Bank Individual Accountability Regime the fuller picture Simon - - PowerPoint PPT Presentation

Bank Individual Accountability Regime – the fuller picture

Simon Morris April 2015

Looking at

1. The new structure 2. Presumption of responsibility 3. Non-executive directors 4. Foreign branches 5. General state of progress

The policy driver

Parliamentary Commission on banking standards − Only some 10% of staff were subject to individual regulatory approval; − The regulators front-end loaded the approval process, focusing too much on initial approval, rather than ongoing probity; and − Lines of responsibility were too often unclear so that it was difficult to attribute individual responsibility

1. The new structure

a) Senior managers b) Certification regime c) All other staff

4

Senior managers – for a UK bank the top layer of executive management and all directors other than an ordinary non-executive director. Will be pre-approved & subject to 1st & 2nd tier conduct rules substantially similar to APER. Also a) A senior manager must prepare a statement of responsibility setting out his duties. b) The bank must prepare a responsibilities map linking these together and describing its governance arrangements. c) The burden of proof is reversed, so if something goes wrong in an area for which a senior manager is responsible, taking his statement of responsibility into account, he must prove that he took reasonable steps to avoid this happening. d) A senior manager is liable for a new criminal offence of causing a bank to fail, unlikely ever to be prosecuted.

5

Senior Managers will be …

Executives Non-Executives

1. CEO, CFO & all other directors 2. Head of key business area – £10b assets/20% revenue 3. ExCo – direct board reports with delegated authority 4. Head of Internal Audit 5. Group entity senior manager* 6. MLRO & Compliance + fin crime 7. Significant responsibility function**

*Developing strategy ok. But may be GESM if (a) implements strategy without local delegation; or (b) directly involved in, or takes decisions over, UK regulated business without local consent/approval. ** Flexible, when required

1. Chairman 2. Chair of the Risk Committee 3. Chair of the Remuneration Committee 4. Chair of Nominations Committee 5. Chair of Audit Committee 6. Senior Independent Director

6

Prescribed responsibilities and key functions must be allocated to a senior manager, including …

19 + 4 prudential responsibilities 8 for small firms (assets < £250m) 1) Implementation and oversight of regime 2) Performance under the Certification Rules 3) Compliance with management responsibilities map 4) Training senior management 5) Internal audit ops & integrity 6) Compliance ops & integrity 7) Risk ops & integrity 8) Developing culture and standards 9) Allocation & maintenance of capital, funding & liquidity 10) Treasury management functions 11) Financial information and regulatory reporting 12) Recovery plan and resolution pack 11 conduct responsibilities plus 27 functions for management mapping, including 1) Client assets 2) Payment services 3) Settlement 4) Financial or investment advice 5) Mortgage advice 6) First line quality assurance of sales 7) Lending decisions 8) Design and manufacturing of products 9) Marketing materials and communications 10) Customer service 11) Customer complaints handling 12) The firm’s information technology 13) Business continuity 14) Human resources

7

Statement of responsibility …

Individual statement of responsibilities

• Prepare & lodge when seeking approval
• Important opportunity to clarify & codify responsibilities

The bank must have an integrated overall responsibilities map

= who does what, lines of delegation & reporting, governance

• Single, comprehensive up-to-date document
• Describing management and governance arrangements
• To ensure collective allocation of responsibilities complete
• Detailed lines of reporting & responsibility & the persons performing

them

• Details of management & governance of the bank’s main business

areas & governance functions

8

Certification regime

Middle management and some material risk takers are not subject to the same regulatory fit and proper standards. There’s a blind spot here. And this, essentially, is where the certification regime comes in.

Martin Wheatley: Nothing to fear from high standards (16 March 2015)

Individuals below the level of senior manager who can cause significant harm to the bank or its customers, such as managers of significant business areas, dealers, customer advisers and their managers, will not be individually approved. Instead, the bank is responsible for ensuring and must certifying their fitness and

• properness. They are subject to 1st tier conduct rules.

9

They will be …

1) Material risk takers 2) Former SIFs 3) Managers of certification employees 4) Head of unit or member of committee with significant responsibility for a significant business unit that a) Carries on credit related activity b) Makes material decisions on the commitment of the firm’s resources c) Processes settlements or client money d) Carries on other designated business activities 5) Functions requiring TC qualifications 6) CASS oversight 7) Benchmark submission & administration 8) Functions with a material impact on the firm’s risk profile and which might involve the risk of significant harm to the firm or its customers 9) Likely to be extended to wholesale traders

10

What does fit & proper look like?

Attributes – personal characteristics

− Honesty − Integrity − Reputation − Competence, training, knowledge, qualifications, experience − Capability − Financial soundness

Evidence

− Referencing & checking − Assessment & confirmation − Assessment & testing − Record outcome with reasons

Process

− Template for the position − Initial assessment − Ongoing oversight − Annual reassessment

11

All other staff

All other staff apart from twenty designated categories such as cooks, cleaners and receptionists will be subject to 1st tier conduct rules

12

In other words …

Prior approval Statement of responsibility Annual vetting for F&P Subject to senior manager rules Liable for breach in your area Subject to conduct rules Senior manager

• Must also

be fit & proper

• Certificate

staff

• Other staff

Must also be fit & proper

• 13

And what about the rules?

14

First tier – rules for everybody

Individual Conduct Rules

• Rule 1: You must act with integrity.
• Rule 2: You must act with due skill, care and diligence.
• Rule 3: You must be open and cooperative with the FCA, the PRA

and other regulators. FCA only

• Rule 4: You must pay due regard to the interests of customers and

treat them fairly.

• Rule 5: You must observe proper standards of market conduct.

15

Second tier – rules for Senior Management

• SM1: You must take reasonable steps to ensure that the business of

the firm for which you are responsible is controlled effectively.

• SM2: You must take reasonable steps to ensure that the business of

the firm for which you are responsible complies with relevant requirements and standards of the regulatory system.

• SM3: You must take reasonable steps to ensure that any delegation
• f your responsibilities is to an appropriate person and that you
• versee the discharge of the delegated responsibility effectively.
• SM4: You must disclose appropriately any information of which the

FCA or PRA would reasonably expect notice.

16

2. Senior manager presumption of responsibility

17

There are three grounds for individual discipline

Currently –

• 1. You failed to comply with rules of conduct; or
• 2. You have been knowingly concerned in an authorised person’s

contravention of a relevant requirement And now –

• 3. The bank contravened a rule

a) Which fell within the responsibility of a senior manager/in- scope NED in his senior management function b) Unless he can show he took reasonable steps to avoid the contravention

18

The regulatory policy

The core ambition here is to make sure that where a firm contravenes a regulatory requirement, in an area for which a senior manager is responsible, it will be up to that manager to satisfy regulators that they took reasonable steps to prevent the contravention happening. The broad political intention here is to rebalance responsibilities and avoid a scenario where it becomes very difficult for regulators to definitely demonstrate whether X or Y took reasonable steps to prevent their firm breaching a particular regulatory requirement in their business area. This moves us away from where determining who is accountable for what, has required often enormous powers of regulatory decryption.

Martin Wheatley: Nothing to fear from high standards (16 March 2015)

19

The PRA states

− A Senior Manager or in-scope NED can be held accountable for his individual contribution to collective decisions and their implementation. − Liability may be joint and it is possible that more than one Senior Manager or in-scope NED could be held responsible in relation to a Bank’s misconduct. − Statements of Responsibility and Responsibilities Maps will be relevant (but not the only) evidence in determining whether a Senior Manager was responsible for managing any of the firm’s relevant activities, or an in-scope NED was responsible for the area where the misconduct occurred.

20

Notional PRA examples

Against senior managers a) A firm breaches its capital requirements as a key business unit has repeatedly breached its risk limits => heads of the key business areas and the Chief Risk Officer. b) Management fails to monitor the provision of outsourced services resulting in serious service failure. More likely example: weak systems

• r poor MI produce problem in

manager’s area Against in-scope NEDs: a) Remuneration Committee failed to prepare decisions regarding remuneration for the Board => Chair of Cttee b) A firm’s Chairman and in-scope NEDs who failed to address serious concerns about an overly dominant CEO with the Board or to advise the regulators. More likely example: NED fails to challenge poor board decision or pursue problem

21

The regulators will look at

1. Size – the size, scale and complexity of the firm; P F 2. Responsibilities – the actual responsibilities of that Senior Manager and other Senior Managers in the firm; P F; how responsibilities were allocated on paper & in practice; F 3. Knowledge – what the Senior Manager actually knew, or ought to have known; P about the business and its risks F and about the issue and regulatory concerns; F 4. Competence – what expertise and competence the Senior Manager had, or ought to have had, at the time to perform his specific Senior Management Function; P 5. Action – what steps the Senior Manager took and could have taken, considering alternatives; P F 6. Delegation – whether the Senior Manager properly delegated and oversaw any functions; P F and his reporting lines were clear; F 7. Procedures – whether the manager assessed governance and risk management, had/gave an orderly handover, followed procedures and monitored the business F 8. Group decisions - whether the group was properly informed and acted reasonably F 9. AOB – the overall circumstances and environment at the firm and more widely in which such a Senior Manager was operating at the time. P

22

A dozen important steps to take

• 1. Be aware of regulatory requirements & wider environment;
• 2. Investigate & review your area of responsibility;
• 3. Implement, police and review appropriate policies;
• 4. Structure and control day-to-day operations, managing delegations;
• 5. Obtain & monitor appropriate internal management information;
• 6. Raise issues & follow them up;
• 7. Take pre-emptive action to prevent breaches;
• 8. Adequately respond to any breach;
• 9. Seek and obtain appropriate expert advice or assurance;

10.Deploy adequate resources, especially for control functions; 11.Keep a proper record of what you hear, say and do; 12.Maintain an audit trail of actions, initiatives, decisions & remedies.

23

Records to create & keep

1. Must have a) Your statement of responsibilities; b) The bank’s responsibilities map; 2. Will have a) Board and committee minutes; b) Organisation charts and information on reporting lines; c) Emails & telephone recordings; 3. Want to have a) Your day-book; b) Minutes of other internal meetings; c) Regulatory dialogue & notifications.

24

Will reversal make a difference?

Yes a) Imperative to claim more scalps b) Policy changed to make this easier c) Burden of proof is reversed d) Difficulty of persuading the regulator in negotiations e) High costs to go before the Tribunal No a) Regulator must act reasonably & proportionately b) Substantive requirements unaltered c) Clear track record so far of egregious cases only d) Competent & diligent manager no worse off e) But you must keep those records

25

3. What about non-executive directors?

26

What about non-executive directors?

In-scope NEDs approved & have statement of responsibilities 1. Chairman 2. Senior independent director 3. Chair of Risk, Audit, Remuneration & Nominations Committees Out of scope – not individually approved (though will appear on responsibilities map) 4. All other NEDs

• Notified to the regulator – must justify appointment on “Form A”
• Assessed as fit and proper
• Must be required to observe CR 1, 2, 3 & SM 4

27

Allocating NED responsibilities

Allocating NED responsibilities

29

Controlled functions Prescribed responsibilities Chairing responsibility Other responsibility Chairman Chairing and overseeing the performance of the role of, the management body or committee The induction, training and professional development of all members of the firm’s management body. Chair of the Risk Committee Ensuring and overseeing the independence and integrity of the risk function Chair of the Audit Committee Ensuring and overseeing the independence and integrity of the internal audit function Chair of the Remuneration Committee Oversight of the firm’s remuneration policies and practices. Senior Independent Director None Performing the role of a senior independent director, and leading the assessment of the Chairman’s performance. Any NED subject to PRA pre- approval None Maintenance of the firm’s whistleblowing policies. Ensuring and overseeing the independence and integrity of the compliance function

In-scope NEDs and the conduct rules

The PRA considers that

• Conduct Rules such as the duty to act with integrity will apply to an in-scope

NED in the same way as to a Senior Manager.

• Other Conduct Rules such as the duty to act with skill, care and diligence will
• nly apply to an in-scope NED in respect of their prescribed responsibilities
• The requirement to be open and cooperative is particularly important for in-

scope NEDs.

The FCA recognises that

• NEDs individually do not manage a firm’s business in the same way as

executive directors.

• The standard of care, skill and diligence that the FCA would expect from a

NED is that of a reasonably diligent person with the general knowledge, skill and experience that may reasonably be expected of a person carrying out the NED’s functions.

30

But what about a NED’s actual duties?

All NEDs − Understand the issues − Provide input & challenge at meetings − Provide objective views on resources, appointments and standards of conduct − Scrutinise management performance − Scrutinise remuneration policy − Be satisfied that financial controls & risk management is robust In-scope NEDs Chair − Effective chairing; − Responsibility for governance; Committee Chair − Ensure the committee meets with sufficient frequency and focuses on the business; − Foster an open discussion which challenges executives; − Ensure the committee has full access to management and information

31

4. What’s happening at foreign branches?

32

Foreign branches Policy

− Level playing field − Recognition that board and highest decision making are overseas − Focus on

• Branch governance
• Individuals running day-to-day

33

Foreign branches Senior manager regime

34

EEA branch Third country branch Head of overseas branch*

• PRA

Group entity senior manager*

• PRA

Other senior managers if large & complex (CFO, CRO, H of IA)

• PRA

MLRO

• FCA
• FCA

Head of Compliance

• FCA

Overseas senior branch manager*

• FCA

EEA branch senior manager (deals with confirms, settlements, claims, CASS, taking deposits &c)

• FCA

Foreign branches Senior manager regime at 3rd country branches

.

35

Group entity senior manager – actively and directly involved in the management of the incoming branch but sits outside it; implements group strategy in relation to the incoming branch rather than setting it. Head of overseas branch – has highest degree of individual decision-making authority within the branch over activities subject to UK regulation Overseas branch manager – senior individual in/outside branch with branch conduct responsibility (Head of Wholesale Lending)

Foreign branches Senior manager responsibilities at 3rd country branches

Fundamental under the regime – ensuring branch observes

• bligations under the Senior Managers Regime & certification rules.

Allocation of all UK branch prescribed responsibilities. Maintaining branch management responsibilities map Compliance requirements – maintaining branch risk management processes; branch compliance with the UK regulatory regime; branch systems & controls; escalation of regulatory correspondence to head

• ffice; maintaining branch whistleblowing policy; financial information

and regulatory reporting; combatting financial crime. Financial – branch liquidity

36

Foreign branches Grandfathering (1)

37

Non-EEA branches Current Controlled Function Grandfathered Applicable FCA SMF CF1 – Director SMF7 – Group Entity Senior Manager SMF18 – Head of Overseas Branch SMF19 – Overseas Branch Senior Manager CF2 – NED SMF7 – Group Entity Senior Manager CF3 – Chief Executive SMF18 – Head of Overseas Branch CF10 – Compliance Oversight SMF15 – Compliance Oversight CF11 – Money Laundering Reporting SMF2 – Chief Finance Function SMF4 – Chief Risk Function SMF5 – Head of Internal Audit SMF16 – Money Laundering Reporting CF28 – Systems and Controls SMF18 –Head of Overseas Branch SMF19 – Overseas Branch Senior Manager CF29 – Significant Management SMF19 – Overseas Branch Senior Manage

Foreign branches Grandfathering (2)

38

EEA branches CF11 – Money Laundering Reporting SMF16 – Money Laundering Reporting CF29 – Significant Management SMF20 – EEA Branch Senior Manager

Foreign branches Other staff

Certification regime at EEA & 3rd country branches − Individual based in the UK − Or (3rd country only) dealing with UK customer from overseas − Subject first tier conduct rules − 3rd country branches – material risk takers for remuneration code (PRA) − Individuals capable of causing significant harm (customer advisers) (FCA) All other staff (bar the 20 exceptions) – first tier conduct rules

39

And finally …

40

What progress are banks making?

41

Task Progress Completion

• 1. Board familiarisation

Initial completed Ongoing required

• 2. Identifying affected staff

Virtually completed Complete May 2015 Grandfather by Feb 2016

• 3. Statements of responsibilities

& map Templates prepared Complete concept June 2015 Complete actual by Dec 2015

• 4. Certification standards &

process Preparing templates & scoping process Complete concept June 2015 Start Feb 2016 & end Mar 2017

• 5. Reviewing employment

material Not commenced Complete Sept 2015

• 6. Reviewing procedures

Being identified Complete Sept 2015

• 7. Training and testing staff

Scoping syllabuses Delivery Oct – Dec 2015

• 8. Embed procedures & pass to

HR Commence stages from June 2015 Jan – Feb 2016

• 9. Final QA & board sign off

Commence stages from June 2015 Jan – Feb 2016

• 10. New rules in effect

7 March 2016