THE NEW INDIVIDUAL ACCOUNTABILITY REGIME
Monday 7th March 2016 is an important date in the evolution of financial services regulation in the UK.
This is the date that sees the launch of the new individual accountability regime in the United Kingdom. My excitement at this unique experiment in corporate governance (some would say “blame culture”) cannot be contained.
However, the question I ask myself is whether it will be seen more as regulatory posturing rather than a major step forward in the way banks and securities firms are run.
Permit me to share some reflections.
First of all what is this initiative?
It consists of three major components.
A senior managers’ regime that will require regulated firms to seek pre-approval of their senior non-executives and senior executives. This approval will only be granted by the PRA and the FCA if they believe the individuals concerned are fit and proper. Once approved an individual will be held accountable for their conduct and behaviour, with the possibility of criminal and civil sanctions if they do not behave appropriately.
But don’t get too excited. Most of the senior managers have been grandfathered into the new framework from the old approved person’s regime with no additional vetting.
The second element consists of a certification framework that will require firms to vet and license a range of traders and customer-facing employees (an extension of the old CF30 notion). It is interesting that regulators are passing the vetting burden to the organisations themselves and insisting on an annual re-appraisal.
The third element consists of new conduct rules that for the first time, in my opinion, clearly define what appropriate senior conduct/behaviour should look like.
Another question I have is this. Do we really needed this new regime? I was always under the impression that the original Financial Services and Markets Act gave the old FSA and the new PRA and FCA all the powers they needed to hold individuals to account.
It seems the FSA thought not. Only one senior manager has been held to account for management incompetence in the wake of the global financial crisis in the UK. That gentleman was Peter Cummings (former CEO, Corporate Banking of HBOS). He was banned for life from working in UK financial services and fined £500k. The regulators have always argued that their statutory powers did not allow them to easily proceed against other senior managers.
A recent barrister’s report relating to HBOS took issue with this assertion and concluded that more senior managers could and should have been brought to account. All that prevented this happening was regulatory incompetence.
But we now have this new regime our challenge is to make the most of it. The key issue is whether it will be introduced as a means of improving corporate governance (aspirational) or become a means of holding senior people to account (blame).
The Prudential Regulation Authority has stated “on the record” that they hope it will be the former. The FCA sees this regime as the latter. We can only hope that Andrew Bailey will change matters when he starts in his new role as CEO of the FCA.
Much has been made of the fact that the original draft laws would have placed the burden of proof that a senior manager had behaved appropriately, on the senior manager himself.
Following howls of protest suggesting that human rights might be infringed and the UK’s brightest and best would flee to Switzerland (along with their banks) the law was changed. We now have a duty of responsibility. It is up to the regulator to prove (in a civil context mainly) that somebody did not manage or behave appropriately. That said, it is clear that it will be in managers’ interests to be able to show they did the right thing. Hopefully this element will not lead to extensive record keeping and bureaucracy and people seeking to shift blame and cover their proverbials. I sincerely hope that the regulators and firms issue maximum standards of record keeping!
Another spectre that has been raised is the possibility of bankers going to prison. Let me clear. They won’t!
Why do I think this? Well, the law requires a regulator to demonstrate to a lay-person jury of twelve people, beyond all reasonable doubt, that a senior manager’s behaviour was:-
- Reckless and
- As a result of the recklessness the organisation failed
- And as a result of the failure significant harm was caused to the public.
(The former Sir) Fred Goodwin would still be walking the pathways of the Highlands if this law had been in force ten years ago.
The new regime will revolve around utter clarity as to what each senior manager is responsible for. The new rules require each responsibility to be clearly articulated in no more than 300 words. Lets hope the regulators hold firms to account for the clarity of these new “job descriptions”.
One of the intriguing features of the new rules is the requirement that some 30 specific prescribed responsibilities should be allocated to one of the organisation’s senior managers. In some cases it will pose an organisational challenge to find the appropriate manager to take responsibility. Themes that are causing lots of debate include:-
- The whistleblowing framework
- The financial crime framework
- Responsibility for the implementation of the senior managers’ regime;
- Training senior managers.
There are two cultural responsibilities that must be allocated to the chairman or CEO. Questions have been asked as to how a CEO can meet the responsibilities both to lead the development of culture and to embed it.
The PRA has indicated that they will ask the following questions:-
- Does the senior manager understand the culture of the firm?
- Has the senior manager led a debate on the culture the firm needs?
- Is the senior manager effectively leading initiatives to transition towards this optimal culture?
Readers may be interested in Risk Audit’s thoughts on the cultural risk management framework.
With all this focus on individual accountability, what will become of the accountability of the board and other committees? The regulators have stated that a board remains accountable under the Companies Act 1986. The reality is that this new regime which focuses on the individual will trump any attempts at holding a committee to account. That said, it is difficult to say how one meaningfully holds a large group to account anyway!
It is also curious that the consultation papers supporting the launch of the regime have had very little to say as to how three lines of defence fits in with the new rules. In the absence of formal comment I will say it for them.
The philosophy of three lines of defence is overly simplistic and not effective. One has to ask “Are we seeing the beginning of the end of blind faith in three lines of defence?”
As I said earlier, the conduct rules articulate clearly what it means to behave without integrity, without management competence and thus to be deserving of regulatory sanction.
I have come to the conclusion that senior managers who are responsible for challenging others behaviour will need to develop processes to objectively call-out other senior managers who are in breach of the conduct rules. This responsibility to call-out will fall on the CEO, the Head of Compliance, Heads of Risk and the Head of Internal Audit. I believe that if you have not escalated the fact you feel a senior manager is in breach of these standards of behaviour you are in danger of being called-out yourself.
For example, is it really possible that a Head of Internal Audit will be able to issue an unsatisfactory audit report grading and not note that there is an incompetent senior manager in the organisation.
Let me clear. The only senior managers who will be under an obligation to notify the PRA and the FCA that the organisation has senior managers in breach of the conduct code will be the CEO and Head of Compliance. Other senior managers will, in my opinion, be under an obligation to escalate assertively within the reporting infrastructure of their organisation.
That said, if a senior manager is asked a question by a regulator concerning senior management competence I believe they will be under an obligation to answer the question fully and openly.
I am not sure that the need for this escalation and reporting challenge has fully sunk in!
Another dimension of the new rules concerns the need to provide a “regulatory reference”. This will require the open but factual disclosure of all regulatory transgressions. I ask myself, “Is this new requirement really consistent with a City culture of saying as little as possible in writing about the behaviour of senior employees?” “Is this new requirement consistent with exiting employees using compromise agreements where the form of words for the employment reference is pre-agreed?” I think the answer is obvious.
At this point you may be asking yourself when this new regime may bite.
For the large banks it has already bitten? These firms have already been involved in protracted negotiations as to which senior managers should be on the hook.
For the rest of the market it will bite when one of two events occurs.
Firstly, if your firm suffers a major, material incident (loss, client complaint, fraud) the regulators will automatically examine whether or not senior managers’ conduct was up to scratch versus the conduct rules.
Secondly, all future routine regulatory interactions will include questions and diligence as to whether a firm is complying with the spirit of the regime.
I would like to conclude by expressing a hope. I really do hope that this regime will be promoted as a chance to improve corporate governance. I hope that firms will want to hold individuals to account not only to blame but also to celebrate great management. I hope that the PRA and the FCA will also engage in the positive celebration of great management and will not use these new rules just to name, shame and blame.
I am proud of the UK financial services industry and trust that this approach to regulation will become the global standard.