FCA fines Carphone Warehouse £29.1 million for mis-selling mobile phone insurance

• United Kingdom

• Fraud and financial crime
• Insurance and reinsurance
• Litigation and dispute management
• Technology

01-04-2019

On 13 March 2019, the FCA announced that it had imposed a financial penalty of £29.1 million on The Carphone Warehouse Limited (“CPW”) for failings that led to the mis-selling of a mobile phone insurance and technical support product called ‘Geek Squad’ between 2008 and 2015. 

The FCA found that the firm had breached:

• Principle 3 (management and control), in respect of the training provided to Geek Squad sales consultants, the process for handling complaints about sales of Geek Squad, and the management information (“MI”) relied upon to monitor the compliance of sales of the product;
• Principle 6 (customers’ interests), in respect of its Geek Squad sales process and the handling of customer complaints; and
• Principle 9 (customers: relationships of trust), in respect of the suitability of advice given to customers regarding Geek Squad.

While CPW did not dispute the FCA’s findings on facts and liability, it did contest the proposed penalty before the FCA’s Regulatory Decisions Committee (“RDC”), making use of a focused resolution agreement (“FRA”) and thereby preserving the 30% discount available for early settlement. 

This is the first substantial enforcement case resolved by the RDC using the FRA procedure, which was introduced in March 2017.  It appears that firms’ initial reluctance to make use of the new procedure is subsiding: the FCA has indicated that there are more FRA cases in the pipeline, and we expect to see a growing number of enforcement cases being resolved in this manner.

Key points of interest

Whistleblowing

The Final Notice is highly critical of the CPW’s whistleblowing systems and controls.  The FCA found that during the relevant period, whistleblowing logs were incomplete, which meant that the firm was unable to evidence how it had dealt with the issues raised by whistleblowers, some of which were indicative of mis-selling.  Further, CPW’s relevant senior management committee failed to consider whistleblowing reports for most of the relevant period and when it did so, the relevant MI did not contain sufficient qualitative data to reveal the issues concerning sales practices.  This should serve as a reminder to firms of the importance of ensuring that MI concerning whistleblowing reports is of sufficient quality to enable the firm to identify and address systemic weaknesses at an early stage.

It appears that the firm’s failure to act on internal whistleblowing reports may have prompted one or more individuals to blow the whistle to the FCA.  Although the Final Notice is silent on the issue of how the failings first came to the regulator’s attention, the accompanying press release states that the investigation “stemmed from whistleblowing reports” and emphasises that in recent years, whistleblowers have contributed “critical intelligence” to the enforcement actions taken by the FCA against firms and individuals.   

Quality of MI

The Final Notice emphasises the importance of senior management having adequate MI.  The FCA found that in addition to inadequate MI in respect of whistleblowing reports, CPW’s senior management committee had inadequate MI to oversee the firm’s sales practices.  Senior management received MI in the form of TCF dashboards, which included cancellation rate and complaint metrics, and customer surveys.  However, the MI did not contain sufficient qualitative information regarding the reasons for customer complaints and cancellations, while customer survey questions were not sufficiently broad to pick up that sales staff were failing properly to assess customer needs.  Consequently, the MI was flawed and management was not sufficiently sighted of the issues. 

Messages from past enforcement cases

A number of the failings highlighted in this case have featured in previous enforcement cases concerning the mis-selling of insurance add-on products.  In particular:

• The FCA found that a high proportion of the Geek Squad policies sold by CPW were cancelled early, and the Final Notice highlights that high cancellation rates are a potential indicator of mis-selling, an issue which CPW failed to properly consider.  This message is not new – it featured in the 2014 Final Notices issued to Peter Halpin, Anthony Clare and Nicholas Bowyer, former directors of Swinton Group Limited (“Swinton”), which followed a 2013 Final Notice issued to Swinton.     
• The FCA also found that CPW failed to provide its sales consultants with the right training to give suitable advice to customers, which resulted in many policies being sold on the basis that they could be cancelled at a later date.  Again, this message is not new – the issue of using cancellation rights to secure sales was highlighted in the 2013 Swinton Final Notice as well as the 2014 Final Notice issued to Stonebridge International Insurance Limited.

Senior management accountability

It is not clear whether the FCA investigated any senior CPW managers in relation to the misconduct identified.  The Final Notice states that the regulator makes no criticism of any person other than CPW, indicating that we should not expect to see action being taken against individuals.  This contrasts with the approach taken in the Swinton case, where action against the firm was followed by action against a number of former senior managers.  A possible explanation for the different approach is the FCA’s wish to clear its backlog of “legacy” enforcement cases; investigating and taking action against individuals who may have been personally culpable for the firm’s failings would put further pressure on the FCA’s already overstretched enforcement function.  Nonetheless, holding senior managers to account remains a high priority for the FCA and in view of this, firms and individuals should not expect to see this approach being taken in the future.

The penalty

CPW’s misconduct, which ran from December 2008 to June 2015, straddled the FCA’s old and current penalty-setting regimes.  In respect of misconduct occurring from March 2010, it appears that the RDC reduced the penalty at both Step 2 and Step 3 of the current penalty-setting regime set out in DEPP 6.5A.

Step 2 (determining a figure which reflects the seriousness of the breach)

• In accordance with the FCA's penalty-setting methodology, the financial penalty was based on the firm’s relevant revenue.  It appears that in the Warning Notice issued to CPW, the FCA had based the relevant revenue on the gross written premium (“GWP”) collected by CPW on behalf of the insurer.  CPW contested this approach, arguing that in addition to monies ultimately paid to the firm for its sales and post-sales services, GWP also included substantial monies for insurance premium tax, third party payments and fees paid to the insurer, which CPW was not entitled to under its agreements with the insurer and did not earn or receive.  The RDC agreed that it was inappropriate to base the relevant revenue figure on GWP.  Instead, the RDC concluded that the firm’s relevant revenue should consist of its sales commission, post-sales payments and profit commission. 
• CPW further argued that relevant revenue should be confined to sales commission, contending that this was the most accurate reflection of the revenue flowing from the relevant activity.  However, the RDC considered that the definition of “relevant revenue” in DEPP should not restrict the revenue to that derived solely from the relevant activity affected by the breach; in the RDC’s view, the definition encompassed all revenue derived “from the products or business areas” to which the breach related.  Consequently, the RDC concluded that as long as the revenue received by the firm was derived from the relevant product or business area, it should be included.

Step 3 (adjustment to take account of mitigating and aggravating factors) 

• CPW instigated two voluntary redress schemes and argued that it should be given more credit for these.  The FCA acknowledged that these were relevant mitigating factors, but considered the schemes to have been limited in scope.  Although there is no criticism of the firm’s approach to redress in the Final Notice, the FCA considered that if the redress schemes had been broader in scope, it “would have given more weight to the redress exercises as mitigating factors”.
• The factor that aggravated the breach was the firm’s disciplinary record: CPW was fined by the FSA in 2006 in relation to sales of insurance products during 2005.  Although the events in the 2006 enforcement case occurred almost 15 years ago and did not relate to the same specific issues, the FCA considered that a mitigating factor in that case had been that the firm had committed to a comprehensive programme of reviewing and strengthening its systems and controls in relation to all of its general insurance sales channels.  In view of the breaches described in the latest Final Notice, the FCA considered that CPW had “clearly failed properly to carry out that which it had undertaken to do”.
• While the RDC applied a 5% penalty uplift at Step 3, the wording of the Final Notice suggests that the uplift in the Warning Notice was greater.  This is because the firm made representations that any reduction in the penalty under the current penalty regime should be matched by a similar proportionate reduction to the penalty under the old regime.  The RDC responded that it had reduced the level of the proposed financial penalty under the old regime to reflect the fact that it had reduced the level of uplift at Step 3 under the current regime and the same mitigating and aggravating factors applied to both penalty calculations. 

What can other firms learn from this case?

There are a number of messages in this case that are relevant to all firms, not just those involved in similar business to CPW. 

• First, had CPW been more generous in its approach to the redress offered to Geek Squad customers, this would likely have carried more weight as a mitigating factor and may have resulted in a reduction in the penalty figure at Step 3.  Firms undertaking similar exercises should bear this in mind when determining the scope of their redress schemes.
• Second, CPW’s failure to deal adequately with whistleblowing reports is likely linked to the persistence of the misconduct and may have led to the problems being discovered by the FCA rather than by the firm.  Firms should – as the regulator does – treat whistleblowing reports as a valuable source of intelligence about potential problems within their business.  By ensuring that appropriate systems and controls are in place to identify, investigate and, where necessary, address issues highlighted by whistleblowers, firms can enhance their ability to get in front of a problem and mitigate the risk of it turning into a crisis. 
• Third, a number of the failings identified in this case were not novel and had been highlighted in previous Final Notices.  In keeping abreast of regulatory developments, firms should ensure that they monitor enforcement outcomes for any lessons, explicit or implied, that may be relevant to their business.    
• And finally, it goes without saying that any firm that makes a commitment to the FCA to undertake a programme of compliance improvement work must ensure that it follows through.  Failure to do so is likely to store up trouble for the future and will not be viewed kindly by the regulator.