The Prudential Regulation Authority (PRA) has censured Wyelands Bank Plc (Wyelands) for wide-ranging significant regulatory failings between 21 December 2016 and 28 May 2020, which spanned breaches relating to large exposure limits, capital reporting, governance and risk controls and PRA Own Initiative Requirements (OIREQs) and poor retention of WhatsApp messages.
This is the first time the PRA has taken action against a firm for breaches of large exposure limits and found a breach of PRA Fundamental Rule 3 (requiring a firm to act in a prudent manner). The seriousness of the breaches justifies a substantial fine of £8,515,000.
However, Wyelands is in wind down and the PRA accepted that it has very limited financial resources. The PRA has concluded that fining Wyelands would not advance its general objective to promote the safety and soundness of firms.
Wyelands became a member of the Gupta Family Group Alliance (GFG) in December 2016. In September 2019, the PRA required Wyelands to limit its exposures to GFG and connected parties due to concerns that Wyelands had an unacceptable concentration of risk.
By March 2020, Wyelands had stopped entering into new credit transactions and commenced a wind-down of its business. In March 2021, the PRA required Wyelands to repay its depositors, which has been successfully completed.
Sam Woods, deputy governor for Prudential Regulation and chief executive officer of the PRA, said: “The PRA expects firms to establish and maintain effective governance and risk management controls at all times. This is particularly important where a firm engages in complex transactions or where a significant proportion of its business is introduced by its wider group. Wyelands’ wide-ranging and serious failings resulted in the PRA taking swift supervisory action to minimise the risk to depositors and issuing today’s strong censure.”
Wyelands entered into several complex structured finance transactions which were introduced to it by GFG. These transactions were significantly in excess of regulatory limits on large exposures, but Wyelands did not identify this and report it to the PRA. Wyelands’ original business plan was to initially originate business from entities introduced by GFG, with a view to developing third-party business over time. However, in practice, Wyelands’ business was almost entirely reliant on GFG and entities originally introduced by GFG.
The PRA investigation found that Wyelands had breached the 25% large exposure limit, Fundamental Rule 3 (act in a prudent manner), Fundamental Rule 5 (effective risk strategies and risk management systems), Fundamental Rule 6 (organise and control affairs responsibly and effectively) and a number of PRA rules relating to general organisational requirements, record keeping, risk control and related party transaction risk. In particular, over a period of 21 December 2016 to 28 May 2020 Wyelands failed to:
- have sound administrative and accounting procedures and adequate internal control mechanisms for the purposes of identifying, managing and reporting large exposures, and consequently, it inaccurately reported its large exposures to the PRA;
- demonstrate sound judgement, exercise sufficient caution or take due account of all risks and possible consequences before entering into transactions, and to ensure that it had appropriate resources to identify, monitor and take action to duly mitigate risks in relation to transactions and to value its assets and liabilities;
- put in place effective risk management strategies and systems to identify, assess and manage the risks presented by its business model, in particular, connected party and related party risks in relation to large exposures;
- comply with internal policies which had been created to mitigate potential conflicts of interest arising from its membership in GFG;
- ensure it had adequate systems and controls supporting its capital, and consequently, the firm failed to identify that certain amounts it had received as capital had been indirectly funded by itself;
- on multiple occasions, comply with OIREQs imposed by the PRA; and
- put in place effective document retention and recordkeeping policies or procedures for its business that took into account technological advances such as those relating to instant messaging platforms (e.g. WhatsApp).
As a result of the seriousness of such a wide range of breaches that resulted in the firm’s wind down and threats to its safety and soundness, the PRA considers that it is appropriate to take enforcement action against Wyelands, which has agreed to settle this matter.