When a regulated professional services firm faces a conduct issue or client-impacting incident, its first public statements do more than manage reputation — they may later become part of the regulatory record.
Early crisis communications are often drafted under pressure. In a regulated environment, what is said during the early stages of an incident may later be scrutinised for accuracy, consistency and evidential support. Language that is intended to reassure can, if not carefully calibrated, create unintended admissions, narrow the apparent scope of an issue, or sit uneasily alongside subsequent findings. This can turn an operational incident into a governance and conduct issue, raising questions about oversight, decision-making and candour.
Crisis communications are rarely judged only in the moment. Months or years later, regulators, investigators and tribunals may revisit early statements and assess them against internal documents, timelines and decision-making processes. Regulatory risk is therefore both immediate and retrospective.
This dynamic has played out in high-profile regulatory investigations. During the LIBOR manipulation scandal, early public statements by banks tended to frame the issue as misconduct by a small number of individuals. Subsequent regulatory findings identified wider control and cultural failings. The divergence between early reassurance and later regulatory findings moved the focus from technical breaches to systemic questions about governance and culture, increasing reputational damage in the process. It demonstrates how framing an issue as isolated misconduct can prove problematic if subsequent findings reveal broader control weaknesses.
Transparency vs disclosure
A common mistake in regulated crisis communications is confusing “being transparent” with “sharing all details.” Transparency is about clarity of intent and action. It is demonstrated by:
– Acknowledging what has happened (at the right level of certainty).
– Showing you are taking it seriously.
– Explaining what you are doing next.
– Setting expectations on timing and updates.
Disclosure, by contrast, involves sharing specific facts, evidence or detailed conclusions. During a live incident, those facts may be incomplete, legally sensitive, confidential or privileged. The challenge is to be transparent without overstepping into premature disclosure.
The risk of defensive messaging
Professional services firms sometimes default to defensiveness where regulatory scrutiny is anticipated. Statements become absolute:
– “We are fully compliant.”
– “Our controls are robust.”
– “The allegations are baseless.”
Such language may feel reassuring in the moment. However, when made before a thorough investigation, it can significantly increase regulatory exposure. If the position later evolves, credibility may be damaged and regulatory attention may shift from the incident itself to the firm’s governance and culture. Regulators and disciplinary panels often look for evidence of reflection and accountability. They may criticise what they interpret as minimisation, premature certainty or a lack of candour.
In this context, firms should avoid providing detailed affirmations at an early stage, particularly where those statements may run ahead of eventual regulatory findings. Firms should avoid absolute claims that cannot yet be evidenced, minimising language (“isolated”, “minor”, “a small issue”) and dismissive phrasing (“false allegations”, “baseless claims”) unless the facts are firmly established.
A measured approach demonstrating governance, control, competence and integrity without running ahead of the facts is more effective. Initial communications during an incident should focus on what is known, what is not yet known, and what is being done to establish the facts.
A similar pattern can be seen in a number of SRA/SDT AML enforcement notices in recent years. In several cases, firms had asserted that their anti-money laundering policies and controls were compliant and robust. Regulatory inspections later identified significant deficiencies, including inadequate risk assessments and over-reliance on template documentation. While enforcement action focused on substantive compliance failings, decisions often referenced weaknesses in governance and oversight. Assertions of compliance that were not fully supported by evidence became part of the wider regulatory critique and narrative.
The difficulty is rarely the reassurance itself, but the gap between early assertions of AML compliance and the findings later published by the SRA/SDT. When that divergence emerges, scrutiny shifts from technical failings to broader questions about governance and supervision. This amplifies the reputational risk for firms, with implications for client confidence and the firm’s standing.
A Practical Discipline for Regulated Firms
Before issuing early crisis communications, regulated firms should ask:
– Could this statement later be interpreted as an admission?
– Are we expressing certainty that we cannot yet evidence?
– Does this language allow room for the factual position to evolve?
– Would we be comfortable defending this wording before a regulator or tribunal?
– Is our external messaging fully consistent with our internal documentation?
Seeking Controlled Clarity
The most effective crisis communications for regulated firms are rarely the most detailed. They are the most disciplined.
When regulators may be watching, the priority is to demonstrate that the organisation is acting responsibly, taking the matter seriously, and managing it through appropriate governance.
Disciplined clarity protects both trust and standing. In regulated environments, statements are judged not only for their immediate reassurance, but later for their consistency with the evidence that follows. For professional services firms, ensuring that early messaging reflects what can be demonstrably supported helps safeguard client confidence, regulatory credibility and the firm’s reputation.
Beth Durkin, Director