View
2
Download
0
Category
Preview:
Citation preview
Evolving expectations of Fitness & Probity to support an Individual Accountability FrameworkBreakfast Briefing 2018
28th August 2018
2
Agenda
Topic Presenter Timing
Introduction Sean Smith 8:00 a.m. – 8:10 a.m.
Keynote speech – Regulatory Expectations
Seána Cunningham, CBI 8:10 a.m. – 8:35 a.m.
Session 2 Pierre-Francois Rodriguez 8:35 a.m. – 8:55 a.m.
Session 3 Laura Wadding 8:55 a.m. – 9:15 a.m.
Session 4 Melissa Scully 9:15 a.m. – 9:35 a.m.
Panel Discussion All 9:35 a.m. – 9:50 a.m.
Close
3
Keynote speech
Seána Cunningham, CBI
4
Individual Accountability – our approach
Seána Cunningham, Director of Enforcement and Anti-Money Laundering
Deloitte 28 August 2018
5
Overview
1. The Fitness and Probity Regime
2. Participation under the Administrative Sanctions Procedure
3. Suggestions for reform
4. Conclusion
6
The Fitness and Probity Regime
7
Participation under the
Administrative Sanctions Procedure
8
Suggestions for reform – the Individual Accountability
Framework
9
Conclusion
10
Agenda
Topic Presenter Timing
Introduction Sean Smith 8:00 a.m. – 8:10 a.m.
Keynote speech – Regulatory Expectations Seána Cunningham, CBI 8:10 a.m. – 8:35 a.m.
Session 2 Pierre-Francois Rodriguez 8:35 a.m. – 8:55 a.m.
Session 3 Laura Wadding 8:55 a.m. – 9:15 a.m.
Session 4 Melissa Scully 9:15 a.m. – 9:35 a.m.
Panel Discussion All 9:35 a.m. – 9:50 a.m.
Close
11
Session 2
Pierre-Francois Rodriguez Director, Deloitte UK
UK Senior Managers & Certification Regime
28 August 2018
13
1. Recap on the regime
2. SMCR implementation lessons learnt
3. Questions
Senior Managers & Certification Regime
14
Recap on the regime
15
Senior Managers and Certification RegimeBackground – Increasing individual accountability
• Under SMCR the regulators are seeking to reinforce the concept of individual accountability at the top of firms and for Senior Managers to demonstrate adherence to the conduct rules, including being able to demonstrate that they have taken ‘reasonable steps’ to control their areas of responsibility.
• The regulators have expressed that this expectation is not greatly removed from the current state of affairs, but by increasing the clarity around accountabilities and responsibilities it will focus the minds of those occupying Senior Management Functions.
• SMCR has been in force in banks since 7 March 2016. In October 2015, HM Treasury announced the key features of the banking Senior Managers Regime will be extended across the broader financial services industry from 2018. Insurance firms will transition to the SMCR from 10 December 2018. SMCR will come into force from 9 December 2019 for other financial services firms, including IFAs and brokers.
• The regulators will ensure that the extended regime appropriately reflects the diverse business models operating in the UK market and is proportionate to the size and complexity of firms.
“Six months on and, in a great many cases, firms have made a substantial effort to get this right and embrace the
importance of the key principles underlying the Senior Managers and Certification Regime, namely responsibility
and accountability.“Knowing who is responsible for what is critical for firms
and regulators and we have seen genuine engagement on this from the Board down”
Andrew Bailey, Chief Executive, FCA, September 2016
“If people want to rise to the top of firms, with all the rewards that brings, while ducking proper accountability,
then they are in the wrong sector"
Sam Woods, Deputy Governor, Prudential Regulation,Bank of England and CEO of the PRA, January 2017
16
Focus on Individual
Accountability
Introduces Senior Management Functions with a statutory duty of responsibility.
The Certification regime includes roles which can cause “significant harm to the firm or its customers”.
The Responsibility Map is a requirement to describe how individual accountability is apportioned and how governance operates in a firm.
The Statement of Responsibilities set out the areas of the business that the Senior Manager is responsible and accountable for.
SMCR introduces some changes to processes including enhanced criminal record checks, monitoring conduct breaches and obtaining regulatory references dating back six years for people applying for Senior Manager, Certification and non-approved
NED roles.
Introduces two tiers of Conduct Rules to firms’ regulated and unregulated financial services activities (including any related ancillary activities carried on in connection with a regulated activity).
New roles and duty of responsibility
New Conduct Standards
New documentation
Enhanced processes
Senior Managers and Certification RegimeKey provisions
17
Key provisions
Senior Managers and Certification Regime
Senior Managers Regime
• The most senior people in a firm.• Anyone who performs a Senior Management Function (“SMF”) must be approved by the FCA/PRA.
Senior
Management
Functions
Duty of
responsibility
Statement of
Responsibility
Criminal record
checks
Prescribed
responsibilities
Responsibilities
map
Handover
procedures
Overall
responsibilityApply to large Banks, Solvency II firms, large NDFs and enhanced FCA solo firms only
Certification Regime
• People who aren’t Senior Managers but whose job can cause significant harm to the firm or its customers have to be certified.
• No FCA/PRA approval, but firms need to check and confirm on an annual basis that these people are fit and proper to perform their role.
Other Staff
All staff who perform financial services roles, except ancillary staff (e.g. caterers, cleaners and security staff).
In
div
idu
al
Con
du
ct
Ru
les
Sen
ior M
an
ag
er C
on
du
ct
Ru
les
Fit a
nd
Prop
er r
eq
uir
em
en
ts
(in
clu
din
g r
eg
ula
tory r
efe
ren
ces
In addition the Conduct Rules, the Fit and Proper Requirements and Regulatory references will also apply to all NEDs, even ifthey are not a Senior Manager.
18
Knowledge and understanding
Handover – on starting or leaving a SMF role, take responsibility for understanding all aspects of the business, including key risks in areas where you have individual and collective responsibility.
Regulatory – maintain an awareness of relevant requirements and standards of the regulatory system.
Technical – maintain your technical skills, through continuing professional development.
Market knowledge – understand the broader markets in which the firm operates.
Your firm – receive and review regular updates and reports from your team and maintain a wider understanding of the activity of the firm.
Organise and control
Reporting lines – establish and articulate clear lines of control in your area.
Delegation – ensure any delegations are clearly documented and understood, and continue to oversee and review the performance of delegated responsibilities.
Resource – maintain appropriate resource levels and skillsets, and take steps to manage any resource constraints.
Succession planning – be proactive in identifying talent and planning for the future.
Governance – establish relevant committees, ensure attendees are appropriate and attend.
Review and improve
Reporting – interrogate the information you receive and produce to identify potential improvements.
People – continually assess the competence and capability of your team, identify training needs and deal with poor performance.
Controls – implement, police, review and update appropriate policies, procedures and controls.
Challenge and discussion – encourage a culture of challenge within your team and contribute personally to collective decision making within the firm.
Be proactive – prioritise key risk areas and take pre-emptive actions to prevent breaches occurring.
Resolve and learn
Take action – where potential issues occur take responsibility for ensuring they are resolved.
Support – seek and obtain appropriate expert advice or assurance, whether internal or external.
Escalate – raise issues and follow them up with relevant staff, committees and Boards.
Action plans – document action owners and timeframes and follow through to completion.
Lessons learned – use resolved issues to inform and improve your control frameworks.
Knowledge and understanding
Organise and control
Resolve and learn
Review and improve
Evidence
Reasonable steps
Senior Managers and Certification Regime
19
SMCR implementation lessons learned
20
Lessons learnt
Senior Managers and Certification Regime implementation
On average, it took at least 12 months for banks to implement SMCR, with the following deliverables being the most time consuming:
o Responsibilities maps and role profiles/SoRs;
o Certified population mapping and training; and
o Conduct staff training.
Implementation success factors were:
• Appointment of a Senior Sponsor;
• The implementation project team had sufficient resource dedicated to the project, including from HR, Compliance and Legal;
• Early engagement of the Board and Senior Management;
• Carried out a SMCR gap analysis to identify likely areas of implementation challenges;
• Early design and development of the reasonable steps framework;
• Early training/briefing to impacted staff; and
• Early drafting of the SMCR documentation:
o Management responsibilities map;
o senior managers roles and responsibilities; and
o role profiles – likely to be the longest to implement including the socialisation of the Senior Managers’ responsibilities.
21
Lessons learnt
Senior Managers and Certification Regime implementation
Opportunities Challenges
From our observations supporting Banks with the implementation of SMCR, we have identified a number of opportunities for the firm:
However, depending on the size and complexity of the firm, the implementation of the SMCR has often brought the following challenges:
Population identification
Allocating responsibilities
Responsibility map development
Fit and proper processes
(Certification)
Individual vs. collective
responsibilities
Reasonable steps framework
development
Conduct rules monitoring and breach
reporting
Operational challenges (maintaining records,
monitoring and recording systems)
Review governance arrangements and entities structure
Formalise intra-group arrangements
Increase stand-alone operations of the UK
entities
Re-allocation of role and responsibilities for Senior Managers
Formalise decision making process
Culture change
22
Questions?
23
Agenda
Topic Presenter Timing
Introduction Sean Smith 8:00 a.m. – 8:10 a.m.
Keynote speech – Regulatory Expectations Seána Cunningham, CBI 8:10 a.m. – 8:35 a.m.
Session 2 Pierre-Francois Rodriguez 8:35 a.m. – 8:55 a.m.
Session 3 Laura Wadding 8:55 a.m. – 9:15 a.m.
Session 4 Melissa Scully 9:15 a.m. – 9:35 a.m.
Panel Discussion All 9:35 a.m. – 9:50 a.m.
Close
24
Session 3
Laura Wadding Director, Deloitte Ireland
Individual Accountability & Outsourcing Laura Wadding
28 August 2018
Regulatory Landscape
© 2018 Deloitte. All rights reserved 27
Sectoral Rules & Guidance cover certain aspects of individual accountability when outsourcing.
Current Regulatory Landscape
• Fund Management Company Guidance (‘CP86’)
• Oversight of Delegates
• Designated Persons with responsibility for X
• Supervisibility – ability of the regulatory to supervise, including having access to individuals
• CBI ‘Dear CEO’ letter to Fund Administrators
• Responsibility of Board & Senior Management
• Dedicated Oversight Role
• Role of Compliance & Internal Audit (2nd & 3rd lines of defence)
• MiFID
• Supervisibility
• Named individuals in the outsourced service provider
• Solvency II & EIOPA Guidance
• Fitness & Probity of individuals within an outsourced service provider
• Key Decision Making responsibility and evidence
• Designated Persons with overall responsibility for a key function
• A ‘system of governance’
• CEBS Guidance on Outsourcing (2006)
• Retention of adequate core competence at senior management level within the firm – with ability to resume direct control if necessary
“In case of outsourcing of a key function or of outsourcing of a part of a function where this part is regarded as key, the person responsible is considered to be the one who has the oversight over the outsourcing at the undertaking.”EIOPA Guidance on System of Governance
© 2018 Deloitte. All rights reserved 28
There are several initiatives underway locally and at a European level which are seeking to influence the regulatory landscape when it comes to outsourcing in the financial sector.
Evolving Landscape
• Brexit
• New entrants to the market, expansion of existing entities, extended permissions – influencing CBI views of outsourcing models, substance and accountability.
• Day 2 outcomes will further inform risk appetite within firms.
• European Security Authority Opinion - “Any outsourcing or delegation arrangement from entities authorised in the EU27 to third country entities should be strictly framed and consistently super-vised.”
• EBA Consultation Paper (will apply to banks and MiFID firms)
• Replaces the CEBS Guidance on Outsourcing from 2006
• “Institutions and payment institutions should clearly assign the responsibilities for the documentation and control of outsourcing arrangements.”
• The outsourcing policy “should cover at least the responsibilities of the management body, business lines, internal control functions and other individuals in respect of outsourcing arrangements.”
• The firm “should establish an outsourcing function or designate a senior staff member (e.g. Key Function Holders)”.
• CBI Outsourcing Framework
• Informed by industry surveys and themed inspections.
• Cross-sector view.
© 2018 Deloitte. All rights reserved 29
Whilst there are some differences between sectoral requirements, there are certain principles that are common OR emerging as common themes across all sectors.
Common Themes
Supervisible
Designated Individuals
Risk Based Decision Making
Retention of Competence
Retention of Adequate Resources System of
Governance
Designated Individuals
Risk Based
Decision Making
Retention of Competence
© 2018 Deloitte. All rights reserved 30
With increased focus on the fitness and probity of individuals in key senior management positions, in particular within the control functions, firms are looking outside their organisation for short-medium support.
Outsourcing Key Roles
Reasons for Outsourcing Senior Management Roles
• Skills / Knowledge Acquisition• Capacity• Short – Medium term recruitment
difficulties i.e. fill a gap• Provides an Independent View
Challenges• Not a long term solution• Does not absolve the entity of its
obligations• Over-reliance can cause longer
term knowledge deficiency in the business
• Costly
Best Practice• Use a reputable firm with a
track record of performing the role
• Clearly set out role, responsibilities, objectives and regularly assess performance
• Facilitate knowledge transfer in the business (e.g. appoint a deputy / successor)
• Appoint a senior person in the business with responsibility for the outsourced role i.e. a direct reporting line for the delegate, preferably independent from the functional reporting line
Direction of Travel
32© 2018 Deloitte. All rights reserved
Looking Forward
Third Party Risk Management - functionalised, increased use of fintech solutions (including utilities) and KPI monitoring
Supervisibility – accessible by regulators, transparent, centralised books and records inventories & response management
Extension of the Board – Designated Persons with responsibility for X (e.g. CP86)
Key decision making i.e. what to outsource and how – risk based, challenged and evidenced
Oversight & Monitoring – evidence based, ongoing, embedded
Substance requirements – skills based – ability to ‘oversee’ a function with clear and tested contingency plans
Standardisation of rules and minimum standards across sectors – a ‘Framework’
The current regulatory landscape, combined with proposed changes and opinions, emerging market practices and the feedback from the CBI give us a sense of the direction of travel for accountability requirements when outsourcing.
33
Agenda
Topic Presenter Timing
Introduction Sean Smith 8:00 a.m. – 8:10 a.m.
Keynote speech – Regulatory Expectations Seána Cunningham, CBI 8:10 a.m. – 8:35 a.m.
Session 2 Pierre-Francois Rodriguez 8:35 a.m. – 8:55 a.m.
Session 3 Laura Wadding 8:55 a.m. – 9:15 a.m.
Session 4 Melissa Scully 9:15 a.m. – 9:35 a.m.
Panel Discussion All 9:35 a.m. – 9:50 a.m.
Close
34
Session 4
Melissa Scully, Senior Manager, Deloitte Ireland
35
Challenges for Board members
36
Increasing expectations and a shift towards individual accountability
Widening regulatory expectations
Internal governance
Culture
Succession planning
Conduct
Strategy
Diversity
Product governance
and oversight
Three lines of
defence
Risk appetite
COLLECTIVE BOARD RESPONSIBILITIESINDIVIDUAL
RESPONSIBILITIES
Directors’ duties
Non-executive director
responsibilities
Prescribed responsibilities
37
Key challenges for Board members
Strengthening accountability
Challenges
Clarity on prescribed
responsibilities
Demonstrating reasonable
steps
Oversight of delegated
tasks
Maintaining independence
Prompt disclosure
Recruitment process &
remuneration
38
Practical considerations
Start early
Communicate and educate Board members on the upcoming changes
Assess your governance arrangements
Determine what your particular challenges will be
Identify potential prescribed responsibilities for Board members
Ensure that you have robust succession planning
Think about the impact on challenge and the style of minute taking
39© 2017 Deloitte. All rights reserved
Any Questions
40
Feel free to contact us
Sean SmithPartner, Regulatory Risk, Risk Advisory - Ireland
Email: seansmith1@deloitte.ie
Phone: +353 (0) 1 417 2306
Laura Wadding Director, Regulatory Risk, Risk Advisory - Ireland
Email: lwadding@deloitte.ie
Phone: +353 (0) 1 417 2934
41
Feel free to contact us
Melissa ScullySenior Manager, Risk Advisory - Ireland
Email: mscully@deloitte.ie
Phone: +353 (0) 1 417 8656
Rose-Marie KennedySenior Manager, Regulatory Risk, Risk Advisory - Ireland
Email: rkennedy@deloitte.ie
Phone: +353 (0)1 417 8933
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see www.deloitte.nl/about to learn more about our global network of member firms.
Deloitte provides audit, consulting, financial advisory, risk advisory, tax and related services to public and private clients spanning multiple industries. Deloitte serves four out of five Fortune Global 500® companies through a globally connected network of member firms in more than 150 countries and territories bringing world-class capabilities, insights, and high-quality service toaddress clients’ most complex business challenges. To learn more about how Deloitte’s approximately 245,000 professionals make an impact that matters, please connect with us on Facebook, LinkedIn, or Twitter.
This communication contains general information only, and none of Deloitte Touche Tohmatsu Limited, its member firms, or their related entities (collectively, the “Deloitte Network”) is, by means of this communication, rendering professional advice or services. Before making any decision or taking any action that may affect your finances or your business, you should consult a qualified professional adviser. No entity in the Deloitte Network shall be responsible for any loss whatsoever sustained by any person whorelies on this communication.
© 2018 Deloitte The Netherlands
Recommended