The professional expectations of compliance professionals in the British banking world are going through some drastic changes as companies begin to implement new rules that make senior executives personally accountable to regulators for their actions.
This new Senor Managers Regime is spelled out in a 414-page final set of rules that the Financial Conduct Authority published in July, bringing with it a host of new questions: How can compliance officers now manage this uncertain new world of increased senior management liability? What’s the likelihood that compliance officers themselves could be held accountable? What exactly happens when you get into trouble with the FCA, anyway? During a panel discussion at Compliance Week’s Europe conference in Brussels last week, former compliance officers answered these questions, and more.
Britain already has an “Approved Persons Regime” to regulate the suitability of people in key management jobs. Under that regime, however, “it was simply a matter of filling out a form, sending it through to the regulator who would pretty much rubberstamp it and send it back,” said Jonathan Bowdler, U.K. head of compliance at the International Compliance Association, a professional membership body.
That old regime will now be superseded by this new Senior Manager Regime, which effectively will expose fewer people, but will regulate them more closely and increase expectations. “The new regime is actually holding decision makers further to account,” said Bowdler.
Financial firms will have to show regulators key documents, such as “statements of responsibilities” and “responsibilities maps” in which they have to explain how roles are allocated to individual senior managers and to demonstrate there are no gaps or overlaps.
“I’d like to think under the new regime that senior managers are more accountable and responsible of their actions.”
Anthony Wills, Former CCO, Bank of Beirut
Accompanying the new Senior Managers Regime is the Certification Regime, which makes firms responsible, both at the recruitment stage and on an ongoing basis, for assessing for themselves the “fitness and propriety” of staff, other than senior managers, who could pose a risk of “significant harm” to the firm or any of its customers—for example, staff who give investment advice.
“We are used to being involved as the compliance function in certification,” said Stefan Sauer, chief compliance officer for Belgium and Luxembourg at the Royal Bank of Scotland. The difference with the new regime, however, is that it’s much more individually scoped. “It’s much stricter,” he said.
New “conduct rules” will also be put in place that set out a basic standard for behavior that all those covered by the new regimes must meet. “Firms’ preparations will need to include ensuring that staff who will be subject to the new rules are aware of the conduct rules and how they apply to them,” the final rules stated.
Individuals subject to either the Senior Manager Regime or the Certification Regime will be subject to the conduct rules when they take effect in March 2016, while the financial services firms will have a year after the rules take effect “to prepare for the wider application of the conduct rules to other staff,” the final rules stated.
“It basically just means bringing in training programs, having the controls in place to make sure they are delivered and recorded and you have the evidence in place to show you’ve done it,” said Bowdler.
Under the conduct rules, compliance officers should be prepared to conduct specific training for senior managers on the requirements, because managers are going to want to better understand their risk exposure, said Sauer. Because senior managers will reach out more to compliance officers, “I think we’re more exposed and we have to be more prudent,” he said.
On the positive side, the Senior Managers Regime helps to improve communication between compliance officers and senior managers. “It’s much easier to have an open discussion with them on things they must do and that they cannot do,” said Sauer. It will be much easier for compliance officers to get that buy-in, he said.
CCO Accountability?
Another benefit is more individual accountability at the senior level. “I’d like to think under the new regime that senior managers are more accountable and responsible of their actions,” said Anthony Wills, the former compliance officer at the Bank of Beirut. Under the new regime, firms and individuals must be more open and transparent in communications with FCA, he said.
SENIOR MANAGERS REGIME OVERVIEW
Below is an excerpt from the Compliance Week Europe presentation, “Putting Leaders on the Line,” which outlines the effect of the new U.K. Senior Managers Regime on chief compliance officers.
Impact on the Role of the Compliance Officer
Statement of Responsibilities: Senior Managers Functions Mapping
Advisory/monitoring role: regulatory prescribed responsibilities taken over
No gaps?
Regulatory relationship management: approval process
Certification Process – Fit & Proper Process
3 Components
Financial soundness
Honesty, integrity, reputation
Competence and capability
More individuals in scope
Tightened standards of reporting and recordkeeping
Conduct Rules
Policy Setting
Advisory
Training
Monitoring
Compliance Charter
Roles & responsibilities: HR vs compliance vs legal vs other
Independent 2nd line of defence vs 1st line ownership
Legal & Regulatory Exposure
Presumption of responsibility (reverse burden of proof)
Criminal offence of reckless misconduct
Senior managers’ reliance on advice and MI provided by the compliance officer
Liability of the Compliance Officer
Firms and individuals must be open and transparent in communications with FCA
CCO must not be influenced by senior management in communications with the regulator
The compliance conundrum: conflict of interest
How much information should CCO give the regulator?
Whistleblower issue: no rewards in United Kingdom
Shooting the messengers?
Source: “Putting Leaders on the Line” Presentation.
If anybody knows the importance of transparency, it’s Wills. In March, the FCA fined him and Michael Allin, the Bank of Beirut’s internal auditor, £19,600 and £9,900, respectively, for failing to deal with the regulator in an “open and cooperative way when responding to queries about the actions taken to mitigate financial crime risk,” the FCA said.
The FCA, however, did not levy fines against any senior managers to date. “It’s possible they’re still investigating the bank,” said Wills.
Concerns about the culture within the Bank of Beirut became apparent following supervisory visits to the firm in 2010 and 2011. In particular, the regulator believed too little consideration was being given to the risk that the firm be used for financial crime, the FCA said.
These visits took place prior to Wills’ arrival at the bank. “I was asked to pick up the pieces,” explained Wills. “Nothing had been done for a number of years.”
Specifically, the FCA required Bank of Beirut to take specific actions to address the regulator’s concerns and to counter the risk that it would be used to facilitate financial crime. “These included a requirement that Bank of Beirut develop, implement, and conduct a compliance monitoring plan designed to help Bank of Beirut monitor its compliance with its regulatory obligations and to counter the risk of financial crime,” the FCA said.
After 15 months with the bank, Will said he decided to resign because he was “fed up with the way in which management would interfere and not give me support.” Before leaving, however, he decided in good conscious to go to the FCA to report his concerns.
“I thought I was going as a whistleblower to tell them what was going on at the bank, why I wanted to resign,” said Wills. “I was very relieved that I went to see them.”
His relief quickly turned to despair, however, when the FCA eighteen months later called him to inquire about his roles and responsibilities as compliance officer at the Bank of Beruit. “I was subject to a seven-hour compelled interview whereby regulators interrogated me on every single detail—went through e-mails, letters, telephone calls,” said Wills. “It was one of the worst days of my life, I can tell you that.”
As explained by the FCA: “Wills and Allin were responsible for addressing a number of the actions required of the firm. Wills handled most of the communication between the firm and the regulator, and he sought to dismiss concerns that the Bank of Beirut was not properly implementing the required changes.”
The FCA did say it recognized that both Wills and Allin were influenced by senior management. “I was caught between a rock and a hard stone,” said Wills. On the one hand, responsible to senior management, on the other hand, responsible for telling the FCA what was going on at the bank.
One important lesson from his nightmarish experience is that “chief compliance officers must not be influenced by senior management in communications with the regulator,” said Wills. Another important lesson is that compliance officers need to “be very careful,” he said, if you’re considering reporting to the FCA as a whistleblower.
In my experience, it was a case of “shooting the messenger,” said Wills. “I thought I went there as a clear whistleblower, but they shot at me, and they got me.”
No comments yet