Governance > CP10/3 Effective corporate governance

Published: 12th February 2010 by William Webster

As a result of the crisis the FSA has identified shortcomings in the way firms are governed and the way in which risk is managed. Whilst most would agree with these comments from the regulator, drafting policy to improve things is a difficult issue. One of the main problems the FSA faces is that not all firms are identical. Therefore policy must be relatively broad but at the same time flexible. An additional problem for policy makers is that governance and to a lesser extent risk is subjective. The FSA treads a fine line in 10/3 between prescriptive regulation and principal based regulation. NEDs in particular should take note of its contents. Let's look at some of the issues that are raised.

New significant influence controlled functions

The governing body and senior management of a firm are instrumental in ensuring there is an effective board and that the systems and controls are sound. The FSA identifies individuals who have significant influence using "controlled functions". The FSA has decided that the existing classification is too restrictive and is proposing six new governing functions and three new systems and controls functions. They are: 

1. Chairman
2. Chairman of risk committee
3. Chairman of audit committee
4. Chairman of remuneration committee
5. Senior independent director
6. Parent entity significant influence function
7. Finance function
8. Risk function
9. Internal audit function

The purpose is to be able to effectively assess the capability of individuals in roles that the FSA has identified as crucial in the management of the firm. 

Comment: At first glance it may appear in the case of finance, risk and internal audit the word "function" implies the whole department is a controlled function. This is not what is proposed. It is the person who reports to the governing body of the firm or board committee who is sitting in the controlled function.

Supervision of Significant Influence Functions (SIFs)

This refers to chapter 4 of the CP. This part of the CP is for information purposes and is not open to consultation.

It is the firm's responsibility to ensure candidates filling SIFs are fit and proper. This means firms must undertake their own due diligence. There is an important warning. Firms that do not satisfy the FSA that they have made the necessary assessment of a candidate indicate weaknesses in their systems and controls for recruitment. This may result in supervisory action.

Fit and proper 

The criteria applied by the FSA are: 

• Honesty, integrity and reputation
• Competence and capability
• Financial soundness

The FSA warns that their focus on competence and capability was upgraded in 2008 as part of their intrusive approach to supervision. The regulator is clear that it will selectively interview candidates for the roles of chairman, chief executive, senior independent director, finance director, chief finance officer, risk director/chief risk officer and NEDs. The decision to interview will be made on a case-by-case basis and in accordance with the size of the firm, its complexity, the background of the individual and the quality of the application.

The interview will be based on awareness by the individual of market knowledge, business strategy, risk management, financial analysis, governance and the regulatory framework. The FSA also uses the interview process to make individuals aware of their responsibilities and the objectives and expectations of the regulator.

Comment: The FSA is putting firms on notice that it will continue selective interviews and where individuals are considered not suitable it will persuade the firm and individual to withdraw their application. Furthermore should the FSA apply it's "veto" surely this can only reflect detrimentally on the a firm's systems and controls for recruitment?

Non executive directors

The FSA is putting more onus on NEDs. NEDs may wish to reflect on these two paragraphs from s. 5.3: 

"Where it appears to us that the executives have persistently made poor decisions, we will look closely at NEDs' performance if we feel they have not intervened in a timely and sufficient way. Consistent with this message, we propose to delete current guidance in the Handbook that discusses the limits of NED liability". 

"We are concerned that the existing guidance could be misinterpreted and taken to mean that we would not hold NEDs responsible for, for example, failing to intervene and challenge the executive. This is not the case, as we see such a challenge and intervention as a key part to any NED's responsibilities."

Comment: The FSA is proposing changes to Senior Management Arrangements, Systems and Controls sourcebook. This change deletes limitations of NEDs responsibilities provided they have taken due care. The FSA is therefore leaving the potential to pursue NEDs wide open. Time will tell how the regulator wants to play this. In firms where governance and controls breakdown and presumably particularly where a firm fails or requires intervention the NEDs can now expect to be on the line. 

Walker Review

The FSA deals with some of the recommendations set out in the Walker review. Although capital, liquidity and the business model have been the focus of regulatory attention firms should not be under an illusion that governance and risk management are of secondary importance. Governance and risk have on many occasions in the past 18 month formed the topic for a "skilled persons" report under s166 of FSMA This emphasis will continue. 

In depth governance reviews through the ARROW period will now not only involve board members and senior executives but will also include NEDs. The FSA will evaluate depth of understanding, challenge, risk based decision making, risk appetite, management information, incentives and culture.

This more intensive focus on governance will in addition be enhanced with an in-depth review of risk management with credit and market risk being specifically mentioned. 

Risk oversight

In larger complex firms the board will need to delegate to a sub-committee high level risk issues and risk strategy, this was a Walker recommendation. Where a board risk committee is established its chairman should be a NED. Membership should be predominantly NEDs but may include senior executives such as the chief finance officer. 

The FSA also proposes on a case-by-case basis that some firms appoint a chief risk officer (CRO). Firms that are in doubt as to whether they need a CRO should consult their supervisor.

The CRO should be accountable to the board, have sufficient seniority, be responsible for advising the board on enterprise wide risk and challenge the executive on risk issues including capital and liquidity issues. The FSA acknowledges that the CRO for operational purposes will need to report to a senior executive such as the chief executive or chief finance officer. 

The FSA has also identified that the CRO should oversee the quality of risk data within the firm and ensure it is reliable and of sufficient depth and scope to validate the firm's risk disclosures. 

Comment: A risk sub committee reports to the board, the CRO is accountable to the Board. So if "risk" is found to be badly controlled who is responsible? Presumably all concerned. How much "blame" could an NED get if the sub committee or CRO fail in their role? 

The FSA has picked up on the quality of risk data. Some boards may be unaware that the information they receive is not as robust as they think. 

Comments should be submitted to the FSA by 28^th April 2010.

Displaying 1 to 6 of 6 results in total.