6 Regulating the regulator
Collective
and individual accountability
176. On the extent to which the Board of the FCA
was responsible for the events of 27 and 28 March, Simon Davis
concluded that:
The position of the FCA, so far as regulated
firms are concerned, is that the Board should be responsible for
the overall policy for the identification, control and release
of price-sensitive information.
The Governance Memorandum document adopted by
the Board on 1 April 2013 (referred to in paragraphs 6.8, 6.9
and 6.10 above) reserves to the Board the maintenance of a sound
system of internal controls and internal risk management.
The Board therefore bears collective responsibility
for the inadequate controls which exist in relation to the identification,
control and release of price-sensitive information.[239]
177. As far as the Executive Committee of the FCA
was concerned, he concluded that:
The ExCo bears collective responsibility, together
with the Board, for the inadequate controls which exist, but also
bears collective responsibility for the failure to address the
issues of price-sensitive information or market impact, or any
other possible consequences of the revised approach to the Business
Plan. It also bears collective responsibility for the pursuit
of an inadequately controlled pre-briefing strategy and for the
failure to react urgently and effectively on 28 March.[240]
178. We asked Clive Adamson whether he considered
that Mr Davis's criticisms of the Board and the Executive Committee
were appropriate. He said:
In themselves they are appropriate. It does raise
quite difficult issues to think through about the governance of
the organisation and who is accountable for what, particularly
when put against the other provisions of the new senior managers'
regime, which clearly we are in the process of working through.
That does need to be thought about very carefully, I think.[241]
Mr Adamson suggested that the Chairs of the Risk
and Audit Committees should have clear responsibility, "as
we would expect for a regulated firm".[242]
179. The Senior Managers Regime, to which Mr Adamson
referred in his evidence, was originally proposed by the Parliamentary
Commission on Banking Standards, as the "Senior Persons Regime".
It was intended to replace the current Approved Persons Regime,
which the PCBS had concluded was "a complex and confused
mess" that failed "to perform any of its varied roles
to the necessary standard". In particular, the PCBS concluded
that the APR did not "ensure that individual responsibilities
are adequately defined".[243]
180. The Commission recommended that its proposed
Senior Persons Regime should "provide far greater precision
about individual responsibilities than the system that it replaces":
The new Senior Persons Regime must ensure that
the key responsibilities within banks are assigned to specific
individuals who are aware of those responsibilities and have formally
accepted them. The purposes of this change are: first, to encourage
greater clarity of responsibilities and improved corporate governance
within banks; second, to establish beyond doubt individual responsibility
in order to provide a sound basis for the regulators to impose
remedial requirements or take enforcement action where serious
problems occur. This would not preclude decision-making by board
or committee, which will remain appropriate in many circumstances.
Nor should it prevent the delegation of tasks in relation to responsibilities.
However, it would reflect the reality that responsibility that
is too thinly diffused can be too readily disowned: a buck that
does not stop with an individual stops nowhere.[244]
181. The Senior Managers Regime was part of the Financial
Services (Banking Reform) Act 2013. In July 2014, the FCA and
PRA published a joint consultation paper in which they set out
how they planned to implement the new regime. This included the
following proposals for a 'Responsibilities Map':
The regulators propose to issue rules and guidance
requiring firms to prepare, maintain and update a 'Responsibilities
Map': a single document that describes the firm's management and
governance arrangements.
Responsibilities Maps should also set out how
responsibilities have been allocated, including whether they have
been allocated to more than one person.
A key purpose of the Responsibilities Map is
to ensure that, when looked at collectively, the allocation of
responsibilities to a given firm's Senior Managers (as set out
in their respective Statements of Responsibilities) does not leave
any gaps in accountability.
A clear, comprehensive Responsibilities Map may
also provide evidence that a firm is satisfying its obligation
to have robust governance arrangements, which include a clear
organisational structure with well defined, transparent and consistent
lines of responsibility[
]
The FCA and PRA also propose requiring annual
confirmation, from the firm's board, that there are no gaps in
the allocation of responsibilities within the firm.[245]
182. In February 2015, the FCA and PRA published
a joint paper which set out the approach they intended to take
to the application of the Senior Managers Regime to non-executive
directors in banking. This made clear that the regime would apply
to those non-executive directors with specific responsibilitiesincluding
the Chairman, the Chair of the Audit Committee and the Chair of
the Risk Committee.[246]
183. Simon Davis
reached conclusions about the responsibility of certain individuals
for the events of the 27 and 28 March. However, it is not clear
from his report where individual responsibility lies for the failures
of the FCA's Executive Committee and Board. Instead, he concludes
that the Board and the Executive Committee are collectively responsible
for their respective failures. This is a well-rehearsed and unfortunate
mantra. The Committee has heard it often from regulated firms,
and particularly banks. One of the key conclusions of the Parliamentary
Commission on Banking Standards was that "a buck that does
not stop with an individual stops nowhere". The Commission
made recommendations intended to establish beyond doubt where
individual responsibility lies at the very top of banks, which
are now on the statute book as the Senior Managers Regime for
banks. The FCA (together with the PRA) has brought forward detailed
proposals for the operation of that regime. As the regulator,
it should be capable of demonstrating that it is applying standards
at least as high to its own senior managers. Mr Davis should have
paid closer attention to individual responsibility in reaching
his conclusions.
184. In response
to recommendations of the Parliamentary Commission on Banking
Standards, the FCA and PRA have proposed, as part of the Senior
Managers Regime for banks, a 'Responsibilities Map': a single
document that describes a firm's management and governance arrangements
and allocates specific responsibilities to senior individuals.
The Committee recommends that the FCA, and the PRA, draw up a
'Responsibilities Map' which allocates key responsibilities to
individuals in their respective organisations. This document should
be published. It should be compliant as far as possible with the
SMR that the regulators require of banks.
Role of the Board
185. The FCA's website says that "the FCA Board
keeps a close watch on how our business is operating and holds
us accountable for the way we work."[247]
A paper adopted by the Board, which describes the corporate governance
of the FCA, describes the Board as follows:
The Board is the Governing Body of the FCA. It
sets the FCA's strategic aims and ensures that the necessary financial
and human resources are in place for the FCA to meet its statutory
objectives. It provides leadership of the organisation within
a framework of prudent and effective controls which enables risk
to be assessed and managed. It also reviews management performance.
The Board sets the FCA's own behavioural standards, for example
through the Code of Conduct and the Corporate Responsibility Policy.[248]
This paper lists the different elements of the
Board's role, which include "overseeing the discharge by
the executive management of the day to day business of the FCA",
"setting appropriate policies to manage risks to the FCA's
operations and the achievement of its regulatory objectives"
and "seeking regular assurance that the system of internal
control is effective in managing risks in the manner it has approved".
[249]
186. The Board delegates some of its functions to
sub-committees. At the time of Simon Davis's report, these included:
The FCA's Audit Committee (the "Audit
Committee"), whose responsibilities include reviewing and
providing assurance to the Board on matters including the effectiveness
of the FCA's internal controls.
The Audit Committee's members
as at 28 March 2014 were Sir Brian Pomeroy (Chair), Ms Davidson,
Mr Harker and Mr McAteer; and
The Risk Committee, whose responsibilities
include reviewing and exercising oversight of the risks to the
FCA's statutory objectives and making recommendations to the Board
in relation to such risks. The Risk Committee's members as at
28 March 2014 were Mr McAteer (Chair), Ms Fletcher, Ms Platt and
Sir Brian Pomeroy.[250]
187. The FCA told Simon Davis that its Audit Committee
had approved an audit plan for 2014/15 on 6 March 2014. This plan
included, as an item to be reviewed in the period January to March
2015:
Effectiveness of the internal and external communications
strategy: This review will focus on the strategic approach to,
and the key controls over, internal and external FCA communications
including prioritisation of messages and alignment with organisational
strategy.[251]
188. We asked Simon Davis whether he had had an opportunity
to review the Board's risk register. He said that he had, but
that he was "virtually certain it did not have anything of
any relevance" to the events of 27 and 28 March.[252]
He told us that he had interviewed the Chair of the Audit Committee,
Sir Brian Pomeroy, and that the Audit Committee had:
[
] looked at the internal controls within
the UKLA so far as those related to the management of price sensitive
informationand that was based, as I understand it, on the
starting point that that is the part of the organisation which
is most likely to have price-sensitive information regularly coming
within itbut that work had not yet taken place in relation
to any other areas of the organisation. I have not concluded that
this was a failing on the part of the audit committee. What I
have said is that the audit committee should now get on with it
and look very much at that area.[253]
189. In his oral evidence, Clive Adamson explained
to us that risks were not normally discussed by the FCA's Board.
Instead, the Board received an oral report from the Chair of the
Risk Committee. He could not recall an incident like that of 27
and 28 March having been identified as a risk. He explained that
"the tone and contents of communications and the risks arising
from that are embedded in each piece of work, rather than a general
risk about tone."[254]
On the question of what lessons could be learned by the FCA from
this incident, he believed that "the board did not have sufficient
oversight over the control framework in the organisation".[255]
He proposed that "at least the question should be asked whether
the board should have more intensive oversight over the executive".[256]
190. Asked for his assessment of the Board's management,
in the light of the events of 27 and 28 March, John Griffith-Jones
told us that he considered it to be "unlikely or negligibly
possible that the board could have spotted what was about to happen
happening".[257]
Instead, Mr Griffith-Jones considered that the key question was
whether the Board was "as effective as we could be or should
be around systems and controls and, in particular, around risks".[258]
He acknowledged that, while the Board did have a risk register,
"the risk register did not have on it the precise thing that
happened".[259]
He said that the most relevant risk on the risk register was "risk
number 1544, which read, "Before the incident, reputation
is damaged due to classified information being leaked by employees"."[260]
He conceded, however, that this risk was focussed more on "illegitimate
use of leaking as opposed to inadvertent use of leaking."[261]
191. John Griffith-Jones accepted that "the
risk register is clearly defective or was defective at that time
in this particular locale."[262]
He thought that there were two reasons for this:
One is that as a board it is more difficult to
establish what is not there that should be rather than to review
what is there and comment on whether it is precisely stated. The
fact is it was not there.
The second supporting reason at least that affects
my view is I was aware from the day I joined the organisation
how much attention was paid to controlling information in the
building, not the press part of it but everything else. I was
rather aware of a high degree of understanding about price sensitivity,
somewhat mistaken as it turns out. The combination of it not being
there and a feeling that this was not an area that was underrepresented
in importance I suppose gave us a false degree of comfort.[263]
192. Mr Griffith-Jones told us that the Board had
conducted a review of its own effectiveness at the end of the
FCA's first year in operationthat is, shortly after the
events of 27 and 28 March occurred. He described this as "just
the coincidence of timing".[264]
He said that this review had produced, in his view, "a satisfactory
answer".[265]
193. Simon Davis
concluded that the FCA's Board was responsible for the inadequacy
of the FCA's controls on the identification, control and release
of price sensitive information. But it is also clear from Mr Davis's
report that the Board of the FCA failed in its oversight of the
FCA's executive and that it failed to identify the risks inherent
in the FCA's communications strategyrisks that materialised
on 27 and 28 March. It is therefore surprising that the Board's
review of its own effectiveness, conducted shortly after this
incident, produced what its Chairman described as a "satisfactory
answer". The Board must, as a matter of urgency, commission
an external organisation to conduct a review of its practices
and effectiveness. This review should consider in particular the
Board's approach to the identification and management of risk.
The results of this review should be published.
239 Simon Davis, Clifford
Chance, 'Report of the Inquiry into the events of 27/28 March 2014 relating to the press briefing of information in the Financial Conduct Authority's 2014/15 Business Plan',
20 November 2014 (published 10 December 2014), paras 19.819.10 Back
240
Simon Davis, Clifford Chance, 'Report of the Inquiry into the events of 27/28 March 2014 relating to the press briefing of information in the Financial Conduct Authority's 2014/15 Business Plan',
20 November 2014 (published 10 December 2014), para 19.11 Back
241
Q 190 Back
242
Q 192 Back
243
Parliamentary Commission on Banking Standards, First Report of
Session 2013-14, Changing banking for good, HL Paper 27-I/HC 175-I,
paragraph 564 Back
244
Parliamentary Commission on Banking Standards, First Report of
Session 2013-14, Changing banking for good, HL Paper 27-I/HC 175-I,
paragraph 616 Back
245
Financial Conduct Authority and Prudential Regulation Authority,
Joint Consultation on 'Strengthening Accountability in Banking',
30 July 2014, paras 2.67-2.71 Back
246
Financial Conduct Authority and Prudential Regulation Authority,
Joint Consultation on 'Approach to non-executive directors in banking and Solvency II firms & Application of the presumption of responsibility to Senior Managers in banking firms',
February 2015, para 1.2 Back
247
FCA, The Board, accessed 25 February 2014 Back
248
FCA, Corporate Governance of the Financial Conduct Authority,
published May 2014 Back
249
FCA, Corporate Governance of the Financial Conduct Authority,
published May 2014 Back
250
Simon Davis, Clifford Chance, 'Report of the Inquiry into the events of 27/28 March 2014 relating to the press briefing of information in the Financial Conduct Authority's 2014/15 Business Plan',
20 November 2014 (published 10 December 2014), paras 16.10.1 and
16.10.2 Back
251
Simon Davis, Clifford Chance, 'Report of the Inquiry into the events of 27/28 March 2014 relating to the press briefing of information in the Financial Conduct Authority's 2014/15 Business Plan',
20 November 2014 (published 10 December 2014), para 7.47 Back
252
Q 109 Back
253
Q 110 Back
254
Q 183 Back
255
Q 189 Back
256
Q 190 Back
257
Q 560 Back
258
Q 560 Back
259
Q 560 Back
260
Q 561 Back
261
Q 561 Back
262
Q 564 Back
263
Q 565 Back
264
Q 559 Back
265
Q 559 Back
|