Just days ahead of the introduction of the Senior Managers' Regime (SMR) and Certification Regime (CR), Standard Chartered appear to be as focused on Individual Accountability as the PRA & FCA.
On the back of a poor set of results at the tail end of an aggressive growth strategy by its former CEO, Peter Sands, the FT reports that “accountability reviews” have been established to “to investigate if bonuses can be recouped from any people found to be responsible for compliance and risk-management breaches”.
This shows that the risk associated with a senior management role has changed significantly. In Oct. 2015, I posted an article which included my ‘starter for 10’ requirements for software solutions to support and enable firms to meet the regulatory and cultural challenges with the Senior Managers' Regime. My ‘starter for 10’ were;
- Must be able to generate a Governance Map and Statements of Responsibilities.
- Must enable a Senior Manager to evidence that they have discharged their ‘duty of responsibilities’ when making decisions within the bank.
- Must be able to present a historical snapshot.
- Must enable a ‘Line of Sight’ alignment of objectives and risk appetite from the corporate level to individual Senior Manager.
- Must be able to capture, map and report on operational losses by Senior Managers.
- Must be able to capture and map Conduct Rule breaches to Senior Managers.
- Must be able to monitor and report on the performance and risk of key ‘SMR related’ processes.
- Must be able to store documents such as Regulatory References and map those to individual Senior Managers, or integrate with such a system.
- Must be able to support an attestation process to enable individual Senior Managers to attest that they understand their Responsibilities and regulatory obligations under the SMR.
- Must be able to support a Regulatory Risk Assessment and Controls Effectiveness Assessment capture and reporting in relation to SMR.
Maybe we should add to this list the ability to capture and report on not only the decisions that senior managers took but also the context within which they took those decisions. Hindsight is a wonderful thing and perfectly sensible decisions take today could look anything but sensible in a year, 3 years, 5 years into the future.
Therefore, when conducting ‘accountability reviews’ firms and regulators should consider the context within which decisions were taken and ask themselves;
- What level of risk was the firm experience within their business model?
- Was the firm executing its strategy successfully? Were strategic objectives and milestones been consistently achieved?
- What level of execution risk were they running?
- What were the firms strategic and operational KPIs and KRIs indicating, were they flashing Green or Red?
- Was the firm operating within their risk appetite boundaries?
- How effective was the control environment?
- What was the level of loss events, breaches and complaints been seen within the firm?
- How clearly defined were accountabilities and were these accountabilities notional or real?
Equally, when individual senior managers are taken decisions and engaging in risk-taking activities, they should be considering these questions and be sure that they can evidence the answers in the future should they get a knock on their door from a regulator or an incoming management team.