POL00411735
POL00411735
Linklaters
The changing regulatory environment
The impact of the senior manager and certification regime on the financial
services sector
Martyn Hopper
Partner, Financial Regulation Group
11 January 2017
POL-BSFF-0233651
POL00411735
POL00411735
Linklaters
Background
¢ Financial services increasing importance to Post Office
* A highly regulated sector with increasing focus from regulators on
customer outcomes and accountability
* Post Office is a unique structure
« Appointed Representative for Bol and POMS
« Largest Appointed Rep in UK
« Agents not required to be Appointed Reps but operate under PO
appointment
¢ Model likely to come under increasing scrutiny from regulators and from
Principals as a result of the new senior managers regime and other
initiatives
POL-BSFF-0233651_0001
POL00411735
POL00411735
Linklaters
Objectives for this session
1) Understand challenges PRA/FCA authorised firms are facing with
implementation of the Senior Managers and Certification Regime
(SMCR)
2) Provide an overview of how the regime works and the implications
for firms and individuals and likely impact on Post Office
3) Overview of individuals obligations under the Conduct Rules
4) Consider the expectations on senior managers and implications for
wider compliance and conduct risk management
5) Discuss the likely implications for Post Office
POL-BSFF-0233651_0002
POL00411735
POL00411735
Linklaters
Overview of SMCR
The SMCR is designed to enhance individual accountability, clarifying specific responsibilities of
senior managers and expanding the range of persons who are subject to standards of conduct so as
to impact individual behaviour and the culture within firms as a whole
Scope:
The SMCR captures individuals within: SMCR accountabili
+ Banks (including UK branches of foreign
banks)
+ Building societies
+ Credit Unions
+ PRA designated investment firms b
Senior Managers
Regime
Material Risk
Takers
The Senior Insurance Managers Regime (SIMR)
covers insurers Certification \
Regime
Extension to all authorised firms planned for All other staff
2018 — Bank of England and Financial Services (not subject to
Act 2016 mango
Conéuet Hes)
Part of a broader reform agenda: Rules only
+ Changes to the remuneration rules
+ Proposed changes to requirements for
whistleblowing arrangements
+ Proposals emanating from the Fair and
Effective Markets Review
+ Wider thematic review activity (e.g. on culture 3
change and conduct risk programmes)
POL-BSFF-0233651_0003
POL00411735
POL00411735
Linklaters
The new regime
ed by
bank must
Conduct ® and
rule staff
Must b
by the
Certified
Persons
All three
categories will
be subject to
conduct rules —
Managers
and may be
fined for
Not approved by regulators or subject to breaching
certification. All employees except ancillary staff them.
are in this category.
POL-BSFF-0233651_0004
POL00411735
POL00411735
Linklaters
concen
Comparison of current and new regimes
Subject to rules
CFA10A, FAO, CFO. @ Approved by
(prop water 89 mgt , MRT) regulators and
_—— - - subject to rules
fF significant responsibility
\ 4
‘orts to Board) \ ce yy
- een — . Certified
nn a en —Bp
If ‘significant management’/ > Persons
material risk taker/manage. CPs =
OO ops If qualification requirement
or significant management
Customer
Functions CF30s
Other conduct rules staff
CURRENT PROPOSED
POL-BSFF-0233651_0005
POL00411735
POL00411735
Linklaters
Senior Managers
> Clear allocation of various designated senior management
responsibilities.
> “Statements of Responsibilities” to record the allocation of responsibility
to individual Senior Managers covering “every part of a firm's activities,
business areas and management functions” (including unregulated
activities).
> “Responsibilities Map” to be a single document describing the firm’s
management and governance arrangements in order to demonstrate that
there are no gaps in accountability.
> Where there has been a breach by the firm of its regulatory obligations in
relation to an area within a Senior Manager’s remit, the regulator could
take action against the Senior Manager for failing to take ‘reasonable
steps’ to avoid a breach occurring or continuing.
POL-BSFF-0233651_0006
POL00411735
POL00411735
Linklaters
Post Office structure
Agent — Bank of Ireland
Distribution (Principal)
Agen Agreement (PRAV/FCA authorised)
‘Agen: *
mince Principal to
Agen principal
Post Office agreement
Agen
‘Agen.
gen
t
‘Agen -
gen
Agen
“Agen
Each agent
appointed under
the agency
arrangements
(Appointed
Representative)
Distribution
Agreement
POL-BSFF-0233651_0007
POL00411735
POL00411735
Linklaters
Implications
> Direct impact - implementation of SMCR for Appointed
Representatives?
> Approved Persons at Appointed Representatives?
> Extension of conduct rules to staff at Appointed
Representatives? ?
POL-BSFF-0233651_0008
POL00411735
POL00411735
Linklaters
Conduct rules
> Will replace current Statements of Principle for Approved Persons
(APER), and will apply to a wider range of individuals - Senior Managers,
Certified Persons, and all other employees unless specifically excluded
(e.g. facilities management, IT support, invoice and data processors, PAs
etc).
> Firms must:
> Notify all relevant individuals that they are subject to the Conduct
Rules
> Give all relevant individuals training on Conduct Rules — to include
‘deeper understanding of the specific rules which are relevant to
their work’ (e.g. traders might be given tailored training on market
conduct issues)
> Notify the FCA of disciplinary action resulting from breaches of
Conduct Rules
POL-BSFF-0233651_0009
Linklaters
The Conduct Rules
POL00411735
POL00411735
The Conduct Rules reflect the core standards expected of staff working in impacted firms. Their broad application is
intended to improve awareness of conduct issues through firms.
Individual Conduct Rules Senior Manager Conduct Rules
Rule 1: You must act with integrity.
Rule 2: You must act with due skill, care and diligence.
Rule 3: You must be open and cooperative with the
FCA, the PRA and other regulators.
Rule 4: You must pay due regard to the interests of
customers and treat them fairly
Rule 5: You must observe proper standards of market
conduct.
SM 1: You must take reasonable steps to ensure that the
business of the firm for which you are responsible is
controlled effectively.
SM 2: You must take reasonable steps to ensure that the
business of the firm for which you are responsible complies
with the relevant requirements and standards of the
regulatory system.
SM 3: You must take reasonable steps to ensure that any
delegation of your responsibilities is to an appropriate
person and that you oversee the discharge of the delegated
responsibility effectively
SM 4: You must disclose appropriately any information of
which the FCA or PRA would reasonably expect notice.
Most of these are reflective of existing Principles and Code of Practice for Approved Persons. Although the highlighted
rules are in one sense “new”, they are reflective of existing principles/guidance. 10
POL-BSFF-0233651_0010
POL00411735
POL00411735
Linklaters
Liability consequences for individuals
Potential action against individuals Potential consequences
Breach of the Conduct Rules by the individual Fines
+ All “employees” (excluding ancillary staff) will be required to + Typically calculated having regard to the individual’s
comply with the general Conduct Rules remuneration earned during the period of the breach
+ Senior Managers (and persons carrying on the role of a + Nocap on the fine
Senior Manager without being approved) will additionally
6 No insurance / firm indemnity possible
be subject to the Senior Manager Conduct Rules
= : : Ban, suspension or limitation to regulatory approval
Being knowingly concerned in a breach by the firm of
the rules applying to the firm + E.g. 2 year suspension, imposition of conditions / time
limitation
This is an existing ground on which the FCA and PRA can
take action against approved persons, but under the new
regime will apply to Senior Managers and all employees
+ Measures taken will depend on the nature of the
misconduct
. Ay A + For example, if the misconduct reveals that the individual is
Presumption of responsibility (Senior Managers only) no longer fit and proper, a ban from carrying out any
+ If a regulatory breach occurs in an area for which a SM is function in the financial services industry might be
responsible, the SM will be presumed guilty of misconduct imposed.
unless s/he can show that they took such steps as they
could reasonably be expected to take to prevent the Public censure / reputational risk
breach occurring/continuing (the ‘presumption of
responsibility’) + Public disclosure of fines and breach/misconduct
1
POL-BSFF-0233651_0011
POL00411735
POL00411735
Linklaters
“Reasonable steps” for senior managers (1)
. Are there clear organisation charts and job descriptions in place showing reporting lines, allocation of roles and responsibilities
and scope of authority (risk limits, signing authority, etc)?
. Have you clearly delegated and apportioned your responsibilities to you direct reports?
. Are you and your team clear on what they are and are not responsible for? Who do you rely on from a business
execution and control oversight perspective?
. If people have dual reporting lines, how do you make clear what this means in practice?
. Has responsibility for all areas of the business under your control been clearly assigned/allocated? Do you have
sufficient headcount / resource in place?
. How do you ensure your team understand their responsibilities in relation to risk management and regulatory
compliance, and monitor/report/escalate matters to you in a timely manner?
. You are not expected to be an expert in relation to every aspect of the business and you can delegate responsibility. Where
you do delegate, you are not obliged to re-perform the tasks of your delegate BUT you retain regulatory responsibility for the
matters that you have delegated. You must therefore ensure that any delegation is clear, effective and appropriately overseen:
. Delegate to people who are sufficiently senior with the right skills, knowledge, capacity, competence and experience —
are the staff in your team suitable and competent to perform the tasks delegated to them?
. Ensure delegates are properly supervised and monitored
. Put in place clear reporting lines so that issues can be escalated where necessary
. Test and challenge the information received from delegates and other experts / specialists — “trust but verify’. Gain
independent assurance (whether from control functions or third party experts) or obtain further information/evidence
where necessary.
. Track and monitor the progress of actions taken by delegates — regular reports on progress
. Performance management and review — re-allocate tasks and replace people where necessary
. Escalate to your line/functional management where appropriate.
12
POL-BSFF-0233651_0012
POL00411735
POL00411735
Linklaters
“Reasonable steps” for senior managers (2)
. Do you understand the firm’s risk management frameworks, and your particular responsibilities within those frameworks?
. What are the key risks relevant to the business? E.g. Operational risks, legal risks, market risks, credit risk, counterparty
tisk, fraud / financial crime risks, liquidity risks, reputational risks?
. Where are these risks identified? How are they controlled?
. What are the policies and procedures that are relevant to your line of business?
. What are the controls that are in place to ensure adherence to those policies and procedures?
. What front office controls do you operate to ensure adherence? Consider operational risk controls, four-eye checks,
segregation of duties, authorisation levels, trading limits, BAU supervisory controls, MI and reporting
. Have your team been adequately trained on these policies, procedures, systems and controls, and on their personal
responsibilities?
. What mechanisms do you have in place for identifying and escalating breaches, considering their root causes/wider
implications and taking action to address them?
. What second and third line of defence / external assurance activity is undertaken to support management / monitoring of
these risks? Consider — Financial Control, IT, Operations, Risk, Legal, Compliance, etc. Is further monitoring or
assurance necessary or appropriate?
13
POL-BSFF-0233651_0013
POL00411735
POL00411735
Linklaters
Establishing a possible framework for compliance
14
POL-BSFF-0233651_0014
Linklaters
POL00411735
POL00411735
Conduct Risk Management
Business model
and strategy
= regular assessment of
conduct risks arising from
business model and
strategy
= business planning should
explicitly consider the
impacts on customer and
market
= Conduct risk appetite
should be articulated
= Strategies for managing
inherent conduct risks
Culture
“Tone from the top”
Performance objectives,
appraisal and
reward/incentive
frameworks encourage the
right behaviours and
outcomes
Encouraging challenge,
whistleblowing
Empowering control
functions
Focus on outcomes
_ Product/service
design
e Define good outcomes
would be for the target
end client
« Identify inherent risks of
the product or service,
and identify the MI they
need to monitor this
= Assess information needs
at all stages of
customer/product life
cycle
= Define customer journey /
experience
= Use of market research,
behavioural studies, data,
technology
® clearly documented
policies, procedures and
controls for each key
aspect of the business
and how it is operated
MI designed to measure
good outcomes and
monitor inherent conduct
risks
Complaints and root
cause analysis
Holistic outcomes testing
Deep-dives, mystery
shopping, customer sales
reviews, branch visits and
other exercises
How is the product or
service performing from
the customer's perspective
Clear framework for
oversight and
management of conduct
risks
Governance committees
(Board, ExCo, Risk
Committee, etc) and
escalation criteria
Clear allocation of day to
responsibility for
management of conduct
risks
Clarity of responsibilities
as between “three lines of
defence”
What compliance
monitoring / testing
Audit / assurance activity
15
POL-BSFF-0233651_0015
POL00411735
POL00411735
Linklaters
Non-Executives
The application of the SMR to NEDs does not impute ‘executive like’ responsibilities to NEDs but
crystallisation of responsibilities for committees, and requirements in relation to the performance
assessment of executive managers, may cause NEDs to re-assess the scope of their role and the tools
they have at their disposal
> Corporate governance principles articulate the Board
importance of maintaining a clear division of
responsibility between executives, who have
responsibility for running the business, and the Board © Example:
(including NEDs) who have oversight responsibilities
NEDs may seek
increased access
to executives
and/or more
NED 1
Chair of
NED 2
> The SMR respects this distinction in the rules Chair of
applicable to NEDs; however as NEDs, supported by RC AC frequent:
the Office of the Chair, formulate explicit plans to . Reports
discharge their responsibilities, they may consider that * — Briefings
additional information/management access is required _ + MI packs
to perform their role + Data
relevant to
> Demands for a ‘ringfenced NED budget’ and access performance
to, e.g. independent legal advice, may also increase : assessment,
Head of IA which firms will
> Whilst equipping NEDs to discharge their _ need to manage
responsibilities, it will be important for firms to ensure
that NEDs neither compromise the responsibility of
executive management nor their independence
16
POL-BSFF-0233651_0016
POL00411735
POL00411735
Linklaters
Linklaters LLP
One Silk Street
London EC2Y 8HQ
Linklaters LLP is a limited liability partnership registered in England and Wales with registered number 0C326345. It is a law firm authorised and regulated by the Solicitors Regulation Authority. The term partner in relation to Linklaters LLP is used to
refer to a member of Linklaters LLP or an employee or consultant of Linklaters LLP or any of its affiliated firms or entities with equivalent standing and qualifications. A list of the names of the members of Linklaters LLP together with a list of those
non-members who are designated as partners and their professional qualifications is open to inspection at its registered office, One Silk Street, London EC2Y 8HQ or on www.linklaters.com and such persons are either solicitors, registered foreign
lawyers or European lawyers.
Please refer to ww linklaters.comiregulation for important information on our regulatory position
Please note that the proposed fee arrangements, client details, referee details and working methodology descriptions contained inthis document are confidential to Linklaters and will remain so for a period of four years from the date of this document.
17
A39252601
POL-BSFF-0233651_0017