Individuals

Craig Donaldson (CEO); David Arden (CFO)

Related decisions

In 2022, the FCA imposed a financial penalty of £10,002,300 on the bank for breach of Listing Rule 1.3.3R (see Metro Bank Plc, 8 December 2022). The FCA did not find that there had been any failure to announce inside information in breach of the Market Abuse Regulation.

Sanction

Craig Donaldson: £167,325

David Arden: £100,950

Provisions

LR 1.3.3R; section 91(2) FSMA. 

Also considered: Article 7 MAR; Article 17 MAR.

Factual findings

Mr Donaldson was the CEO and Mr Arden the CFO of the bank.

In July 2018, the Prudential Regulation Authority (PRA) identified that the bank had been applying the wrong risk rating to certain loans which would cause a “large material change” to the bank’s position. 

On 10 September 2018, the PRA sent a letter to the bank which included comments about publishing confidential discussions between the bank and the PRA. 

On 12 September 2018, Mr Donaldson attended a meeting with the PRA in which he apologised for the risk rating error and said he expected it would be corrected by October/November.

On 17 September 2018, a meeting of the Credit Risk, Policy and Appetite Committee (CRPAC) was attended by Mr Donaldson and Mr Arden. One of the items on the agenda was the annual review of commercial lending and a pack of information provided in advance recorded that the executive leadership team had been informed in September that inconsistencies in the current risk ratings would result in a significant increase because the wrong rating had been applied (as confirmed by KPMG). 

On 4 October 2018, Mr Arden sent an email to the PRA which included reference to the bank’s progress in remediating the risk rating issue and to engaging Deloitte to provide assurance and a review of risk rating calculations and reporting. He explained that, pending the outcome of the work being done, reporting for September would be unchanged (on the basis that he wanted to be sure about the results before submitting any changes to the PRA). The PRA responded to confirm that this would be fine.

On 5 October 2018, the bank’s external lawyers provided training on the Listing Rules to one of the bank’s new NEDs and were asked to stay afterwards for a discussion which included Mr Arden. An internal email to Mr Arden after the meeting stated that the legal advisers had agreed that no market announcement was necessary at that point. However, the Upper Tribunal found that the legal advisers had not been given accurate information, including about the estimated impact of the incorrect risk weighting or the position reached with the PRA. Nor were they told about the proposed approach to the forthcoming Q3 update or provided with a copy of it or asked to advise on whether incorrect numbers could be included. 

On 22 October 2018, the CRPAC considered a report which referenced the incorrect risk rating and stated that the correct rating resulted in an increase of £574 million and, whilst there were certain data issues within the bank’s systems, Mr Donaldson and Mr Arden knew the effect of changing the risk rating for the relevant loans was material. 

On 24 October 2018, the bank issued a Q3 update to the market which contained incorrect risk rating information (based on the incorrect reports to the PRA). 

Failings

The Upper Tribunal considered that:

• A reasonable CEO and CFO would have considered separately (without relying on what had been agreed with the PRA on the regulatory reporting) whether the use of the figures in the Q3 update to the market was in breach of the Listing Rules.
• It was not credible that the bank considered it was bound by a requirement of confidentiality not to disclose accurate information about the risk ratings in the Q3 update for various reasons including that: (i) the PRA had asked the bank not to disclose confidential discussions (which was different from information about the bank’s risk rating error); and also (ii) the bank did not respect the confidentiality of discussions with PRA in any event.
• The bank had failed to properly instruct the external legal advisers because the Q3 update was not mentioned or provided; partial and incorrect information had been provided; and they were not asked to advise on whether it was a breach of the Listing Rules to disclose numbers known to be incorrect. The bank could not therefore have reasonably relied on their advice.
• Provisions allowing companies to delay disclosure in certain circumstances do not allow an issuer to publish incorrect information pending the outcome of investigations.
• If a bank knows there is an error and that it might be material, it cannot assume it is not material.
• If a listed company decides it will report certain figures on a quarterly basis, it must report accurate and reliable figures. If that is not possible it must “come clean”. It does not have the choice to report a figure that is known to be inaccurate or not believed to be reliable without qualification. It is irrelevant that the qualification may be embarrassing or commercially inconvenient. 
• Although the Q3 update was approved by the bank through the usual governance process, information provided to the Audit Committee and the Board downplayed the risk rating error and the adjustment that would be necessary to correct it and the bank’s GC was not fully involved or informed.
• To be knowingly concerned in a breach a person must have been actually involved in the contravention (passive knowledge is not enough) and must have had knowledge of the facts on which the contravention depends. It is immaterial whether the person had knowledge of the law unless he was relying on legal advice that the activity was not a breach and that advice was based on correct and complete factual matrix.
• Mr Arden and Mr Donaldson knew that the relevant loans had been wrongly rated and that the estimated error was material to the figure being reported in the Q3 update. Neither of them had any reasonable basis on which they could have thought that the estimate of £574 million was much too high and therefore that the figure in the Q3 update was materially correct. They were both knowingly concerned in the bank’s breach of Listing Rule 1.3.3R and so came within section 91(2) FSMA allowing the FCA to impose a penalty on them.
• On penalty, the Upper Tribunal agreed that attending interviews should be treated as co-operation and remediation action including working with Deloitte and the authorities to correct the breach should also be taken into account. Overall, the Upper Tribunal decided that mitigation justified a reduction of 25 percent in the financial penalty and so reduced the figures that had been proposed by the FCA.