When it comes to accepting liability for regulatory wrongdoing, the top UK bank executives will no longer be able to hide behind the Queen’s royal we.
As of March 6, C-level officials at UK banks and other bank-like organizations will find themselves individually liable for not only their own wrongdoing, but also for the financial crime, illegal activities or other regulatory failings of their underlings. This looming personal risk comes thanks to a new senior managers regime (SMR) to be enforced by the Financial Conduct Authority (FCA) and the Prudential Regulatory Authority (PRA). Initially at least 340 banks with 3,100 senior managers and 32,000 employees will be affected, including executives at UK subsidiaries and UK branches of foreign banks. Insurance companies will also be subject to the SMR, while asset management firms are expected to follow suit in 2018.
“Senior managers won’t be allowed to rely on collective guilt,” says Alan Morley, director of regulatory compliance for financial services consultancy GFT in New York. “Regulators will want to hold C-level operating directors and non-executive directors accountable for not managing their responsibilities correctly.” In fact, regulators are discouraging executives from sharing responsibilities.
The new requirements will ultimately spell a lot more work for compliance managers to establish the necessary governance programs and draft documentation to prove to the FCA and PRA that their banks are following the rules. A C-level executive responsible for implementing the SMR policies must then sign off or “attest” to either regulatory agency that the bank has done its job. “A list of designated senior management functions must be mapped by the bank to specific individuals,” says Richard Heffner, financial services counsel for Dechert in London. The banks will then need to provide to provide their regulatory agency with a map of those responsibilities and demonstrate there are no significant gaps.
Technology can go a long way toward easing the administrative stress. GFT, for one, offers a regulatory change management application which will analyze the impact of regulatory change on the bank’s operating model and procedures, as well as identify disruptions and breakdowns within business activities. It will drill down to the necessary data, such as transaction records and customer due diligence, to find what’s missing or needs fixing so that senior managers can attest to having full initial and ongoing knowledge of their firm’s activities to meet the SMR’s guidelines.
What’s New
The governance change required by UK regulatory watchdogs is more substantial than meets the eye. Until now, individuals at UK banks with senior management functions and other individuals carrying on certain activities such as customer facing work and trading have been required to be vetted and pre-approved by the FCA or PCA and subject to a code of conduct for all approved persons. The new rules will reduce the number of individuals that must be “preapproved” or registered with the FCA and PRA to only senior managers, according to Morley. In doing so, the agencies are shifting the burden of ensuring a firm and its staff do not fail to meet regulatory requirements to senior managers responsible for their respective business lines. Those managers had better understand just what they will be on the hook for.
Morley compares the new SMR regime to rules imposed by the US National Football League. “If a player engages in personal misconduct he is personally fined and it is his reputation and career that is on the line,” he says. “The league may choose to punish subordinates who contributed to the failings, but the contractual repercussion rests with the main player.” Likewise, the new SMR guidelines hold the most senior managers personally responsible, but the consequences carried out internally will likely echo throughout the entire organization.
Senior managers will need to initially vet and certify as well as annually certify that their subordinate employees carrying out “high-risk” functions such as proprietary traders, retail financial advisers and mortgage advisers, benchmark setters and administrators, and risk takers are qualified to do their jobs. Although the new certification regime focuses on advisers in the retail financial sector, the FCA is considering extending certification to individuals dealing with clients in the wholesale market, who were approved persons under the previous rules, as well as to algorithmic traders, according to Jacqui Hatfield, a partner in the financial services practice of Reed Smith in London.
Compliance directors at several custodian banks in London contacted by FinOps Report, declined to comment publicly on the new rules, but privately expressed either worry or uncertainty as to how they would affect their organizations. “We aren’t taking any chances and will be reviewing our governance with a fine toothcomb,” one tells FinOps.
The new rules include new conduct policies applicable to all senior managers and their subordinates. The first tier of conduct rules, which apply to all executives, including ancillary staff, are broad in nature: act with integrity, due skill, care and diligence and cooperation with regulators. The second tier, which apply only to senior managers requires them to take “reasonable” steps to ensure that their firms are complying with regulatory rules and that they have delegated the right tasks to the right people.
Tough Love
“Deciding how to discipline staff and what needs to be reported to regulators will cause headaches for banks,” says Hatfield. Of the two regulatory agencies, the FCA appears to have more onerous requirements. Actual or suspected breaches of the conduct rules by senior managers must be reported to the FCA within seven business days of the bank becoming aware of the violation. Banks are also required to discipline non-senior managers as they think is appropriate for breaches of the conduct rules themselves and must notify the regulatory body annually of any disciplinary action taken during the year. The annual notification must include suspicions of breaches of the conduct rules that are proven or under investigation at the time of the reporting and must include behavior outside of work. The PRA will not require notification of any wrongdoing outside of the direct job responsibilities under the SMR.
Although the idea of personal liability will be applied to all types of C-level functions, legal precedent in the US suggests that anti-money laundering and KYC executives are most likely to be in the hotseat, warns Morley. The US Securities and Exchange Commission and broker-dealer self-regulatory watchdog Financial Industry Regulatory Authority have been cracking down on C-level executives responsible for AML violations. UK regulators have already indicated that their banks are not up to snuff when it comes to rigorously verifying just who their customers are and whether their business activities are violating government sanctions or aiding criminal activity.
The new SMR was the brainchild of the UK parliamentary commission on banking standards established in the wake of Barclays £290 million fine in 2012 for rigging LIBOR. The SMR also came as the PRA announced steps to make banks separate their retail banking activities from their riskier investment banking functions. The UK Treasury helping to craft the SMR ultimately decided to drop the most draconian element of the plan which was to force senior manages to demonstrate they had done the right thing if wrongdoing emerged at their shops. Now they will only be subject to a “duty of responsibility,” requiring them only to take appropriate steps to prevent a regulatory breach.
However, the scope of C-level executives covered was expanded to include not only the chief executive, executive board member, the chief operating officer, chief compliance officer and chief financial officer but also non-executive directors such as the chairman, senior independent non-executive directors and the heads of the audit, nomination and remuneration committees. “It may be difficult convincing non-executive directors to take these positions going forward,” forecasts Hatfield.
Although the timetable for implementing the SMR is just two months away, not all banks are prepared. Tier-three banks might have erroneously left the responsibility for handling compliance to their ill-equipped human resource departments instead of the compliance department, says Hatfield. If they haven’t done so already, banks should be assigning responsibilities to each senior manager, drafting their governance plans and signing off on their statements of responsibility, she warns.
Given that fund management firms won’t need to comply with the SMR until 2018, time is on their side. However, they must take advantage of the breathing room. “Asset managers should learn from the experience of banks and think carefully when apportioning responsibilities amongst individual senior managers,” recommends Hatfield.
Leave a Comment
You must be logged in to post a comment.