Tightening the noose

By reversing the presumption of innocence, the new approved persons regime will take accountability to new heights in UK banks, building societies, credit unions and investment firms, collectively referred to as ‘relevant firms’.

The new regime is probably one of the biggest policy shake-ups undertaken by the financial services regulators – the Prudential Regulation Authority and the FCA – as they move to strengthen accountability within firms both at a personal and firm level. The changes reflect recommendations of the Parliamentary Commission on Banking Standards and amendments to the Financial Services and Markets Act 2000 brought about by the Financial Services (Banking Reform) Act 2013. The new statutory and regulatory system will grant enhanced powers to both regulators for taking enforcement action that include criminal sanctions against individuals and firms.

The new framework signifies a progressive tightening of the existing approved persons regime which already requires the pre-approval by the financial regulators of directors and key control managers, and which was extended in 2010 to those having ‘significant influence’ in running the affairs of the firm. The new accountability regime has one principal aim – to change behaviour and corporate culture.

Being able to hold individuals to account has been the thrust of the approved persons regime since it was introduced at the start of the new millennium in response to lessons provided largely by the collapse of Barings. The 2008 financial crisis however identified flaws in the regime which frustrated regulatory response that included identifying and holding individuals to account. By introducing the concept of ‘presumption of responsibility’ in the new regime, however, the PRA and FCA expect to drive changes in the behaviour of key decision-makers and those who could do significant harm to the firm, thus posing risks to the objectives of the regulators.

The new accountability regime will consist of two sub-regimes and a new set of Conduct Rules:

• A Senior Managers Regime which requires firms to allocate a range of defined responsibilities to individuals who will be subject to regulatory approval and vetted regularly for fitness and propriety; this will involve setting out statements of responsibilities and a ‘governance map’.

• A Certification Regime which requires relevant firms to assess the fitness and propriety of employees ‘who could pose a risk of significant harm to the firm or any of its customers’.

• A set of new Conduct Rules which will apply to those governed by both sub-regimes.

Many would regard the new regime to be overly draconian but as relevant firms recover fully from the bruises of the financial crisis and work to restore public confidence, they are on the back foot with their defence. We are where we are. A relevant firm’s defence will involve a more conscious approach than ever before to running its affairs and exercising competent oversight over those they have entrusted to do the job. Many would observe that this belies good management, and much can be said of the need to return to the basics of good governance and stewardship.

Now, if you work for an insurer, ‘presumption of responsibility’ and the Certification Regime will not apply; both the PRA and FCA recognise that the nature of the risks run by insurers is different to those of relevant firms. The practical implications for insurers when implementing transparent governance and accountability are, however, likely to be similar to those facing relevant firms. From 1 January 2016, insurers will be required to have in place an extensive risk and capital management regime under the EU-wide Solvency II regulatory framework which includes elements of the new Senior (Insurance) Managers requirements, in particular fitness and propriety of key persons. In this respect, insurers will be implementing this part of the new accountability regime some three months earlier than relevant firms.

As a senior manager in a relevant firm or a senior insurance manager in an insurer, you could be a non-executive director, executive director or an individual holding a relevant senior (insurance) management or controlled function as defined by either the PRA or FCA. Non-executive directors will fall into two types – ‘standard’ NEDs and NEDs who are chairmen, senior independent directors (SIDs) or who chair key committees such as the audit, risk, remuneration and nomination committees.

‘Standard’ NEDs are not subject to the full impact of the new regime in respect of ‘presumption of responsibility’ and criminal sanctions under Section 36 of the Banking Reform Act. In practice this position for ‘standard’ NEDs could be changeable through rotation of roles and changes in governance structures. ‘Standard’ NEDs could suddenly find themselves under the same scrutiny and legal obligations required of other NEDs in the firm. Furthermore, where a standard NED is an employee within the firm and was found to be ‘knowingly concerned’ in a regulatory breach, the NED could face enforcement action by the FCA. In other words, ‘standard’ or not, there is no real respite for any NED.

The concept of ‘presumption of responsibility’ which underpins the new regime is profound, requiring NEDs and senior personnel to re-examine the way the business and its people are managed, not just competently, but with demonstrable accountability. As a warm-up to the new regime, board members may wish to consider the following key questions:

• Responsibility gaps: have responsibilities covering the core business processes and principal risks been defined and allocated appropriately to competent people?

• Assurance: what is the line of sight and assurance required to help those who are accountable – either individually or collectively in committees – to demonstrate full and proper discharge of their duties?

• Changing risk profile: is the escalation of risks and their velocity ‘to do harm’ sufficient and appropriate under the new regime?

• Documentation of decisions: how should record-keeping and documentation change to satisfy the standards expected of a regime where the presumption of innocence is reversed?

• Competency: is the firm’s performance management framework appropriate to supporting its senior personnel and delivering the fitness and propriety requirements under the new regime?

Final rules are expected in the coming weeks. If a change in behaviour and culture is the aim of the regulators, then the new approved person regime – which could perhaps be more aptly named as the ‘accountable person’ regime – is already making its mark. As a new mantra for more conscious risk management and assurance emerges from this regime, one can only hope that firms’ efforts are rewarded by a restoration of public trust and confidence in financial services.

Vicky Kubitscheck is a non-executive director at Hampden & Co (Bankers), chief risk officer and compliance director at Police Mutual Group and author of ‘Integrated Assurance’ (Gower, 2014).

Key points

The new approved persons regime will take accountability to new heights in UK banks and other institutions.

Many would regard the new regime to be overly draconian, but some deem it necessary.

‘Standard’ NEDs are not subject to the full impact of the new regime in respect of ‘presumption of responsibility’.