Bite-Size Briefings: Individual Accountability Regimes – Driving Improvements In Culture.
Legal News & Analysis - Asia Pacific - Regulatory & Compliance
2 August, 2019
A series of briefings that take a "bite-size" look at international trends in different jurisdictions drawing on Baker McKenzie's expert financial services practitioners
Individual Accountability Regimes – Driving Improvements in Culture
This edition takes a bite-size look at culture within financial services businesses, as seen by regulators in Australia, Hong Kong, Singapore and the UK – all international financial centres seeking to improve industry standards. It reports on their chosen remedy: the implementation of enhanced individual accountability regimes.
How to Shape Culture
In a recent speech, a member of the UK Financial Conduct Authority's (FCA) leadership team for insurance, Karin McTeague, stated that "culture is an acknowledged key root cause of the major conduct failings across financial services in recent history." In comparing the position of banks with the insurers she supervised, in her opinion, the latter were behind the curve over conduct relative to banks. This was because banks had not only faced greater regulatory focus following their near collapse in the financial crisis and wide-scale enforcement action for misconduct, but that the early roll-out in 2016 of the UK's Senior Managers & Certification Regime (SM&CR) had "clarified responsibility and accountability at senior management level."
So what is meant by culture? In its final report in January 2019, the Australian Royal Banking Commission (ARBC), borrowing earlier definitions of culture, referred to the "shared values and norms that shape behaviours and mindsets" within an organisation, but also more colloquially to "what people do when no-one is watching." An FCA discussion paper in March 2018 defined culture in similar terms as "the habitual behaviours and mindsets that characterise an organisation." The next question asked by regulators and firms is how to "measure" culture, or rather, is there a right culture in financial services? In a foreword to the paper, the FCA's Director of Supervision, Jonathan Davidson, said there is no one culture for firms to aspire to, but that "healthy cultures have some specific characteristics that reduce harm." In his view, regulation has to hold the individual as well as the firm to account (i.e., regulatory penalties should not simply be the cost of doing business), and senior managers need to have clearly articulated what they are accountable for and their key responsibilities.
The ARBC's report discusses the importance of governance, referring to it as "the entirety of structures and processes by which an entity is run and that by shaping how a business is run, governance shapes culture." This can be read as referring to the new breed of individual accountability regimes for managers (and in some jurisdictions, for all levels of staff) that is being introduced (or extended) by regulators – the UK in Europe and common law jurisdictions in Asia and Australia. For example, among the ARBC's recommendations were improvements to governance structures.
Remuneration – A Key Element
The European Central Bank's supervisory chair, Andrea Enria, in a recent speech described the initial reaction of banks to post-financial crisis scandals as attributing "responsibility to a few 'bad apples' and to distanc[ing] themselves from the problem." But when the scandals kept coming it became clear that "more profound changes to culture, organisation and practices were needed." Mr. Enria considers that a true transformation in bank culture must come from within and that real progress lies beyond the direct reach of supervisors and regulators. However, he flags one area that can have a major impact: remuneration. Bonus caps, together with malus and clawback provisions, potentially have a major impact on behaviour – all these represent key elements of enhanced individual accountability regimes.
In the course of its investigation into misconduct in the financial sector, the ARBC identified key themes around culture and incentives. It looked in depth at how remuneration both affects and reflects culture – whether senior executive remuneration and the failure to put in place sufficiently robust systems and controls to prevent harm to markets and customers, traders who take inappropriate risks, or customer-facing sales staff engaged in mis-selling. The Commission found that poor remuneration and incentive programs had, in recent years, contributed to poor customer and market outcomes. Instead, their design should encourage sound management of non-financial risks. Incentive systems are also one of three pillars of Hong Kong's bank culture reform (discussed below) which its bank supervisor considers to be the root causes of major conduct incidents. The UK and the European Union have similarly recognised this link, requiring larger financial services firms to put in place malus and claw back provisions.
Individual Accountability Regimes
In what follows, this briefing looks at the state of implementation as regards individual accountability regimes in four key financial centres. While their detail and coverage vary, all have the goal of better defining what key individuals are responsible for and holding them accountable in common.
The ARBC or, to refer to its full official name, the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, made five recommendations to financial institutions on changing culture and governance. These were to:
- Assess their culture and governance.
- Identify any problems with that culture and governance.
- Deal with those problems.
- Determine whether the changes have been effective.
In this context, the Banking Executive Accountability Regime (BEAR) was introduced for large authorised deposit-taking institutions (ADIs) and their directors and senior executives in July 2018. It was extended to small and medium-sized institutions on 1 July 2019. These entities need to register with the Australian Prudential Regulation Authority (APRA) those senior executives and directors who are "accountable persons." Unlike the Prudential Regulation Authority (PRA) and FCA in the UK in respect of senior management functions, APRA does not actively grant approval but it may query or challenge certain nominations. BEAR's objective is unashamedly to "ensure there are clear consequences in the event of a material failure" and to meet "clear and heightened expectations of accountability." In an Information Paper, APRA has said that implementation presents an opportunity "when cascaded down throughout the institution" to strengthen risk culture at all levels.
Accountable persons must act with honesty and integrity, and with due skill, care and diligence, dealing with APRA in an open, constructive and cooperative way. They must take reasonable steps with their responsibilities to prevent matters from arising that would damage their bank's prudential standing or reputation.
APRA expects institutions to draw up "accountability statements" to articulate what an accountable person is accountable for, covering all areas over which they have actual or effective responsibility for management or control, as well as their responsibilities. These should align with their practices and governance arrangements that collectively should explain how the responsibilities of accountable persons come together across the institution or group. Accountable persons must sign their statement acknowledging their accountability for a specific area or part of the business. An accountable individual who fails in their responsibilities may be disqualified and, upon APRA's application to court, face significant financial penalties.
As for remuneration, ADIs must defer a minimum percentage of an accountable person's variable remuneration for a minimum of four years. In the event that such managers fail to comply with their obligations under the BEAR, the institution's remuneration policies must provide for a reduction that is proportionate to the contravention. The extension of the BEAR may mean a more apt name for the regime will be the FEAR, due to the fact that ARBC's final report in January 2019 recommended extending the BEAR to all financial services entities who fall within the Australian Securities and Investments Commission's (ASIC) regulatory remit. There was also a suggestion in the final report that the BEAR may end up being extended to the Australian financial services regulators themselves (see Recommendation 6.12), as the UK FCA has done with respect to its SM&CR.
In 2017, the Hong Kong Monetary Authority (HKMA), the region's bank supervisor, began a Bank Culture Reform programme by promoting a framework to foster a sound culture within banks. While acknowledging there is no one-size-fits-all approach, this gives particular importance to three pillars: governance, incentive systems, and an assessment and feedback mechanism. It has seen banks being required to review and report on their governance arrangements, including policies and procedures, on corporate culture and to take steps to foster a sound bank culture. More recent supervisory measures have required banks to undertake self-assessments – a question template has been issued – and see HKMA supervisors conduct focus reviews to assess and benchmark a bank's practices on culture, together with gathering insights during the course of "culture dialogues" with senior management. The HKMA has explicitly acknowledged looking to experiences elsewhere and, especially, to Australia's Royal Commission.
Highly relevant to governance arrangements, a Manager-In-Charge (MIC) regime has been in place since October 2017. The regime captures approximately 10,000 senior individuals responsible for managing core functions within financial services businesses supervised by the Securities and Futures Commission. Similarly, the Hong Kong Monetary Authority followed suit in March 2018, launching its Management Accountability Initiative (MAI).
In contrast to the UK's SM&CR, generally speaking, neither the MIC nor the MAI impose new obligations on individuals. The existing fitness and propriety frameworks remain in place. Moreover, the MIC and MAI were introduced without recourse to primary legislation – for example, the MAI complements the pre-existing Section 72B Managers regime for executive officers and managers. Rather, the regimes seek to better bring home regulatory expectations and make management more conscious of their individual accountability. In this regard, both look to identify those individuals responsible for defined functions, such as key business lines, risk management and money laundering, and as in the UK firms must have governance maps showing the management structure, roles, responsibilities and reporting lines – all of these are helpful for regulators looking to apportion liability after a firm's regulatory contravention.
In April 2018, the Monetary Authority of Singapore (MAS) consulted on guidelines to strengthen accountability and standards of conduct in the financial sector. According to the MAS, the purpose of the "Guidelines on Individual Accountability and Conduct" are to promote individual accountability of senior managers, strengthen oversight of material risk personnel and, importantly, reinforce standards of proper conduct among all employees. These are central to the MAS' approach of fostering sound culture and conduct, which it considers fundamental to a trusted and ethical financial eco-system. Singapore considers that good culture is driven by internal leadership and self-discipline with effective supervision. The Guidelines will apply to banks, insurers, intermediaries and markets infrastructures and, unlike the UK SM&CR, to payment providers. Having received feedback on and published its response to the 2018 consultation paper, the MAS is presently consulting on the scope of the proposed Guidelines (i.e., which firms in the sector will fall within them).
Financial institutions are required to work towards five outcomes. They must identify senior managers who have responsibility for core functions (e.g., chief executive officer, head of business function and head of compliance, etc.), determine they are fit and proper, as well as being responsible for the actions of their staff, and confirm that their management structure and reporting lines are clear and transparent. Additionally, "material risk personnel" need to be fit and proper, subject to effective risk governance with appropriate standards of conduct and, regarding remuneration, have proper incentive structures. Overall, there should be a framework that "promotes and sustains the desired conduct among all employees." In recognition of proportionality concerns, the MAS has stated that it will not normally expect smaller firms (i.e., those with a headcount of less than 20) to adopt the specific guidance described.
Alongside these developments, the MAS and the Association of Banks in Singapore have established a Culture and Conduct Steering Group to promote sound culture and raise conduct standards among banks in Singapore. The group is tasked with identifying emerging trends in conduct and behaviour, as well as sharing best practices in "getting the culture right." Additionally, in June 2019, the MAS set up a small behavioural sciences unit to build up capabilities and support its supervisors with methodologies in better understanding culture and conduct issues in the institutions they supervise. Again, in the same month, the Institute of Banking and Finance and the UK Chartered Body Alliance signed a Declaration of Intent to deepen collaboration in skills development for banking, capital market and insurance professionals. This includes development and delivery of training programmes, and facilitating mutual recognition of professional standards and certifications.
In supervising firms, the FCA focuses on what they regard as four drivers of culture: a firm's purpose, leadership, the approach to rewarding and managing people, and governance. In its view, the SM&CR has improved clarity around these drivers. The FCA looks to senior management to nurture healthy cultures in their firms to reduce the risk of harm to customers. According to the FCA's March 2018 paper on transforming culture, the lessons learnt by the FCA from bank misconduct include:
- The need to set the tone from the top – having a clearly articulated purpose and supporting values
- Matching words and actions – encouraging and rewarding behaviours and outcomes that align with the firm's purpose and values
- A working environment that encourages staff to speak up – to reduce the risk of poor behaviour or poor customer outcomes going undetected
In this context, the SM&CR replaces a discredited Approved Persons Regime with a three-tiered structure. At the top of a pyramid-like structure there are Senior Management Function Holders (SMFs), board members and other individuals who hold key roles or have overall responsibility for specific business areas, functions or activities within the firm that require pre-approval by the PRA or FCA (depending on the function being performed). Senior managers have a "duty of responsibility" to take such steps as a person in their position could reasonably be expected to take to avoid a regulatory contravention by the firm occurring (or continuing) in a part of the business for which they are responsible. On remuneration, senior managers are also subject to rules over the ratio of discretionary remuneration – so called bonus caps – and malus and clawback on pay.
Below SMFs there are significant harm function holders. These individuals do not require regulatory approval but need to be certified by the regulated firm, which must assess their fitness and propriety on an annual basis. This limb of the regime captures most individuals other than SMFs who would previously have been subject to the Approved Persons Regime. Certified persons (as they are referred to) make up the next management rung down from senior managers, plus certain technical and customer-facing functions. Finally, at the bottom of the pyramid are all staff except for those in purely ancillary roles (e.g., receptionists) who are subject to conduct rules.
The regime was rolled out to banks, credit unions and large investment firms in 2016 (whose lead regulator is the PRA) and, having been declared a success by UK regulators, was extended in modified form to insurers in 2018 and, later this year, in a modified form to ensure proportionality, to most other financial services businesses. The exception is payment and e-money firms which are authorised under separate legislation. Closely associated with the SM&CR and increased individual accountability are stricter rules on regulatory references – to prevent so-called bad apples moving from one firm to another – and measures to encourage whistleblowing.
A complementary industry initiative has been the establishment of the Banking Standards Board to promote high standards of behaviour and competence across UK banks and building societies.
The success of enhancing individual accountability regimes in changing culture and therefore reducing misconduct will have to be judged over time. In the meantime, these regimes may be rolled out elsewhere or at least influence regulatory design. Although another common law jurisdiction, the US, does not (yet) have a comparable regime, in part perhaps due to the diversity of regulators, it is equipped with significant enforcement powers. Nonetheless, while regulators in the US have directed their firepower towards organisations rather than individual managers, they have begun to place a growing emphasis on governance. While the political winds may have since changed with the Trump administration, in 2016, in the context of expanding the reach of liability for senior executives, Mary Jo White, then chair of the US Securities & Exchange Commission, referred in a speech to a growing frustration that US law does not impose responsibility on senior executives for fostering cultures that lead to misconduct or for failing to implement proper controls that could prevent it. She called for thinking "outside the box" and that the agency should study the implementation of the UK SM&CR for lessons in holding executives accountable.
Sek Cheong Yong (Singapore) and Shemira Jeevaratnam (Sydney) contributed to this piece.
For further information, please contact:
Bill Fuggle, Partner, Baker & McKenzie