Brian McDonnell and Paul Harris of Addleshaw Goddard LLP
News of the resignation of two non-executive directors at HSBC has reverberated around the City. Their departure is, arguably, just the beginning of the reaction to the imminent regulatory changes that will redefine the liability of senior managers within the banking sector by introducing the new Senior Managers’ Regime, which is on track to come into force in 2015. The most significant measure is likely to be the reversal of the burden of proof for senior managers. They will now have to show that they took reasonable steps to avoid a contravention occurring in their business area in order to avoid a sanction which could, ultimately, end their career – senior managers will have their heads on the block.
The Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) are further seeking to significantly ramp up individual responsibility and accountability in the banking sector by introducing Senior Manager and Certification Regimes, together with a new Code of Conduct which will apply to the majority of staff – bank employees now subject to direct regulation by the FCA number only about 5-10%.
What is the likely impact?
The impact will be significant; a high percentage of a firm’s staff will be brought within scope of the Code of Conduct, with a larger number of people becoming a Senior Management Function (SMF) holder or Certified Person than are approved persons under the current regime. Directors and other senior managers will have to focus on their increased personal liability. Some of the main impacts are as follows:
Gap analysis: to determine who will fall under the new regimes and in order to complete a Management Responsibilities Map. This will describe management and governance arrangements helping to satisfy regulators that a firm has a clear organisational structure, and identifying who has responsibility for particular aspects of firm’s activities.
Governance systems and controls: these will relate to policies, regulatory reporting, training, assigning responsibility for the production of reports, and demonstrating to regulators that systems and controls are robust and effective.
Significantly widened scope: all employees (other than prescribed ancillary employees) would be subject to compliance with the new Code of Conduct, giving rise to a number of issues for HR departments. In particular, there are likely to be increased regulatory notifications where a firm knows, or suspects, that there has been a breach of the Code of Conduct.
Statements of responsibility: for those carrying on a SMF and having systems in place for responding to requests from regulators for personal attestations from such individuals.
Risk aversion: the new regime may result in individuals being discouraged from taking senior roles; greater risk aversion in the business; more defensive decision-making; and greater reliance on external advice.
Institutionalising risk reviews: firms need to consider practical steps that they can take to mitigate their liability and that of their SMFs and Certified Persons, in particular, in connection with a new reversed burden of proof for disciplinary action. This is likely to result in an increased need for initial, periodic and “handover” reviews of governance and risk. The Upper Tribunal case of John Pottage v FSA in 2012 established a regulatory expectation that senior management should undertake reviews and assessments of governance and risk in the business for which they are responsible. These reviews may also become common at the handover of a function as exiting managers seek to protect their position by providing handover statements. Reliance on these has increased in recent years due to requests from regulators for personal attestations.
Employment law impact: there may be a need to amend employment contracts and procedures, including indemnities, D&O insurance, legal representation at meetings, employee access to relevant documents during and after leaving a role, notification of staff disciplinary action to regulators, the handling of reference requests and record keeping.
Remuneration Code relationship: the need to consider how the developing responsibilities interact with the Remuneration Code responsibilities.
Corporate Governance disruption: the need to consider the interaction of the new regime with corporate governance principles. Where does the buck actually stop? Given the increased focus on individual responsibility and liability, there will be a tension between collective board responsibility and individuals’ roles in decision-making. Firms should also anticipate more decisions being raised to the board, and greater challenge amongst senior managers.
Who is affected?
• The population covered by the new regime will primarily be determined by the rules made by the PRA. The scope of the FCA rules then includes certain additional individuals, for example, compliance oversight.
• The Senior Managers Regime affects those carrying on what will be known as a SMF, i.e. similar to the current approved persons regime, in that an individual fulfilling an SMF will need the regulators’ prior approval based on a fit and proper test.
• PRA-required SMFs would include the Chief Executive, Chief Finance function, Chief Risk function, Head of Internal Audit, Group Entity Senior Manager (where there is a “significant influence”), Head of Key Business Area, as well as certain key non-executive roles. Some roles may not be necessary for smaller non-complex entities. The PRA also proposes introducing a ‘Head of Key Business Area’ SMF, covering individuals managing a business area so large that it could jeopardise a firm’s safety and soundness.
• FCA SMFs include the Compliance Oversight function, MLRO, and any board member not designated as a PRA SMF; but will also include individuals in a role which is not otherwise an SMF specified by either the FCA or the PRA but who have ‘overall responsibility’ for one or more key functions, or identified risks, listed by the FCA in its rules (referred to as Significant Responsibility SMFs).
• The Certification Regime is an entirely new regime, applying to staff who sit below the most senior decision-makers, but who, nevertheless, perform a function which either regulator believes could pose “significant harm” to a firm or any of its customers. Firms will be responsible for certifying individuals annually that they remain fit and proper for their roles, using the same criteria as for SMFs. There are also requirements on firms to ensure SMFs and Certified Persons are fit and proper when initially recruiting them.
• A new Code of Conduct will also apply to all members of staff, unless they have been specifically excluded from its application. The current list of excluded employees is narrow and includes reception and catering staff.
• Alongside the consultations, the PRA consulted on proposed changes to the Remuneration Code. Principally, the minimum period to which variable remuneration should be subject to clawback (and malus provisions) is increased to seven years for senior managers and five years for other material risk takers.
• It is proposed that most aspects of the new regime would only apply to UK incorporated deposit-takers and investment firms dealing as principal who are PRA-regulated.
• It would also apply to branches of non-UK incorporated institutions in a “proportionate and appropriate way”, but the regulators’ thinking on non-UK deposit-takers operating in the UK is still being formalised.
Timetable of implementation
• Consultations remain open until 31 October 2014.
• The PRA and FCA then expect to publish policy statements containing the final rules by the end of 2014, with the intention of the new regime coming into force during 2015.
• Given the tight timetable, firms need to start preparing. Addleshaw Goddard can advise you on what you need to do now to get ready for the future.
These proposals represent a significant reform of the regime for regulating individuals working in banks, building societies and the largest investment firms. Certain proposals flowed directly from the 2013 recommendations of the Parliamentary Commission on Banking Standards, which proposed a series of measures to restore trust and improve culture in banks, following – what it considered to be – a failure of the existing Approved Persons Regime, and in particular a lack of personal accountability amongst the most senior decision-makers.
Leaving aside the overarching issue of whether, as a profession, bankers are being held to a significantly higher standard than other professions (there are rarely circumstances in which the department head in any other profession would be held personally and vicariously liable for breaches / failures in their department and be subject to sanctions which include fining and potential exclusion from the workforce) – how will the sector look in, say, five years as a result of these changes?
• The new regime will significantly add to the ever-increasing regulatory and compliance burden in the form of more defensive and regular reviews of business and more paper trails etc.
• The increased liability will make it more difficult to find good candidates for senior positions in banks, one of the UK’s most important industries, compounded by the PRA consultation on allowing for deferral of bonuses for up to 10 years in some circumstances (so that these awards are effectively discounted).
• The changes may result in regulatory arbitrage, driving business away from banks to other potentially more risky business areas.
Brian McDonnell, is a partner in the Financial Regulatory group at Addleshaw Goddard LLP. He is recognised for providing practical regulatory advice to a wide range of financial services firms, including banks (wholesale and retail), e-money institutions, payment services providers, brokerages, and asset managers. The Legal 500 describes him as “very responsive, Brian McDonnell has excellent knowledge and understands clients’ business and needs” and “Brian McDonnell ‘combines outstanding legal knowledge with business expertise’.”
Email: [email protected]
Paul Harris is a managing associate in the Financial Regulatory group at Addleshaw Goddard LLP. He has previously worked in-house for the Financial Services Authority’s General Counsel and Enforcement Divisions. He has worked on the UK’s implementation of several pieces of financial services legislation, including the UK’s Remuneration Code, and has particular experience in the banking and insurance sectors. Paul regularly advises clients on senior management and governance arrangements.
Email: [email protected]