Directors and officers (D&O) of financial service firms have been fined a total of £196 million by various regulatory bodies since 2020, according to a study by insurance specialist law firm BLM.
Data from the firm’s D&O tracker tool revealed that a total of 62 fines, totalling over £480 million, were handed down to key financial services personnel since 2016. Of the cases tracked over the last five years, 38 were brought against small and medium firms, 25 of these on micro businesses (with turnover below £2 million).
The findings highlight the need for comprehensive D&O insurance for firms of all sizes, according to BLM, especially as businesses deal with the financial impact and insecurity as a result of the pandemic.
BLM’s D&O Tracker monitors fines from four major regulators in the UK – the Financial Conduct Authority (FCA), the Serious Fraud Office (SFO), the Information Commissioner’s Office (ICO) and the Crown Prosecution Service (CPS).
The tracker found a growing trend with the ICO issuing fines for privacy breaches under GDPR and Data Protection regulations, often as a result of unsolicited, nuisance marketing activity.
One such case was the one raised against American Express, concluded in May, after the company sent over four million marketing emails. The financial services giant argued these could be classed as services emails, but the ICO decided the communication was for marketing purposes and fined the company £90,000.
BLM’s tracker also found that 24 company directors or officers received custodial sentences totalling 154 years.
“As our Tracker data reveals, it’s a particularly pertinent issue for smaller companies,” said Alex Traill, professional indemnity partner at BLM. “We typically see a coverage gap for SMEs, either through a lack of awareness around D&O protection, or because there’s a belief that the company doesn’t require cover. These figures show that simply isn’t the case, with D&Os of companies of all sizes handed hefty fines or even custodial sentences.
“The ICO fines in particular are concerning. Even though the introduction of GDPR in 2018 has helped to raise awareness of the risks associated with improper data protection or nuisance marketing activity, our research has highlighted that many D&Os are still seeing fines levelled against them as a result of improper activity. Therefore, it’s crucial to have full oversight of every aspect of your business, otherwise D&Os may well end up paying significant sums in the event of improper activity.”