In this episode, Lindsey Rogerson and Rachel Wolcott, senior editors for Regulatory Intelligence in EMEA discuss the UK Financial Conduct Authority’s (FCA) approach to Freedom of Information Act (FOIA) compliance.
In the UK, most public bodies are subject to FOIA. That means members of the public can request information held by public authorities or by persons providing services to them. That includes the FCA, the Prudential Regulation Authority and the Bank of England.
Lindsey and Rachel discuss the importance of using FOIA in their work to uncover information that helps readers and listeners better understand how the regulators work. They talk through several examples of information they’ve been able to request, including about whistleblowing, enforcement statistics, as well as bullying and harassment allegations made by FCA employees.
Recently, however, many of their FOIA requests have been met with resistance from the regulator. Lindsey and Rachel talk about how they appealed the FCA’s use of FOIA exemptions —and won. The process brought valuable insights into how the regulator manages FOIA compliance.
LINKS
FCA response to FOI on guidance for supervisors investigation allegations made by whistleblowers after ICO intervention June 2024: https://www.whatdotheyknow.com/request/protocol_for_supervisors_when_in/response/2684994/attach/4/FOI10712%20Amended%20Response%2020240619.pdf?cookie_passthrough=1
Redacted FCA document: Supervision: Whistleblowing ‘How to Guide’ for SPC & Authorisation Divisions: https://www.whatdotheyknow.com/request/protocol_for_supervisors_when_in/response/2684994/attach/5/Annex%20A.pdf?cookie_passthrough=1
Article: FCA report shows "host" ACD compliance has not improved in a decade, s 166s imposed: https://word-edit.officeapps.live.com/we/FCA%20report%20shows%20%22host%22%20ACD%20compliance%20has%20not%20improved%20in%20a%20decade,%20s%20166s%20imposed
Article on: UK FCA is still assessing more than 1,100 whistleblower reports from 2023/24: https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgo-ri.tr.com%2FO3tB1r&data=05%7C02%7Crachel.wolcott%40thomsonreuters.com%7Cba01669a1154474d690a08dcd2715851%7C62ccb8646a1a4b5d8e1c397dec1a8258%7C0%7C0%7C638616631473549097%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=DODZq3z11tZ%2FDZsQvMvYSJWDHOs4gJi7eVZRLslaqGA%3D&reserved=0
H2O decision notice: https://www.fca.org.uk/publication/final-notices/h2o-am-llp-2024.pdf
FCA warning notice on Woodford Investment Management Ltd and Neil Woodford: https://www.fca.org.uk/publication/warning-notices/warning-notice-statement-24-3.pdf
First Tier Tribunal decision in Paul Carlier v ICO: https://www.bailii.org/uk/cases/UKFTT/GRC/2024/257.html
Article on FOIA request about MiFID II recordkeeping investigations: https://www.linkedin.com/posts/rachelwolcott_mifid-enforcement-action-activity-7199352605670555649-BLwt/?utm_source=share&utm_medium=member_desktop
Article: FCA to merge FOIA, personal data disclosure unit into comms team: https://www.linkedin.com/posts/rachelwolcott_fca-to-merge-idt-fully-with-communications-activity-7163815206140239873-HFex/?utm_source=share&utm_medium=member_desktop
UK FCA's FoIA request reputational risk assessments, guidelines for journalists' requests are inappropriate –expert (paywall): http://go-ri.tr.com/xqNUHX
Meta FOIAs
FOI6522, FOI9427, FOI9980 (scroll to the bottom for links. For two of them you may need to request access from the FCA)
FCA’s response to Lindsey and Rachel’s questions:
Is the FCA's approach to FOIA and DPA in line with its stated values of acting with integrity and delivering in the public interest? "Yes"
Does the FCA still circulate FOI responses to large number of staff in the CEO's office and the COO for comments and sign off? "As we mentioned in our last response to you in March, our approach is in line with ICO guidance and the law."
What are the latest IDT performance statistics? "Over the last 12 months from September 2023 to August 2024 (inclusive), we responded to 92% of FOIA requests and 98% of DSARs within the statutory deadline."
Has the ICO asked the FCA to perform any remedial work on IDT? Has ICO advised/queried the FCA about safeguards for FOIA and DPA in the new combined IDT/press office arrangements? "No. When we answered your questions in March, we explained that it had been our intention that the information disclosure team would move to a different department within the communications directorate as part of a planned restructure later this year. That move has now happened."
Has the FCA stopped internal circulation of lists of new FOIA requests with names of requestors? If not why not?
"We continue to circulate the details of new requests, which generally include the names of the requesters, to a limited number of internal stakeholders. We are satisfied that our internal processes are appropriate and lawful, including that our processes are compliant with FOIA and data protection legislation."
What further steps has the FCA taken to train IDT/comms staff about using FOIA exemptions?
"All IDT staff and internal reviewers have received formal training on the application of the FOI Act and many members of the team are qualified FOIA practitioners. In addition, IDT works closely with our legal division, which provides expert guidance in the interpretation of the most complex aspects of the Act."
Has the FCA reviewed its approach to labelling FOIA requests as vexatious following the First-Tier Tribunal case Paul Carlier v Information Commissioner and the FCA? If yes, how? "The FCA continues to consider each request on a case by case basis, in line with the requirements of relevant legislation, ICO guidance and case law. In this case, the ICO agreed with our view the requests were vexatious. The Tribunal, however, decided 'by a narrow margin' they were not, a conclusion it reached 'with some hesitation.' We have therefore been happy to reconsider the requests."
From the evidence we have reviewed the FCA’s approach to FOIAs and DPAs seemed to be top-down with many senior executives signing off requests and even correcting grammar errors. We are also aware from our own FOIs that there is often months-long delays in responding to requests and appeals. Given this, what is the FCA doing to ensure a more efficient process in line with the legislation?
"We have improved our performance on the statutory deadlines for FOIAs and DSARs over the last year. We recognise that we need to do more to improve our performance in processing FOIA Internal Reviews and DSAR complaints. We are currently considering how the existing process can be streamlined to improve its efficiency. Our internal processes are focused on ensuring a clear and quality response, not preventing disclosure which is determined by the law."
FOI6522: https://www.whatdotheyknow.com/request/foi6522_request_for_further_info#incoming-2714347
FOI9427: https://www.whatdotheyknow.com/request/foi9427_request_for_information#incoming-2713882
FOI9980: https://www.whatdotheyknow.com/request/foi_9980_request_for_information#incoming-2711477
Compliance Clarified is a podcast from Thomson Reuters Regulatory Intelligence.
Listen to wide-ranging, insightful discussions on all things compliance for financial services firms. We delve into the hot topics of the day, the challenges faced and offer up practical ideas for emerging good practice. We de-mystify regulation and explore the art, as well as the science, of the ever-expanding role of the compliance officer. Enforcements, digital transformation, regulatory change, governance, culture, conduct risk – anything and everything impacting the compliance function is up for discussion.
