Tue, May 28, 2019
Two paths have emerged in the move toward increased accountability in financial services. The first, exemplified by the United States, focuses on enforcement, where the relevant agencies make a priority of targeting individuals when violations occur. This approach, however, assumes that there is already vigorous enforcement in place. The alternative path, which is better suited to jurisdictions where enforcement action against individuals has been more uneven, relies on establishing extensive regulatory frameworks that emphasize personal responsibility from the start. This second approach is typified by the UK ’s Senior Managers and Certification Regime and also has been adopted in various forms by Australia, Ireland, Hong Kong, and Singapore.
Each approach has its strengths and weaknesses, and the intended end goal of each is the same. But the regulatory approach has a much more immediate impact on firms. The new accountability regulations require firms to closely examine and articulate their governance and day-to-day operations. Just as importantly, we have started to see a significant change in how regulators supervise firms, with more check and challenge on individuals as they discharge their accountabilities.
At the core of accountability regimes is the immediate issue of establishing responsibilities and mapping them within the organization: identifying the relevant senior individuals and staff, creating the necessary job specifications and statements of responsibility, establishing clear reporting lines and escalation policies, and then ensuring that the staff has been trained in compliance with the regime and the board is briefed on compliance progress. The process ideally should be overseen by the chief compliance officer and the head of human resources, with buy-in from the other functions and the appropriate business unit heads.
Such a thorough and documented inventorying of who does what within a firm can be a considerable task, and it is understandable if firms focus on merely fulfilling that task in their compliance efforts. But the reality is that assigning responsibilities–and having them accepted by the appropriate senior managers and staff–is only the starting point; the real challenge comes in the day-to-day managing of firms with a more clearly defined structure in place to check that reality matches the intentions. Accountability regimes thus are likely to set in motion a wave of questions regarding risk, decision making, and other factors that forward-thinking firms would do well to anticipate.
To begin, firms will need to ensure that their statements of responsibilities continue to accurately reflect how decisions are made and business is conducted. This is not to be taken for granted, given the way in which remits within an enterprise can evolve over time and diverge from what is depicted in the organizational chart. Similarly, smaller organizations may find that regulatory requirements call for each manager to be assigned three or four distinct responsibilities–something that can be done on paper but is likely to be difficult to sustain in practice.
Beyond that starting point, firms need to closely examine the dynamics of various decision-making scenarios and their implications for senior managers. Consider, for example, the hypothetical case of a UK firm that is a subsidiary of a US company. The US parent, as part of a data remediation initiative to strengthen its enterprise-risk assessment capabilities, mandates the use of certain IT platforms and data architectures. In the view of the UK senior manager responsible for the money laundering reporting function, however, those platforms and architectures do not fully meet the requirements of the relevant UK regulator. In an earlier time, that senior manager might have decided to voice his or her misgivings but ultimately live with the result. Personal accountability regimes, however, raise the stakes for doing so. Firms should thus expect accountable individuals to be far more vocal in objecting to decisions with which they do not fully agree, and should have governance mechanisms in place for resolving disputes while at the same time respecting group cohesion and synergy.
Firms need to closely examine their decision-making scenarios and the implications for their senior managers.
Firms structured as partnerships have some additional challenges to overcome. At most partnerships, collaboration is considered to be a core cultural principle–indeed, it is at the heart of the partnership model. But informal and collegial decision making may not always align with the expectations of accountability regimes. There are also specific requirements to allocate accountabilities to named individuals that may be at odds with existing partnership arrangements. If a problem arises and the firm and senior individuals find themselves under regulatory scrutiny, they will need to demonstrate how decisions were reached and whether each individual manager took all reasonable steps to prevent the problem from occurring in the context of their individual responsibilities. Many partnerships may not have the necessary governance structures in place to support these requirements. And it will be a challenge for partnerships to implement these changes while maintaining the beneficial aspects of partnership culture.
Beyond decision making and culture, firms should also give thought to how accountability regimes affect hiring and compensation. Over the last decade, regulatory compliance has become sufficiently complex that even highly experienced senior managers have to ask themselves whether they have had the training and support to understand and oversee the growing compliance element of their role. At the same time, both firms and senior managers need to assess the risks that these positions entail to ensure that risk is accurately reflected in remuneration. Firms that are not seen as supporting their senior managers, both when things are going well and when issues arise, may find that they have to pay a premium to continue to attract the best candidates–and in extreme cases, may not be able to attract them at any cost. (The question of risk and compensation applies perhaps even more acutely in the nomination of non-executive directors, where there are already numerous factors that might contribute to a potential board member declining a seat.)
SMCR has led to a fundamental shift in what it means to be under regulatory scrutiny.
While accountability regimes across jurisdictions are similar in their overall strategy and requirements, their effect so far on regulation in the field varies and is shaped by local context. In the United Kingdom, SMCR has led to a fundamental shift in what it means to be under regulatory scrutiny; in many cases, that scrutiny has shifted from examining the actions of the firm in general to focusing on individual managers. In Australia, its Banking Executive Accountability Regime (BEAR) currently only applies to major banks. However, the Royal Commission included a recommendation to extend the coverage of the regime to a broader set of financial institutions, including insurance companies, so the scope may well widen.
In Hong Kong, the Manager in Charge (MIC) regime was announced via circular rather than through amendments to the Securities and Futures Ordinance. Perhaps as a result, regulatory examinations are still generally focused on the key Responsible Officers rather than the wider groups of individual decision makers identified under MIC. (It may also be, however, that while Hong Kong has implemented an accountability regime, it has decided to put its regulatory teeth elsewhere, such as investing in greater data collection and analysis–as evidenced by its significantly enhanced Business Risk Management Questionnaire.)
Despite the differences in implementation, the push toward individual accountability is clear; institutions in jurisdictions where the impact has been limited so far should consider working to stay ahead of this trend so that they will be better positioned to whether future changes.
End-to-end governance, advisory and monitorship solutions to detect, mitigate, drive efficiencies and remediate operational, legal, compliance and regulatory risk.
Assistance to develop, implement, and manage global compliance and regulatory consulting programs.
Comprehensive compliance and regulatory support for FCA authorized firms.
Kroll provides a comprehensive range of support to all firms and individuals subject to SM&CR, with solutions that are proportionate, practical and fully compliant with the regulations.