By David Biggin and nicola philbey, PA financial services experts
UK regulators have upped the ante on misconduct by senior managers in the wake of a number of scandals that have left those at the top of affected financial institutions unscathed. Despite the first guilty conviction in August of an individual in connection with the Libor scandal, many senior managers will avoid criminal charges for failing to have proper controls in place to prevent misconduct. In an attempt to hold senior managers personally accountable for wrongdoing in their organisations, the new accountability regimes will introduce criminal liability for those at the top of financial services institutions.
The Prudential Regulation Authority (PRA) and Financial Conduct Authority’s (FCA) new Senior Managers Regime comes into effect on 7 March 2016. Together, the Senior Managers Regime, Certification Regime and Conduct Rules will impact the majority of staff in UK banks in an attempt to improve individual accountability for management and conduct in financial services. According to the PRA’s Deputy Governor, Andrew Bailey, the “new accountability regime will hold all senior managers, including non-executive directors, to a clear standard of behaviour and we will take action where they fail to meet this.”
The regimes will require changes across wider areas of banks than just the senior managers. Alongside specified responsibilities prescribed to senior managers, new fit and proper requirements apply to both senior managers and those in-scope for the Certification Regime, and changes will need to be made to processes and controls across HR and compliance to ensure firms continue to meet the regulatory requirements. The Conduct Rules will also apply to most individuals in financial services organisations.
For senior managers, the requirement to accept personal accountability raises the stakes for those in the upper levels of management. The Treasury’s recent move to replace the ‘presumption of responsibility’ with a statutory ‘duty of responsibility’ has removed the controversial reverse burden of proof, but still allows the regulator to take enforcement action if they can prove that a senior manager did not take reasonable steps to prevent a breach from occurring.
Providing a framework for reasonable steps
By ensuring the following three elements are in place, senior managers have a basis for showing they have the reasonable steps they need in place to ensure they are meeting their responsibilities in holding a senior management function:
All senior managers will need to delegate aspects of their responsibilities. In the first instance, managers should ensure that any delegation of responsibilities is clearly documented to named individuals in job descriptions, objectives or mandates.
Acknowledgement should also be evidenced – whether it is confirmation of a job mandate or objectives, or less formal, such as acknowledgement by email.
When delegating tasks, the conduct rules for senior managers specifically set out that the senior manager should ensure that any delegation is to an appropriate person – this means ensuring that the person is capable and qualified to take responsibility for that delegated task.
The senior manager can not absolve themselves of their prescribed responsibility through the documentation of delegation alone. The senior manager also needs to oversee the discharge of their responsibilities, including governance and controls over the day-to-day management of the obligation.
Governance and controls
Once delegated, the senior manager should ensure they have processes and a control in place to ensure the employee continues to undertake the delegated responsibility. These could include, but are not limited to:
- Regular meetings with the delegated employee to ensure they are continuing with their responsibility
- Regular reporting – reports on a weekly, monthly or quarterly basis with status of the responsibility where appropriate, including risks and issues
- Convening a committee for a specific group to discuss the responsibility area, identify risks and issues and agree actions to mitigate and resolve them.
Foster a culture of risk management and compliance
While culture is less easy to define, this is where many organisations will fail to ensure the changes brought about by the new regime are properly embedded. Culture needs to be carefully considered, as the inclusion of prescribed responsibilities relating to culture mean that it is now the responsibility of specific senior managers. Where responsibilities are just considered as compliance exercises to meet the regulatory requirements, they are often de-prioritised or overlooked. Senior managers should actively discourage the attitude of compliance just because it is required, and ensure that the responsibility to comply with regulation is taken seriously and actively supported across the organisation. Some steps senior managers may wish to consider to drive a culture of compliance include:
- Understand the current culture of the organisation and identify areas where fostering a culture of risk management and compliance should become a priority. This should include all front office staff, not just control functions such as compliance
- Provide senior leaders with the support they need to embed cultural change within the organisation, such as briefings and material they can use for training and communication
- Consider conducting a regular culture survey to understand the changes that have been put in place and to demonstrate that a culture of risk management and compliance has been implemented
- Senior managers who have been in their role for some time are likely to be able to evidence that they already have these measures in place. Managers who are new in a senior manager function, however, should understand existing delegation, controls and culture. An assessment could be conducted on each of these areas to document the existing measures in place and any gaps that should be addressed. This will ensure incoming senior managers have all the required controls in place and have a robust evidence to prove they have taken reasonable steps to prevent any breaches occurring.
The FCA’s outgoing CEO Martin Wheatley said in a speech earlier this year that “the industry has nothing to fear from higher standards” – and while the new regime puts senior managers in the spotlight and holds them accountable, by taking steps to ensure a proper framework is in place to document delegation, evidence governance and controls, and which fosters a culture of compliance, there really will not be anything to fear from the new standards of accountability in financial services.
PA provides expert delivery and assurance support across each of the areas affected by the SMR, Certification Regime and Conduct Rules, underpinned by a strong track record of delivery with both national regulators and banks.
download our report
Find out more about the author of this article David Biggin.