Monday, 6 July 2015

Is the Governance Map Also the Territory?

One of the financial crisis’s lessons for regulators has been discovering the ‘accountability firewall’ of collective responsibility which prevents actions against individuals even if they are approved for specific roles.  This was one of the lessons from the UK Parliamentary Commission on Banking Standards from 2013.

UK regulators have been tasked with the challenge of breaking down that ‘firewall’ for both banks and insurance.  The UK has had a regime of approved persons for some time.  The PRA and the FCA have been consulting on proposals aimed at strengthening the accountability of senior management.  For insurers, this is referred to as the Senior Insurance Managers Regime (SIMR).

The proposals may well increase the scope of senior managers, and will strengthen conduct requirements that apply to them.  It seems to me that the most innovative (and, dare I say, revolutionary) aspect of the proposals is the requirement that firms produce a ‘governance map’.   As with all good ideas, it is simple.  The regulator identifies a set of responsibilities and then asks firms to map them to senior managers who are subject to regulatory approvals and sanctions.  

The list of responsibilities is long.  For example, the list for insurers is as follows:
1.       ensuring that the firm has complied with the obligation to satisfy itself that persons performing a key function are fit and proper;
2.       leading the development of the firm’s culture and standards;
3.       embedding the firm’s culture and standards in its day-to-day management;
4.       production and integrity of the firm’s financial information and regulatory reporting;
5.       allocation and maintenance of the firm’s capital and liquidity;
6.       development and maintenance of the firm’s business model;
7.       performance of the firm’s Own Risk and Solvency Assessment (ORSA);
8.       induction, training and professional development for all the firm’s key function holders;
9.       maintenance of the independence, integrity and effectiveness of the whistleblowing procedures, and the protection of staff raising concerns;
10.   oversight of the firm’s remuneration policies and practices.

For banks, there is no direct equivalent to 7 even if there is an ICAAP.   However, the list includes the following additional responsibilities:
1.       funding is also mentioned in 5. above as well as an additional responsibility in respect of the bank’s treasury management functions;
2.       developing a firm’s recovery plan and resolution pack and overseeing the internal processes regarding their governance;  
3.       managing the firm’s internal stress-tests and ensuring the accuracy and timelines of information provided to the PRA and other regulatory bodies for the purpose of stress testing; 
4.       safeguarding the independence of and overseeing the performance of the compliance function, internal audit and risk function respectively; these are three different responsibilities.

There are some interesting differences between banking and insurance.

The overall message is rather simple: there is an individual presumption of responsibility in the event of a breach.  In those cases, the relevant individual will need to demonstrate that he took reasonable steps to prevent the breach in the relevant area. 

Firms’ senior managers will spend time discussing the mapping of responsibilities.  This may well be the easy part.  Undoubtedly, the challenge for senior managers will not be the map, but the territory, i.e. how to manage the relevant responsibility.  For some responsibilities there will processes, teams and awareness within the company to ensure that something happens; think of item 7 above, the ORSA.  In other cases, the challenge will be determining which business function will assume the relevant responsibility and what approaches, processes and resources will be needed as evidence that reasonable steps were taken.  What should be done to prove that ‘firm’s culture and standards’ are developed and embedded?  

If you found this post useful, you may want to subscribe and receive further posts by email – see box on the right hand side of the screen or click here.  My target is to post on a weekly basis so I will not be flooding your inbox.