Compliance, guardians of professional scepticism.
by John Byrne, CEO of Corlytics

Published 27th April, 2017

Accountancy firm Grant Thornton, has been fined £2.3m and severely reprimanded by the Financial Reporting Council (FRC) over failings in its audit of a company called AssetCo, a fire engine manufacturer.

The regulator said Grant Thornton, and its partner with 23 years experience Robert Napper, had admitted a “lack of professional competence and due care”.

This had allowed AssetCo to falsely inflate its value and its share price.

Mr Napper was fined £130,000 and banned from auditing for three years, while the accountancy firm paid £200,000 in additional costs.

But the auditors had been at fault by failing to employ the required level of ‘professional scepticism’.


Given the weight of this fine, we can expect significant implications that go beyond auditors and actuaries that are providing important financial reports for investors. How will this impact on Financial Conduct Authority certified persons under the Senior Managers Regime, where there are personal consequences for the actions of the business?

The FRC said that the failings of the audit firm, and the now-retired audit partner, in the audit of AssetCo’s accounts were not deliberate or reckless and did not amount to dishonesty. But if they had been more sceptical of the financial information being given to them they would have uncovered the dishonesty.

Given this duty of care, what does this mean for senior persons at FCA regulated firms? What is the new threshold for ‘professional scepticism’?

To answer this, we looked into our global regulatory risk and enforcements database at all the cases involving lifetime bans imposed by the FCA since 2009. 60% OF ALL THE CASES BROUGHT INVOLVED BANS FOR THE HEADS OF COMPLIANCE FUNCTIONS. 


If you would like to discuss your risk profile and areas of exposure, call us.

SMR statements of principle to be aware of:

  • Statement of Principle 5

An approved person performing an accountable higher management function must take reasonable steps to ensure that the business of the firm for which they are responsible in their accountable function is organised so that it can be controlled effectively.

  • Statement of Principle 6

An approved person performing an accountable higher management function must exercise due skill, care and diligence in managing the business of the firm for which they are responsible in their accountable function.

  • Statement of Principle 7

An approved person performing an accountable higher management function must take reasonable steps to ensure that the business of the firm for which they are responsible in their accountable function complies with the relevant requirements and standards of the regulatory system.

John Byrne, CEO of Corlytics

Regulatory reform in the US - Should we prepare for post-regulation?
by Rory Flynn, head of legal at Corlytics

Published on Friday 21st April, 2017

As of next weekend, Donald Trump will have been in office for 100 days. During this time, no-one reading this blog will have escaped the constant debate in the media about regulatory reform in America. We have listened to bold plans for financial regulation to be entirely repealed, the Consumer Financial Protection Bureau (‘CFPB’) to be dismantled and its director, Richard Cordray, removed.

Is this all smoke and mirrors? Or do US firms need to prepare for a post-regulation world?

An Executive Order was signed recently commencing a process which may well lead to the repeal of vast sections of the Dodd Frank Act, 2010. Potentially its complete removal. The rationale for this drastic action being that the Act is over onerous on regulated firms. Consequently, crippling the US free-market economy.

The Volcker Rule – part of the Dodd Frank Act which forbids banking entities from engaging in short-term proprietary trading of securities, derivatives, commodity futures and options on these instruments on their own account or owning, sponsoring or maintaining relationships with hedge funds or private equity funds – is in the cross-hairs of this process of reform.

In just the past few days, Deutsche Bank won the unenviable ‘prize’ of being the first bank to be hit with a major fine for failing to ensure that its traders comply with the Volcker Rule’s ban on overly risky market bets. The Federal Reserve announced that Deutsche Bank will pay a combined $156.6 million in civil money penalties – $19.7 million of which is the specific fine for failure to comply with the Volcker Rule.

If repealed, we may see more of this kind of behaviour. And consumers will be once again be offered credit in unsustainable terms. Thanks to the incentives which such products offer to regulated institutions. Do we really want such a reversion?


This is where the CFPB comes in. To date, this bureau has been responsible for returning $11.8 billion to wronged consumers. Consumer complaints to the CFPB have also risen 7% in the last 12 months – indicating that now certainly isn’t the time to roll back regulation.

If we see the CFPB abolished, or indeed other aspects of Dodd Frank repealed, there is the very real possibility of misconduct going unpunished in the future. In addition to Deutsche Bank’s recent fine, should the CFPB not have been in place 12 months ago:

  • Wells Fargo may not have received a $100 million fine for the widespread illegal practice of secretly opening unauthorised deposit and credit card accounts
  • Citibank may not have been hit with a multimillion dollar fine for illegal debt sales and debt collection practices
  • and All American Cashing Inc. may not have been penalised for allegedly tricking and trapping consumers with false information

More worrying still is the fact that the Department of Justice recently filed an amicus curiae brief in a Washington Federal Appeals court case, providing further information for the court from non-litigants. This agreed with a decision of a three-judge panel of the US Court of Appeals for the District of Columbia last October, that the CFPB, as it is currently composed, is unconstitutional. The main thrust of the brief is that the CFPB unconstitutionally places power in the hands of a single director who cannot be removed by the President except for cause. They do not go so far as to call for the abolition of the agency, but urged the Court to at least make the director accountable to the President.

Notably this brief does not go so far as to call for the abolishment of the CFPB but does urge the Court to make the director accountable to the President. It strikes me that the petitioning of the Court in such a manner is more incongruent to the ideal of the separation of powers than the precise accountability of the CFPB director.


It may well be argued that the proposed changes would weaken the CFPB, by opening a vital agency up to the political whims of the Executive and the budgetary priorities of Congress. A weak CFPB could incentivise a lack of transparency on Wall Street – and within the financial services industry more generally – putting the US at risk of recession and economic instability, once more.

Whilst the issues continue to be battled out in the courts and within Congress, regulated global firms must continue as normal. Regulation cannot and will not be switched off overnight. We may well be in no different a situation at the end of the next 100 days. So, don’t get complacent. Don’t speculate.


Rory Flynn, Head of legal at Corlytics

by John Byrne, CEO of Corlytics

Published on April 18th, 2017

Last week the Bank of England came under intense pressure following a leaked phone call from Barclays claiming it had been put under pressure from up high, to lower Libor rates. Having an immensely powerful regulatory risk database at my fingers we looked back at the scandal that has been rumbling since 2012.



Our global data shows that from 2012 to date there have been 60 fines from seven regulators, involving 13 different institutions totalling more than USD 9.246 billion. With no fines so far this year.

Breakdown of banks’ wrong doings

The Corlytics data shows that more than half (53 percent) of all fines given equalling USD 4.9billion were cases, 18 in total, where senior managers were cited as being aware of inadequate controls and/or were complicit in the manipulation.

The most commonly cited breach (64 percent and 28 fines given), equalling a staggering USD 5.9 billion, was in cases where traders used brokers to manipulate rates.

Warnings for inappropriate action were given along the way. Nine percent of all fines were given in cases where there was a prior regulatory warning about similar weaknesses or there was disciplinary action in the area.


This misconduct took place on average over four to five years. It was prolonged and deliberate. With many cases showing awareness by senior management or indeed collusion on their part.


The Bank of England is primarily responsible for the systemic stability of the UK banking system and its global role within the financial markets. The Bank has always denied allegations it encouraged banks to submit lower readings for Libor.

The investigation into the conduct of various banks, during the Libor scandal, exposed an unparalleled level of wrong-doing.

The Bank of England may have approached the banks to reduce the Libor rates, but:

  • Did the Bank of England ask the banks to get their traders to reveal their larger clients’ positions to other traders using instant messaging?
  • Did the Bank of England then ask the banks then to collude with other traders, to place bets against their respective client positions?
  • Did the Bank of England then ask traders to access and request that the banks’ rate setters, set rates in their favour and against the interest of their clients?

Of course, not.

The reality is that these banks had allowed a lack of controls in important areas that enabled their traders to make a lot of money. This was not just in rigging markets, but in betting against their own clients. The Bank of England cannot be held responsible for that.

John Byrne, CEO of Corlytics

Previous articles


Published April 11th 2017, John Byrne, CEO

Today’s financial firms have more and more regulations that they are supposed to be aware of and comply with or prepare to comply with. That is an almost herculean task. Global banks have had since 2009 to get their regulatory infrastructure in place but for many others – like asset managers and insurance companies this is a very real new world.


The financial crisis—coupled with the determination of regulatory authorities not to put taxpayers on the hook for another round of bailouts—has led to a proliferation of new regulatory measures. The scale and pace of banking regulatory change is unprecedented.

Dealing with regulations and compliance has always been a costly and far-from-hassle-free experience. Regulatory documents require specialist skills and experience to understand and deal with. Now large banks must deal with multiple jurisdictions and multiple timetables for new regulations.

In a determined push to make banks and financial institutions more transparent, global regulators are getting tough. Issuing billions of dollar fines, and jail time, for non-compliance. This has put regulatory risk well and truly top of the financial fright list.

So how do you get ahead of it and protect yourself? 


Since 2009 54,000 regulatory documents have been published from 130 different regulatory bodies in G20 countries alone. That is an awful lot to keep up with. From these regulations, thousands of legal compliance cases have been brought.

When I set up Corlytics in 2013 it was in response to a gaping hole. Financial firms were under pressure to understand and comply with new regulation globally. The regulators were sharing this data, but nowhere was the intelligence that allowed you to assess your risk profile. Monitor, measure and predict what was happening and create one workable picture. So, we pulled together specialists from a number of different professions to build that 360 degree picture. 


The average specialist lawyer in their lifetime might handle 40 regulatory compliance cases. Corlytics has over 7,000 cases on our database, and we are growing it daily. Each case is read by two specialist lawyers providing metadata and insight. This isn’t just Big Data, this is Super Smart Data.

This global intelligence means we can pick out emerging trends that others just can’t see yet. 


Running analytics across this legal and regulatory data our banking risk analysts, data scientists and technologists are able to warn you of what regulations you are up against. A specific dollar amount of risk exposure (not to mention jail time) can be calculated, empowering you to make the right choices.

We are working with global institutions that need to deal with specifics. That is why our reports, assessments and appraisals are trusted by The Bank of England, The Financial Conduct Authority and Financial Times, to name a few.

We deal with facts, not opinions. We deconstruct the data, with scientific rigour and develop unique metadata. Giving us the world’s largest, most comprehensive regulatory risk intelligence data.


For global banks Corlytics helps makes sense of all these threatening legal obligations. Rating the risk, turning the legalese into dollar impact, so you can take the right action. We have flexible ‘what if’ tools developed allowing you to assess the impact of different scenarios. Covering future risk.

The data needs to be understood by different departments within financial houses. The lawyers in compliance and the mathematicians in risk. We translate our Super Smart Data into a common, workable picture.

For regulators and advisors, we are able to produce in depth risk analysis, benchmarking against other regulators and calculate impact using our Fine Estimator.

So if you want a personalised picture, let’s talk.

John Byrne is founder and CEO of Corlytics, responsible for setting the company’s vision and strategy.

As something of a serial entrepreneur in the software sector, John has built and sold a number of Dublin based enterprises. He co-founded one of the first campus companies in Ireland in 1985 in the energy controls sector and built Information Mosaic in 1997, a global player in the securities software industry which was sold to Markit in 2015.

He set up Corlytics to provide real regularly risk intelligence. Following a tsunami of global regulation arrived for the financial markets in 2009, John realised there was no joined up intelligence and predictive analytics to help the banks, regulators and their advisors make informed decisions. Corlytics was formed in 2013 and today is the global leader in regulatory risk intelligence.

John is a frequent speaker at industry events and has spoken at events such as SIBOS and NEMA. He has also spoken at many other conferences on operational and systemic risk and more recently at RegTech Summits in London and New York. John is a graduate of Stanford Business School and has a Bachelors degree in Electronic Engineering

Rory Flynn is Corlytics’ head of legal. He is responsible for the global team of legal regulatory analysts together with acting as the company’s Legal Counsel.

The global legal team is comprised of legal and business graduates. They are engaged in building meaningful intelligence through complex analysis of the international legal regulatory framework.

Before joining the leadership team at Corlytics, Rory was a practicing barrister at the Irish bar with a specialist interest in intellectual property, employment law, civil litigation and company law. He has also held lecturing posts at Griffith College and University College Dublin. Rory holds an LLM in Commercial Law from University College Dublin, an LLB in Irish Law and a Barrister-at-Law degree from the Honorable Society of Kings Inns.