Presumption of Responsibility
The regulators have issued the next paper in the consultation process leading to the new regime for individual responsibility for senior managers in banks and insurers. This details their approach to the reversal of the burden of proof (euphemistically termed the “presumption of responsibility”) for senior managers, and the position of non-executive directors1.
1 FCA CP15/5***/PRA CP7/15: Approach to non-executive directors in banking and Solvency II firms & Application of the presumption of responsibility to Senior Managers in banking firms (February 2015)
Presumption of responsibility
The PRA has produced draft guidance on how it will approach the presumption of responsibility that a senior manager or an in-scope NED is personally responsible for breaches in his area unless he can show that he took all reasonable steps to avoid them. This sets out general criteria, and outlines some steps that an affected individual can usefully take to protect his position. However the PRA’s examples are pretty obvious and the guidance of limited assistance to an in-scope NED. Of greater help is the FCA’s paper, which usefully summarises its views of NEDs’ duties.
While plainly unattractive, if not downright unfair, to transfer the burden of proof onto a senior manager or in-scope NED, it is important to place this development in context. The principle of holding senior management responsible for their own or their firms’ breaches has been in force for nearly 15 years. The circumstances when a regulator can take action against a senior manager will not materially alter and, to date, the regulators have taken individual disciplinary action generally only in cases where the individual would clearly be recognised to have fallen significantly below acceptable standards. While this may of course change under the new regime, indications to date are that a competent and diligent manager or NED is no more likely to be disciplined in the future than he or she was in the past.
Non-executive directors (NEDs)
There has been considerable concern that applying personal liability to NEDs could limit firms’ ability to attract and retain high-quality NEDs and undermine the principle of collective decision-making, and there has been some movement on the original plans. The revised proposal is that only six classes of NED at (a) deposit takers and PRA-designated investment firms (Banks) and (b) insurers within Solvency II (Insurers), together termed in-scope NEDs, will fall within the senior management regime and require prior approval. They are the
2. Chair of the Risk Committee
3. Chair of the Audit Committee
4. Chair of the Remuneration Committee
5. Chair of the Nomination Committee
6. Senior Independent Director
Partly to ensure that any other NED, termed a standard NED, does not assume quasi-executive responsibilities and become more closely involved in the day-to-day management of the firm, a standard NED will fall almost entirely outside the new regime and will not be subject to:
1 | Banks & Insurers
1. Prior approval by a regulator
2. The requirement to provide a Statement of Responsibilities (although standard NEDs should appear in the Bank’s or Insurer’s Responsibilities Map)
3. The Conduct Rules
4. The presumption of responsibility, in the case of a Bank
5. The criminal offence of causing a bank to fail.
A standard NED will be subject to indirect regulation because his firm will be responsible for ensuring that he observes certain of the conduct rules. This development nonetheless introduces something approaching a three-tier board – executive, approved non-executive and unapproved non-executive directors, each subject to the same corporate but significantly different regulatory duties and liabilities.
What happens next?
This consultation is open until 27th April 2015 and firms and individuals can make their views known by responding to the nine specified questions and more generally.
There will be no further consultation on the fundamental structure of the new regime set out in the July 2014 consultation papers.
The Treasury has announced that the Senior Manager and Certification regimes will come into force on 7 March 2016.
The regulators will now make rules for staff in non-UK banks.
Time for action
The regime has now been substantially clarified, no major changes are expected, and the commencement date has been announced. Banks and Insurers will be able to empower their project teams and start preparing in detail for the new regime. Key steps to take include the following, with details varying between Banks and Insurers:
1. Identifying affected staff;
2. Establishing the criteria to assess them as fit & proper;
3. Preparing statements of responsibility and responsibility maps;
4. Embedding consequent changes into the HR process;
5. Training staff to ensure they can meet the new requirements;
6. Revising operating procedures to reflect the new requirements;
7. Performing QA to ensure that the new or changed processes are adequate, appropriately benchmarked and confirming this to the Board.
Presumption of responsibility at a bank –
how the PRA will view it
The Presumption of Responsibility is that a Senior Manager (a holder of a Senior Manager Function) or an in-scope NED is deemed personally responsible where a Bank has breached a regulatory requirement in an area for which he was responsible, subject to the Reasonable Steps Defence of where he can show (the burden of proof is on him) that he took all reasonable steps to avoid the contravention. So far only the PRA has articulated how it will approach this, and the FCA’s proposals are awaited but likely to be similar.
The PRA’s draft supervisory statement is a general statement of policy which neither establishes minimum standards nor offers safe-harbours, but does reveal how it expects to implement the new regime. Three key points are:
a) A Senior Manager or in-scope NED can be held accountable for his individual contribution to collective decisions and their implementation.
b) Liability may be joint and it is possible that more than one Senior Manager or in-scope NED could be held responsible in relation to a Bank’s misconduct.
c) The importance of having accurate and comprehensive Statements of Responsibility and Responsibilities Maps is emphasised as the PRA confirms that they will be relevant (but not the only) evidence in determining whether a Senior Manager was responsible for managing any of the firm’s relevant activities, or an in-scope NED was responsible for the area where the misconduct occurred.
What did you do?
The PRA states that it will in any situation assess the steps that the Senior Manager took against those it considers should have been taken, which the PRA assures it will not view with the benefit of hindsight. Elements that the PRA may consider are:
a) The size, scale and complexity of the firm;
b) What the Senior Manager actually knew, or a Senior Manager in that position ought to have known;
c) What expertise and competence the Senior Manager had, or ought to have had, at the time to perform his specific Senior Management Function;
d) What steps the Senior Manager could have taken, considering what alternative actions might have been open to the Senior Manager at the time and the timeliness within which he could have acted;
e) The actual responsibilities of that Senior Manager and the relationship between those responsibilities and the responsibilities of other Senior Managers in the firm (including in relation to any joint- responsibilities or matrix-management structures);
f) Whether the Senior Manager delegated any functions, taking into account that any such delegation should be appropriately arranged, managed and monitored;
g) The overall circumstances and environment, at the firm and more widely, in which such a Senior Manager was operating at the time.
3 | Banks & Insurers
These elements are worded with a Senior Manager in mind and cannot be easily applied to an in-scope NED as the steps, action and opportunities for delegation open to him are necessarily limited. These elements point to the importance of a Senior Manager keeping adequate records to establish what he knew, what information and reports he received and why he acted as he did. This cannot just apply to major or decisions or extraordinary events as experience shows that the regulators frequently take enforcement action in relation to failure of routine controls.
Good steps to take
In relation to the steps that a Senior Manager actually took to avoid the contravention occurring or continuing, the PRA gives examples of what could be relevant steps:
a) Pre-emptive actions to prevent a breach occurring, including any initial reviews of the business on taking up a Senior Manager function;
b) Implementing, policing and reviewing appropriate policies;
c) Awareness of relevant requirements and standards of the regulatory system;
d) Investigations or reviews of the Senior Manager’s area of responsibilities;
e) Where a breach is continuing, the response to that breach;
f) Structuring and control of day-to-day operations, including ensuring any delegations are managed and reviewed appropriately;
g) Obtaining appropriate internal management information, and critically interrogating and monitoring that information;
h) Raising issues, reviewing issues, and following them up with relevant staff, committees and boards;
i) Seeking and obtaining appropriate expert advice or assurance, whether internal or external;
j) Ensuring that the firm and/or relevant area has adequate resources, and that these are appropriately deployed, including for risk and control functions; and
k) Awareness of relevant external developments, including key risks.
There are sound recommendations, although once again of limited assistance to an in-scope NED. They bear striking resemblance to the steps that Mr Pottage, a senior UBS executive, took and which the Tribunal held were reasonable steps to discharge his managerial responsibilities, and so defeat an enforcement case that the FCA brought against him2. Every Senior Manager should consider whether their business is structured to enable them to take these, or analogous, steps and whether they possess adequate authority to take them – and if not, do something about it. He should also ensure that he keeps adequate records to demonstrate that he has done so.
Records to keep
Evidence that the PRA states it might seek to obtain in respect of these kinds of matters might include:
a) Board and board committee minutes;
b) Minutes of other internal meetings;
c) Statements of responsibilities and responsibilities maps;
d) Organisation charts and information on reporting lines;
e) Any other internal materials e.g. emails or telephone recordings; and
f) Regulatory correspondence and interviews.
2 Tribunal April 2012
This further emphasises the importance of keeping orderly and adequate records and, in particular, ensuring that board, committee and internal meetings are adequately minuted, recording individual contributions when necessary. The need for formal minutes is potentially significant for an in-scope NED whose contributions may otherwise leave relatively little trail of evidence.
Some notional examples
The PRA offers what it terms some hypothetical examples of when it might seek to take individual disciplinary action.
Against in-scope NEDs:
a) The Chair of the Risk Committee might be liable if the Committee failed to advise the Board on risk appetite and to oversee executive management’s implementation of the firm’s risk strategy, or if the Committee failed to discuss and recommend appropriate action if a Bank breached its risk limits
b) The Chair of the Remuneration Committee might be liable if the Committee failed to prepare decisions regarding remuneration for the Board.
c) A firm’s Chairman and in-scope NEDs who failed to address serious concerns about an overly dominant CEO with the Board or to advise the regulators.
Against senior managers:
a) A firm breaches its capital requirements as a result of a major loss in a key business unit that has repeatedly breached its risk limits. The PRA might consider acting against heads of the key business areas and the Chief Risk Officer.
b) Senior executives mislead the Board to obtain approval for a new, riskier, lending strategy and the Bank later breaches its capital requirements.
c) Management fails to monitor the provision of outsourced services resulting in serious service failure.
These will be readily recognised as simplistic examples, and the PRA is more likely to be faced with complex situations entailing a control failure in an international and matrix-managed Bank where responsibility may rest with a number of individuals and oversight committees. This highlights the importance of each Senior Manager and In-scope NED taking the steps similar to those outlined above, and also ensuring that his Statement of Responsibilities is comprehensive and reflects the realities of his responsibilities and how he discharges them. The FCA provides further guidance for Bank and Insurer NEDs and in practical terms this is helpful in establishing regulatory expectations in greater detail.
5 | Banks & Insurers
Regulatory expectations of NEDS
Assessing NEDs for fitness & properness
The PRA considers that a notification requirement for standard NEDs will meet EU requirements that all members of Banks’ and Insurers’ management bodies are fit and proper. This would mean that a Bank or Insurer must:
a) Assess the fitness and properness of all standard NEDs before appointing them, and periodically thereafter. This assessment should be as rigorous as for a Senior Manager.
b) Notify the PRA when a standard NED has been assessed as fit and proper
c) Provide the information set out in the notification form plus any other information reasonably material to the assessment of a standard NED’s fitness and propriety. The form calls for confirmation that the NED will devote sufficient time to the role, and that his appointment will complement the Board’s skills.
The PRA is also proposing
a) To introduce an additional prescribed responsibility for a Bank that is a CRR or MiFID firm to make a Senior Manager responsible for overseeing the assessment of the fitness and properness of all board members (including standard NEDs) and the firm’s compliance with the proposed process.
b) To require firms to ensure all members of the management body observe Conduct Rules 1 (integrity), 2 (competence), 3 (cooperating with the regulator) and SM4 (advising the regulator) and, when assessing ongoing fitness and properness, consider whether they have fulfilled these obligations.
The PRA and the FCA will coordinate and share information on the assessment of fitness of individuals in dual regulated firms, including Standard NEDs and other key function holders. The FCA does not propose to replicate the notification requirements as this process relates to EU obligations in respect of dual-regulated firms, where the PRA is the primary interface with the European Supervisory Authorities.
Employed Standard NEDs will fall within this and not the certification regime in relation to their NED functions.
Allocation of responsibilities
The PRA requires that certain prescribed responsibilities are allocated to PRA-approved (meaning in-scope) NEDs as follows:
Chairing, and overseeing the performance of the role of, the management body or committee
The induction, training and professional development of all members of the firm’s management body.
Chair of the Risk Committee
Ensuring and overseeing the independence and integrity of the risk function (Banks only)
Chair of the Audit Committee
Ensuring and overseeing the independence and integrity of the internal audit function (Banks only)
Chair of the Remuneration Committee
Oversight of the firm’s remuneration policies and practices.
Senior Independent Director
Performing the role of a senior independent director, and leading the assessment of the Chairman’s performance.
Any NED subject to PRA pre-approval
Maintenance of the firm’s whistleblowing policies.
Ensuring and overseeing the independence and integrity of the compliance function (Banks only)
The PRA views the requirement for an in-scope NED to take on individual responsibilities as consistent with the principle of collective decision-making.
Application of the conduct rules
In-scope NEDs will be subject to the full Conduct Rules, and the PRA considers that
a) Conduct Rules such as the duty to act with integrity will apply to an in-scope NED in the same way as to a Senior Manager.
b) Other Conduct Rules such as the duty to act with skill, care and diligence will only apply to an in-scope NED in respect of their prescribed responsibilities, so that for example the Chair of the Remuneration Committee will need to take reasonable steps to ensure that it complies with regulatory requirements.
c) The requirement to be open and cooperative with the regulators and to disclose information to them are particularly important for in-scope NEDs.
7 | Banks & Insurers
The FCA’s draft guidance on Bank and Insurer NEDs, sheds light on regulatory expectations. The FCA recognises that NEDs individually do not manage a firm’s business in the same way as executive directors and confirms that a NED is neither required nor expected to assume executive responsibilities. The standard of care, skill and diligence that the FCA would expect from a NED is that of a reasonably diligent person with the general knowledge, skill and experience that may reasonably be expected of a person carrying out the NED’s functions.
The duties of all NEDs
The general role of any NED (in-scope or standard) is to provide effective oversight and challenge and help develop proposals on strategy, and a NED is expected to do this by
a) attending and contributing to board and committee meetings and discussions;
b) taking part in collective board and committee
decisions, including voting and providing input and
c) ensuring they are sufficiently and appropriately informed of the relevant matters prior to taking part in board or committee discussions and decisions.
Other key roles of a NED include:
a) scrutinising the performance of management in meeting agreed goals and objectives;
b) monitoring the reporting of performance;
c) satisfying themselves on the integrity of financial information;
d) satisfying themselves that financial controls and systems of risk management are robust and defensible;
e) scrutinising the design and implementation of the remuneration policy;
f) providing objective views on resources, appointments and standards of conduct; and
g) involvement in succession planning.
These are reasonably generic statements that encapsulate what many would agree to be the role of a NED.
The duties of an in-scope NED
Turning to an in-scope NED, the FCA considers that a NED’s responsibility as chairman of the nomination committee (this must also indicate the standard expected for any Chair or Committee Chair) includes:
a) ensuring that the committee meets with sufficient frequency;
b) fostering an open, inclusive discussion which challenges executives where appropriate;
c) ensuring that the committee devotes its time and attention to the matters within its remit;
d) ensuring that the committee has access to all appropriate relevant management and, if necessary, external information so as to ensure that all NEDs are appropriately apprised of matters under discussion (this is the more detailed PRA guidance);
e) reporting to the main Board on the committee’s activities;
f) ensuring that the nomination committee provides independent oversight of executive decisions; and
g) ensuring that the committee meets any specific and relevant requirements relating to the committee or to the matters within the committee’s responsibilities.
Once again, these are reasonable expectations and reflect generally accepted expectations of good practice.
The Solvency II Directive requires key individuals at Insurers to be fit and proper. While based on the regime for Banks, the proposed Insurer senior manager regime differs in significant respects and individuals are neither subject to the presumption of responsibility nor to prospective criminal liability in case of firm failure. The PRA intends to align its pre-approval regimes for NEDs at Insurers with those at Banks and will require pre-approval for
a) Chairman (SIMF 9 )
b) Chairman of the Risk Committee (SIMF 10)
c) Chairman of the Audit Committee (SIMF 11)
d) Chairman of the Remuneration Committee (SIMF 12)
e) Senior Independent Director (SIMF 14)
In other words, they will be in-scope NEDs. Three further elements are that
1. All Insurers (other than incoming third country branches) must have a Chairman, but need only have functions (b) to (e) where required, for instance the forthcoming requirement for all insurers to have an Audit Committee.
2. NEDs in group, holding or parent companies who
exercise significant influence on an Insurer must be
pre-approved by the PRA as a Group Entity Senior
Insurance Managers (SIMF 7).
3. Incoming third country branches will generally not
have any in-scope NEDs.
The PRA proposes to apply all the Conduct Standards as enforceable rules on in-scope NEDs. It considers that references to the business of the firm for which you are responsible in Conduct Standards 4 (proper control) and 5 (adequate compliance) include the activity of chairing the firm or a committee.
The PRA proposes to require firms to allocate the following two Prescribed Responsibilities to an in-scope NED:
a) maintenance of the independence, integrity and
effectiveness of the whistleblowing procedures, and
the protection of staff raising concerns; and
b) oversight of the firm’s remuneration policies and
It will allow firms to allocate any other Prescribed Responsibilities to either a NED or a Senior Manager.
Insurers will have to require standard NEDs to observe Conduct Standards 1 – 3, 7 and 8 (integrity, competence, co-operation with and disclosure to the regulator, and prudent operation) and consider the extent to which they have done so when assessing their fitness and propriety. The FCA is not applying these requirements to Standard NEDs
The FCA proposes to specify the Chair of the Nominations Committee function but no additional NED roles.
NEDS at insurers
The effect of these changes is that the current PRA Non-Executive Director (CF2) function will be replaced by the following functions:
Approved Persons Regime
Proposed approval regime for Solvency II firms
Current PRA/FCA Controlled Function
PRA Approved Persons (Senior Insurance Managers)
FCA Approved Persons
PRA NED (CF2)
Chairman (SIMF 9)
Chair of the Risk Committee (SIMF 10)
Chair of the Audit Committee (SIMF 11)
Chair of the Remuneration Committee (SIMF 12)
Senior Independent Director(SIMF 14)
Chair of the Nomination Committee (CF 7)
9 | Banks & Insurers
Despite concern about the possible application of the Senior Manager and Certification Regime to staff based outside the UK, the Treasury considers they can be addressed by the regulators’ promise to apply the regime in a proportionate and appropriate way to branches. Three details are
a) The regime only applies to activities subject to UK regulation. It is unlikely to apply to individuals responsible for setting a group’s strategy worldwide but would apply to those responsible for implementing that strategy in the UK branch.
b) The application of the regime to a non-UK individual would depend on the facts of the case but is most likely to occur where there is nobody of appropriate seniority based in the UK branch with responsibility for a key area or activity subject to UK regulation, and an overseas senior manager is handling this.
c) The regulators expect that certified persons will be based in the UK or have a substantial link to UK customers or activities.
Branches of overseas banks
CMS, Mitre House, London
+44 (0) 20 7367 2702
For further information please contact
CMS, Mitre House, London
+44 (0) 20 7367 2877
CMS, Mitre House, London
+44 (0) 20 7367 2734
CMS, Mitre House, London
+44 (0) 20 7367 2785
CMS, Mitre House, London
+44 (0)20 7367 2650
Subscribe for legal know-how relevant to your world with Law-NowVisit www.cms-lawnow.com and you can search an archive of 10,000+ legal articles, fi nd details of all CMS events, access all CMS knowledge publications and subscribe to get the geographical, sector and legal news updates you are interested in, straight to your inbox. You can also bookmark your favourite pages to your mobile. The service covers 28 jurisdictions, 75 areas of law and 20 sectors.CMS Cameron McKenna LLPMitre House160 Aldersgate StreetLondon EC1A 4DDT +44 (0)20 7367 3000F +44 (0)20 7367 2000The information held in this publication is for general purposes and guidance only and does not purport to constitute legal or professional advice.CMS Cameron McKenna LLP is a limited liability partnership registered in England and Wales with registration number OC310335. It is a body corporate which uses the word “partner” to refer to a member, or an employee or consultant with equivalent standing and qualifi cations. It is authorised and regulated by the Solicitors Regulation Authority of England and Wales with SRA number 423370 and by the Law Society of Scotland with registered number 47313. It is able to provide international legal services to clients utilising, where appropriate, the services of its associated international offi ces.The associated international offi ces of CMS Cameron McKenna LLP are separate and distinct from it. A list of members and their professional qualifi cations is open to inspection at the registered offi ce, Mitre House, 160 Aldersgate Street, London EC1A 4DD. Members are either solicitors or registered foreign lawyers. VAT registration number: 974 899 925. Further information about the fi rm can be found at www.cms-cmck.com© CMS Cameron McKenna LLPCMS Cameron McKenna LLP is a member of CMS Legal Services EEIG (CMS EEIG), a European Economic Interest Grouping that coordinates an organisation of independent law fi rms. CMS EEIG provides no client services. Such services are solely provided by CMS EEIG’s member fi rms in their respective jurisdictions. CMS EEIG and each of its member fi rms are separate and legally distinct entities, and no such entity has any authority to bind any other. CMS EEIG and each member fi rm are liable only for their own acts or omissions and not those of each other. The brand name “CMS” and the term “fi rm” are used to refer to some or all of the member fi rms or their offi ces. Further information can be found at www.cmslegal.com© CMS Cameron McKenna LLP 2015