Barclays chief executive Jes Staley has been fined £642,430 by regulators for breaching rules by trying to identify a whistleblower.
The Financial Conduct Authority and the Prudential Regulation Authority said he failed to “act with due skill, care and diligence” in his response to an anonymous letter received in June 2016.
The FCA and PRA began their probe into Mr Staley’s conduct a year ago.
Barclays said it would cut his bonus by £500,000.
Directors delayed deciding how much Mr Staley’s bonus would be docked until the investigation was complete and they knew the penalty imposed.
Mr Staley said: “I have consistently acknowledged that my personal involvement in this matter was inappropriate, and I have apologised for mistakes which I made.
“I accept the conclusions of the board, the FCA, and the PRA, following their respective investigations, and the sanctions which they have each applied.”
Mr Staley earned £2.35m in 2016 and received a bonus of £1.3m.
The fine amounts to about a fifth of his total compensation. It would have been more than £900,000, but he was given a 30% discount for settling at an early stage.
Analysis: Jonty Bloom, BBC business correspondent
Many will think that Jes Staley has got off lightly. He still has his job and the regulators stopped short of saying that he was unfit to continue in post, which would have surely ended his career at Barclays and possibly in banking altogether.
As chief executive of Barclays, Mr Staley should have been setting an example of how to deal with whistleblowing. Instead, when he received anonymous allegations against a senior member of staff, who was also a friend, he set the bank’s own internal investigations unit to work to discover the identity of the whistleblower.
That matters, because after the credit crunch and bailout of the banking sector, regulators introduced vigorous rules to encourage those with concerns of wrongdoing to come forward. Mr Staley’s actions directly undermined that very safety valve.
Jes Staley now has the distinction of being the first boss of a major financial institution to have been fined by the regulators and to have kept his job.
The issue dates back to June 2016, when members of the Barclays board received anonymous letters raising concerns about a senior employee who had been recruited by the bank earlier that year.
The letters, which were treated as whistleblowing, raised concerns of a personal nature about the senior employee, and Mr Staley’s knowledge of and role in dealing with those issues at a previous employer.
They also raised questions over the appropriateness of the recruitment process followed by Barclays on this occasion.
Mr Staley asked the bank’s security chief, Troels Oerting, to attempt to identify the authors of the letters, which the chief executive thought were an unfair personal attack on the senior employee.
Mr Oerting, who formerly worked for Europol, contacted US federal law enforcement agencies to help track down the letter’s origin, which had a US postmark.
Regulators will keep an eye in future on how Barclays oversees whistleblowing. They have told the bank to report to it every year to explain how it handles any issues.
This includes making senior managers give personal assurances that whistleblowing protocols are being followed properly.
Mark Steward, from the FCA, said: “Given the crucial role of the chief executive, the standard of due skill, care and diligence is more demanding than for other employees.
“Mr Staley breached the standard of care required and expected of a chief executive in a way that risked undermining confidence in Barclays’ whistleblowing procedures.”
Barclays, though, noted in its statement that there were no findings by the FCA or PRA that Mr Staley acted with a lack of integrity nor any findings that he lacks fitness and propriety to continue to perform his role.
The chairman, John McFarlane, said Barclays and its investors stood behind Mr Staley: “The board has reiterated its support for Jes, as have shareholders at last week’s annual general meeting.”