Bank Individual Accountability Regime Practical points for implementation

Bank Individual Accountability Regime Practical points for implementation Simon Morris, CMS Sarah Ozanne, CMS 23 September 2015

Looking at 1. The new structure 2. Senior management 3. The HR issues 4. The new rules 5. Certification regime & other staff 6. Incoming branches 7. General state of progress 8. Bank Individual Accountability Regime - employment issues

1. The new structure in a nutshell The cast comprises Senior managers Prior regulatory approval Statement of responsibility Responsibilities Map Subject senior manager rules With reversed burden of proof Middle managers Bank certifies as fit and proper Subject first tier rules only Nearly everybody else Subject first tier rules only The key tasks are 1. Categorising staff & allocating responsibilities 2. Grandfathering or applying 3. Papering the HR aspects a) Contracts b) Staff handbook c) Handover certificates d) Referencing e) Breach reporting 4. Codifying fit and proper 5. Drawing the map 6. Training all staff 7. Preparing for RoBoP 3

In other words Prior approval Statement of responsibility Annual vetting for F&P Subject to senior manager rules Liable for breach in your area Subject to conduct rules Senior manager Must also be fit & proper Certificate staff Other staff Must also be fit & proper 4

2. Senior managers 5

Senior managers The job description Takes or participates in decisions Part of the bank s regulated activities With risk of serious consequences With designated 17 controlled functions And 26 responsibilities that must be allocated to a CF Must be fit and proper initially and reconsidered annually 6

Senior managers are Executive SMF1 Chief Executive function SMF2 Chief Finance function SMF3 Executive Director function (FCA) SMF4 Chief Risk function SMF5 Head of Internal Audit function SMF6 Head of Key Business Area function ( 10bn assets + 20% revenue) Non-executive SMF9 Chairman function SMF10 Chair of the Risk Committee function SMF11 Chair of the Audit Committee function SMF12 Chair of RemCo function SMF13 Chair of NomCo function (FCA) SMF14 Senior Independent Director function There are also unapproved Notified NEDs SMF7 Group Entity Senior Manager function SMF16 Compliance Oversight function SMF17 Money Laundering Reporting function (FCA) SMF18 Other Overall Responsibility function (FCA) 7

Who does what the rules for allocating responsibilities 1. Must allocate each prescribed SMR => an SMF a) But not to an SMF 18 (other than CASS) b) May be outsourced c) Not normally split or joint d) Most senior manager in that area & most closely linked to it 2. Must allocate responsibility for every other function => an SMF a) May already be an SMF, otherwise => an SMF 18 b) Including functions outside the UK 3. And also a) Must be fit and proper b) Senior, credible but not necessarily on board c) Adequate resources and authority d) Not over-concentrated 8

Who does what Key responsibilities for allocation to senior managers a) Obligations under new regime b) Senior management training c) Ensuring NNEDs are fit and proper d) Overseeing culture e) Capital, funding & liquidity; treasury ops; financial reporting; stress tests f) Recovery & resolution planning g) CASS compliance h) Financial crime i) And for NEDs i. Independence & performance of internal audit, risk and compliance ii. iii. Operation of remuneration policy Effectiveness of whistleblowing 9

Three SMF challenges 1 st SMF7 group entity senior manager with significant influence on conduct of regulated activities 1. Sits outside UK entity 2. Responsible for managing regulated affairs = direct management or decision making responsibility 3. More than adhering to group policies provided UK entity has management with authority to ensure compliant & suggest modifications 4. In Map and has SoR; responsible under COCON and liable ROBOP 10

2 nd SMF 18 overall responsibility for firm activity, business area of management function (not already allocated to an SMF) Overall responsibility = a) Member of board or reports to it b) Ultimate responsibility under the board c) For managing or supervising function d) With primary responsibility for putting to & briefing board NED or GESM or day-to-day management 11

Areas for SMF allocation, defaulting to an SMF18 Payment services Origination and underwriting Settlement Investment management Financial or investment advice Mortgage advice Retail & wholesale ending Wholesale lending decisions Design and manufacturing of products Marketing materials Customer service Corporate investments (for the firm s own account) Customer complaints Collections & arrears Wholesale sales IT Retail sales Business continuity planning Trading for clients Market making Investment research HR Incentive schemes Benchmark administration 12

3 rd Non-executive directors SMF NEDs 1. Role of Chair 2. Role of Senior Independent Director 3. Role of Committee Chair 4. Responsibility of oversight 1. Risk Notified NEDs Not individually approved but bank may only appoint if 1. satisfied F&P 2. contractually require to observe COCON 3. advise PRA with F&P information unless SMF elsewhere 2. Internal Audit 3. Remuneration 4. Compliance 5. Role of any NED - Support, oversee & challenge 13

Statements & maps 14

Statement of responsibility Individual statement of responsibilities Prepare & lodge when seeking approval & significant changes Important opportunity to clarify & codify responsibilities Standard form with limited free text (maybe for SMF 6 or 7) It must be Be practical and usable Consistent with responsibilities map Complete and only contain FCA-relevant material Show how responsibilities fit with governance & management 15

Responsibilities map A computer folder with files Single, comprehensive up-to-date document to ensure collective allocation of responsibilities complete Describing management and governance arrangements Showing no gaps and how fit together Not limited to UK or to regulated activities Containing Names & responsibilities (reconciling with SoR) How responsibilities allocated Reporting lines Management & governance arrangements Including group responsibilities 16

Senior manager responsibility 17

There are three grounds for individual discipline Currently 1. You failed to comply with rules of conduct; or 2. You have been knowingly concerned in an authorised person s contravention of a relevant requirement And now 3. The bank contravened a rule a) Which fell within the responsibility of a senior manager/smf NED in his senior management function b) Unless he can show he took reasonable steps to avoid the contravention 18

A dozen important steps to take 1. Be aware of regulatory requirements & wider environment; 2. Investigate & review your area of responsibility; 3. Implement, police and review appropriate policies; 4. Structure and control day-to-day operations, managing delegations; 5. Obtain & monitor appropriate internal management information; 6. Raise issues & follow them up; 7. Take pre-emptive action to prevent breaches; 8. Adequately respond to any breach; 9. Seek and obtain appropriate expert advice or assurance; 10.Deploy adequate resources, especially for control functions; 11.Keep a proper record of what you hear, say and do; 12.Maintain an audit trail of actions, initiatives, decisions & remedies. 19

Responsibility of SMF NEDs Duties of integrity, competence, TCF & compliant operations: 1. Understand business & risks 2. Be informed 3. Attend & contribute 4. Challenge when appropriate 5. Ensure proper minutes 6. Your committee 1. Meets regularly and thoroughly 2. Open inclusive challenging dialogue Specifically 1. Scrutinise management 2. Monitor reporting of performance 3. Integrity of financials 4. Controls & risk management robust 5. Scrutinise remuneration policy 6. Consider resources, appointments & conduct standards 3. Accesses necessary information 4. Reports to board 20

4. And what about the rules? 21

First tier rules for everybody Individual Conduct Rules Rule 1: You must act with integrity. Manage risk, exercise sound judgement, observe rules as well as honesty Rule 2: You must act with due skill, care and diligence. Understand the business, the regulations and act compliantly & competently Rule 3: You must be open and cooperative with the regulators. FCA only Rule 4: You must pay due regard to the interests of customers and treat them fairly. The TCF requirement made a personal promise do the procedures enable this? Rule 5: You must observe proper standards of market conduct. All markets, not just listed securities 22

Second tier rules for Senior Management SM1: You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively. SM2: You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with relevant requirements and standards of the regulatory system. SM3: You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively. SM1 3 = understanding business, managing risks, supervising delegates & acting on MI SM4: You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice. Goes beyond Rule 3 by requiring proactivity 23

And a bank must 1. Advise those subject to COCON of the rules 2. Contractually oblige an SMF & NNED to observe COCON 3. Report breaches a) Knowledge or suspicion of non compliance b) Disciplinary action for breach warn, suspend, dismiss, dock pay 4. Train take all reasonable steps to ensure understanding, including by training a) Broad understanding generally b) Deeper understanding specifically 24

5. The certification regime & other staff 25

Certified staff will be Employees who perform a specified significant harm function = provide services whom bank supervises, directs & controls Must be certified as fit and proper To perform every aspect of stated functions, listed in broad terms For 12 months, then reassessed; reassess if function changes Unless up to four week s cover where not require qualifications Identify & train by 7 th march 2016; certify each by 7 th March 2017 Fit & proper means can perform efficiently & compliantly Integrity Knowledge, competence & experience Qualifications & training 26

And the significant harm functions are The employee is involved in the bank s regulated activities, is not an SMF and PRA is based anywhere & falls within MRT Regulation; or FCA is based in UK/deals with customers and involves a risk of significant harm to it/customers as Significant manager with significant responsibility for a significant business unit (considering its risk profile, use of bank capital, contribution to P&L, staffing and customers) such as head of retail banking, lending, loan recovery or proprietary trading, or a member of a committee taking decisions about that unit Managers of certification employees both direct and indirect Functions requiring qualifications TC App 1 principally retail investment and mortgage advisers CASS oversight Benchmark submission and administration Proprietary trader Client dealing & algorithmic trading (still subject to consultation) Material risk taker, including Head of Risk, Internal Audit, Compliance And divisional reports Head of Risk in 2% of capital business unit And divisional reports Head of material business unit And divisional reports Head of legal, finance, HR, IT Authority over product approval All of their managers Remuneration criteria - 500k/top 0.3%/>others 27

What does fit and proper mean? 1. Position 2. Key requirements & main responsibilities 3. Criterion method of assessment outcome a) Honesty Criminal proceedings professional employment record non-disclosure b) Integrity c) Competence & capability Experience Qualifications Training Competent Sound judgement Compliant d) Financial soundness e) Conclusion Addressing negative features Reconciling any gaps Breaches recklessness condoned misconduct 28

All other staff All other staff apart from twenty designated categories such as cooks, cleaners and receptionists will be subject to 1 st tier conduct rules 7 th March 2017 Staff = employee and providing services to bank subject to its supervision, direction & control 29

6. Incoming branches 30

Who are the branch SMFs? EEA branch Third country branch Head of overseas branch SMF19 PRA Group entity senior manager if applicable SMF7 Other senior managers if large & complex (CFO, CRO, H of IA) PRA PRA MLRO SM17 FCA FCA Head of Compliance SMF16 FCA EEA branch senior manager SMF21 FCA Other local responsibility SMF 22 FCA 31

Other staff Certified staff Staff at EEA branch Staff at 3 rd country branch or dealing with UK client from overseas Conduct staff Staff at EEA branch Staff at 3 rd country branch or dealing with UK client from overseas Engaged in regulated branch activities Performing significant harm function 32

SMFs at 3 rd country branches Highest degree of individual decision making within branch over UK regulated activities Required to have And may have Head of Overseas Branch (SMF19) Head of Compliance (SMF 16) & MLRO (SMF 17) Group entity senior manager (SMF7) Executive director (SMF3) CFO, CRO, H of IA (SMF2, 4, 5) Other local responsibility (SMF22) 33

Other local responsibility (SMF22) Most senior branch manager with responsibility under branch governing body for activity that Is not included in an SMF Or is CASS The SMF22 May report outside the branch. May be in Head Office and have responsibility where the branch head (SMF19) does not have authority. 34

Allocation of SMF functions 3 rd country branch must allocate to SMF manager (only CASS to an SMF22) Responsibility for observing new regime Responsibility for risk management Responsibility for compliance Escalating correspondence to head office Responsibility for systems & controls (and no annual attestation) Responsibility for liquidity & financial information and reporting Local responsibility for financial crime Local responsibility for CASS All activities reporting direct to Head Office 35

Who s an EEA BSM? 1. Has responsibility for managing (taking or participating in taking decisions about) the bank s regulated activity with a risk of serious consequences for the firm or other UK interests 2. Whose determination of fitness and properness is not reserved to home member state 3. Who has significant responsibility (such as head of the unit, or member of the committee that takes decisions regarding the unit) for a significant business unit (assessed in accordance with risk profile, use or commitment of capital, contribution to P&L, employees, customers and other relevant factors) that carries on any of: a) Designated investment business other than dealing in investments as principal b) Processing confirmations, payments, settlements, insurance claims, client money or similar relating to designated investment business c) Activities subject to CASS (if top-up permission) d) Accepting deposits from (essentially) retail banking customers and substantially connected activities Not necessarily the Branch Manager (or anyone else) unless they fall in the definition 36

What else do SMRs need at a branch? Statement of responsibility The standard form with free text as needed Responsibility map For UK branch activities but without territorial limit & including unregulated activities. For an EEA branch, only if the branch passporting form doesn t provide the information Handover procedures 3 rd country branch only 37

7. And finally 38

What progress are banks making? Task Progress Completion 1. Board familiarisation Initial completed Ongoing required 2. Identifying affected staff Virtually completed Complete May 2015 Grandfather by Feb 2016 3. Statements of responsibilities & map 4. Certification standards & process 5. Reviewing employment material Templates prepared Complete concept June 2015 Complete actual by Dec 2015 Preparing templates & scoping process Complete concept June 2015 Start Feb 2016 & end Mar 2017 Not commenced Complete Sept 2015 6. Reviewing procedures Being identified Complete Sept 2015 7. Training and testing staff Scoping syllabuses Delivery Oct Dec 2015 8. Embed procedures & pass to HR Commence stages from June 2015 9. Final QA & board sign off Commence stages from June 2015 Jan Feb 2016 Jan Feb 2016 10. New rules in effect 7 March 2016 39

Bank Individual Accountability Regime - employment issues Sarah Ozanne 23 September 2015

Looking at 1. Recruitment 2. Employment contracts 3. On-going HR processes 4. Termination and handover arrangements 5. Whistleblowing 41

Recruitment - Application and approval before performance for those subject to SMR - Statement of Responsibility and summary of handover material - Relevance of D&O insurance - References - Criminal records checks for those carrying out SMR role - Criminal records checks not required except for those within SMR. Firms may carry out checks for other employees where legally allowed to (should seek consent as part of employment contract) 42

Recruitment Assessing fitness & proprietary immediate requirement for those subject to SMR those subject to CR identified by March 2016 but firms have a year to issue certificates of fitness & propriety. Designed to fit all firm s appraisal processes FCA expects common sense approach so that new recruits into CR roles assessed immediately rather than wait until end date to find they re not Appraisal and HR processes to support assessment 43

What does fit & proper look like? Attributes personal characteristics Honesty Integrity Reputation Competence, training, knowledge, qualifications, experience Capability Financial soundness Evidence Referencing & criminal records checking Assessment & confirmation Assessment & testing Record outcome with reasons Process Template for the position Initial assessment On-going oversight Annual reassessment 44

Employment contract Provisions to support recruitment/ on-going HR processes and termination Insert conditions/ warranties for commencement/ continuing employment Provisions to comply with regulatory requirements and company codes and policies Consent to criminal record checks Consent to on-going checks to confirm fit & proper Appropriate provisions re: investigations Appropriate summary termination provisions Provisions to support handover arrangements 45

On-going HR processes Develop/ review guidance and policy documents Staff handbook Specific SMR / CR handbook(s) Job descriptions Firm needs to have processes in place to: Reissue statement of responsibility if role significantly changes Re-assessment fit & proper status annually or if role changes Induction and Training Updating IT systems 46

On-going HR processes - Conduct Rules SMR and CR subject to Conduct Rules from 7 March 2016 All other staff apart from twenty designated categories subject to Conduct Rules from 7 March 2017. Firms must ensure individuals are notified they are subject to Conduct Rules and trained to understand how they relate to their role in advance of relevant date - Reporting of known and suspected breaches of the Conduct Rules - Reports in relation to actual or suspected breach of CR by SMR must be within 7 days of becoming aware - Reports in relation to actual or suspected breach by other staff subject to CR will be required annually. Allows an opportunity to investigate. - Separate to existing rules to report significant breach immediately. 47

Termination and handover arrangements - Use of handover certificates not mandated, rules require orderly transition - Practical and helpful and not just a record; judgment and opinion not just facts and figures - Take reasonable steps to ensure predecessor contributes to information and material - Firm must have a policy how it complies, including systems and controls - Review terms of template settlement agreements 48

Termination and handover arrangements Regulatory references regime still uncertain. Proposal for: SMR/ CR for references going back five years. references need to disclose any facts that led a previous employer to conclude that the candidate breached a Conduct Rule and a description of the basis and outcome of disciplinary action taken in relation to such breach. References must be true, fair and accurate Consultation papers on regulatory references Autumn 2015 PRA/ FCA considering feedback and may provide mandatory template for the provision of references. Committed to have in place by March 2016 49

Whistleblowing - FCA consulted on creating prescribed responsibility in relation to whistleblowing - Develop a package of measures to formalise firms procedures: - put internal whistleblowing arrangements in place (if not already) and inform UK-based employees about them - Inform employees they can blow the whistle to the PRA/ FCA - Offer protections to whistleblowers - Include relevant provisions in employment contracts and settlement agreements - Feedback and final rules to be issued later in the year 50

Any questions? CMS Legal Services EEIG (CMS EEIG) is a European Economic Interest Grouping that coordinates an organisation of independent law firms. CMS EEIG provides no client services. Such services are solely provided by CMS EEIG s member firms in their respective jurisdictions. CMS EEIG and each of its member firms are separate and legally distinct entities, and no such entity has any authority to bind any other. CMS EEIG and each member firm are liable only for their own acts or omissions and not those of each other. The brand name CMS and the term firm are used to refer to some or all of the member firms or their offices. CMS locations: Aberdeen, Algiers, Amsterdam, Antwerp, Barcelona, Beijing, Belgrade, Berlin, Bratislava, Bristol, Brussels, Bucharest, Budapest, Casablanca, Cologne, Dubai, Duesseldorf, Edinburgh, Frankfurt, Geneva, Glasgow, Hamburg, Istanbul, Kyiv, Leipzig, Lisbon, Ljubljana, London, Luxembourg, Lyon, Madrid, Mexico City, Milan, Moscow, Munich, Muscat, Paris, Prague, Rio de Janeiro, Rome, Sarajevo, Seville, Shanghai, Sofia, Strasbourg, Stuttgart, Tirana, Utrecht, Vienna, Warsaw, Zagreb and Zurich. www.cmslegal.com 51