The financial crisis heralded the end of “light touch” regulation of financial institutions, particularly in the UK and the US, and the start of an era in which the operation of such firms, and those working for them, is far more closely scrutinised by regulators and any breach of regulation heavily sanctioned.
A key component of this new regulatory landscape, at least in the UK, is an enhanced regime dealing with the conduct of individuals working at financial institutions. Following the report of the Parliamentary Commission on Banking Standards (PCBS), the body tasked with carrying out a review of the existing system and making recommendations for reform, a new set of rules was developed. These are due to be implemented by the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA), the financial industry regulators in the UK, in early 2016. These rules, summarised below, fundamentally change the way in which individuals working in banks are regulated.
The resulting change in the regulatory risks faced by bank executives is being closely monitored by insurers providing D&O cover, who are carefully considering their product offering to ensure that the cover provided continues to be suitable. While at first glance it may appear that this is an issue for the UK alone, there is a discernible trend of harmonisation in the regulatory regimes across the world’s key financial centres, and of the sharing of best practice.
In light of this, insurers in the financial centres of the Gulf in particular should stay abreast of developments in this area to ensure they are ready to meet the needs of their insureds in the event of a tightening of regulation.
The New Individual Accountability Rules
While the new rules are too detailed to be set out fully in this article, we summarise below some of the key features of the new system insofar as they relate to banks in the UK.
Senior Managers Regime
The existing regime is being replaced by an enhanced “Senior Managers Regime”, which focuses on a narrower range of senior decision makers at banks (those performing senior management functions such as CEOs and heads of finance, risk, compliance and internal audit), and aims to clearly define their responsibilities from a regulatory perspective.
The Senior Managers Regime includes the following aspects:
• A criminal offence of taking reckless decisions that cause an institution to fail.
• There will be a presumption of responsibility on the part of a senior manager for a firm’s breach of a regulatory requirement in an area for which he is responsible, unless he can show that that he took reasonable steps to avoid the contravention.
• A firm making an application for approval as a senior manager will have to submit a “Statement of Responsibilities” with the application, which sets out the areas for which that senior manager is responsible.
• Firms will have to produce and maintain a “Responsibility Map” setting out their management and governance arrangements, the allocation of responsibility and reporting lines.
• In the event that a senior manager fails to meet relevant standard as to fitness and propriety, the firm must report the matter to the regulator.
Certification regime
This applies to a wider range of individuals than the previous rules did. All employees performing a role relating to regulated activities which are not a senior management function but which could nonetheless pose a risk of significant harm to the firm or customers fall within its scope.
Firms will be required to certify that such individuals falling within the certification regime are fit and proper on appointment and at least annually thereafter. In the event that an individual falls below the relevant standard, the firm must refuse to renew their certificate and ensure that they no longer perform the role for which they were certified.
New conduct rules
A new set of conduct rules will be implemented, similar to those of the existing regime but applying to almost all employees of the firm. These will include additional conduct rules applicable to senior managers only as well as rules for all staff. Examples of some of the rules which will apply to senior managers include that the relevant individual must:
• take reasonable steps to ensure that the business of the firm for which they are responsible is controlled effectively;
• take reasonable steps to ensure that the business of the firm for which they are responsible complies with relevant requirements and standards of the regulatory system;
• take reasonable steps to ensure that any delegation of their responsibilities is to an appropriate person and that they oversee the discharge of the delegated responsibility effectively; and
• disclose appropriately any information of which the FCA or the PRA would reasonably expect notice.
In the event of a breach of a conduct rule, the FCA can take enforcement action against the individual in question.
Individual accountability in the Gulf
Regulators in the Gulf states are no strangers to taking enforcement action against individuals who have breached rules governing the financial services industry. In recent years, the Dubai Financial Services Authority has, on several occasions, imposed fines on individuals for breach of regulations or conduct rules, and restrictions preventing them from providing financial services in or from the Dubai International Financial Centre. The Qatar Financial Centre Regulatory Authority has similarly exercised its powers against individuals as a result of their misconduct in a regulated function.
There can be no doubt that as the financial markets in these regions grow and become more sophisticated, regulators will seek to match this growth and sophistication with a suitably robust regulatory framework. In light of the similarities between the regulatory systems of the Gulf and the UK in particular, and more generally the level of co-operation between financial regulators, it is not unforeseeable that individual accountability will also become a larger component of their rules.
How will D&O insurance respond?
Demand for D&O insurance is likely to grow following the implementation of the new regulatory regime, given that senior managers face the very real prospect of losing their personal assets if they become involved in expensive enforcement action.
Senior managers at banks will need to obtain comfort that, in the event that regulatory enforcement action is brought against them, protection is in place to ensure they do not need to fund their own defence or, as far as possible, to account for any other liabilities which they may incur. Many D&O policies are evolving to cover personal expenses in these circumstances, such as mortgage payments, utility bills and even school fees, which could provide vital support to senior managers and their families. However, it is important to bear in mind that D&O insurance will not be able to indemnify a senior manager for some losses such as criminal fines or regulatory penalties.
Triggers for cover under a D&O policy will also need to be considered in the context of the current regulatory climate. The new regime will require firms and their senior executives to be proactive in identifying and mitigating potential breaches of regulatory obligations. These processes can involve substantial costs, for example if individuals obtain legal representation in connection with an internal investigation.
Senior managers will look to their D&O policy for cover. However, such costs would be incurred prior to the traditional trigger of an “Investigation” (ordinarily being a formal step taken against an insured person by a regulator or similar official body) occurs. Insureds may well look to broaden cover and press for an earlier trigger for cover.
Enhanced focus on individuals
The regulatory environment in which financial institutions operate has changed dramatically over the last few years, and continues to evolve into a system in which responsibilities are clearly allocated and key decision-makers are not able to escape accountability for their actions. Coupled with the increased oversight exercised by more robust regulators, senior managers at financial institutions are now more exposed than they have been for a long time to investigations and enforcement actions.
This enhanced focus on individuals is not going away, and in the years to come, may well spread to other financial centres beyond the UK. Insurers in other jurisdictions should therefore remain alive to that possibility, and the implications it will have on the liability products they offer in their own markets.
Ms Susan Dingwall is a Partner and Mr Martin Schneider is an Associate with Norton Rose Fulbright LLP.