A new three-part regulatory regime is set to make senior managers more accountable for corporate governance. But how will the new regime work and who exactly will it affect? Article provided by the Chartered Institute for Securities & Investment (CISI). Jill Insley
Of all the people associated with the 2008 banking crisis in the UK, two stand out from the crowd. One is Fred Goodwin, who brought one of the world’s biggest banks, RBS, to its knees after engineering an ill-timed $100bn takeover of the Dutch bank ABN Amro. This resulted in the Government being forced to pump $71bn into the bank to ensure its survival. Goodwin lost his job, was stripped of his knighthood and has been referred to by commentators as “the world’s worst banker”. But seven years on, he has not faced prosecution.
The other is Peter Cummings, the HBOS banker whose division lent billions of pounds to property developers. Cummings was given a lifetime ban and fined £500,000 in 2012 by the regulator at that time, the Financial Services Authority (FSA), for his role in the banking crisis. According to the FSA, he had failed to “exercise due skill, care and diligence” in running the corporate banking division, and failed to manage high-value transactions as they showed signs of stress when the crisis took hold. HBOS had to be rescued by Lloyds TSB in September 2008.
Goodwin and Cummings might be the highest-profile examples of bad banking, but they are by no means alone. Over the past few years, banks have been forced to own up to a wide range of financial scandals, including misselling of inappropriate financial products, manipulating LIBOR, money laundering, and fixing foreign exchange rates. Banks have paid billions in fines, yet very few individuals have been forced to accept responsibility for the actions leading to these fines. However, a new Senior Managers and Certification Regime (SMCR), to be implemented early next year, aims to end this lack of accountability. The regime forms part of a new way of thinking towards corporate governance, which emphasises individual accountability.
The new regime
There are three parts to the new regime: the Senior Managers Regime (SMR), the Certification Regime, and Conduct Rules. The SMR, which replaces the Approved Persons Regime for relevant firms, focuses on 17 functions and 30 responsibilities defined by the regulator. Firms affected at present are banks, building societies, credit unions and insurance companies, as well as investment firms that are regulated by both the Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA). Although many of the firms that CISI members work for are not currently affected by the SMR, the regulators eventually plan to extend elements of it to other firms beyond banking and insurance. Therefore it is worth all Institute members being aware of how the SMR will affect financial services.
It is up to the firm to identify the individuals who perform any of the defined senior management functions (SMFs). The firm will then be required to assign the defined senior management responsibilities to these individuals. An individual may fill one or more functions, and more than one person may carry certain responsibilities. Executive directors and heads of internal audit, key business areas, compliance and money laundering reporting will be included.
However, only certain types of non-executive director roles – chairmen, senior independent directors, and the chairs of risk, audit, remuneration and nominations committees – will fall within the scope of the SMR.
Individuals who are identified as filling these roles will be pre-approved by the FCA or PRA, but firms will also be required to ensure they have procedures in place to assess their fitness and propriety before applying for approval, and reassess fitness at least annually thereafter. People who already perform the key roles will be ‘grandfathered’ in.
Relevant documentation setting out this mapping of responsibility must be handed over to the regulators by 8 February 2016, ready for the start of the new regime just under a month later, on 7 March.
The regime is structured so more employees are subject to regulatory obligations, but fewer of them require individual approval by the regulators. The Certification Regime transfers responsibility from the FCA and PRA to the firms themselves for certifying staff other than senior managers who could pose a risk of significant harm to the firms or their customers. Finally, every employee of a bank (apart from ancillary employees such as cleaning and catering staff) will be subject to the baseline set of new conduct rules. As a result, relevant firms will need to enhance their procedures for assessing the competence of individual employees, as well as draw up a ‘management responsibilities’ map.
The third part of the regime, Conduct Rules, sets out a basic standard of behaviour that all firms covered by the regime must meet.
Paul Young, Director of Finance and Risk Management at professional services firm Grant Thornton, has been advising a number of banks (and the CISI – he presented a seminar on the SMR at a recent event) on the new regime. He says: “The number of
processes and procedures that need amending across [functions such as]human resources, compliance, risk and IT is huge – from references, job descriptions and issuing certificates to new attestations, email- retention policies and the recording of minutes. The change is wholesale.”
Dodging the blame
The SMCR came about following a report in 2013, Changing banking for good, by the Parliamentary Commission on Banking Standards. It said: “Too many bankers, especially at the most senior levels, have operated in an environment with insufficient personal responsibility. Senior executives were aware that they would not be punished for what they could not see and promptly donned the blindfolds. Where they could not claim ignorance, they fell back on the claim that everyone was party to a decision, so that no individual could be held squarely to blame – the Murder on the Orient Express defence.”
The report recommended that senior bankers showing reckless disregard for their responsibilities should face criminal prosecution and possible prison sentences. Its recommendations were welcomed by all political parties, and the FCA and PRA were tasked with fleshing out the new framework of rules for firms and individuals.
“Attracting and retaining talent may become more difficult under the new regime”
The regulators had to work out the details of the regulation based on the Financial Services (Banking Reform) Act 2013, which enacted the recommendations, rather than being allowed to work from a blank sheet of paper. However, the rules that have stemmed from the Act have received a less than enthusiastic welcome from bankers, who claim the tougher rules will scare off the industry’s best talent.
Young says: “Attracting and retaining talent may become more difficult under the new regime. But we strongly believe those firms which can demonstrate to existing and prospective senior managers that they have the right systems and governance in place to enable them to deliver on their responsibilities will be the firms that increasingly win the talent battle.”
A shift in the burden of proof
Key to the new regime is the ‘presumption of responsibility’, which will apply to senior managers. The burden of proof for regulatory breaches will shift from the FCA and PRA to the individual manager under scrutiny.
This shift means that individuals will be required to satisfy the regulator that they took ‘reasonable steps’ to prevent, stop or remedy regulatory breaches that took place in their areas of responsibility.
Those who fail to prove they have taken the correct steps will potentially face unlimited fines, remuneration clawback and lifetime bans.
However, despite media coverage suggesting the new regime could see lots of bankers end up behind bars, individuals only face the threat of criminal conviction and a prison sentence if they are found guilty of reckless misconduct in the management of a bank, and the institution ultimately fails.
In its Strengthening accountability in banking report, Grant Thornton estimates that the cost of implementation will total £140m for banks, plus a further £7.25m for building societies and £4.38m for credit unions. These figures do not take account of the estimated ongoing costs after implementation.
These costs pale into insignificance compared with the £36.29bn paid in fines from 2009 to 2013 by just four of the UK’s biggest banking groups – Lloyds, RBS, Barclays and HSBC – according to the CCP Research Foundation. The cost of the damage to these banks’ reputations and the destruction of their customers’ trust sits on top of these fines.
Provided the new regimes succeed in their aim, they should benefit the banking industry by reducing their regulatory fines, restoring customer confidence and boosting business. But it might take bankers, who are being threatened with the loss of bonuses and even their freedom, some time to acknowledge this.