Treasury Committee 

Oral evidence: The Financial Conduct Authority's regulation of London Capital & Finance plc, HC 1191

Thursday 25 March 2021

Ordered by the House of Commons to be published on 25 March 2021.

Watch the meeting

Members present: Mel Stride (Chair); Harriett Baldwin; Anthony Browne; Felicity Buchan; Dame Angela Eagle; Julie Marson; Siobhain McDonagh; Alison Thewliss.

Questions 261 - 319


I: Jonathan Davidson, Senior Adviser, Financial Conduct Authority; Megan Butler, Executive Director for Transformation, Financial Conduct Authority.

Examination of witnesses

Witnesses: Jonathan Davidson and Megan Butler.

Q261       Chair: Good afternoon and welcome to the Treasury Select Committee and our evidence session on the Financial Conduct Authority’s regulation of LCF. I am very pleased to be joined today by two witnesses, and I am going to ask them to introduce themselves very briefly to the Committee.

Jonathan Davidson: Good afternoon and thank you for inviting me. My name is Jonathan Davidson. I was executive director of supervision, retail and authorisations at the FCA until late last year.

Megan Butler: I am Megan Butler, executive director of transformation at the Financial Conduct Authority. Previously, I was executive director of supervision, with responsibility for wholesale, investments and specialists.

Q262       Chair: Welcome to the Committee and thank you both for attending. Megan, could I start with you? This is a difficult question to ask you, but I feel I need to ask it. When you were first aware of Dame Elizabeth’s report and its content, and the allocation of responsibility for the quite serious policy failings, which named you in a few cases, did you, at any point, consider resigning your position at the FCA?

Megan Butler: I did not consider resigning my position. In response to that, I had a number of conversations with the rest of the leadership team, but no, I did not.

Perhaps before I go into more detail on that, if I might just take a moment to start by expressing my sincere regret for the losses suffered by bondholders as a result of the collapse of London Capital & Finance. Together with Jonathan, I take full responsibility for the supervision model that was designed and rolled out. I also take full responsibility for the judgments and decisions taken by individuals within my areas of responsibility.

Having said that, and going back to your question about how I considered my role within it, that was a matter that was considered closely by the board, and by the chief executive and chairman specifically. The decision that they reached, which they outlined when they gave evidence to you a couple of weeks ago, was that so much of what we do within the FCA, whether it goes well or less well, is a collective endeavour, and so the responsibility is a collective responsibility within the organisation. That is the conclusion they reached.

Q263       Chair: Do you agree with that conclusion? There are others who might say that, when things go seriously wrong, when there is an inquiry and when responsibility is apportioned to specific individuals, there has to be somewhere where the buck stops. So many members of the public and others get deeply frustrated that there seem to be these big problems and a lot of people get hurt and damaged in the process, as has, indeed, happened here and, at the end of the day, for those involved, life pretty much goes on as before. In your case, you have now moved on to a very important job of transformation within the FCA. Do you have any sympathy with that view at all?

Megan Butler: I have a very great deal of sympathy with the bondholders in LCF, and I entirely understand their anger and disappointment at what they have seen happen. I also understand the wider public response to these issues, as you articulate, but I come back to the fact that I do take full responsibility for the model of supervision and I take responsibility for the actions that happened within my areas relating to it, but this is an issue where, as the board said, there is a collective responsibility and a collective response. I fully accept my responsibility and the part I played.

Q264       Chair: When you saw the report, you may not have contemplated resignation, but did you think at that point that you might be asked to leave the FCA, or was it always very clear to you, from the moment that you read the report, that, “Yes, I will be staying and continuing, and looking at other opportunities with the FCA”?

Megan Butler: Reading the report was, of course, a fairly salutary moment for anyone who reads that: the whole of supervision, authorisations, the contact centre and, indeed, the whole of the organisation. It is a salutary read that makes anyone within the FCA who reads it stop and think. That is one of the huge benefits of this report. We knew a lot that was in it, because of the work that we had done from the events relating to LCF and, indeed, throughout the interview process. It did not come, in a sense, as a surprise when the draft arrived with us last year.

Q265       Chair: If I had been in your position—and it is an almost impossible thing to contemplate, of course, because I do not know all the circumstances—I would have been quite nervous about what might have followed, having read the report, but it sounds from what you are saying that you did not contemplate resigning and you did not expect any other outcome than that you would be remaining with the FCA.

Megan Butler: I did not expect any other outcome but, as I have said, it was a salutary read. The issues around my responsibility, as articulated in the draft report, did give me cause for concern, and that concern was represented in my fairly brief representations to Dame Elizabeth, following the receipt of the draft report. That was very much in the context of a concern that I had that a reader might interpret the original draft as holding me personally culpable or to blame for individual actions. That was a concern to me in the original draft, and I made representations around that. The revised draft dealt with what Dame Elizabeth meant by responsibility in finding me, ExCo, Andrew and, indeed, Jonathan responsible for various aspects of this. The clarification that she made was hugely helpful and allowed me to better understand her thinking on that and to accept the findings of the report.

Q266       Chair: I understand your point about culpability versus responsibility, but the report identifies, in chapter 6, the executive directors of supervision—that includes youas being responsible for the lack of operational awareness of the perimeter as it affected the authorisation and supervision of LCF. It also concluded, in respect of third-party information, that contact-centre policy documents lacked clarity as to when call-handlers needed to refer allegations of fraud or serious irregularity regarding the unregulated activity of FCA-regulated firms more widely within the supervision division. “Responsibility also rests”, it says, “with management of the supervision division”, which includes you. In chapter 12, it states, “There was no policy which required the FCA’s supervision staff to interrogate a firm’s financial information following an allegation of fraud or serious irregularity being made against a firm”, that being, once again, an area of your responsibility.

They are pretty damning conclusions, are they not? You make these points about whether you are culpable or just responsible. These are very significant failings that led to extraordinary hardship for a very large number of people, and one gets a slight sense of, “I was not found to be culpable; therefore, it did not really matter as much as it might have done and, therefore, I did not expect to have to even think about resigning or, indeed, even thinking at the back of my mind that this might be an issue whereby I might have to leave the FCA as a consequence of this”. None of that seems to be in your mind here, which some might find surprising.

Megan Butler: No part of my response here is to downplay the seriousness of those findings or, indeed, the seriousness of the impact on the bondholders in London Capital & Finance. Dame Elizabeth calls out in the report the fundamental root cause of so many of the weaknesses that she found—and, indeed, some of the issues you just identified there—which is the weakness in the analysis of business activities of regulated firms. She says that is a root cause that informs so much of this, and I agree with Dame Elizabeth on that.

The emphasis in the business model that had been implemented in 2015 and was still in operation through a large portion of 2016 had moved away substantially from an understanding of the importance of individual, small-firm intervention, except around gateway decisions, to an understanding of interventions aimed at market-wide issues. That, at its heart, led to a great many of the issues that you articulate here and that Dame Elizabeth identifies in the report. That model was the one that Jonathan and I together tried, through 2016, to change.

We implemented a new model through 2017 and 2018, but it is true to say that that old way of working cast quite a long shadow, as did a number of the cultural characteristics across the organisation, not just in supervision, authorisations or the contact centre. Some of those embedded behaviours, as well as the supervision model that had been on the ground, underpinned some of those fundamental weaknesses.

Q267       Chair: Moving on to transformation and your current role, what makes you particularly qualified to carry out this particular role?

Megan Butler: First up, the main point that I would want to make is that I applied for the role when it was advertised internally, because I wanted to do my level best to help Nikhil deliver his vision for a transformed organisation. That was my motivation in applying for this role. Nikhil and Charles, when they spoke with you a couple of weeks ago, explained their rationale for why they thought I was the right person for that role.

Q268       Chair: Why do you think you are the right person for the role? That is the question.

Megan Butler: I understand. It would be for the same reason. I bring to that role 30 years of financial services experience, 20 years of which have been in regulation in legal, enforcement and supervisory roles, domestic and international, wholesale and retail, including change experience involving taking the FCA on the journey from the old supervision model that it had to a new model that it operates within now. I bring all of that experience to bear, including being part of the team that helped establish the PRA, working in the early years of the PRA with Andrew Bailey and developing the new approach to supervision that they then developed. It is bringing all of that experience to bear.

Q269       Chair: In terms of this role specifically, this is a very large transformation project that you are now overseeing. What, in your past, would you point to—that one bit of experience, if you like—that is the closest to what you are being asked to do now?

Megan Butler: I would say that the creation of the PRA with Andrew Bailey was, in a sense, a very similar process. It has different outcomes, regulatory structure, issues and goals, but has many characteristics in common that include a recognition of the need to bring together joined-up technology, data, systems, risk management, cultural values and people capabilities to create a fully effective regulatory organisation. I would also say that the programme of delivering effective supervision, which Jonathan and I designed and delivered together through 2017 and 2018, and which continued with the assertive supervision programme in 2018 and 2019, has similar characteristics to this.

Q270       Chair: A lot of that period was not one of great success when it came to LCF.

Megan Butler: Since Jonathan and I joined the organisation in 2015, we have been striving to improve the outcomes across supervision, particularly in the context of smaller firms. I am so sorry that the changes we were putting in place did not come quickly enough to change the outcomes for LCF bondholders. The organisation that we have now is not the one we had in 2015 or 2016, or even in 2018. We have a different supervisory approach—and a different organisational approach, importantly—to so many of these issues. I am just so very sorry that it did not get there in time to change the outcomes for the bondholders.

Q271       Chair: Charles Randell appeared before the Committee, and you will be aware that we discussed some of the issues that we are touching on now. In answer to the question of why you were moved to transformation, part of his answer—I am not saying that it was the whole answer, and I am paraphrasing—was the fact that there would have been a significant downside to not putting you in that role, in the sense that you had the institutional memory and experience of the organisation, etc, and it would, therefore, in the absence of appointing you, require finding somebody else from outside, which could have delayed the whole process of transformation by between six and 12 months. Is that a position that you would agree with?

Megan Butler: I certainly bring more than five years of experience of the Financial Conduct Authority to bear. As I say, having worked in three different regulators in different roles, I bring all of that experience to bear as well.

Q272       Chair: The question I am asking is whether you would agree with his assessment that, if you were not appointed and they went to try to find somebody else to take on the role, it would have delayed the transformation programme by up to 12 months.

Megan Butler: Whether it would be 12 months or a different period, the fact that I have knowledge of the organisation is undoubtedly helpful to the speed of the programme, the way we are putting it together, the programmes that we are rolling out and the individual workstreams. We are making good and effective progress on those because of my knowledge of the organisation. Without that, I do not think that they would have moved as quickly.

Q273       Chair: Could they have moved as quickly if they had gone outside the organisation but retained your expertise alongside the individual recruited?

Megan Butler: Possibly.

Q274       Chair: Getting back to the PRA and the experience you had there, which is the experience that you have pointed to as supporting the role that you now have, the PRA does not handle the same number of firms as the FCA, where you have upwards of 60,000. It does not handle contact issues or consumers, so there are big differences, are there not, between those two organisations? Could you share your reflections on that with the Committee?

Megan Butler: You are quite right. The Bank of England oversees some 2,000 or so firms, not the 60,000 that sit within the remit of the Financial Conduct Authority. They have a very different remit in terms of that interaction and, undoubtedly, they have less direct contact with consumers, although, at the end of the day, so much of the work of the PRA is, in fact, for the benefit of consumers, nonetheless. It is not a unique facet for the Financial Conduct Authority that it has to think about the impact on consumers.

My point around the PRA was not that it is the same organisation with the same objectives; it is more that, in thinking about any change programme, you have to think about different facets and characteristics within it. You have to think about people, risk, systems and different outcomes, and bring all those together in a planned and organised way, so that you make progress effectively. That is what that experience gave me, and that is some of the experience that I am bringing to this programme too.

Q275       Felicity Buchan: I want to follow up on a few of your answers, Megan. You have alluded to the weaknesses in the FCA culture and poor embedded behaviours. Why did it take so long to change the culture? You and Jonathan joined in 2015, as you have said. Why did it take that period of time? Why could you not just bang groups together, get rid of the silos and have a positive culture?

Megan Butler: If I look at the culture, I look at it in three phases. When Jonathan and I arrived in 2015, what we found on the ground was highly motivated people. We still have highly motivated people. People come to work at the Financial Conduct Authority because they want to make life better for consumers and markets. That is why they are there. They are highly motivated. What we found on the ground was quite a high level of demoralisation and a rejection of the supervision model that had been rolled out earlier in the year. This was giving rise to significant retention issues, among other things.

We also found, as you perhaps mentioned in your question, very embedded silos and fragmented working. That was not just between supervision and policy or supervision and enforcement; it was the two halves of supervision, which had been split, and authorisations and their interaction with those two halves, as well as the specialist supervisors distinct from other supervisors. It was an extremely siloed set of behaviours, with almost no ability for Jonathan and me to see down into the organisation to look at what was happening at grassroots level. That was a function of the model on the ground, which had devolved responsibility below executive director level, down to directors and, sometimes, down to head of department level. We had very little in the way of management information coming through to us. That was the world that we found in 2015.

The PA report, which we have provided to you, calls out some of these issues, and particularly some of the challenges it has given around the quality of the supervision that was being delivered and the lack of consistency around that. Our initial response to that was to stabilise our people. We had significant retention issues, as I have said, which were giving rise to very high rookie levels across supervision. Our key focus there was to stabilise our people, coach our managers so that they could coach their people, refresh the learning pathways for new supervisors, and engage them in the model of supervision that, at that stage, Jonathan and I were trying to make work. That was a key focus of what we did.

We then did a lot of work to break down the silos within supervision. One of the first things we did was to bring back together risk committees, so that our leadership teams would be sharing risk issues from their local sector perspective more widely across the whole of supervision. We had joint risk committees and a joint leadership team across supervision and authorisations, which were so important, at the same time as driving better-quality management information to Jonathan and me. That was a key first step.

As we moved through 2016, we became aware—and it connected very strongly to Andrew’s arrival and the development of the mission and the new model that we started designing—that what we came across in our people was what I might call a compliance mindset: a narrow, rules-based, permissions-driven way of looking at individual cases. The step we took to tackle that was very much part of the new design of the model we were rolling out, which had, at its heart, an understanding of the business model, the need to look at issues holistically, the need to stand back and think about harm and, importantly, the need to be proactive in supervision. Those were the characteristics we were designing into the model through 2017, and we were making significant progress around that issue. We were significantly improving that compliance mindset, not consistently through 2017 or, indeed, 2018, but we were making improvements.

As we got greater visibility into how the new model was operating through 2017 and into 2018, we became aware of a different underlying cultural characteristic, which I might describe as an overly conservative, legal risk aversion. That was not, frankly, apparent to us earlier in this process. It would not have been, because the judgments were not the same ones that we were asking them to make. It became apparent to us only through 2018. As we came across particular issues, we changed processes and arrangements.

A very obvious example of that might be what we did with the use of a particular power in section 137—forgive me if I get too jargony around this—which was the financial promotions banning power, which had not been used because of legal risk aversion questions. We changed that, and Jonathan might want to comment on that, because it was an intervention that he made.

It was not just in that. You could find it in the way that things were or were not referred to enforcement, in the way that legal advice was provided, and how things of that sort were done. It is fair to say that we did not find that issue until 2018, and we have been working to remove that since. The key behavioural piece that we picked up as we became aware of that was when, in 2018, we launched a new programme called assertive supervision, which had at its heart three key things—quality assurance, knowledge management, and a strong focus on capabilities—and which retrained people on the use of tools and tried to break down some of these behavioural barriers not only to quick identification of risk but to risk action. There is no point in identifying risk if you do not do anything with it, so that was a key thing that we did.

We were taking action around that culture from the second we arrived, but some of the behaviours that we saw cast a very long shadow. Frankly, one of my learnings throughout some of the change programmes that I have been involved in is that changing culture takes time. I would come back to a remark that I made earlier, which is that we are not the same organisation that we were in 2016 or, indeed, in 2018 on those issues.

Felicity Buchan: Thank you. I know that Jonathan wants to come in, but I am going to hand over to my colleague Harriett, and perhaps Harriett can allow Jonathan to come in.

Q276       Harriett Baldwin: If I may start with some questions for Jonathan, feel free to add anything that you wish to that. Jonathan, in Dame Elizabeth’s report, she cites you as being responsible for the contact centre failings. For the record and for people who may not have read the full report, this included not just the failure to escalate the whistleblowing-type calls but the fact that some callers were given reassurances as to the reputability of LCF’s bond issues. Some people were incorrectly advised that LCF’s bond issues benefited from FSCS protection. I just wondered, Jonathan, if you could tell us, in terms of those kinds of concerns about the contact centre, why this happened under your watch.

Jonathan Davidson: Before I answer your question, may I also add my personal apologies to the LCF bondholders for what happened, for the losses and for the terrible impact that it has had on many of their lives? I felt it very deeply and I did ask myself what I and we could have done differently that might have brought a different outcome and got there earlier.

That brings me to the question of the changes that were going on in the contact centre, as it was called at that stage. When Megan and I arrived, and I took over the oversight of the contact centre, it was on a journey. It had been a consumer helpline, just providing guidance to people on where to go, where to complain to FOS and so on and so forth. The contact centre was on a journey over time to become a fully integrated part of supervision.

When I arrived, it had only just, some months before, moved from being in a function with authorisation, which was separate from supervision. The journey that we were on was about improving its role in supervision, to make it an integral part, and to focus on providing the right advice to consumers as well as improving the referral of cases to supervision and the provision of intelligence to other parts of the FCA, like strategy, about evolving issues.

In terms of the mistakes that were made about the referrals, we underwent a long process to improve the refinement of the criteria for referral. In the early stages, when I arrived, there was considerable concern that lots of referrals were being generated in error. During 2016, under my oversight, we implemented a regular feedback loop with supervision to improve the criteria, and new training was rolled out during 2016, which included eight categories that were the grounds for referral to supervision. One of those was financial crime, including, explicitly, fraud, although I do acknowledge, as Dame Elizabeth says, that it did not explain whether that fraud was in the regulated or unregulated business, and also any suggestions about fitness and properness as one of the criteria.

We were on this journey of improving, all the time, the criteria for referral, and building the knowledge of associates in terms of dealing with a very broad array of products and types of firms and problems and trying to work out whether they should be referred or not.

We had the same challenges in terms of helping to continually improve the advice that was given to consumers when they asked about what degree of protection they had. This is a complex task, as you might imagine, and, in order to improve, there was a continual cycle of feedback whereby we were taking advice from things like the general counsel’s division and the supervision division about the advice that was being provided. We were also increasingly rolling out a very strong quality assurance programme, whereby calls were listened to and evaluated for associates on a regular basis.

We were continually developing on those, but it was not good enough. It has made very painful reading, not just for me but for those individuals in what we now call the supervision hub, as we recognise that these associates are on this journey not just to be a helpline but to be a proper supervision hub. It has been very painful reading, but it has been a very salutary lesson in how important it is to understand the business models and what you are being told about them, not just about the compliance with some rules.

Of course, the rules are applicable only inside the perimeter, as it is called. We are very much encouraging everybody to say, “What is the harm that I am hearing about here? How does it transcend the business model?” This has been a continuing journey and, as Megan has said, we have taken several steps, including the feedback and the quality assurance, as well as restructuring not just the supervision hub—or contact centre, as it was called—to be more around business models, so that they understand what they are doing, but also the triage unit, which took referrals from the supervision hub.

Q277       Harriett Baldwin: You came into this organisation in 2015 and were responsible for it. At what point did this situation where things were not getting correctly escalated and incorrect information was being given to consumers come to your attention? Can you tell us when you first raised those concerns with either the chief executive or the board?

Jonathan Davidson: The quality of the information that was coming from the contact centre, as it was then, was picked out in the PA report.

Q278       Harriett Baldwin: Did you commission that report?

Jonathan Davidson: Megan and I were both very concerned at a lack of ability to see what was going on and to understand fully the problems in the supervision of very small firms. What happened was that, in the spring of 2016, when we had been there for just six months, we commissioned the PA to investigate and fully expose to us as many of the problems that they could find with the whole system of supervision.

Q279       Harriett Baldwin: Had you raised it with the CEO and the board before you commissioned the report?

Jonathan Davidson: Yes. The question about the quality of referrals in the contact centre had been raised by internal audit as well before that.

Q280       Harriett Baldwin: I mean you personally, Jonathan.

Jonathan Davidson: It was raised as part of the PA report and with our proposals for how to deal with it. It was then the subject of efforts in 2016 to improve the referral criteria that I have described.

Q281       Harriett Baldwin: Very quickly, because I have a lot to get through and your answers have taken up a lot of my time, how normal was it for the FCA to receive anonymous letters that shone light on potential fraud, and how seriously would you take them when they came in?

Jonathan Davidson: I do not know how frequent it is. In terms of whistleblowers, who are generally anonymous complainers, there are probably about 1,500 whistleblowers per annum, although that number has been increasing, as we have made very clear to people that it is very safe to come and talk to us anonymously about whistleblowing. They are taken extremely seriously.

One of the very first things that Megan and I were focused on outside of the DES programme was to make sure that whistleblowing was taken very seriously. What we instituted as part of DES was a set of escalations, and we said that all decisions on a whistleblower could not be taken at a level below the head of department, because we thought it was that serious.

Q282       Harriett Baldwin: DES is “delivering effective supervision, as I understand it, in your language.

Jonathan Davidson: Yes.

Q283       Harriett Baldwin: In terms of those anonymous letters, why would they not have been referred to the supervision division?

Jonathan Davidson: There was one anonymous letter that I believe was sent to the police.

Q284       Harriett Baldwin: What about some of the calls that came into the contact centre?

Jonathan Davidson: The reason why the calls to the contact centre, and particularly from one caller, were not referred is that, when they were referred, they were not consistently referred. We have very much taken on board Dame Elizabeth’s recommendation that any mention of the word fraud should be prioritised. For some reason, it was not.

Q285       Harriett Baldwin: What was the reason?

Jonathan Davidson: The reason why individual associates did not refer it was partly this cultural issue about not focusing on the entire business model and, therefore, thinking about the harm, which is fraud, and partly a focus perhaps on compliance, as in, “This is outside. It is not a breach of some rule that we need to think about”, despite what it said in the policy. The answer underneath it is that the one learning for me is that you can have lots of policies, but mindsets are really important; it is these cultural things that Megan talked about, and particularly this culture and compliance mindset of focusing on, “What is the harm that I am seeing here?” rather than, “What rule is being breached?”

Q286       Julie Marson: Perhaps I could turn back to Megan. I would like to address directly what Dame Elizabeth called the halo effect. The FCA’s authorisation is a very powerful thing for consumers. It was a known issue at the FCA that consumers would take FCA authorisation as comfort, and that LCF could benefit from the fact that they would use that to promote other outside products. How much of an issue did you find it was? What did you do to try to counter that problem?

Megan Butler: You are quite right. The halo was a known issue within the organisation, within the executive committee and, more broadly, across most parts of supervision. After all, it is why we have a financial promotions team and rules saying that you cannot use the FCA logo sitting alongside businesses’ logos, so we do know that there is a halo effect and we have traditionally, perhaps, sought to limit the use of that halo.

One of the learnings from this report for the organisation and, indeed, for me, is that, while we were aware of the halo and doing work around it and its connection to the perimeter, as a set of issuesthat toxic interface, if you like, between the halo, the perimeter and unauthorised business, and the way consumers were always going to struggle to understand aspects of thatwas something that, as an organisation, we did not fully understand until more recently.

Over the last two years or so, we have been doing more in that space, particularly to help consumers understand what authorisations and that badge mean and, importantly, what they do not mean. We have put adjustments on our register, so that consumers going into it can approach it as more of a consumer journey and understand the information that sits in there. Most recently—in fact, it was yesterday—we put another banner warning on the register about what authorisation means. A key part of this is that people can understand exactly what is understood by that badge that we give.

The other aspect that we have thought about and which is a direct result of Dame Elizabeth’s report is around the policy that we have called “use it or lose it”. Historically, we have not regarded non-use of a permission as a red flag. We have lots of firms who have permissions that they historically have not used, or that they show no regulatory income against. There are lots of reasons why firms have those permissions. Sometimes, it is because they are growing their business in a particular way; sometimes, they want an adjacent permission just in case they stray over a particular boundary.

Historically, we have allowed firms to take that approach, without thinking about the balancing impact in terms of whether firms are doing that deliberately to cause harm or to create a halo effect. That is one of the key organisational learnings that we get from Dame Elizabeth’s report on this, and that is why we have moved to a “use it or lose it” policy, which we launched earlier this year. It means that, over this coming year, we are going around every single firm that has an unused permission and we will remove them.

Q287       Julie Marson: Turning to Jonathan and moving on, because I have a bit of ground to cover, Dame Elizabeth used a very powerful phrase about the fact that “LCF was frequently breaching the financial promotion rules, but nothing was done about it”. She said it was “one of the real wickednesses” of the situation. What is your response to that? I notice you have talked about policies, but one of her findings was also that, whilst you had rules and powers, there was a lack of policies.

Jonathan Davidson: I agree with Dame Elizabeth and the gist of her observation that the attitude that we took in our policy to repeat breaches could have been more robust. This is one of the examples that Megan referred to earlier. Megan and I became increasingly concerned through 2018 about the lack of robustness and the legal risk aversion of our response to things like people who repeatedly breached the rules on financial promotions. It was organisation-wide, frankly. The use of our ability to turn around and say, “We are banning you from doing financial promotions” using section 137 of FSMA had been discussed at ExCo and had been pushed back multiple times, before our arrival.

When we started to come across these things in 2018, we started to say, “No, we need to tighten up on these policies”, and, as Megan alluded to, the banning power, for example, was brought to our attention in the middle of 2018. Because I was chairing our joint committee at the time, I immediately said that we need to take a more robust approach. Although there was pushback from our legal department, I said, “No, we are going to pilot something where we take a more robust approach”. Indeed, the very first time ever that we had cause to use the power in anger, as far as I know, was with LCF in November of that year.

As Dame Elizabeth pointed out, the policies were at a level that I was not aware of them, but they are an example of, again, where we were being legally risk-averse. In the middle of 2018, on the repeat breaches, we got rid of that thing that said, “We will just send you a warning letter after three breaches”, and went to something where we said, “We are going to take something which is more appropriate to what we think the circumstance is”. Following the report that we have received from Dame Elizabeth, we have taken her recommendation that we be more specific about it, and we said two material breaches, not three. There is now very clear escalation up to senior levels in the FCA, which there was not before, and a very clear pathway, with some very robust action in it.

Q288       Julie Marson: Could I follow up on resources? During the period that we are talking about under the report, there was a reduction in resourcing in the financial promotions team. Is that indicative of a lack of priority given to the team?

Jonathan Davidson: I did have a look at the resources that pertained through the time. The resources of the financial promotions team did not change very markedly through the period, but what I would say is that the issues that led to us not getting to LCF early, if I might express it in that way, were not about resourcing. They were about our ability to take a holistic view of what was going on and to put together red flags. It is not really the issue here, in my view. Megan may want to comment on that as well, because this is a question that we asked ourselves across the whole of supervision about resourcing.

Megan and I concluded—Megan, please feel free to disagree with me—that the real issue here is having a holistic view of the business model of each of these firms, having the right data to really know what is going on, and having someone who is individually accountable for pulling together that view and for taking action, with all the IT, data and data analytics that will help those individuals to do that. That is not about numbers; it is about having an organisation that is smart.

Q289       Julie Marson: I will turn back to Megan because I am running out of time. One of Dame Elizabeth’s recommendations asked the Treasury and the FCA to work together in order to make sure the legislative framework addresses a lot of these issues. How important is that recommendation?

Megan Butler: It is hugely important. If we look at the broader challenges around what we see, particularly, perhaps, with high-risk investments more broadly, we see that there are challenges in the legislative framework that we are given to operate within. I might start there particularly with the framework around section 21 on approving of advertisements, whereby any authorised firm can approve any advertisement. It is not, in itself, a regulated activity, so we have less data about it. Firms do not need to demonstrate that they have any capability in doing it. That, as a model, is quite problematic. We are working with the Treasury now to make that better.

Another area where it is so important that we work with the Treasury—again, Dame Elizabeth calls this out—is making sure that appropriate oversight of the ISA regime is in place. That is another important part where we have started working closely with the Treasury.

The third area that I might broadly call out is around technology providers: the Googles of this world. Over the last couple of years, the distribution channels for investments—and particularly high-risk investments—are becoming increasingly digital, and yet a lot of that arena is not subject to very much oversight and, indeed, largely outwith the scope of our regulation, which is problematic. Our chairman has been reasonably vocal on this subject around the opportunity to extend the online harms Bill to financial services, and that is one that I would very much support.

Working together with the Treasury is a hugely important part here. It is why, for the last few years, we have been writing a perimeter report that is a very significant part of our role as a regulator.

Q290       Anthony Browne: My questions are going to be fundamentally about the authorisations process. You touched on it a bit earlier, but I just want to dig down into some of the detail. Jonathan, in Dame Elizabeth Gloster’s report, she talks at length about LCF’s first variation of permissions authorisation. She details at least four reasons why it was wrong; I will not list them all now, because I am sure you know them. When you arrived at the FCA, what was your view of the overall authorisations process? What were the deficiencies at that time?

Jonathan Davidson: My view on the authorisations process was that I had considerable concern, if you like, about the sheer scale. In 2015 and 2016, we jumped from about 8,000 authorisation applications from firms to 19,000, so my biggest concern was to really understand how we were going to make sure that as few as possible in that tsunami of applications slipped through the net. The reason for those was the consumer credit firms coming in. I spent a lot of time looking at how we were working, on the basis that we could not give the same level of scrutiny to an application by a dentist to hand out a leaflet to offer credit for orthodontics work as we would to a firm proposing to get into the credit card business in a very significant way.

I looked at that, and we settled on a process whereby we divided it into channels, and the amount of scrutiny that you got in each channel was decided by what we saw as the risks in the business model of the firm. In a sense, that was right. I do not want to go into the details of the application from LCF, because a lot of what we asked it and what was said back to us is germane to the investigation by the Serious Fraud Office. It was put into a high-risk category, where it was getting more scrutiny, where it would have been about investigating and interrogating. It was put back down into one that was really more about confirming, and that was a mistake.

Q291       Anthony Browne: Why did that happen?

Jonathan Davidson: Again, I do not want to go into the detail, but the firm was applying to hold client money, which was deemed to be risky. If you are holding client money, there is a risk that it could be lost and, therefore, there is a lot of scrutiny. The firm withdrew its application for that permission.

Anthony Browne: It de-risked.

Jonathan Davidson: It was taken down, but there were protections in place to say that that should not happen necessarily and, if you did want to do it, you had to get the agreement of the manager and, in fact, the manager did approve it. I cannot say as to the counterfactual in terms of what might have happened if it had remained at the elevated level of scrutiny. We had, if you like, a risk-based approach, in which the criteria for the risk levels were reasonable. Indeed, they were discussed at and signed off by the board, because Megan and I both thought it was that important.

I would also say that what is really important to authorisations, which I felt increasingly over time, was that they should not just be taking the same approach to every different type of business model. As part of the DES programme, we would develop a strategy for each of the 43 business models that we identified in our remit. Each one of those had to have an authorisation strategy. Over time, those have been put in place for more and more identification of the specific issues relating to the business model, on top of which, with the assertive supervision programme, we encouraged authorisation to take a more robust approach to legal risks that we might be challenged with.

As a result of that, to give you some idea of the impact of that, we started measuring our rate of rejections, withdrawals and refusals. In early 2018, that rate was running at about 5%. By the last six months of last year, when I was in role, it had doubled to 10%. Importantly, in those business models, which we called red portfolios, there were significant amounts of risk and we deployed these strategies. For example, in payments, the level of rejections had risen to 26% in the last six months of last year. In high-cost lenders, it had risen to 28% from 15%. In the area of illiquid securities of firms that had somewhat analogous business models, like crowd-funders or LCF, from June 2019 to the end of last year, we were running at a rejection, withdrawal and refusal rate of over 60%.

Again, this is the same story of business model, confidence and assertiveness, which came too late—and I am very sorry that they came too late—to limit the losses of the LCF bondholders, but, as Megan has said, it is a very different function that we have now to what we had in 2018, and certainly very different to 2015.

Q292       Anthony Browne: I am tight for time, so I would like short answers, please. At the time that the FCA approved the first variation of permission application for LCF, you were still meant to take a holistic view of the organisation, were you not, which did not happen, or did that come later? I thought that you were meant to do it at that time.

Jonathan Davidson: Absolutely, the threshold conditions, which were in legislation, require a holistic view of the firm, including about its fitness and propriety.

Q293       Anthony Browne: Why did that not happen at that time?

Jonathan Davidson: The associate did look into it and did ask about the unregulated business. As I said before, I do not want to get into what was said in the answers, but we did not draw the conclusion that was later drawn in the listings department and elsewhere about the business model that Dame Elizabeth points out.

Q294       Anthony Browne: I want to follow up on a point that Megan Butler made earlier. You said you now have this “use it or lose it” rule. If I understand rightly, LCF was not making any money from regulated activities at all. All of its money was from unregulated activities. I know from personal experience that applying for authorisation from the FCA is a very time-consuming and expensive process for businesses, and you would not do it for no reason.

At the time that LCF was applying for its variation of permissions, you did have the powers to deprive people of permissions that they were not using. You did have that data, so why did it not raise alarms at that time and why did you not remove it from permissions when it was not getting any income from regulated activities at all? The examples that you gave earlier were where companies apply for permissions because they are on the boundary of regulated activity, which is their main thing. You can understand that, but here you have a company that made no money from regulated activities and everything from unregulated activities, and yet it was still regulated.

Megan Butler: Forgive me; was that question to me?

Anthony Browne: Yes. This is such an extreme case of a company making all of its money from unregulated activities yet being regulated. Why did that not raise flags at the time? It was not one of the marginal cases that you were referring to earlier. Why did you not scrutinise the fact that it was not making any money from its regulated activity and then remove its permissions?

Megan Butler: I might refer aspects of that to Jonathan because I was not responsible for authorisations through any of this stage, but my broader point is still relevant. At the gateway, it is not unusual to not be making any money from a regulated activity. Almost by definition, you will not be. It will often be speculative in a business plan, and my understanding, although Jonathan will be able to clarify, is that there was a business plan.

More broadly, it was just not regarded as a particularly significant red flag on a balance of risk. Our view is that that balance of risk would have gone too far one way rather than the other, which is why we have moved to the “use it or lose it” approach. How firms are using permissions is also likely to figure more in some of our surveillance work that we will do around triggers for further intervention. These are all aspects where the use of permissions, if we see that in the data, is much more likely to trigger a response from the FCA to the firm. This is one where we just had a particular view of it as a single issue, where our view has moved. I do not know if Jonathan wants to talk about the specific; I cannot.

Jonathan Davidson: Without going into the details on LCF, for the reasons I have stated, there was a business plan attached both to the initial application and to the variation of permission, with plausible reasons for why it might be needed to have that permission.

Q295       Anthony Browne: My time is up, but if my colleagues will indulge me, I just want to ask one very brief question, so very brief answers, please. The FCA does not operate a zero-failure regime; companies do fail. Do you need to be more explicit about that and what that means for consumers, so that they are clear they could sometimes lose out?

Megan Butler: The short answer to that is yes. We need to be clearer about that and to help consumers understand the implications of that before it happens.

Jonathan Davidson: Another example of that is that, after the LCF affair, I authorised and set up a programme where we bought advertising to compete with the firms that were advertising these high-risk investments. If you clicked on our link, which was among those of all these other firms, we said, “If you cannot afford to lose the money, do not invest it”, essentially. It is very important that consumers understand the risks that they are running. Sadly, we could do more, although it is not our role to educate consumers.

Q296       Anthony Browne: Clearly, you are in a position to ensure that consumers are warned appropriately.

Jonathan Davidson: Correct.

Q297       Alison Thewliss: I have some questions around flexible firms, first of all for Megan Butler. Dame Elizabeth found that the delivering effective supervision and delivering effective authorisations programmes faced delays in implementation that meant that “serious deficiencies, including a lack of proactive supervision, existed in relation to the supervision of flexible firms like LCF, at least until the DES programme was closed in November 2018”. Can you tell me a bit more about that?

Megan Butler: I have mentioned, as has Jonathan, that the programme of delivering effective supervision was one where the design of the new model was largely done through the end of 2016 and in early 2017. Most of the key elements associated with that were, in fact, delivered through 2017, and so most of the key issues around the need to take a holistic view, to use Dame Elizabeth’s phrase, and to take a business-model approach to focus on harm were all rolled out as part of the model pretty much by the end of 2017.

The reason the programme closed late was that, in common with programmes the world over, it was a collective endeavour across the organisation, and the key aspect that we were waiting on to complete the programme was the enterprise-wide risk framework that we needed to allow us to complete some of the final templates that people were going to use, so that we had a proper, consistent way of recording risk that allowed us to properly evaluate where to prioritise resources and, indeed, where we could properly assess the impact of our interventions. That did not come until later than we would have liked and meant that that aspect held up closure of the full programme until the autumn of 2018.

Q298       Alison Thewliss: There are around 50,000 firms within that bracket. Were you a bit worried about the lack of supervision during that period, waiting for it to finish, and was there anything in place in the interim?

Megan Butler: We are now at about 60,000 rather than 50,000, and it is getting bigger. I am just making sure I get my years right; we were concerned from 2016, when it became clear to us that, even if perfectly implemented, the model that had been rolled out at the beginning of 2015 was not going to deliver an appropriate focus on the risk of harm caused by an individual small firm. That meant that, when we designed delivering effective supervision, we did not do it as a big bang. It was delivered through the course of 2017, so at no point was there no supervision of smaller firms.

Through the course of 2017, that supervisory structure changed, developed and improved. It clearly did not move quickly enough to catch LCF—we are extremely sorry for that—and aspects of that were rolling out through 2017 and 2018, at much the same time as LCF was figuring in our consumer contact centre and other alerts. We just were not at the point of picking them up through 2017. There was change on the ground and we were getting better; sadly, it just did not find London Capital & Finance.

Jonathan Davidson: You asked about why there was no supervision, and whether there was any proactive supervision. There was reactive supervision, which is dealing with things that came in of their own accord, but the model that Megan and I suggested was that we should take each of the 43 business models, decide what things are most likely to go wrong, and use data strategies to try to intercept those firms before they cause too much harm and damage. That was one of the key parts of the DES programme and was rolled out through 2017 and 2018. An example would be that one of Megan’s teams that dealt with firms like LCF asked the fin proms team, “Please tell us about any firm that is doing fin proms on minibonds that you come across”. It was that proactive, “Let us go looking rather than wait for them to cause problems”.

Q299       Alison Thewliss: You mentioned that you missed LCF as these things rolled out and as things were moving. In your answer earlier, Jonathan, you said that, when you had the overall picture of the 43 different things and, within that, the ones that are similar to LCF, you found a 60% refusal rate. Can you tell me more about the reasons for the refusals there and the way in which they were identified and you were capturing that within the system?

Jonathan Davidson: The reasons for the refusal included us focusing on the issue of consumers not understanding the risks that they were going into, the use of the halo effect, the risk that the firm did not have adequate controls over the credit or the assets it was investing in and so on and so forth. It would take that business model and ask, “What are the intrinsic risks of it?” and dive deep into those assets for those sorts of firms.

I cannot say specifically which aspects of that—that would require more analysis of the databut that was the principle that we employed in a lot of areas, in all of those portfolios, which led to us asking, “What, intrinsically, is likely to go wrong with this business model?” For high-cost lenders, the risk is that they lend to people who cannot afford to pay back, who then become very profitable customers. We go and look very carefully at what they are doing on that function, and one reason why we would reject those firms would be inadequate controls over that. Does that help?

Alison Thewliss: Yes, it is useful to get an idea of what things you were looking for in terms of making that refusal.

Jonathan Davidson: Just to give you an example of that in my world, which was consumer credit, we collected credit rating agency data. We said that firms that might be causing problems were going to have very high growth rates and very high arrears rates on their lending. We can get that from the credit rating agencies, which is what we did. We then went in and intercepted, and said, “We need to have a little chat”.

Q300       Alison Thewliss: Once you split the flexible firms into these 43 different portfolios, that is a lot of buckets to keep an eye on. Can you tell me how you maintain oversight of all of these?

Jonathan Davidson: Each of the 43 portfolios had a team. We required each team to develop a strategy, which was then reviewed and signed off. For those portfolios that we rated red, we said that they need to be escalated. Up until recently, before I stepped away, Megan and I were reviewing the evolution of the portfolio strategy for what we called the red portfolios, which included firms like LCF: payments firms, high-cost lenders and so on and so forth.

Q301       Alison Thewliss: The PA report highlighted some inconsistencies in the way the FCA’s approach to flexible supervision was interpreted and implemented by the different sector teams at the FCA, due to a lack of set standards and expectations. How did this finding influence your approach when splitting the flexible firm portfolio? How can you be sure that what you have graded as red remains red and other things do not move into a red area?

Jonathan Davidson: The lack of consistency in approaches was absolutely a problem. One of the key parts that Megan was describing was the risk framework, which was the way that we measured the risk, articulated what it was and recorded it, so that it was, as you say, being done in different places, in different ways and with different metrics. We needed to standardise and agree that. We then needed to programme it into modifications in the systems where people were recording things. All of that took time and it also required a lot of training of all the people across supervision to really understand what we were asking them to do. With every new system, there is lots of training.

Q302       Alison Thewliss: Yes, I would imagine so. When we spoke to Andrew Bailey, he told the Committee that, when issues with LCF were uncovered, steps were taken to establish if there were any other similar cases. You have talked about 60% of rejections in that particular portfolio, so could you tell me what other risks were flagged as a result of this process? Can you give us any assurances as to how this will be handled in the future?

Jonathan Davidson: Megan has led the charge on this area and we took a lot of action post LCF. Megan, may I turn to you?

Megan Butler: Yes, of course. The immediate response, and what Andrew was referring to, was to set up a small, cross-organisational team to manually—because it was manual at that point—find any other minibond cases that we had in our records, to make sure that they had been appropriately dealt with, and to push through any actions that were still outstanding on any of them. That was done through the course of 2019. That team has grown and developed into a new way of working in the organisation, in fact. It is a joint supervision and enforcement team, where we have embedded financial promotion experts as well. Their role is to proactively go in search of not just minibonds but high-risk investments more broadly, particularly those that are digitally distributed, and seek to intervene as quickly as we can.

One of the key things around this area is that, although, back in 2017 and 2018, one of the key high-risk investments that were used or misused was minibonds under a particular methodology, people who seek to scam and defraud move their methodologies and typologies as we get on top of them. That team’s job is to keep as close as they can to the developing market practices around some of these scams and fraud that we see. Perhaps one of our biggest learnings is that we need some of that expertise devoted specifically to this, and that is one of the key outcomes that we have had since the work that we did on LCF and minibonds specifically in 2019.

Q303       Alison Thewliss: That moves us on neatly to some of the issues around IT systems, which have been a massive issue in terms of keeping track of and logging things, and intelligence within the organisation about issues that were coming through. I am not sure which of you would prefer to answer in terms of what has happened since then to improve the effectiveness of the IT systems.

Megan Butler: Again, back in 2015 and 2016, in common with a great many organisations, we had multiple legacy systems and key innovations being dealt with on spreadsheets. The siloed ways of operating had led to bolt-on pieces of technology, if I can call them that, around our core technology systems. We had siloed data within all of these things. These are key barriers to developing the sort of supervision, joining up the dots and holistic approach that Jonathan and I were aiming to achieve to allow swift risk identification and, importantly, swift intervention.

The FCA has made a very significant investment in its technology. In last year’s business plan, we said we were spending upwards of £60 million on our technology and, as a result of that, we are now just about to move into a cloud environment. We are creating unsiloed data in a data lake. As a result of our published data strategy, against which we have also made significant progress, we are now in a much better place, with much more resilient, robust technology systems and better access to better-quality data to enable us to achieve some of those things that Jonathan and I, within supervision, were trying to achieve a few years ago and which are going to be central to what Nikhil has said he wants to achieve in the context of transformation.

Transformation has to allow us to be fit for a more digital future. The financial services world is becoming more digital; we need to as well, and we need to make the absolute best use of our data that we can. That has been our focus. As I have said, we have made a significant investment in it. It is likely that more investment will be needed in it over the coming years, and there will be more about that in our fees consultation, which is imminent, and then our business plan later this summer.

Jonathan Davidson: I was going to add that it is one thing to have the data and the technology, but you also need the analytics capability, which is both a systems and a people issue. We have made a very significant investment over the last 18 months in building analytics capabilities that would allow, say, a supervisor to take a single view of the history of a firm on the spot, or to scan across all the different data that we have, look for patterns and generate alerts for a human being to deal with. That has meant recruiting a lot of data scientists and creating a whole capability around that as well. Again, that has come since 2018.

Q304       Alison Thewliss: Using the data capabilities that you now have and the investment that you have made, how does that information get passed up to board level, and how does the board know whether or not the analytics are working?

Megan Butler: That is a really interesting point. At this stage, a lot of this has been and will continue to be put in place as a result of the transformation programme that we are engaging in. Some of it is short-term delivering this year. All of those aspects in the key metrics and deliveries are overseen by the executive committee on a monthly basis and report through to the board on a monthly basis. A key part of what transformation will deliver is going to be measurable outcomes to which we, organisationally, can be held to account. We will be publishing those later this year, so that not only the board but also organisations such as this can oversee what we are achieving and ensure that we are held accountable appropriately for that.

Q305       Alison Thewliss: In terms of the understanding of the people on the front line who are entering this data, did they have a clear understanding of where that data then goes and the quality of what goes in? If you put absolute rubbish into the system, you are not going to get much at the other end.

Megan Butler: You are absolutely right. The short answer is yes, they do. We are piloting new uses of data and data analytics at the moment. We have been piloting them over the last year, a lot of that in response to some of Dame Elizabeth’s recommendations around triggers work, for example. It is undoubtedly building on a more holistic approach to understanding a firm.

We have been rolling out dashboards for supervisors at firm-specific level but also at portfolio level, with key risk indicators built into them. I am not going to say at this point that we are completely where we need to be. We need more people understanding data analytics, and we need more sophisticated tools in this area. We have made significant progress in the last year on that and there is a lot more to do.

Q306       Dame Angela Eagle: I want to start off by asking a few questions about the perimeter and then go on to talk about the transformation project. Dame Elizabeth’s review notes that, for a period of time, senior management knew that there were risks at the perimeter but did not ensure that that filtered down to the rank and file. Why was there a failure there?

Megan Butler: It is fair to say that the organisation and I have always been clear that the behaviour of an authorised firm and key individuals within it outside their permissions—the perimeter question, if you like—is relevant to consideration of that firm, including as to whether or not it is fit and proper to hold any permission at all. That is embodied in legislation; Jonathan has already referred to that.

I would not agree that the organisation as a whole did not understand that there were issues around the perimeter. In fact, this was set in the mission documentation. I am trying to remember the date, but in 2016, I think, we published the draft mission, which had within it a statement of our role in respect of the perimeter. That was discussed extensively across the organisation as a whole.

I come back to the supervision model that was on the ground in 2015 and through a large proportion of 2016, which had at its heart a very reactive approach to individual firm questions, and more of a market-wide intervention approach to solving big problems. The model that Jonathan and I designed and rolled out through 2017 and completed through 2018 was perimeter agnostic. It was about, “What is in the business model and how can that business model cause harm?” It was not about permissions; it was not about regulated activity. It was, “What is in this business model and how can it cause harm?” It may not have been called “perimeter”, but that was at the heart of what we were trying to do.

Q307       Dame Angela Eagle: Why, then, was there such a reluctance to look into and follow leads about what was going on outwith the perimeter, but with firms that did have FCA accreditation?

Megan Butler: This comes back to some of the things that we have touched on already. The previous model cast a very long shadow around behaviours within it. As we rolled out the new model in 2017, we did see change around this aspect. We saw moves to being more principlesbased, if I can call it that, or outcomesbased, rather than rulesbased, which is another characteristic, perhaps, of some of these same issues. We have examples of that through 2017, more consistently through 2018 and then more consistently still since 2019.

The individual cases and the individual decisionmaking on London Capital & Finance clearly show that long shadow of the need to change behaviour. Since 2018, we have been publishing perimeter reports, which call out a range of perimeter questions. We have changed the register. We have engaged in more training of the contact centre around some of these issues, which is a really important part. We have adjusted our website. We will train and retrain and retrain our people.

I would also like to add that the perimeter is an inherent challenge. It has some inherent challenges within it. It is inherently complicated. The perimeter for the FCA is different to that of the compensation scheme and different again to that of the ombudsman scheme. There are different sorts of ways to get inside the perimeter. You sometimes may get registered for moneylaundering purposes. Sometimes you have different sorts of permissions. It is inherently complicated. It keeps moving. We are introducing funeral plans and we are probably going to have “buy now, pay later” come in. There are key enablers outside the perimeter.

I am not using those as an excuse for why we did not identify the risks in LCF, but, in understanding the organisation’s approach to the perimeter, we need to recognise that it is inherently complex.

Q308       Dame Angela Eagle: Can I just say, Megan, that it is an unenviable job, trying to regulate this many companies in a constantly changing situation? It is very easy to carp, but you end up having to do a very difficult job. However, if you make mistakes in that job, real people suffer real detriment and harm. That is something you have both recognised today. I am interested in discovering what we can do to make it more likely that you will be able to do your job, however complex it gets. Do you think that you have the appropriate remit to operate and protect beyond the perimeter? Lets face it: if somebody is doing dodgy things in an unregulated space, it is highly likely that they are going to do dodgy things in a regulated space. Perhaps that should be flagged up.

Jonathan Davidson: I am going to express a personal opinion about something that would have made my job easier. It is to create a very clear, simple perimeter. Megan mentioned the misalignment between the FCA regulation, the financial ombudsman regulation, the FSCS regulation and the financial promotions regulation. Financial promotions will now apply to cryptocurrencies, but we do not regulate cryptocurrencies in the normal way, except for money laundering.

If we had all of those things well aligned, with a bright line, so that we were able to say to consumers, for example, “Inside this chain-link fence, this perimeter, it is pretty safe because all of these things are aligned for you, and outside be very, very careful and only do it if you can be prepared to lose all your money”, that would help a lot.

Q309       Dame Angela Eagle: Do you think that aligning the perimeter across all of these structures would make that easier for you, and more likely that you would be able successfully to regulate and then just say, “It is the wild west beyond the chain link of the perimeter”?

Jonathan Davidson: We do not like the wild west. When we see things that are close outside the chain-link fence, we do mount a sortie to try to sort them out, as you have seen in the past. Yes, it would help. It is not just about helping us; it is about helping consumers to understand the risks they are running. That is, to me, a key part. Megan can talk much more eloquently than me about this. Going forward, a key part of it is educating and helping consumers to help themselves, as opposed to always trying to protect them, even when it is in an area that is just outside the perimeter.

Q310       Dame Angela Eagle: Megan, do you think that we should be changing the Financial Services and Markets Act to make your job easier? Do you have the right sort of structures in the legislation?

Megan Butler: If you are not going to completely start again and move away from a system of permissions and regulated product, there are things we can do that would help to start aligning the perimeter more clearly. Aligning the perimeter would be extremely helpful, for the reasons Jonathan set out. Wherever you put your perimeter, there is always a perimeter question. People who want to cause harm always operate in that grey space, just outside wherever you put italways. Creating more clarity around where that sits would help. It is not about helping the regulator; it is about helping people understand, when they are making investment decisions, the level of risk they are running. It is very hard for consumers to do that right now.

Q311       Dame Angela Eagle: Would it also be appropriate to create a system of regulation and enforcement that deterred the scam merchants who operate in the grey area you have just talked about? One of the most obvious things to come out of Dame Elizabeth’s report is the reluctance to actually enforce using the law.

Megan Butler: That does come out of the report; you are quite right. We do have powers. We have criminal powers in this area. We have regulatory and civil powers too.

Q312       Dame Angela Eagle: They are theoretical. You do not use them very often, do you? It is not only you, to be fair. The entire enforcement of fraud rules and economic crime leaves—let us put it this way—an awful lot to be desired in the country at the moment. The risks seem to be so small for those people who want to make money by nefarious, fraudulent activities in this space that it is not really a deterrent at the moment. What could be done to make the law a deterrent?

Megan Butler: You are quite right about fraud. It is now our single largest reported crime.

Q313       Dame Angela Eagle: With one of the smallest percentages of conviction.

Megan Butler: Pursuing fraud, which we do increasingly and we will increasingly do, linking up with police forces and specialist agencies to do that, is something that we can do more of and will do more of. That is quite important. Making sure that all the different agencies are joining up effectively is critical. Everyone understanding the role they have so that you do not get inefficient duplication is an important part of that cooperation.

A lot of what we see in fraud terms, when we identify an internet fraud or scam, for example, does not even locate in the UK. It is an intrinsically hard area to go after, because they are often offshore.

Q314       Dame Angela Eagle: Would you like to see the Government address those issues in the online harms Bill that is forthcoming? At the moment, it does not address those issues.

Megan Butler: No, it does not. Yes, the online harms Bill would be a very suitable place to allow us to pull into the regulatory structure or to give proper incentives to other types of organisation that do have the ability to intervene. If we have not, within the FCA, maybe Google could do something. At the moment, when we talk to Google—

Q315       Dame Angela Eagle: I wouldn’t hold your breath on that one.

Megan Butler: We do our very best. Most recently, when we tried to do this, we ended up buying our own advertisement space, as the only way to get in front of the scammers. Something that properly incentivises the technology companies to play their part appropriately would be very useful.

Q316       Dame Angela Eagle: Is this part of your transformation programme?

Megan Butler: Our own role within it, yes. Becoming more assertive around those issues, yes. Making sure that we have the right data in place and the right join-up around these things, yes, absolutely. But anything we do to ourselves is not going to change the way other third parties might be incentivised or not to support that effort.

Q317       Dame Angela Eagle: Is there anywhere else in the world that does this better than we do that we could learn some lessons from, in terms of, for example, striking people off who are nefarious actors in this space, or increasing the risks that people who operate on those dubious boundaries—taking people’s money—face as a result of the risks they are taking?

Megan Butler: It is fair to say that almost all regulators around the world are facing the same problem, which is the explosion of harm associated with the digital environment. Everybody is facing the same problem, which is that they are not located within jurisdictions but these are crimes that are not physically jurisdictional. It gives real problems, in law enforcement terms.

I do not want to give the impression that there is not more we can do, as an FCA. There is a lot more we can do as an FCA. That is part of our transformation agenda and we will do it. We will have systems to identify firms and individuals who are more likely to cause harm. We will have specialist teams, which will be trained to take swift and immediate intervention action. We will follow that up, in appropriate cases, with criminal action. We can do that and we will do that. In fact, we are aiming to have those new teams and functionalities in place by the end of the year.

Q318       Dame Angela Eagle: A couple of years from now, then, perhaps when you come back before us, you will be able to say that the transformation programme that you are leading has worked to such an extent that you have managed to convict some people and change the balance of risk, to ensure that those who try to con people out of their money are going to be more worried about the potential consequences.

Jonathan Davidson: I will not be the one who is coming back in a couple of years’ time.

Dame Angela Eagle: I will ask Megan in a minute, but you might want to make some observations.

Jonathan Davidson: On Megan’s behalf, my observation is that, out there in the world of fraud, there are bad actors operating at industrial scale. They are well organised, they are innovative and they keep going. To give you some idea, every time there is a fraud, the money has to go somewhere. It goes through mule accounts. There is an industry out there recruiting people, often students who do not understand what they are getting into, to become mule accounts. They are recruiting at a rate of tens of thousands a year. This is an industry and this country needs an organised strategy across multiple agencies to tackle it from all angles. We are facing an adversary. This is a war. It is an arms race.

Q319       Dame Angela Eagle: Megan, do you have any observations about how the transformation programme you are leading can get us in a fitter state to deal with some of this?

Megan Butler: Back to your original question, will I come back in two years’ time and tell you that we have made that level of intervention? I hope so. In terms of the immediate things that we are looking to deliver within transformation this year, we are doing some things that speak directly to this. We will be creating, as I have said, new functionality for surveillance across all of our firms, which will be digital itself. We will be creating algorithmic triage of all of the data that we can collect, which will give us targets for action. As I have said, we will create new teams, which will be focused on rapid intervention. We aim to have all of that in place by the end of the year.

There is an interesting parallel with the way we approach wholesale misconduct. In wholesale markets, the issue, in a sense, is less to do with frauds and scams; it is market abuse. In the market abuse area, we have a surveillance function that takes in all of the transactional data, has algorithms that run across it, identifies patterns that are unusual or indicative of potential abuse, and identifies targets, which are then reviewed by a specialist team and intervened quickly against.

We know how to do this. We have never tried to do it across 60,000 firms, but we do do it across millions of individual transaction reports now, on the wholesale side, so we do know how to do this, which is why I am confident that we will be able to have this up and running by the end of the year.

Dame Angela Eagle: I look forward to seeing how progress goes.

Chair: That brings us to the end of this session. Can I thank you both for appearing before us? I know that it has been an uncomfortable session in many ways. First, just to recap, on the failings that occurred, you have both expressed your regret for the suffering that many people have undergone as a consequence of those failings. We have touched on responsibility, but we have also talked about the lessons of the LCF situation. On a more positive note still, we have looked at some of the issues around that for the future, and how we can learn from it and move on. I am grateful to you both for having attended. Thank you very much indeed for having done so this afternoon.