaches under the GDPR and data protection regulations, often as a result of unsolicited, nuisance marketing activity.
This includes a case against American Express, concluded in May 2021, for sending more than four million marketing emails. Though American Express argued these could be classed as services emails, the ICO ultimately decided the communication was for marketing purposes, fining the financial services corporation £90,000.
Alex Traill, professional indemnity partner at BLM, commented: “With the financial services sector tightly regulated, the risk of substantial punitive action in the event of breaches or non-compliance is inevitable. However, this risk can be even greater in the event that a company does not have adequate D&O protection. Fines can be imposed when a company is found not to have adequate insurance to cover the initial fine – creating a double-edged sword through lack of cover.”
He added that the ICO fines in particular are concerning for risk managers and their D&Os.
“Even though the introduction of GDPR in 2018 has helped to raise awareness of the risks associated with improper data protection or nuisance marketing activity, our research has highlighted that many D&Os are still seeing fines levelled against them as a result of improper activity. Therefore, it’s crucial to have full oversight of every aspect of your business, otherwise D&Os may well end up paying significant sums in the event of improper activity,” said Mr Traill.
BLM’s D&O Tracker is freely available for corporates, insurers and brokers to access. For further details and to download the tracker click here.