This strategy sets out our approach to the regulatory enforcement of authorised entities and individuals, and the manner in which we deal with perimeter issues and intelligence exchange.

We are committed to ensuring that our approach to regulatory investigations is fair and proportionate.

It is important to note that the enforcement powers available to us in particular cases, and the degree of proportionality we can apply in our regulatory response, will depend on the extent to which we are able to do so under the statutory framework.

Delivery of a fully proportionate and consistent regulatory response is dependent on us having a broad suite of enforcement powers for all sectors.  


1. The GFSC is a risk based regulator delivering regulatory outcomes in the public interest. The effective and proportionate use of our enforcement powers is instrumental in achieving our regulatory objectives, which are the:

      • promotion of market confidence;
      • reduction of systemic risk;
      • promotion of public awareness;
      • protection of the good reputation of Gibraltar;
      • protection of consumers; and
      • reduction of financial crime.

2. The regulatory outcomes we seek to achieve through enforcement action are:

i) Credible deterrence of unacceptable behaviours by way of real and meaningful consequences;
ii) Control and, ultimately, removal of those firms and individuals that pose an unacceptable risk to the regulatory objectives;
iii) Raised awareness of regulatory standards and re-setting of behaviours;
iv) Swift and effective protective measures to safeguard consumer interests;
v) Prevention of financial gain or benefit from non-compliance.

3. Our approach to regulatory investigations is based on the following principles: 

  • We seek to maintain an open and cooperative relationship with those we regulate, with a focus on proactive engagement with firms to mitigate risks and resolve problems.
  • Where regulatory breaches occur, we consider whether, taking into account all the circumstances of the case, engagement or firm-specific guidance may be more effective in raising a firm's standards than a formal sanction.
  • Where firms demonstrate that they are unwilling or unable to comply with regulatory requirements, or where serious breaches have occurred, there is a presumption that we will exercise our enforcement powers.
  • We focus our enforcement action on high priorities and where the regulatory outcomes are at risk and target our resources accordingly; 
  • Enforcement action is proportionate and responsive to the issue, recognising that:
    • robust enforcement action with published outcomes deters poor behaviours and improves standards;
    • an agreed regulatory outcome by way of settlement may lead to a proportionate and swifter outcome than contested enforcement action.

4. We are committed to ensuring fair treatment in the exercise of our enforcement powers.

5. We take enforcement action in accordance with our statutory powers to do so. All references to firms 1 and individuals within this strategy refer to those authorised by us to carry out regulated activity or to persons over whom a statute gives us regulatory powers.

Identifying the Appropriate Regulatory Response

6. Our supervisory approach is based on proactive and open engagement with firms to identify, manage and mitigate risks to ensure compliance with regulatory requirements. The effectiveness of this approach largely depends on there being an open and responsive two-way relationship between ourselves and those we regulate.

7. As a risk based regulator, we prioritise our finite resources on the areas which pose the highest risk to our statutory objectives. Where a firm or individual fails to comply with regulatory requirements, we consider carefully what course of action is a proportionate response for us to take.

8. Enforcement action is only one of a number of regulatory tools available to us. Where a firm demonstrates an acceptance and understanding of a failure to comply with regulatory requirements, and the breach does not pose a serious or persistent risk to our regulatory objectives, we may decide that a matter can be appropriately resolved by way of a supervisory response.

9. We may use any, or a combination of, the following: 

  • Routine supervision – desk and visit-based engagement, focused on the review and monitoring of a firm’s compliance and viability, and firm-specific guidance to help firms meet required regulatory standards; 
  • Heightened supervision – frequent and intensive engagement focused on facilitating our closer monitoring of a firm’s compliance and viability where risks have been identified, and which may involve the imposition of regulatory measures such as additional reporting requirements or regulatory controls;
  • Remedial action plans – formal agreed plans with firms to address breaches, weaknesses in systems and controls or to formalise agreed remedial action and timescales; 
  • Sector or industry guidance – issued in a number of ways through general industry engagement, “Dear CEO” letters and newsletters or other publications, and focused on setting expectations and helping firms to decide what action they need to take to meet required regulatory standards; 
  • Skilled Persons Reports – to be used for the purposes of information gathering and/or investigation and where specific expertise is required. A skilled persons report may be used not only as an enforcement tool where we have concerns about non-compliance that requires formal investigation, but also as a supervisory tool, for example to inform our view of complex structural or financial arrangements or our monitoring of a firm’s compliance.  Please see our Skilled Persons Report Policy Statement for further information.

10. Where we identify an ongoing breach we will expect the firm to take prompt remedial action within a specified time period. Failure to do so will be taken into account in considering whether a matter is appropriate for referral to enforcement.

Case Selection

11. The method of selection of regulatory investigations cases is primarily determined by reference to the circumstances of individual cases.

12. At a strategic level, we also use enforcement action to address priority areas. Our priorities at any given time will have a direct bearing on how regulatory investigations resources are allocated.

13. For example, we use thematic work to address a particular risk that is common across a sector or the industry as a whole. Themes are usually selected because there appears to be a particular risk that is a priority for us to address. Thematic work is not initiated on the basis that it will result in enforcement, however it is more likely that breaches identified in a priority area of work will lead to enforcement action to deter wrongdoing in that priority area.

14. Although we use enforcement action as a tool to address our overall strategic priorities, it is not the case that we only take enforcement action in priority areas. Where breaches arise in non-priority areas which pose a risk to our regulatory objectives, we will consider whether enforcement action is necessary.

15. In instances of widespread non-compliance, we consider the appropriate regulatory response by taking into account factors including the root causes of the non-compliance, regulatory investigations resources, and whether the level of non-compliance can be better addressed by way of sector or industry wide guidance. Our primary focus will be on ensuring firms undertake remedial action to rectify any ongoing breaches. Enforcement action will be considered against firms that fail to comply with specified remedial action.

16. The combination of risk, priorities and resources in determining case selection means that enforcement action may be taken in some cases and not in others, even though the circumstances and nature appear to be similar. For example, in instances of widespread non-compliance by firms, it may be appropriate for us to take targeted enforcement action against a small proportion of those firms to deliver a broader credible deterrent.

17. In making a decision whether to proceed with enforcement action, we will satisfy ourselves that we have proper grounds to do so; that enforcement action is likely to further the GFSC’s objectives; and that it is proportionate in all of the circumstances.

18. You can find more about how we decide when it is appropriate to refer a matter to Regulatory Investigations here.


19. An investigation will be initiated where we have concerns about a firm or individual’s failure to comply with regulatory requirements and we consider it appropriate to investigate. In cases where we already have evidence of a regulatory breach, we may conduct an investigation to establish the full extent of regulatory failures and/or the impact.

20. We have statutory powers to appoint investigators and to gather information for use in our regulatory investigations. We may appoint investigators from within the GFSC or commission a report by a skilled person. Information may be gathered in a number of ways including by on-site inspections, formal recorded interviews and from witnesses or third parties. Investigations are scoped from the outset and kept under review.

21. In cases where concurrent litigation - either criminal or civil proceedings - is ongoing, we will consider carefully whether to pursue a regulatory investigation pending the outcome of the litigation. In determining this, we will balance the ongoing regulatory risks to consumers and/or to the public interest against any risk of prejudice to either the regulatory investigation or the proceedings.

22. In some cases we may be required to undertake enforcement action jointly with other regulators or authorities. For example, we may assist or take a proactive lead in a multi-jurisdictional investigation or we may pursue joint action with the Resolution Authority. In such circumstances we will clearly define the respective roles and endeavour to mitigate any potential prejudice or inconvenience arising from the joint investigation.

Enforcement Action

23. The use of our enforcement powers to ensure compliance with the requirements of legislation plays a key role in the pursuit of our regulatory objectives. For example:

i) in relation to the promotion of public awareness and market confidence, the imposition of disciplinary measures shows that regulatory standards are being upheld which maintains market confidence;

ii) in relation to the protection of consumers, the imposition of regulatory controls and disciplinary measures helps to deter future contraventions, ensures high standards of regulatory conduct and protects consumers; in addition, our powers to impose conditions or directions may be used to require a firm to take urgent remedial action to protect the interests of consumers; and

iii) in relation to the protection of the good reputation of Gibraltar, the imposition of timely and robust enforcement measures and prosecution of those committing financial crime, helps to promote the jurisdiction as a well regulated international financial services centre and to deter undesirable activity.

24. We are committed to ensuring transparency in the way in which we carry out enforcement action. You can find more information on the Decision Making Process for Regulatory Interventions here.

Firm or Individual

25. We may take enforcement action against a firm, an individual or both.

26. We will enforce the general principle that it is the responsibility of the senior management of a firm to properly run its business and to operate in accordance with regulatory requirements. Where the senior managers of firms fail to exercise appropriate management and controls, we will take enforcement action against the firm.

27. Where an individual is personally culpable we may decide to take enforcement action against that individual, including in relation to their fitness and propriety. Factors which are likely to lead to enforcement action against an individual include:

  • dishonesty;
  • intentional, reckless or seriously incompetent behaviour;
  • repeated or significant involvement in a firm’s failure to comply with regulatory obligations;
  • abuse of a position of trust;
  • criminal convictions;
  • findings of other regulators; and
  • failure to comply with individual regulatory requirements e.g. licence conditions.

Regulatory Settlement Agreements

28. We may enter into discussions with a firm or individual subject to enforcement action in order to reach an agreed regulatory outcome in the public interest. You can find our policy on settlement here.

Enforcement Outcomes

29. In determining what action to take in response to conduct appearing to be a breach, we consider the full circumstances of each case. Examples of relevant factors include:

        a. whether we are directly required to do so by statute;
        b. the nature and seriousness of the suspected breach;
        c. the impact of the breach including upon consumers, the orderliness of financial markets and/or the reputation of the jurisdiction;
        d. the conduct of the firm or individual after the breach, including what action has been taken to remedy the breach;
        e. the regulatory history of the firm or individual;
        f. guidance issued by us relating to the behaviour in question and if so the extent to which the firm has sought to follow that guidance;
        g. the root causes of the breach;
        h. action taken by us in previous similar cases.

30. Where there has been a breach which leads to a regulatory outcome, either by way of contested enforcement action formal sanction or settlement, we generally issue a public statement. You can find our policy on publication here.

Unauthorised Business and Financial Crime

31. We take a proactive approach to perimeter issues, including unauthorised or fraudulent activity, as these often involve criminal offences and are likely to pose a significant risk to consumers or to our regulatory objectives.

32. We investigate all cases of possible unauthorised activity with a particular emphasis on the prevention of fraud. Intelligence on such activities is gathered from a number of sources including consumer complaints and information from other regulators and law enforcement authorities.

33. In the case of unauthorised business, and where it appears to us there is a risk of consumer detriment, we publish warning notices where appropriate, to alert the public to the risks associated with firms carrying on these activities and to protect consumers from suffering financial loss.

34. Financial crime, such as money laundering and market abuse, is a key priority for us and this may be identified through regulatory oversight or intelligence. We routinely work alongside local and international law enforcement authorities in the prevention and detection of fraud and other economic crime and in the referral of criminal activity to the prosecuting authorities.

35. We investigate reports or information about alleged market abuse within the jurisdiction. Where appropriate, we use our powers to request the Attorney General to bring criminal prosecutions for insider dealing and misleading statements and practices offences, and to impose financial penalties for market abuse, in order to help to maintain confidence in the financial system.

Intelligence Sharing and Co-operation

36. Intelligence exchange and regulatory cooperation is fundamental both to our work and to the integrity of the international financial system.

37. We are committed to complying with the highest standards of best practice for regulatory cooperation. To achieve this, we have in place:

i) statutory gateways which enable us to communicate confidential information to other regulatory authorities in order to assist those authorities in the exercise of their supervisory functions;

ii) Memoranda of Understanding with international regulatory bodies to facilitate the exchange of information and intelligence. Further information on the MOUs we have in place can be accessed here;

iii) regular liaison with local law enforcement and judicial authorities to discuss strategic issues affecting the jurisdiction and its position as a finance centre;

iv) membership of international intelligence networks. 

This strategy may be changed from time to time.

1“Firm” is used generically to refer to all authorised entities including companies, partnerships and limited liability partnerships.