Corporate governance is currently high on the FSA’s radar and it is clear that issues relating to corporate governance are a key component of the FSA’s new intensive supervisory approach. This briefing discusses some of the recent regulatory proposals relating to corporate governance, notably those found in a recently published FSA consultation paper entitled “Effective Corporate Governance (Significant influence controlled functions and the Walker Review)” (Consultation Paper 10/3).
The financial crisis has exposed the ineffectiveness of governance arrangements within some FSA authorised firms. The FSA has also acknowledged that its regulatory approach before the crisis underestimated the importance of corporate governance. The FSA has since been trying to rectify the situation, notably through changes to the approved persons regime (which was first reviewed in 2008).
The review of corporate governance in UK banks and other financial industry entities undertaken by Sir David Walker (the Walker Review) has obviously influenced the FSA’s thinking on corporate governance. For a discussion of the Walker Review, please see our briefing. The final recommendations of the Walker Review will be implemented through a combination of amendments to the Combined Code on Corporate Governance (to be renamed the UK Corporate Governance Code) and FSA rules. The UK Corporate Governance Code will apply to UK listed banks and financial institutions (BOFIs) or BOFIs that are part of groups that include UK listed entities. This means that UK financial institutions falling outside the scope of the UK Corporate Governance Code are wholly dependent on the FSA to articulate corporate governance standards applicable to them in the UK.
Consultation Paper 10/3 sets out the FSA’s response to the final recommendations of the Walker Review as well as its own proposals on changes to the significant influence functions (SIF). We have previously summarised the proposals set out in Consultation Paper 10/3 here. It is anticipated that other changes will be made in due course to the FSA’s rules and guidance, such as the Remuneration Code and its Senior Management Arrangements, Systems and Controls Sourcebook (SYSC), to implement other recommendations of the Walker Review.
The proposals in Consultation Paper 10/3
Introduction of nine new governing and systems and controls functions
One of the key proposals within Consultation Paper 10/3 is the introduction of new and more specific controlled functions within the approved persons regime. The FSA’s view is that the current regime is not granular enough to allow it to segregate and capture specific key roles within governance structures. At present, one individual can carry out many roles under a single controlled function. In order that the FSA can track and vet individuals who carry out different roles within a current function or who change roles within a current function, the FSA is proposing to introduce nine new SIF categories. The changes are set out in Table A below. Many of the new controlled functions relate to roles ascribed to non-executive directors (NEDs). The existing CF28 (systems and controls) function is being replaced by three new controlled functions for the finance, risk and internal audit functions. Most recently, the FSA has proposed the introduction of a new CASS oversight controlled function in Consultation Paper 10/9.
CF00 (Parent entity SIF)
The FSA made changes to its approved persons regime in August 2009, introducing revised CF1 (Director) and CF2 (Non-executive Director) definitions which were intended to capture certain individuals operating at the level of an unregulated parent or holding company of an FSA regulated firm where they were capable of exerting significant influence over that firm. Consultation Paper 10/3 proposes to capture these individuals in a new parent entity SIF controlled function, CF00. The CF00 function will be wider in its application to parent level individuals than the previous CF1 and CF2 definitions. For example, CF00 will be capable of capturing individuals at FSA regulated parent or holding companies (although individuals at other EEA regulated firms will remain excluded).
This is undoubtedly a clear warning that the FSA may look to hold parent level management responsible where problems have occurred in an FSA regulated subsidiary. Unhelpfully, there is no guidance from the FSA as to how the level of liability will be set for CF00 approved persons. This raises a number of significant questions:
- What are the FSA’s expectations of a CF00 approved person?
- In what circumstances would the FSA decide to take enforcement action against a CF00 approved person?
CF00 approved persons are not directors of the FSA regulated subsidiary and, being more distanced from its day-to-day affairs, should logically be subject to lower levels of regulatory responsibility than the serving directors. It seems unreasonable for the FSA to expect CF00 approved persons to be as familiar with the business of the FSA regulated subsidiary and the applicable UK regulatory rules as its serving directors. However, the FSA has thus far failed to clarify whether it will take a proportionate approach to the responsibilities of CF00 approved persons, an omission that must surely be corrected in the interests of fairness.
Affected groups may be tempted to review their reporting lines and management structures to remove the need for approval, resulting in regional businesses in the UK becoming more autonomous from the parent operation. Any move in this direction may result in a lower level of understanding at parent level of the degree of risk being undertaken in the UK business. Whether this becomes a matter of concern for lead regulators in key jurisdictions outside the EEA (for example, Hong Kong, Switzerland and the United States) remains to be seen.
Click here to view the table.
It is clear that the FSA regards NEDs as a crucial internal control on the behaviour and conduct of the executive management of FSA regulated firms. The FSA has said that it will increase its focus on NEDs, particularly the senior independent director and the chairs of key board committees (which will become the subject of their own controlled functions).
The FSA has signalled that the overall time commitment required of BOFI NEDs will be greater than in the past. Consultation Paper 10/3 proposes that firms should contractually specify the time commitment required of an NED and that the FSA will take into account the ability of a candidate to meet this time commitment when considering whether to grant its approval.
The FSA aims to develop its relationship with NEDs to assist them with the execution of their duties, notably through increased dialogue. Through more on-going dialogue with NEDs, the FSA hopes to spot emerging problems at an early stage. It is unclear if the FSA envisages circumstances in which NEDs would be expected to “whistle-blow” on the behaviour of their executive colleagues in the board room and report their concerns to the FSA. It is submitted that such matters should be left to the board room and that “whistle-blowing” should only ever be expected in extreme circumstances.
The FSA has repeatedly said that, where it appears that executives have persistently made poor decisions, the FSA will look at non-executive directors’ performance if it feels that they have not intervened in a timely and sufficient way. Although Consultation Paper 10/3 acknowledged that respondents to Consultation Paper 8/25 (a December 2008 consultation on the approved persons regime) felt that the FSA’s expectation that NEDs should challenge the executive and intervene where necessary was insufficiently clear, the FSA has thus far failed to provide any guidance on this point. This raises the question of how this challenge and intervention should take place in practice in order to satisfy the FSA. In order to protect themselves, NEDs should certainly ensure that there is a clear audit trail demonstrating the actions that they have taken to scrutinise and question the decisions of executive management.
The FSA is proposing to remove existing guidance in SYSC 2.1.2 G and SYSC 4.4.4 G that currently places limits around the potential liability of NEDs in recognition of the fact that their role will vary from firm to firm. The FSA is concerned that the existing guidance could be taken to mean that it would not hold NEDs responsible for failing to intervene and challenge executive management. This creates a rather invidious set of circumstances for NEDs of FSA regulated firms in that it is clear that their responsibilities to the FSA are increasing in a way that currently appears to have no discernible boundaries. It is submitted that this position is unacceptable and that the FSA must issue guidance on this issue, not least in the interests of fairness and to ensure that there is a ready population of willing candidates for NED office at FSA regulated firms.
Chief Risk Officer
The FSA is proposing to implement the final recommendations of the Walker Review in relation to requiring and enhancing the remit of board risk committees (in particular in FTSE 100-listed banks and insurers). The FSA is also proposing new guidance in SYSC on the need for some firms to appoint a chief risk officer (CRO). The CRO will be a senior executive who will play a pivotal role in ensuring that the board receives balanced and accessible information and advice on high-level risk issues. The proposed SYSC guidance on CROs makes it clear that the CRO should be given sufficient authority and resources to discharge his responsibilities. It seems to us that this will inevitably result in CROs more commonly becoming members of the board of FSA regulated firms and in them having a greater degree of interaction with directors, both executive and non-executive.
The FSA’s more intrusive approach to approving and supervising SIFs
The FSA has used Consultation Paper 10/3 as a platform for disseminating further information on the SIF interview process. This follows on from the “Dear CEO” letter published in October 2009 which clarified the FSA’s new approach to approving and supervising those performing SIFs. The FSA is keen to point out that there is no reason for the FSA’s oversight processes to have a deterrent effect where firms themselves have adequately vetted their candidates and that it is not the FSA’s intention to deter competent individuals from carrying out SIFs within firms. It is helpful to have a clearer understanding of the FSA’s expectations in this area and firms should take note of what the FSA says when they are considering recruitment for SIF roles. However, the information in Consultation Paper 10/3 does not constitute formal guidance. By articulating its expectations through the use of “soft guidance”, the FSA is clearly avoiding more formal channels. As such, there is an inevitable risk of regulatory creep in this area which should be closely monitored.
Information to be given to the FSA
The onus is on firms to provide sufficient information in the application process and failure to do so is regarded as an indicator of the quality of the firm’s systems and controls for recruitment. The FSA has recently said that it still receives applications for which adequate due diligence has clearly not been undertaken by the firm in question before the application is submitted to the FSA.
The FSA has listed the types of information that it would expect to see before it makes an approval decision. This includes:
- Details of the responsibilities of the role and the required competencies
- Details of the recruitment, referencing, interview and appointment process
- Evidence of the due diligence conducted by the firm to ensure that the candidate is fit and proper
- The firm’s rationale for concluding that the candidate is fit and proper to perform the role in question.
Timing of application
To avoid the need to caveat in an announcement that an appointment is subject to regulatory approval, firms should engage with the FSA at an early stage of recruitment (e.g. at the point of final short-listing of candidates), at least for the roles of chair, chief executive and senior independent director. The FSA has said that it is no longer the case that the FSA would “wave” someone through within a couple of days because the firm in question wishes to announce the appointment.
The need for interviews
Whether or not the FSA decides to interview a candidate will depend on the type and size of the firm, the role being applied for, the candidate concerned and any matters arising from the application. Interviews by the FSA may not be necessary if the firm can show that it has conducted appropriate due diligence. However, it is likely that those applying for the following roles in larger, more complex or risky firms will be called for interview by the FSA:
- Chief executive
- Senior independent director
- Finance director/Chief Finance Officer
- CRO/Risk director
- NEDs whose responsibilities include chairing the audit, risk or remuneration committees
The FSA has also recently said in Consultation Paper 10/9 that those carrying on the proposed client assets and money oversight controlled function at large firms (to be determined by a size test) would be likely to be interviewed.
The FSA may also interview representatives from the applicant firm (for example, the chairman of the nomination committee) where it decides that it needs to understand how the applicant firm has undertaken its due diligence in relation to the recruitment of the candidate.
Interviews will generally last around 90 minutes and the panel will be made up of FSA supervisors, technical specialists and other senior “grey panther” advisers. Clients have reported that some candidates, even those with considerable experience in the field, have been subjected to a very thorough examination.
Competence and capability checks
The FSA has in the past focussed on confirming the honesty, integrity and reputation of the candidate and checking a candidate’s financial soundness. Without reducing the importance of these criteria, the FSA is now increasing its overall focus on the competence and capability of the candidate to perform the role in question. It has identified the following key competencies against which the FSA will assess the majority of candidates before and during the interview:
- Market knowledge
- Business strategy and model
- Risk management and control
- Financial analysis and controls
- Governance, oversight and controls
- Regulatory framework and requirements
The level of competence each candidate is expected to demonstrate will depend on the role to be performed and the type and size of the firm. There is therefore no “one size fits all” approach. Firms are expected to have considered the candidate against the competencies above and to be in a position to provide evidence that they have done so.
The FSA will assess a candidate’s non-technical skills and behaviour in relation to his ability to play his role in delivering corporate governance and his willingness to work with the FSA in an open manner. For example, the FSA would expect an NED candidate seeking approval for the additional role of audit committee chair to be “a highly authoritative individual capable of challenging the executive effectively and marshalling the diverse skills and contributions of their committee members”.
Once approved, the performance and competence of persons performing SIFs will be reviewed as part of the FSA’s regular ARROW assessment process. The FSA has said that board appraisals may form part of its ongoing assessment of a board’s effectiveness and the level of performance of individual approved persons. The FSA is encouraging firms to adopt board appraisals and to share the results of those appraisals with the FSA.
The FSA has also said that if it has serious concerns about the corporate governance of a firm, it will require a skilled persons’ report to be provided to it under section 166 of the Financial Services and Markets Act 2000 (Section 166 report). Indeed it has pointed out that the quality of governance and risk management in individual firms has been the subject of many Section 166 reports over the past 18 months.
How does corporate governance fit in with the intensive supervisory approach?
Corporate governance should be viewed as an integral part of the FSA’s intensive supervisory agenda, with the threat of regulatory intervention where the FSA has major concerns about the judgments made by a firm in relation to its internal corporate governance arrangements. The FSA will use the extended scope of the approved persons regime and the more intrusive approach to the approval of candidates being put forward to perform SIF roles to articulate its expectations of firms’ corporate governance arrangements and to ensure that their expectations are taken into account in practice.
Click here to view Table B, which illustrates how various strands of the FSA’s intensive supervision approach fit together and the range of regulatory responses that the FSA has at its disposal.
Enforcement action against those performing SIF roles is likely to become more commonplace where problems occur, consistent with the FSA’s stated policy of credible deterrence. The fact that the FSA has thus far failed to articulate the regulatory standards expected of NEDs and CF00 approved persons and the associated potential liability is undeniably a matter of real concern. It is also a matter of fairness that those who are approved to perform SIF roles should have a clear idea of what they are subject to in terms of potential regulatory responsibilities and liabilities. It is hoped that the FSA will clarify and articulate its thinking on the issues raised in this briefing in its policy statement, due in the third quarter of 2010.