It only seems like yesterday that large swathes of the industry were getting to grips with the change from a single regulator to separate conduct and prudential regulators (which took place in April 2013, known as “legal cutover”). Granted, those firms had to deal with two different sets of supervisors and differing approaches to both supervision and risk assessment. But it wasn’t all change. There were some parts of the regulatory framework that appeared to remain constant.
For example, those who were approved persons prior to legal cutover, stayed approved persons with both new regulators. And they could continue to rely on an increasing focus on senior management’s individual accountability. These were known issues prior to the cutover, and by and large continued as issues afterward.
There was also a degree of consistency in terms of the key rules that senior managers needed to be most mindful of. The eleven Principles for Businesses stayed as they were (although responsibility for these was split between the regulators), the Statements of Principle for Approved Persons still existed, and the FCA, picking up the old FSA responsibility for enforcement, inherited its predecessor’s appetite for bigger and bigger enforcement actions.
All of this meant that firms, senior managers and compliance departments were able to continue their programmes of risk mitigation, senior management awareness and training along similar lines as under the old regime. The fact that we now had two regulators would have been absorbed relatively easily into the materials. All the old warnings about individual accountability, more enforcement action and the need to keep knowledge and training up to date still stood post-cutover.
But senior managers, need to be very careful that they don’t miss what are potentially seismic changes to the way they carry out their roles. The problem is that whilst some are obvious, others don’t come with big flashing lights. In fact, there are enough of these on the horizon that I need to split this post in two to cover all of them properly.
Parting of the Ways
Firstly, I want to cover two changes introduced quite recently by the PRA, affecting all dual-regulated firms (including banks, insurers and deposit takers). What I said earlier about the Principles for Businesses remaining the same, is no longer true. Back in June 2014, the PRA announced its new Fundamental Rules, designed to replace the Principles (Note that the Fundamental Rules are duplicated within the PRA Rulebook dependant on firm type). These are still high level rules in the same way that the Principles are, but there are fewer of them, and they are more focused on the PRA’s statutory objectives.
But just because there are fewer of them, doesn’t mean the requirements are lighter. Quite the opposite in fact, but the devil is in the detail. Here are two examples.
Fundamental Rule 6 states that “A firm must organise and control its affairs responsibly and effectively”. This has largely been carried over from Principle 3, except the phrase “take reasonable steps” has been subtly removed. This means in one fell swoop, the regulatory expectations on firms have increased substantially. They must do this – end of story. So, procedures for checking and maintaining suitability of senior management for controlled function roles need to be tight. It also means that their fitness to carry out their role must be maintained; and a key component of this is their training and development.
Going back a step, Fundamental Rule 5 states that firms “…must have in place effective risk strategies and risk management systems.” This has been carved out from the second part of Principle 3, but the reference to taking “reasonable care” has not been carried over. Again, firms have no choice but to demonstrate clearly that they understand the inherent risks in their business and have suitably robust systems in place to manage and mitigate those risks. This highlights another training issue, the need for knowledge and understanding of risk management processes and strategies.
To make things even more difficult, the PRA has said categorically that firms’ boards and senior management need to understand these Fundamental Rules. Not only that, the PRA expects those in senior positions to demonstrate that they’re fostering the right culture within their firm – a culture that puts these Fundamental Rules at the heart of everything it does.
It’s a big ask for any firms’ senior managers to meet these exacting requirements. There’s now a need for much greater knowledge and understanding of both these rules and the Principles for Businesses, which still apply to firms in respect of their regulation by the FCA. So, two sets of rules to learn, together with a need to demonstrate tight controls and a healthy culture. That’s a lot for those in the boardroom to get to grips with.
And it doesn’t stop there
Banking senior management will no doubt be aware of the introduction of the new Senior Persons’ regime next year. Well, it appears that insurers will not be immune from this change in approach to senior management accountability. The PRA announced in its latest consultation paper on Solvency II that it’s looking to introduce a regime for insurers that’s more closely aligned to the proposed structure for banks. I’ll cover this in more detail next time, but there’s a distinct possibility that for all PRA regulated firms, the approved person landscape could be hardly recognisable soon.
Training becomes a pressing need
The burden of knowledge and understanding required by those holding the most senior posts has no doubt increased dramatically in the last year. Especially because the PRA has made it clear that firms need to justify their actions explicitly, as well as take measures internally. Firms can try and meet these requirements themselves, but given the sheer volume of knowledge and understanding required, the benefits that can be gained from external training must surely now move to front and centre. Luckily, the starting point for solving this problem starts here with the Industry Events Online advanced search.
By Martyn Oughton a Professional Member of the International Compliance Association (ICA). Martyn now writes a regular blog for Industry Events Online focusing on the importance of training in all aspects of compliance. Read Martyn's other publications at Martyn's Writers' Residence website.
To keep up to speed with new events and blog posts sign up to the Industry Events Online weekly newsletter.