Compliance professionals in the British banking world are bracing for “incredible pressure” in 2015 as their employers implement new rules that will make senior executives personally accountable to regulators for their actions.
Compliance functions will have to play a leading role in setting up and monitoring the new Senior Managers Regime and Certification Regime—described as a “logistical nightmare” by one observer. They’re also likely to find their own behavior directly regulated under the new rules, with regulators taking more interest in the work they do and whether they are personally up to the job.
The two complex regimes are spelled out in a 395-page document that the Financial Conduct Authority and the Prudential Regulation Authority published in July. The PRA followed it up in November with further guidance explaining how the rules will extend to the insurance sector.
For now, the rules would only cover employees of British firms. But the government has said it will pass laws extending those regulations to the U.K. activities of foreign financial firms before they take effect—which is expected to happen in mid-2015.
Under the new Senior Managers Regime, firms will have to clarify the job roles and responsibilities of anyone deemed to be a senior executive at the firm: board directors and members of the executive committee, plus anyone reporting directly to them. They’ll have to prove to the regulators that a named person covers all the core activities that need to be performed, and to confirm that the people performing those roles and responsibilities know their job and are capable of doing it.
Britain already has an “Approved Persons Regime” to regulate the suitability of people in key management jobs; the SMR will cover fewer people, but will regulate them more closely, and expect more from them.
Firms will have to show the regulators key documents, such as “statements of responsibilities” and “responsibilities maps” to confirm how roles are allocated to individual senior managers and to demonstrate there are no gaps or overlaps. There will also be a new “reverse burden of proof” that will require individual senior managers to show that if they failed to perform a role listed as their responsibility, they at least took “reasonable steps” to avoid that happening.
“[G]oing forward, what we have is a situation where regulators will expect compliance in the spirit of the regulations, but also to the letter of all applicable laws and regulations. From a compliance perspective, that’s a no-win situation.”
David Wilford, Director of Compliance Products, Lombard Risk
The accompanying certification regime applies to a much wider range of employees and brings many people into the regulatory spotlight for the first time. A firm will have to certify that any employee outside senior management who can inflict “significant harm” on the firm, takes material risks, or supervises anyone else who is certified is “fit and proper.” That certification has to be reissued every year, and senior managers have to attest that their firm complies with the new regime.
Finally, there’s a new framework of standards for the kind of behavior the regulators expect from certified people. If anyone breaches these standards, the firm has to notify the regulator and report any formal disciplinary action taken.
The introduction of the two new regimes is going to put compliance staff under “intense pressure”, says David Wilford, director of compliance products at Lombard Risk. “Historically, compliance teams have only been able to function by focusing on areas that are a risk to the bottom line. But going forward, what we have is a situation where regulators will expect compliance in the spirit of the regulations, but also to the letter of all applicable laws and regulations. From a compliance perspective, that’s a no-win situation.”
People who fall under the senior manager regime will demand assurance about the state of compliance in the areas they are responsible for, he says. “There’ll be lots of pressure from the top, with people saying our livelihoods are on the line, please confirm that all the businesses that report to us are compliant with all regulations.” (The United States went through something similar in the 2000s, when CEOs and CFOs had to start certifying the accuracy of financial results as part of the Sarbanes-Oxley Act; a chain of sub-certifications soon ran down the organizational chart.)
Compliance will also get similar demands from less senior staff who will get picked up by the certification regime, Wilford believes. Financial sector compliance has tended to focus on front-line staff who interact with customers, but the regulations here will widen the scope massively.
“It really is all encompassing. There is no escape unless you do a very mundane job with no influence on the bottom line,” Wilford says. “For a Tier-1 bank with 10,000 staff in the United Kingdom, you could possibly be looking at 10 percent of staff being caught. That means you need to certify the roles, responsibilities, CVs, and development and training plans for maybe 1,000 people—and redo it every year. It’s a logistical nightmare.”
Michael Ruck of law firm Pinsent Masons, has been helping his clients prepare for the new regime. “With both the regime for banks and insurers, there is clear potential that a compliance officer is likely to be regarded as a senior manager,” he says.
“It depends on how firms approach compliance. If the head of compliance sits on the board, they would be in the regime. Sometimes the CEO has a head of compliance reporting to him or her directly, rather than to the board, but they might still be considered a senior manager.” If they are deemed a senior manager, the compliance chief’s role and responsibilities will have to be tightly defined.
Just how burdensome the attestation work becomes will depend on how firms go about it, Ruck says. “It’s down to each firm to interpret the principles and apply them in their own circumstances. In my mind, it is better for each individual manager to ‘take responsibility for their responsibility.’”
SENIOR MANAGERS REGIME
Below, Britain’s Financial Conduct Authority provides an overview of the Senior Managers Regime.
For relevant firms, the Act replaces the concept of a Significant Influence Function in Financial Services and Markets Act 2000 for relevant firms with that of a Senior Management Function which covers:
A function that will require the person performing it to be responsible for managing one or more aspects of the relevant firm’s affairs, so far as relating to regulated activities, and those aspects involve, or might involve, a risk of serious consequences for the authorized person, or for business or other interests in the United Kingdom.
FSMA, as amended by the Act, states that, for the purposes of the definition of SMF, ‘managing’ can include taking decisions or participating in the taking of decisions on how a firm’s affairs should be run. This means that non-executive directors and directors in other group entities that participate in the taking of decisions about the firm can be specified as SMFs.
The Act introduces into FSMA several provisions designed to promote a clear allocation of responsibilities to senior managers and enhance their individual accountability. These include:
• A requirement for applications for approval as a senior manager of a relevant firm to ‘contain, or be accompanied by a statement setting out the aspects of the affairs of the authorized person concerned which it is intended that the person will be responsible for managing in performing the function.’ These ‘Statements of Responsibilities’ must be resubmitted whenever there is a ‘significant change’ in the senior manager’s responsibilities.
• New statutory powers for the regulators to impose conditions and time limits on approvals of senior managers, both at the initial approval stage and subsequently through a variation of approval.
• If a firm contravenes a relevant requirement, the senior manager responsible for the area where the contravention has occurred could be held accountable if they are unable to satisfy the regulators that they have taken ‘reasonable steps’ to prevent or stop the contravention (the ‘Presumption of Responsibility’).
• Potential criminal liability under a new offence relating to a reckless decision causing a financial institution to fail. (This applies only to senior managers working in banks, building societies and PRA-designated investment firms. It does not extend to senior managers in credit unions).
The Act enables the regulators to decide which functions to specify as SMFs. In doing so, th regulators have focused on delivering:
(1) more targeted oversight of key decision makers responsible for the firm’s main activities,and
(2) a clearer allocation of responsibilities to key individuals, which minimizes the potential for overlaps and underlaps in accountability.
The SMR’s emphasis on individual responsibilities is not, however, intended to undermine the fiduciary, legal, and regulatory responsibilities of the board, which will retain ultimate decision-making power and authority over all aspects of the firm’s affairs.
Source: Financial Conduct Authority.
Ruck advises executives to get a formal statement of responsibilities, confirm that it’s accurate, and understand what it asks them to do. “The regulators want to hold individual senior managers to account for their actions, so the burden of proof shifts then to the individual,” he says.
The compliance officer’s role, he continues, is that once everyone’s statements of responsibility are in place, to monitor those responsibilities. Exactly how the compliance officer might do that will vary from one firm to another, and depend on the type of work a firm does. It will likely require a regular conversation (perhaps annually) with each manager to make sure he or she knows what is expected.
The SMR is forcing firms to give “some thought” to defining and documenting specific senior management responsibilities, Ruck says, to make sure everything is covered. But he is more sanguine about the overall effect of the new approach.
“It will be more onerous at least to start with—setting up, clarifying who does what—but going forward” the situation should improve, he says. “If the firm is operating responsibly and everyone knows what they are doing already, it won’t add much workload. But if the firm is not clear, or is moving responsibilities around, that could increase the workload.”
Most sensible firms are talking to the regulators now, proposing what they plan to do as a point for discussion, says Ruck. The question is whether they will be so open to a friendly chat once the new regime takes effect.