We hear a lot about the ‘risk landscape’: a turbulent place where change lurks around almost every corner and variables abound. This powerful metaphor brings to life the need for firms in the financial services sector to navigate through the risks and pitfalls between where they currently are as an enterprise, and where they should be. One event – the global financial crisis – reshaped the topography of the space by changing business conditions and regulatory requirements. Analysts now identify three distinct periods within the financial services risk landscape over the last two decades:
- Pre-crisis period: before the crisis struck, financial institutions benefited from generally strong global economic growth and relatively robust risk management. Given these favourable conditions, risk-focused regulatory requirements were modest.
- Financial crisis period: risk management during this tumultuous period was largely tactical rather than strategic, with reactive responses required to maintain orderly operations.
- Post-crisis period: the financial crisis spawned a period of “re-regulation,” with governments and regulatory authorities implementing a variety of new, or stricter, requirements. To comply with this, financial institutions were forced to expand their risk management function and budgets.
The financial services sector emerged from the crisis battered and bruised. Instead of licking its wounds, it was forced to address a major issue that had made headlines across the globe: accountability. If the loss of billions of pounds was not bad enough, the senior managers responsible for the worst economic disaster since the Great Depression of 1929 escaped punishment by hiding behind the global corporations that employed them.
With the public up in arms, major changes in the regulation of global financial services were inevitable. Consequently, the focus shifted to the behaviour of firms and senior individuals and how they conduct their business. Regulatory reforms were developed and implemented globally to address accountability and conduct in the financial services sector – with others still in the pipeline. Since then, other major events – such as the FinCEN files scandal and the sudden escalation of the Covid-19 pandemic – have kept senior managers accountability for financial risk in the spotlight.
Financial risk regulation
Senior Managers and Certification Regime
In the UK, the Financial Conduct Authority (FCA) introduced the Senior Managers and Certification Regime (SM&CR) in 2017, which applies to all FCA-regulated firms – of which there are around 60,000. According to the FCA: “The SM&CR aims to reduce harm to consumers and strengthen market integrity by creating a system that enables firms and regulators to hold people to account.”
In this context the SM&CR aims to:
- Encourage staff to take personal responsibility for their actions.
- Improve conduct at all levels.
- Make sure firms and staff clearly understand and can show who does what.
The framework is designed to maximise accountability for senior managers working in investments or managing large sums or funds. This means individuals can be held responsible for any losses to the regulator and their clients.
Financial Accountability Regime
The Banking Executive Accountability Regime (BEAR), set out in the Banking Act 1959, establishes accountability obligations for authorised deposit-taking institutions (ADIs) in Australia and their senior executives and directors. By mid-2021, it is expected that legislation will be introduced into the Australian Parliament to pass the Financial Accountability Regime (FAR) – absorbing the BEAR requirements and making several changes.
FAR proposes to extend accountability requirements to other APRA-regulated entities and directors/senior executives in accordance with the government’s response to several Hayne Commission recommendations – an investigation into misconduct in the banking, superannuation, and financial services industry.
According to Australian Treasurer Josh Frydenberg, the proposed changes “will ensure that senior executives of these financial entities will be more accountable for the activities of the organisation for which they are responsible and, consistent with the BEAR, impose strict consequences for those who fail to perform their roles with competence, honesty or integrity.”
FRC backs UK version of Sarbanes-Oxley
Forcing finance directors and chief executives – across a range of industries, not just financial services – to personally attest to the veracity of their internal financial controls would foster better company behaviour and help eradicate fraud: that is the informed view of Britain’s accounting watchdog the Financial Reporting Council (FRC).
A UK government-commissioned review in 2018 outlined the case for introducing a UK version of “Sarbanes-Oxley” (SOX) – a US law introduced in 2002 to stamp out accounting fraud. SOX requires executives at top listed companies to vouch for the accuracy of their financial controls. Their assertions are subsequently validated by an external auditor to ensure the controls are robust enough to provide reliable financial statements.
FRC chief executive, Jon Thompson said: “We think it’s possible to design that. We think it would raise standards of corporate governance, risk management, financial management, financial accounting, and accountability within the organisations,”
The FRC – which has powers to fine and suspend accountants for breaches of its rules – believes a similar regime should be implemented for the UK’s largest listed companies, which would represent a significant toughening up of governance rules. However, the FRC has stressed that a new regime must be “carefully designed” to avoid clashing with SOX itself, given that many UK-listed companies also trade in the US. Crucially, it should also be compliant with Britain’s system of senior manager accountability in the financial services sector.
Meeting regulatory requirements
An effective financial accountability framework is driven by strong regulatory compliance. To achieve this, business leaders should implement software solutions that address four key stages of the risk management cycle: identify, assess, monitor, and respond. Adopting an integrated approach to governance, risk, and compliance will embed robust controls and underpin informed decision making.
Camms.Risk – a cloud-based SaaS solution – facilitates risk, incident and compliance management. This central point of oversight facilitates:
- Risk management: embeds operational risk management into your business’s culture, so you can identify, track and manage risks effectively.
- Incident reporting and monitoring: facilitates incident and near misses reporting in real-time, and the investigation process post-event.
- Compliance management: identifies areas of non-compliance to drive business action and address legislative changes.
- Register management: allows you to access, update and maintain Workplace Health and Safety registers efficiently.
- Audit management: allows you to schedule and manage internal and external audits and utilise the results.
The creation of new regulatory requirements in the wake of the global financial crisis continues to shine the spotlight on senior managers accountability in this space – and beyond. Lessons have been learnt from the past, meaning organisations have two choices: comply or deal with the consequences.
Find out more about how Camms.Risk can help your organisation comply with your regulatory obligations and request a demo.