Referral Policy

1. The GFSC is committed to ensuring transparency in its approach to regulatory investigations.

2. This policy sets out the factors that we will use to determine whether a matter will be referred from Supervision to Regulatory Investigations for further investigation and/or enforcement action in accordance with the Decision Making Process for Regulatory Interventions. 

3. This policy should be read in conjunction with our strategy.

4. We may from time to time change our referral policy. When we do we shall place the amended policy statement on our website.


5. Where Supervision believe that there has been, or have concerns that there may be or have been a breach of regulatory or other legal requirements, or there is a risk to the GFSC’s regulatory objectives, Supervision and Regulatory Investigations will jointly consider whether a regulatory response is appropriate.

6. We will consider this by reference to a range of key factors focused on the merits of the case, the seriousness and impact of the alleged or actual breach, the outcome that enforcement action would achieve and the overall proportionality.

7. The factors set out below are not intended to be exhaustive; not all of them will be relevant in a particular case, and there may be others that are relevant and which we will take into account. Any one or combination of factors may lead us to refer a matter to Regulatory Investigations.

8. Where a matter is considered appropriate for further investigation and/or enforcement action, the matter is referred from Supervision to Regulatory Investigations.

Factors to Consider

In determining whether to refer a matter to Regulatory Investigations, the overarching question we will consider is whether enforcement action is necessary to discharge our statutory functions or likely to further our regulatory objectives.

In that context we will ask ourselves the following questions

i) Is there a case to answer?

  • Are we required by statute to take action;
  • If not, what is the nature and seriousness of the suspected breach;
  • Do we have grounds to take action;
  • What is the strength of the evidence; what other evidence is or may be available;
  • What investigation is needed; is it proportionate to undertake an investigation;
  • Has any action been taken by other regulators or law enforcement agencies.

ii) What is the impact of the suspected breach?

  • What risk does it present to our regulatory objectives;
  • Has there been actual or potential consumer detriment;
  • What is the impact on the orderliness of financial markets;
  • Do the actions of the firm or individual undermine public confidence in and/or the reputation of Gibraltar or the GFSC as a regulator;
  • Is the public interest otherwise engaged;
  • What benefit has the firm or individual derived, or might they derive, from the suspected breach;
  • Is the suspected breach evidence of widespread non-compliance across a specific sector or the industry as a whole;
  • Is the suspected breach indicative of a systemic problem within the firm.

iii) What would enforcement action achieve?

  • Is the suspected breach linked to a GFSC strategic objective or priority (i.e. an area of focus set out within the GFSC’s business plan);
  • If not linked to a strategic objective or priority, does the suspected breach present a sufficiently serious risk to the GFSC’s regulatory objectives;
  • Is there an ongoing risk that warrants enforcement action;
  • Is action needed to prevent a financial gain or benefit from the suspected wrongdoing;
  • Would an enforcement outcome assist in deterring and changing the behaviour of others;
  • What is the priority of this case against others cases that could be referred to Regulatory Investigations.

iv) Is enforcement action proportionate in all of the circumstances?

  • What is the seriousness of the suspected breach;
  • What was the response of the firm or individual to the suspected breach; was the matter reported to us by the firm or individual; what action has the firm or individual taken to remedy the breach and/or prevent future occurrences;
  • What is the nature of the firm’s overall relationship with the GFSC;
  • What is the regulatory record of the firm or individual;
  • Is the suspected breach a repeat occurrence;
  • Is the suspected breach part of a pattern of smaller issues, which individually may not justify disciplinary action, but which may do so when taken collectively;
  • Is enforcement action a necessary response to the suspected breach; can it be dealt with by way of an alternative regulatory response.