Individual Accountability: What firms need to consider
A whitepaper designed to help you prepare for the extension of the Individual Accountability Regime to all sectors of the financial services industry by – By Charles Cattell.
This whitepaper is designed to provide an overview of the challenges that financial services firms will face as the new Individual Accountability Regime (IAR) comes into force in the banking, building society and credit union sectors and as the broader industry prepares for the proposed extension of the regime to all financial services firms in 2018. One of the main goals of this paper is to explain the different aspects of the regime that companies need to consider and shed light on the regulatory aspects which will have the most significant impact on firms.
As part of the process of rebuilding trust following the various financial crises and scandals, there is now an increasing focus being placed on the personal responsibilities and accountabilities of individuals. This applies not just to senior managers, but also to all other key staff and ultimately to all staff engaged in any aspect of regulated activity. One of the challenges highlighted during the scandals was the difficulty in identifying precisely who was involved in taking the critical decisions.
To address these issues, the regulators have introduced the Senior Managers and Certification Regime (SM&CR). Since 7th March this year, this enhanced regime has applied to banks, building societies and certain other firms. At the same time a similar, but simplified version of the regime in the form of the Senior Insurance Managers Regime (SIMR) has been applied to insurers. The immediate effect of this is that there are now two parallel regulatory regimes in operation – the new arrangements for banks and insurers and the existing Approved Persons (APER) regime for all other firms. However, this situation is only temporary. With the legislative position confirmed, it is planned that the SIMR and APER will be superseded and all regulated firms will be subject to the full SM&CR in 2018.
The SM&CR consists of three principal elements. These are:
- The Senior Managers Regime – applies just to the board and certain other senior individuals
- The Certification Regime – applies to all staff who are in key roles and are in a position to inflict significant harm on the firm or its customers
- The Conduct Rules – apply to all staff engaged in regulated activity.
Let’s look at each of these elements in turn.
Senior Managers Regime (SMR) and its challenges through the firm
The SMR applies just to those who effectively direct the business. This includes all main board executive directors, most non-executive directors and also certain specified key role holders.
The regulators have specified a number of prescribed responsibilities which have to be allocated between those senior staff subject to the SMR. These responsibilities are set out in the Statement of Responsibilities which sets out the areas for which each individual senior manager is personally accountable. The Statement of Responsibilities forms part of the documentation which has to be submitted to the regulator to obtain the prior approval needed that an individual is fit and proper before their appointment can be confirmed. In a number of firms, the process of transitioning to the new regime has highlighted a number of anomalies in governance structures and reporting lines which have needed to be resolved before the Statements of Responsibilities could be confirmed.
Firms are also required to create and maintain a Management Responsibilities Map which brings together all the responsibilities set out in the Statements of Responsibilities. This single document sets out the firm’s management and governance responsibilities along with details about the individuals who are part of these arrangements.
The prescribed responsibilities are set out at a relatively high level and it is down to individual firms to determine the best way to indicate that these responsibilities are being discharged appropriately. One way of being able to do this is by developing appropriate management information and indicators which provide a robust audit trail of managerial oversight and challenge. It is apparent that the regulators will be keen to hold individual senior managers to account if problems occur in the future. As part of this, senior managers in the banking sector are now subject to a “duty of responsibility” to take reasonable steps to prevent regulatory breaches occurring.
For example, senior managers are expected to ensure that there are operating procedures and systems in place which enable regulatory obligations to be met and the business to be run prudently. Should they become aware of problems which involve a breach of the regulatory requirements, they should seek to resolve these problems appropriately and in a timely fashion.
In future, the fitness and propriety of each senior manager is no longer just a condition for regulatory approval. Following their appointment, the firm is required to consider at least annually whether there are any grounds on which the regulator could withdraw an individual’s approval and, if there are, to notify the regulator accordingly.
Implementation Certification – Ensuring culture of compliance
Whilst the provisions of the SMR are quite onerous, they only apply to a small number of individuals in any organisation. In many firms, the number of staff who are subject to certification is considerably greater. Certification applies to “material risk takers” subject to the Remuneration Code as well as to those whose activities pose a risk of inflicting “significant harm” on either the firm or its customers. These staff include all those who are currently Approved Persons who are not subject to the SMR (apart from certain non-executive directors), along with all those who are required to hold appropriate qualifications under the Training and Competence regime. Thus all investment advisers, mortgage advisers and administration “overseers” fall within the scope of certification, whether they were previously Approved Persons or not. Any individual who supervises or manages someone subject to certification is also subject to the certification regime, unless they are already subject to the SMR.
All staff subject to certification, as well as those in the SMR, are required to satisfy “fit and proper” criteria. There is now much greater emphasis on competence and the assessment is expected to address relevant qualifications as well as other training and continuing development along with personal characteristics and other matters such as honesty and integrity. Beyond these criteria, there are significant changes to fit and proper arrangements. Whilst staff in the SMR require prior approval from the regulator, those subject to certification do not. Instead the firm is required to carry out the assessment itself before confirming an appointment. It is necessary for firms to maintain records of these assessments and a senior manager is personally responsible for the firm’s compliance with the certification regime.
In addition, certification is no longer just an initial threshold to be crossed. In future, the fitness and propriety of each person has to be revisited and confirmed at least annually. In the case of certification staff this is achieved through the issue of an individual certificate to the person in question. If the person undertakes a change in role during the year, then any related training needs will have to be addressed before the individual can be confirmed as competent in the new role. Depending on how significant the change of role may be, it may be necessary to issue a new certificate.
Issuing a firm’s certificate does not alter the requirement for retail investment advisers to hold a Statement of Professional Standing (SPS) from an Accredited Body. This will continue. Accredited Bodies will need to be informed if an individual’s firm is unable to confirm continuing “fit and proper” status.
Firms will need to devise arrangements suitable for their business models to arrange for the timely issue of certificates. It is recommended that the process is synchronised with annual performance appraisals. Should an individual’s performance be such that the firm is unable to issue a certificate, the individual has to be informed about the reason why and the steps which the firm intends to take about the situation.
The most likely reason for a firm being unable to issue a certificate will be due to a breach of the Conduct Rules. These rules replace and expand the Approved Persons Principles and Code. There are four rules which apply to those in the SMR only and five rules which apply more widely. At present the Conduct Rules apply to all in the SMR and all certification staff, but from March 2017 they will apply to all staff except those in ancillary roles. The requirement to act with due skill, care and diligence is expanded to include the activity of managing with due skill, care and diligence also. This has implications for the quality of management and supervisory development throughout firms. All staff subject to these rules are required to have both a generic understanding of the rules and also to receive specific training about how they apply to their individual roles.
There are other issues around the individual accountability regimes which are of particular significance. Amongst these are the requirements (which have yet to be finalised) about the provision of regulatory references when individuals move between firms, especially where a breach of the Conduct Rules has or may have taken place. There are also enhancements which are being made to the arrangements for whistleblowing, so that individuals can raise concerns outside the normal escalation channels should the need arise.
The arrangements set out in this paper are already in operation in some types of firm. Whilst the degree of sophistication may vary, in essence the same requirements have to be satisfied, irrespective of the size of the firm. However, some allowances are made for implementing simplified arrangements in smaller and less risky organisations. As the SM&CR is rolled out across all regulated entities, so the issue of firm size and questions of proportionality will increase in significance. In producing the necessary rule changes, regulators will need to give careful consideration to ensure that arrangements appropriate to firms’ risk profiles and business models can be put in place as a unified approach to individual accountability is established.
With the onus of proving and demonstrating compliance firmly on companies and senior managers, firms must ensure that they are able to evidence and document the processes and procedures they are deploying to deliver good conduct and minimise breaches. In essence each firm will need to become a mini regulator for their own staff. Given the multitude of processes which firms need to put into place to track and manage individual accountability, it is clear that the new regime will pose a significant challenge, especially to small or medium sized companies.
Those firms that do not have the resources to tackle all aspects of the regime may benefit from seeking external help from industry experts in order to streamline IAR compliance management. Gathering evidence to answer regulatory challenges can be costly and time-consuming – particularly when deploying new processes to tackle new regulation. That is where the know-how offered by industry experts can help firms answer some of the fundamental questions that will be asked by your firm and by the FCA and PRA about the conduct of your senior managers and employees.