Senior management responsibilities

Updating authors: Nick Thorpe, Neil Johnston and Richard Kenyon

On this page:

Summary
Future developments
Practical example
Action point checklist
Key references
Questions and answers
Principles-based regulation
Apportionment of responsibilities
Systems and controls
Non-common-platform firms (SYSC 3)
Common-platform firms (senior personnel)
Common-platform firms (general organisational requirements)
Common-platform firms (employees, agents and other relevant persons)
Common-platform firms (compliance)
Common-platform firms (risk control)

Summary

10.900

• Senior management is responsible for ensuring that its firm complies with regulatory requirements. (See 10.903 Apportionment of responsibilities)
• Senior managers who are approved persons performing significant influence functions can be held personally accountable by the Financial Services Authority for their decisions. (See 10.903 Apportionment of responsibilities)
• Since 1 November 2007, more detailed rules regarding senior management arrangements, systems and controls apply to common-platform firms (such as banks, building societies and investment firms). These rules may ultimately apply to all firms (with the exception of insurers). (See 10.904 Systems and controls)

Future developments

10.901 The Financial Services Authority has indicated in its policy guidance that it is considering extending chapters 4 to 10 of the Senior Management Arrangements, Systems and Controls Sourcebook (SYSC), which currently only applies to common-platform firms (such as banks, building societies and investment firms), to non-common-platform firms (with the exception of insurers).

Principles-based regulation

10.902 For some time now, the Financial Services Authority (FSA) has been moving towards a more principles-based approach to regulation, which places a greater focus on observing the principle and delivering the correct outcome than on compliance with detailed rules and the checklist mentality that this tends to encourage.

The inevitable consequence of this is that firms now have greater flexibility in how they comply with the rules. However, with flexibility comes greater responsibility and senior managers now have an even greater role to play than before in determining how a firm will comply with the FSA's rules in the particular context of their business. Senior managers' knowledge of the business and their experience is therefore essential in allowing firms to comply with principles-based regulation.

Consequently, senior managers must develop a compliance-minded culture within a firm, from senior management down, and the FSA expects this to be demonstrable. In the absence of detailed rules and with less voluminous formal guidance, senior managers must also commit time and effort to keeping up with the latest thinking in their industry and with that of the FSA. With principles-based regulation the FSA is likely to issue much more informal guidance, which sets out the regulator's latest views on issues, such as through speeches from FSA officials, the so-called Dear Chief Executive letters and other less formal publications.

Apportionment of responsibilities

10.903 The Financial Services Authority (FSA) expects directors and senior managers to take responsibility for their firm's compliance with the regulatory system as outlined in the Senior Management Arrangements, Systems and Controls Sourcebook (SYSC).

Under the Statements of Principle and Code of Practice for Approved Persons (APER) (see Approved Persons), any approved person performing a controlled function that is a significant influence function (which will normally include all directors and senior managers, as well as chief finance officers and compliance officers if they do not otherwise qualify) must:

• take reasonable steps to ensure that the business of the firm for which he or she is responsible in his or her controlled function is organised so that it can be controlled effectively (Principle 5);
• exercise due skill, care and diligence in managing the business of the firm for which he or she is responsible in his or her controlled function (Principle 6); and
• take reasonable steps to ensure that the business of the firm for which he or she is responsible in his or her controlled function complies with the relevant requirements and standards of the regulatory system (Principle 7).

The fact that these are principles rather than rules makes them no less valid than detailed rules. When taking enforcement action the FSA will rely on breaches of principles alone, if necessary. Senior personnel are required to bear these principles in mind at all times when performing their role, as they may be held personally accountable by the FSA.

Firms must have clear and appropriate apportionment of significant responsibilities and ensure that this is adequately monitored and controlled (SYSC 2.1.1R). The firm must allocate to one or more individuals the roles of:

• apportioning responsibilities; and
• overseeing the establishment and maintenance of systems and controls (SYSC 2.1.3R).

The FSA has prescribed who may carry out these roles. It would normally be the firm's chief executive (SYSC 2.1.5G), but it may be a director or senior manager responsible for the overall management of the group or group division (SYSC 2.1.4R). A chief executive would include persons carrying out equivalent responsibilities, such as a managing partner (SYSC 2.1.6G). Where there is no such person, the directors may adopt this role collectively. It should also be noted that any person or persons chosen to carry out either of the two roles must be an approved person as they will be carrying out the apportionment and oversight function (CF 8) (SYSC 2.1.6G and SUP 10.7.1R).

Systems and controls

10.904 Chapter 3 of the Senior Management Arrangements, Systems and Controls Sourcebook (SYSC) sets out high-level rules to be followed by firms in relation to senior management arrangements and systems and controls. These rules do not apply to common-platform firms.

From 1 November 2007, all common-platform firms must comply with the extended rules in SYSC 4 to 10. Common-platform firms are, broadly speaking, banks, building societies or investment firms that are subject to the Markets in Financial Instruments Directive (MiFID).

The rules in SYSC 4 to 10 do not differ tremendously from the rules set out in SYSC 3. However, they do contain greater detail, and therefore common-platform firms need to review existing systems and controls to ensure all points are captured.

These rules place the responsibility for the maintenance of fundamental systems and controls of any firm on a firm's senior management, particularly the individual or group charged with the oversight and apportionment controlled function.

Non-common-platform firms (SYSC 3)

10.905 SYSC 3.1.1R stipulates that firms are required to have systems and controls that are appropriate to its business. The main areas that systems and controls should cover are set out in SYSC 3.2, although different types of firms will have different specific requirements. The following are just some of the systems and controls that should be in place:

• Reporting lines should be clear and appropriate and understood throughout the firm (SYSC 3.2.2G). There should also be adequate arrangements for supplying management information to the firm's governing body or senior management (SYSC 3.2.11G).
• A firm must take reasonable care to establish systems and controls to ensure compliance with regulatory requirements and to counter financial crime (SYSC 3.2.6R). This includes appropriate training for employees and also appropriate documentation of the firm's risk management policies (in particular, to prevent money laundering (SYSC 3.2.6G)).
• Firms must also allocate to a director or senior manger the functions of:
• taking responsibility for oversight of the firm's compliance; and
• reporting to the governing body in respect of that responsibility (SYSC 3.2.8R). The person carrying out this role will be carrying out the controlled function known as the compliance oversight function (SYSC 3.2.9G).
• Crucially, the firm must allocate a director or senior manager who will have overall responsibility for the establishment and maintenance of effective anti-money laundering systems and controls (SYSC 3.2.6HR).
• Depending on the nature, scale and complexity of the firm's business, it may be appropriate for a firm to have a separate risk assessment function. That person will be responsible for assessing the risks the firm faces and advising the governing body and senior managers (SYSC 3.2.10G).
• A firm's systems and controls should enable it to satisfy itself of the suitability of everyone who acts for it (SYSC 3.2.13). This includes assessing an individual's honesty and competence, which should normally be done at the point of recruitment (see Recruitment). Detailed requirements on firms in respect of the competence of individuals are also contained in the Training and Competence Sourcebook (see Training and competence).
• Consideration must also be given to remuneration policies to ensure that they are not such that they may oppose or constrain compliance with the regulatory requirements, eg by setting up conflicts between the interests of the firm's personnel and those of the firm's clients (SYSC 3.2.18G).

Common-platform firms (senior personnel)

10.906 In order to implement various EU directive requirements (principally those of the Markets in Financial Instruments Directive (MiFID), the Banking Consolidation Directives and Capital Requirements Directive), the Financial Services Authority (FSA) has set out detailed rules for common-platform firms. The following rules are of particular relevance to senior management:

• Good repute: The senior personnel must be of sufficiently good repute and sufficiently experienced as to ensure the sound and prudent management of the firm (SYSC 4.2.1R).
>
• The 'four-eyes' requirement: A firm must ensure its management is undertaken by at least two persons of requisite ability and experience (SYSC 4.2.2R). The FSA has provided that alternative arrangements can be put in place where a firm is a natural person or a legal person, other than a credit institution, managed by a single natural person (SYSC 4.2.6R).
• Allocation of responsibility: A firm must, when allocating functions internally, ensure that senior personnel and, where appropriate, the individual or individuals responsible for the supervisory function are responsible for ensuring that the firm complies with its obligations under MiFID. These persons must assess and periodically review the effectiveness of the policies, arrangements and procedures put in place to comply with the firm's obligations under MiFID and take appropriate measures to address any deficiencies (SYSC 4.3.1R).

Common-platform firms (general organisational requirements

10.907The general organisational requirements have been wholly revised in SYSC 4, although in substance they remain similar to the old rules. A firm must have robust governance arrangements including a clear organisational structure, effective processes to identify, manage, monitor and report the risks it is or might be exposed to, and internal control mechanisms (SYSC 4.1.1R). The extent of these arrangements, processes and mechanisms will depend on the nature, scale and complexity of the firm's activities and the firm will need to take into account the specific technical criteria described in the rules (SYSC 4.1.2R). These requirements are further developed in SYSC 4.1.4R and management should be aware of the full details of these provisions.

Common-platform firms (employees, agents and other relevant persons)

10.908 The objective of the rules in Chapter 5 of the Senior Management Arrangements, Systems and Controls Sourcebook (SYSC) in relation to employees is to ensure that relevant persons (including directors, partners, managers and employees) are aware of the procedures they should follow in order to perform their jobs properly. These requirements are to:

• employ personnel with the skills, knowledge and expertise necessary for the discharge of the responsibilities allocated to them (SYSC 5.1.1R);
• ensure that the performance of multiple functions by the relevant person is not likely to prevent those persons from discharging any particular functions soundly, honestly and professionally (SYSC 5.1.6R);
• ensure the relevant persons are aware of procedures, which must be followed for the proper discharge of their responsibilities (SYSC 5.1.12R); and
• monitor and on a regular basis evaluate the adequacy and effectiveness of its systems, internal control mechanisms and arrangements and take appropriate measures to address any deficiencies (SYSC 5.1.14R).

Common-platform firms (compliance)

10.909 Chapter 6 of the Senior Management Arrangements, Systems and Controls Sourcebook (SYSC) sets out detailed rules in respect of compliance. In summary, a firm must establish, implement and maintain adequate policies and procedures sufficient to ensure the firm complies with its obligations under the regulatory system including its managers, employees and appointed representatives (SYSC 6.1.1R).

A firm must maintain a permanent and effective compliance function, which operates independently and has the following responsibilities:

• monitoring and on a regular basis assessing the adequacy and effectiveness of the measures and procedures put in place in accordance with the above requirements and the actions taken to address any deficiencies in the firm's compliance with its obligations; and
• to advise and assist the relevant persons responsible for carrying out regulated activities to comply with the firm's obligations under the regulatory system (SYSC 6.1.3R).

Firms must appoint a compliance officer who must be responsible for the compliance function and for reporting of compliance matters. The compliance function must have the necessary authority, resources, expertise and access to all relevant information. The relevant persons involved in compliance functions must not be involved in the performance of services or activities they monitor. The method of determining the remuneration of the persons involved in the compliance function must not compromise their objectivity and must not be likely to do so (SYSC 6.1.4R).

A firm must also have policies and procedures in place that enable it to identify, assess, monitor and manage money laundering risks where it is appropriate and proportionate to the nature, scale and complexity of its activities (SYSC 6.3.1R). Again there is the obligation to regularly assess the adequacy of the systems and a director or senior manager must be appointed to have overall responsibility within the firm for these systems and controls (SYSC 6.3.8R). There should also be a separate money laundering reporting officer appointed (SYSC 6.3.9R).

Common-platform firms (risk control)

10.910 Firms must establish, implement and maintain adequate risk management policies and procedures, including effective procedures for risk assessment, which identify the risks relating to the firm's activities, processes and systems and, where appropriate, set the level of risk tolerated by the firm (SYSC 7.1.2R). Inevitably such a strategic function will involve senior management, whose expertise and understanding of the business will be vital.

A firm must adopt effective arrangements, processes and mechanisms to manage the risk relating to the firm's activities, processes and systems in light of the firm's level of risk tolerance (SYSC 7.1.3R). The senior personnel must approve and periodically review the strategies and policies for managing, monitoring and mitigating the risks that the firm faces (SYSC 7.1.4R). Once again the Financial Services Authority's approach focuses on the roles and responsibilities of senior personnel to ensure compliance with the FSA's rules.

Practical example

10.911 Paul, a director of an insurance company and approved person, performs the controlled functions of Director (CF 1), Chief Executive (CF 3), and Apportionment and Oversight (CF 8). He is responsible for overseeing and directly supervising the accounts function of the firm. Paul directed that an accounts clerk with no accounting qualifications received no training other than a handover from the previous job holder. The clerk is subject to no formal reporting regime or management oversight to undertake all accounting functions. The clerk fails to pass on a number of customers' insurance premiums, leaving them without any cover and exposing them to the risk of significant financial loss if they need to make a claim.

Paul would be personally responsible for failing to comply with Statement of Principle 5 (an approved person with significant influence function must take reasonable steps to ensure that the business of the firm is organised so that it can be controlled effectively) and Statement of Principle 6 for Approved Persons (requirement to exercise due skill, care and diligence in managing the business of the firm for which he or she is responsible).

Action point checklist

10.912

• Ensure that proper, effective and proportionate controls are in place throughout the firm that comply with SYSC.
• Make sure that there is a clear allocation of responsibilities among senior management, including creating a clear management organogram setting out senior management responsibilities and developing clear, written job specifications.
• Provide adequate and clear management information to senior management on a regular basis not only about finances, but also about risks identified within the firm and how they are being managed.
• Make sure that the firm has a clear, written business plan.
• Review remuneration policies to ensure there is no risk that the mechanisms of remuneration may create conflicts of interest between a firm's personnel and those of the clients and does not promote behaviour that does not comply with the Financial Services Authority's rules.

Key references

10.913

Legislation

Financial Services and Markets Act 2000

Rules and guidance

FSA Handbook(in particular SYSC) (on FSA website)

Questions and answers

10.914

QXXXX: Which employees do the Financial Services Authority hold responsible for a firm's compliance with its rules?

Employees who are approved persons performing significant influence functions are subject to duties under the Statement of Principles for Approved Persons relating to the management and systems and controls of the firm. The significant influence functions are all of the controlled functions other than the customer functions. They include directors, non-executive directors, partners, a chief executive, a chief finance officer and a compliance officer. They do not include, for example, customer advisers or customer traders.

QXXXX: What responsibility does a chief executive of a firm have in relation to compliance with the regulatory system?

A chief executive will perform the Director Function (CF 1) and Chief Executive Function (CF 3). He or she will also usually perform the Apportionment and Oversight Function (CF 8) and will have primary responsibility to the Financial Services Authority (FSA) for the firm's systems and controls and for compliance with the FSA's rules. The FSA places great weight on the role of the chief executive in a firm's systems and controls and culture. The chief executive is almost always interviewed when the FSA visits a firm for one of its routine inspections under its ARROW 2 programme, or in the event of a thematic visit in relation to certain business areas (eg where assessing the firm's progress with the Treating Customers Fairly initiative), or in the case of enforcement action being taken.

QXXXX: What is the responsibility of non-executive directors in relation to compliance with the regulatory system?

Non-executive directors' roles vary from firm to firm, but it is likely to include, for example, providing an independent perspective on the overall running of the business, in setting and monitoring the firm's strategy and scrutinising the approach of executive management, the firm's performance and its standards of conduct. Therefore, while non-executive directors will not be expected to have detailed knowledge of the firm's operations, they should satisfy themselves that the executive management is performing its role properly and, accordingly, that adequate and proportionate systems and controls exist. The Financial Services Authority may choose to interview a firm's non-executive directors when it visits a firm.