the changes, the challenges, the new focus of institute ... changes, the challenges, the new focus...
TRANSCRIPT
BFSS/IIA Annual Conference 2015
The changes, the challenges, the new focus of Institute
support
11 November 2015
Agenda
09:00 - 09:10 Seminar introduction Gordon Craig, Chairman BFSS; Director, Internal Audit 3i Group plc
09:10 - 09:50 IIA sector strategy Dr Ian Peters MBE, Chief Executive, Chartered Institute of Internal Auditors
09.50 - 10.30 Panel discussion: Internal audit guidance for financial services – where are we now? Chair: Julian Nichols
Panel: Dr Ian Peters, IIA; Hanif Barma, Independent Audit; Lisa Nowell, Head of QA, Barclays; Chit Ghee Yeoh, Director of Internal Audit, Metro Bank
10:30 - 10:50 Break
10:50 - 11:30 The banking reform programme – an industry perspective Paul Chisnall, Director of Policy and Operations, British Bankers’ Association
11:30 - 12:10 Internal audit on the hook – case study Julian Nichols, Financial Services Consultant, Grant Thornton
12:10 - 12:50 Senior managers and certification regimes – implications for internal audit Ross Whelan,
12:50 - 13:50 Lunch
Agenda
13:50 - 14:00 Introduction Gordon Craig, Chairman BFSS; Director, Internal Audit 3i Group plc
14:00 - 14:40 Role of internal audit in outsourcing and contract management – key lines of questioning Papiya Chatterjee, Senior Policy Officer, IIA
14:40 - 15:20 Internal audit – building talent for the future Glenn Bluff, Grant Thornton
15:20 - 15:40 Break
15:40 - 16:20 Cyber security – risks and responses Shivani Maitra, Director, Deloitte
16:20 - 16:30 Closing comments
Annual conference 2015
Dr Ian Peters Chief Executive
Wednesday 11th November 2015
Banking & finance services sector
Agenda
• A changing profession
• Financial services code
• New sector strategy
• Conduct risk poll
• Creating the agenda for the sector advisory panel
A changing profession
There are greater expectations of internal audit to assess:
• Tone at the top
• Culture
• Business strategy / management information
• Public reporting (e.g, Strategic Reports, Integrated Reports)
These expectations raise a number of issues for internal audit in all sectors,
especially the financial services sector, in particular:
• Its Independence and status
• Its scope and priorities
Key initiative: Financial Services Code
• Response to the regulators
• As much for executives and non-executives as internal audit
• Relevance beyond financial services
• Has put internal audit firmly on the agenda
Independence and status of internal audit
• The primary reporting line for the Chief Internal Auditor should be to the
Chairman of the Audit Committee.
• The Audit Committee should be responsible for the Chief Internal Auditor’s:
o appointment/removal
o performance, objectives setting and remuneration
• The Chief Internal Auditor should be at a senior enough level within the
organisation to give him or her the appropriate standing, access and
authority to challenge the Executive
o normally Executive Committee level
• “Internal Audit should have the right to attend and observe all or part of
Executive Committee meetings and any other key management decision
making fora.”
The response
The response
New sector strategy
• The Financial Services Code demonstrates the value of the Institute’s sector
focus
• The Institute has now formalised its approach to the financial services sector
• Our strategy will benefit other sectors in the future
New sector strategy - aims
• To tailor our services in key sectors, in addition to the Institute’s current delivery
of cross sector themes and regions.
• To enhance the value of membership of the Institute by increasing its relevance
to specific groups of members.
• To formalise and structure the Institute’s relationships with groups of members in
key sectors, so that practitioner knowledge is more effectively harnessed.
• To support the Institute’s public policy research programme and improve the
relevance of technical guidance to sector-specific issues.
Financial services sector strategy
• One third of our members work in the financial services sector.
• The sector has seen great changes to the way internal audit needs to operate
and this presents both challenges and opportunities for practitioners.
• We have therefore increased the emphasis we place on our work in the financial
services sector.
• Key to this is our new sector advisory panel.
Financial services sector advisory panel
• Panel draws together practitioners from across the FS sector.
• Chaired by Gordon Craig, director of internal audit, 3i.
o With Mutuals represented by Karen Bassett, Leeds Permanent Building
Society
• The institute will work with the sector advisory panel to:
o Increase representation and member input via our policy and influence work
o Produce new and updated technical guidance on topical issues
o Organise sector specific events, webinars and an annual conference
• The new strategy requires insight into the issues affecting the sector
Potential insights
• The sector advisory panel can feed into our policy programme by providing the
Institute with insights for potential future research.
• The Institute has trialled an initiative around an issue of increasing concern in
the sector: conduct risk.
• Release of guidance for practitioners and snap poll.
Conduct risk poll
• The risk of poor customer outcomes is an increasingly important area of focus
for regulators.
• We conducted a snap poll of internal auditors in the financial services sector to
understand better the extent of internal audit’s involvement in the area of
conduct risk
• The Financial Conduct Authority has no master definition of conduct risk,
however, in its Retail Conduct Risk Outlook 2011, the UK FCA referred to
conduct risk as ‘the risk that firm behaviour will result in poor outcomes for
customers'.
Has your audit committee formalised and communicated
its risk appetite for conduct risk?
Do you audit conduct risk?
Do you audit any of the following?
Conclusion
• Poll shows need for more in depth analysis of conduct risk, its audit and
its importance to audit committees
• The sector advisory panel will be at the heart of this and other policy
initiatives
Creating the agenda for the sector advisory panel
• What should be the key areas of focus?
• How should they be reflected in research, guidance and events?
Panel discussion
Internal audit guidance for financial
services – where are we now?
Banking reform
Paul Chisnall
Executive Director
Why financial and professional services matter
• 2 million jobs – two thirds outside of London
• 12.6% UK GDP
• £61bn trade surplus in 2013
• £65bn tax receipts
• Social good:
- ‘nearly all’ banked
- direct correlation ‘credit’ and GDP
- global financial innovation
Financial crisis: so what went wrong?
Turner Review, March 2009, Chapter 1
• Macro-imbalances meet financial innovation
• Increased leverage
• The growth of ‘shadow banking’
• Misplaced reliance on sophisticated maths
• Hard-wired pro-cyclicality: self-reinforcing irrational exuberance followed by confidence collapse
“socially useful”
“socially useless”
Financial crisis: so what’s the answer?
Turner Review, March 2009, Chapter 2
• Capital, accounting and liquidity
• Deposit insurance and bank resolution
• Credit ratings, remuneration, and counterparty risks
• Macro-prudential analysis
• A new approach to supervision
• Governance and risk management
• The regulation of large complex banks
Banking reform globally focused
Banking reform globally focused
Financial Stability Board
• G20 Action Plan
– Maintain the openness of the financial system
– Cooperate & coordinate
– Make banks safer: more capital & liquidity
– Ending too big to fail
– Make financial markets safer: central clearing of OTC
derivatives
Building new rules for the global financial system
Establishing a safe, responsible & growth-enhancing financial sector in Europe
Creating a banking union to strengthen the euro
CRD IV on capital , liquidity, leverage, remuneration and tax transparency
EMIR, MiFID and MAD Credit Rating Agencies Shadow banking Creation of the three European
Supervisory Authorities Deposit Guarantee and Investor
Compensation schemes Bank Recovery and Resolution SSM & SRM Structural reform FTT – a Robin Hood or Sheriff of
Nottingham tax?
UK Government banking initiatives
Coalition agreement
“We will reform the banking system to avoid a repeat of the financial crisis, to promote a competitive
economy, to sustain the recovery and to protect and sustain jobs.”
“We will take steps to reduce systemic risk in the banking system and will establish an independent
commission to investigate the complex issue of separating retail and investment banking in a
sustainable way.”
New regulatory system
Recommendations of the Independent
Commission on Banking
“Vickers” ring-fencing: Financial Services (Banking Reform) Act 2013 Implementation by 2019
Ring-fencing timetable
2013 •Q3: Consultation on secondary legislation
•Q4: Financial Services (Banking Reform) Act 2013
2014 •Q3: Secondary legislation on ‘location’, eg product offerings
•Q4: First PRA CP on ‘height’ – legal services, governance etc.
2015
•Q1: CP response & submission individual preliminary plans
•Q2: FCA CP on customer disclosures
• Q3: PRA & FCA CPs on transfer schemes
•Q3: Second PRA CP on ‘height’ – intragroup exposures etc.
Ring-fencing timetable
2016
•Q1/H1 Final regulatory rules
•Firming up strategic plans & beginning legal processes: authorisations, permissions, waivers, recruitment
2017
•Bulk of Part VII FSMA transfers, 9-12months or longer for collation, independent expert review, PRA approval, with FCA consultation, customer communications and Court processes – possibly on a staggered basis
2018 •Putting the plan into action – structure &business migration
• Ideally 12 months parallel running, at minimum 6 months, before the 2019 timeline
Parliamentary Commission on Banking Standards
July 2012-June 2013 – 337 days
161 hours of evidence sessions
Asked more than 9,000 questions
354 written evidence submissions
9 volume report - vols I & II run to 571 pages
“Most important Parliamentary report into banking in
a generation”
80+ recommendations accepted by Government
Key themes
Strengthening individual responsibility
Corporate governance
Better outcomes for consumers through enhanced
competition
Enhancing financial stability
Strengthening individual responsibility
• Senior Managers regime (nee Senior Persons)
• Certification regime (nee Licensing regime)
• Banking Standards Rules
• New criminal sanction for reckless misconduct
• “Reversal of the burden of proof”
• Support for the creation of a new professional body:
Banking Standards Board
Two further reviews
• The ‘Fair and Effective Markets Review’ looking beyond Libor and into f/x, commodities and fixed income, with the promise of new criminal sanctions: June 2014 - June 2015: FICC Market Standards Board
• CMA competition review into Personal Current Account and SME lending: July 2014 - October 2015:
• Requiring banks to prompt customers to review the service they receive from their bank through receiving individual messages at certain ‘trigger points’
• Making it easier for consumers and businesses to compare bank products by upgrading Midata
• Requiring the creation of a new price comparison website for SMEs - currently nothing effective exists to fulfil this role
Light at the end of the tunnel?
• FSB: final step – Total loss absorbing capital
• European Commission:
- Growth & jobs
- Capital Markets Union
- ‘Cumulative Impact’ reappraisal
• HMG:
- Bank levy (though…)
- Reversal of the burden of proof
Work programme 2016-2019
• More and better capital
• Bank FPC ‘countercyclical capital buffer’
• Total loss absorbing capital – ‘TLAC’
• Key FSB ratios & their disclosure:
- Leverage Ratio
- Liquidity Coverage ratio
- Net Stable Funding Ratio
• Basel IV?
• IFRS 9 - expected loss provisioning
• Capital/regulation CCPs
• UK ring-fencing
Foundations stronger
• Capital & liquidity
• Recovery planning
• Resolution arrangements
• Risk governance
• Banking supervision
• Macroprudential overlay
• Conduct, values, culture
Foundations stronger
• 7 – 10.5 x capital, 4.5 x CET1 capital
• ‘Bail in’, stress testing, high quality liquidity
• Confidence in resolution arrangements
• Renewed Boards & lines of responsibility
• ‘Enhanced’ supervision
• FPC up and running
• Conduct, values, culture
Risk free?
Internal audit: core governance
Internal audit: BCBS principle
Corporate governance principles for banks,
July 2015, Principle 10:
The internal audit function should provide independent assurance to the board and should support board and senior management in promoting an effective governance process and the long-term soundness of the bank
• http://www.bis.org/bcbs/publ/d328.pdf
BCBS on internal audit, June 2012
• http://www.bis.org/publ/bcbs223.pdf
Internal audit: areas of interest
• Capital and liquidity
• Risk weighted assets
• Key ratios
• Expected loss provisioning
• Regulatory returns
• IT systems – resilience & security
• Report to whom?
• Internal Audit on the Hook
• Julian Nichols
– CIIA Financial Services Conference 11th Nov 2015
Internal Audit on the hook
The Financial Conduct Authority imposes £2.1m
fine and places restriction on Bank after it
mislead the regulator
Internal Audit on the hook
The Bank ?? (UK) Ltd. has been fined £2.1m by the Financial Services
Authority (FCA) and stopped from acquiring new customers from high-risk
jurisdictions for 126 days. in addition, the FCA has fined two approved
persons at the bank.
The Bank repeatedly provided the regulator with misleading information
after it was required to address concerns regarding its financial crime
systems and controls.
The former compliance officer ("X") at the Bank, and the internal auditor
("Y"), have been fined £19,600 and £9,900, respectively. X and Y failed to
deal with the regulator in an open and cooperative way when responding to
queries about the actions taken to mitigate financial crime risk.
Internal Audit on the hook
Georgina Philippou, acting director of enforcement and market oversight, FCA,
commented:
“It is essential to consumer protection, market integrity and the prevention of financial
crime that we can rely on firms giving us the right information at the right time. Bank
?? failings impeded us and left it open to the risk that it might be used for financial
crime.
Equally worrying was the fact that X and Y provided a number of misleading
communications to us, which is a serious breach of their responsibilities as approved
persons.
We are reliant on compliance officers and internal audit to act as an important line of
defence, to support effective regulation at firms and to show backbone even when
challenged by their colleagues.”
Internal Audit on the hook - Background
1. Final Notice: Bank ??
2. Final Notice: X (Compliance Officer)
3. Final Notice: Y (Internal Auditor)
Internal Audit on the hook - timeline
2010 FSA ARROW review and visit in 2011, the bank showed "too little consideration given to the risk of the firm being use for financial crime. The bank was required to take a number of actions to address these concerns."
Remediation Plan: Full remediation of customer files. Improvement of Compliance Monitoring Plan Resolve all open audit issues
Jan 2012: Internal Auditor Y joins the bank, working part time.
Internal Audit on the hook - timeline
May 2012: FSA reminds the Bank of the file remediation due date (1st
June) and specifically requires the Internal Auditor to review the implementation of all other Remediation Action Plan points. Full remediation of customer files due. June 2012: Bank states all action points completed. Y "provided an assurance (to management) to be given to the Authority that all the action points had been implemented even though they had failed to review the Bank's implementation." "Y was aware that the bank had still not completed two…required actions. Following discussions with senior management about the response that the Authority required, Y did not provided the Authority of this information, which the Authority would reasonably expect notice of."
Internal Audit on the hook - Background
July – Aug 2012: Bank provided two reports assuring completion and implementation "even though this was not the case". Nov 2012: "Y prepared a report for the Authority which gave a misleading impression about…completion of a specific action point (Compliance Monitoring Plan) Y omitted this information even though this was information the Authority would reasonably expect notice…….In omitting this information, the Authority recognises that Y was influenced by comments made by senior management."
Internal Audit on the hook – Background
March 2013: FCA visit found Remediation Plan not completed. Bank employed an external consultant and appointed a team to complete the work which was finalised in Oct 2013. FCA interviewed Y who shared their concerns about the Bank's completion of the point and corrected the misleading impression given in Nov 2012.
Internal Audit on the hook – FCA expectations of internal audit
Final Notice: Following visits to the bank in 2011 and 2012, the Authority became concerned that the culture at the bank was one of insufficient consideration of risk or regulation despite the high risk it might be exploited to facilitate financial crime.
Internal Audit on the hook – FCA expectations of internal audit
Final Notice:
The Authority specifically requires Internal Auditors to evaluate the effectiveness of firm's internal controls and risk management processes, and are reliant on Internal Auditors to maintain an open, constructive and cooperative relationship with the Authority.
The Authority is particularly reliant on the internal audit function in supporting an culture of effective controls and governance at small sized firms that are not subject to frequent supervision by the Authority.
Internal Audit on the hook – FCA expectations of internal audit
"Whilst the Authority recognises that Y's actions were influenced by senior management….this does not excuse Y's misconduct. Y was in a position to understand the true position regarding…..completion of the action points…..and as such should have resisted senior management in this regard." "Internal Auditors must maintain their independence, and as an approved person holding a significant influence function, Y was personally bound by their own regulatory responsibilities." "Y failed to deal with the Authority in an open and cooperative way and breached Statement of Principal 4. Fine = 30% of earnings."
Internal Audit on the hook – the Compliance Officer
Handled most of the communication with the Authority ("although others were involved in the drafting, including senior management in relation to its completion of the action points .. ") "In an email to senior management X stated that they were 'fairly guarded' during a conversation with the Authority about the CMP."
False information was given to the FSA re confirmation of completion of points and establishment of the CMP. This was repeated several times.
Internal Audit on the hook – the Compliance Officer
X suggested that he did not have enough support, was under pressure from senior management to be "careful" in communications with the FSA and "not given licence" to explain issues thoroughly. Breach of Statement of Principal 4. Fine = 30% of earnings
Internal Audit on the hook – implications??
The Principle for Businesses relevant to Bank ?? investigation is: Principle for Businesses 11: A firm must deal with its regulators in an open and cooperative way, and must disclose to the appropriate regulator appropriately anything relating to the firm of which that regulator would reasonably expect notice.
The relevant Principle to the investigations into X and Y is:
Statement of Principles for Approved Persons 4: An approved person must deal with the FCA, the PRA and other regulators in an open and cooperative way and must disclose appropriately any information of which the FCA or the PRA would reasonably expect notice.
Internal Audit on the hook – Conclusions?
The Internal Auditor must ensure that any internal audit related information or
statement provided to the FCA/PRA is accurate.
Internal Audit on the hook – Conclusions?
What happens where IA has a different opinion to Compliance / Senior Management regarding a self-reporting issue?
If the Internal auditor sees that incorrect or misleading information is being sent to the FCA/PRA, they should whistleblow to the FCA/PRA.
Internal Audit on the hook – Conclusions?
The FCA/PRA places higher reliance on internal auditors in smaller institutions
"The Authority is particularly reliant on the internal audit function in supporting a culture of effective controls and governance at small sized firms that are not subject to frequent supervision by the Authority."
Internal Audit on the hook – Action to take?
Point out to your Audit Committee Chair, CEO and HIA the ramifications of the
Bank ?? case.
Make sure that information you pass to others which is then passed to the
FCA/PRA remains unchanged. Use this case to support your position to enforce
this.
When considering whether to whistleblow, think whether your company "loyalty" is more important than your career.
Internal Audit on the hook – The LIBOR Example
Bank XX was fined £105m.
LIBOR CONTRIBUTOR FINAL NOTICE
October 2013 "The Authority hereby imposes on XXX a financial penalty of £105m." The bank breaches Principles 2, 3, and 5 in the following ways: 1. Manipulation of the bank's own rates that formed part of the calculation of the
published JPY, USD and GBP LIBOR rates;
2. Collusion with interdealer broker in attempts to influence the LIBOR submissions of other banks; and
3. Collusion with LIBOR Panel Banks directly.
LIBOR CONTRIBUTOR FINAL NOTICE
In March 2009 the Bank's Internal Audit Group carried out an audit of the bank's Global Liquidity & Finance Group, in which certain Submitters and Traders were located. Although the audit focus was not on the LIBOR submission process IA was advised by a Submitter that JPY LIBOR submissions were based on the almost daily suggestions from Trader 1. Despite noting this in its working papers, IA failed to assess and address the issue effectively.
LIBOR CONTRIBUTOR FINAL NOTICE
Internal Audit's notes make it clear that they were aware that: LIBOR rates are sent from overseas for submission; and
The Submitter inputs the rates on behalf of overseas Traders. Example emails were provided including from Traders giving suggestions for 8 LIBOR tenors.
Despite identifying these issues in its workpapers, IA did not assess or address the issues effectively. IA failed to advise senior management that LIBOR submissions were being dictated by Traders.
LIBOR CONTRIBUTOR FINAL NOTICE
At a minimum, IA should have identified that the behaviour of the Trader and Submitter was inappropriate and raised notable conflict of interest concerns. IA should also have brought those concerns to the attention of the bank's compliance or legal departments or senior management.
These three failings by Internal Audit meant that the bank's breaches of Principles 3 & 5 were allowed to continue.
LIBOR CONTRIBUTOR FINAL NOTICE
At a minimum, IA should have identified that the behaviour of the Trader and Submitter was inappropriate and raised notable conflict of interest concerns. IA should also have brought those concerns to the attention of the bank's compliance or legal departments or senior management.
These three failings by Internal Audit meant that the bank's breaches of Principles 3 & 5 were allowed to continue.
LIBOR CONTRIBUTOR FINAL NOTICE
So why was no action taken against this bank's HIA?
They had audited part of the LIBOR process where many banks had not? This Final Notice was in 2013 (the first one was 2015)?
LIBOR CONTRIBUTOR - CONCLUSION
The FCA reviewed individual Internal Audit workpapers Internal Audit Managers must review workpapers and identify risks and issues raised If IA does not perform it's role properly there are severe regulatory implications
Internal Audit on the hook - Summary
Use the first example to strengthen your position with the Audit Committee / CEO / Senior Management Make sure anything which you are involved in or can be linked to you which goes to a Regulator is accurate Do not compromise your position or your career!
• Internal Audit on the Hook
• Julian Nichols
– CIIA Financial Services Conference 11th Nov 2015
GRT100910
STRICTLY CONFIDENTIAL
SENIOR MANAGERS AND CERTIFIED PERSONS (SM&CP) REGIMES: IMPLICATIONS FOR INTERNAL AUDIT
Ross Whelan
11th November 2015
S T R I C T L Y P R I V A T E A N D C O N F I D E N T I A L
TODAYS AGENDA
83
DRIVERS FOR CHANGE
PROPOSED NEW REGIME
CHALLENGES TRANSITION TO NEW REGIME
CONCLUSIONS
SENIOR MANAGERS AND CERTIFIED PERSONS (SM&CP) REGIMES: IMPLICATIONS FOR INTERNAL AUDIT
S T R I C T L Y P R I V A T E A N D C O N F I D E N T I A L
DRIVERS FOR CHANGE
84
SENIOR MANAGERS AND CERTIFIED PERSONS (SM&CP) REGIMES: IMPLICATIONS FOR INTERNAL AUDIT
“Cultural reform in the banking sector marks the next step in the government’s plan to move the whole sector from rescue to recovery and ensure that UK banks demonstrate the highest standards, and are able to support business and drive economic growth.”
George Osborne, Chancellor of the Exchequer
“How a firm conducts its business and treats its customers must be at the heart of how it operates. This has to start at the top”
Martin Wheatley, Chief Executive of the FCA.
“A lack of personal responsibility has been commonplace throughout the industry. Senior figures have continued to shelter behind an accountability firewall.” “Where the standards of individuals, especially those in senior roles, have fallen short, clear lines of accountability and enforceable sanctions are needed. They have been lacking.”
Andrew Tyrie, MP, Chairman of the Parliamentary Commission on Banking
Standards.
1 June 2012
Parliamentary Commission on
Banking Standards (PCBS)
Established
S T R I C T L Y P R I V A T E A N D C O N F I D E N T I A L
DRIVERS FOR CHANGE
85
SENIOR MANAGERS AND CERTIFIED PERSONS (SM&CP) REGIMES: IMPLICATIONS FOR INTERNAL AUDIT
Recommendations (Major Themes)
• Reinforcing the ‘ring-fencing’ changes to banks originally set out in the report of the Independent Commission on Banking;
• Making a reality of individual responsibility, particularly at senior levels;
• Improving competition; • Creating much more robust and
effective corporate governance structures; and
• Giving regulators the powers they needed while holding them to their task. PCBS Report
(Vol. 1 & 2) http://www.parliament.uk/documents/bank
ing-commission/Banking-final-report-volume-i.pdf
http://www.parliament.uk/documents/banking-commission/Banking-final-report-vol-
ii.pdf
1 June 2012
Parliamentary Commission on
Banking Standards (PCBS)
Established
2 June 2013
PCBS Report
‘Changing Banking for Good’
Published
“A Senior Persons Regime... should provide far greater precision about individual responsibilities than the system that it replaces, and would serve as the foundation for… changes to enforcement powers…” “A Licensing Regime… as the basis for upholding individuals' standards of behaviour, centred on the application of a revised set of Banking Standards Rules to a broader group…”
S T R I C T L Y P R I V A T E A N D C O N F I D E N T I A L
86
SENIOR MANAGERS AND CERTIFIED PERSONS (SM&CP) REGIMES: IMPLICATIONS FOR INTERNAL AUDIT
3 December 2013
Financial Services (Banking Reform)
Act 2013
Passed 1 2
June 2012
Parliamentary Commission on
Banking Standards (PCBS)
Established
June 2013
PCBS Report
‘Changing Banking for Good’
Published
DRIVERS FOR CHANGE
Created the legislative
framework and adopted the key recommendation
s made in the PCBS Report Banking Reform Act 2013
(Chapter 33 – Part 4) http://www.legislation.gov.uk/ukpga/2013/33/pdfs/ukpga_20130033_en.pdf
Financial Services Markets Act (FSMA) 2000
(Part 5) http://www.legislation.gov.uk/ukpga/2
000/8/part/V Details of amendments:
http://www.legislation.gov.uk/ukpga/2013/33/pdfs/ukpgaen_20130033_en.p
df
S T R I C T L Y P R I V A T E A N D C O N F I D E N T I A L
DRIVERS FOR CHANGE
87
SENIOR MANAGERS AND CERTIFIED PERSONS (SM&CP) REGIMES: IMPLICATIONS FOR INTERNAL AUDIT
2 3 4 June 2013
PCBS Report
‘Changing Banking for Good’
Published
December 2013
Financial Services (Banking Reform)
Act 2013
Passed
2014/2015
Various FCA & PRA
Consultation Papers
2014 July
FCA CP14/13: ‘Strengthening accountability in banks: A new regulatory framework for individuals’. PRA CP14/14: ‘Strengthening the Alignment of Risk and Reward: New Remuneration Rules’.
November FCA CP14/25: ‘Changes to the Approved Persons Regime for Solvency II firms’.
December FCA CP14/31 / PRA 28/14: ‘Strengthening accountability in banking: forms, consequential and transitional aspects’.
FCA CP14/13 http://www.fca.org.uk/static/documents/consultation-papers/cp14-
13.pdf
PRA CP14/14 https://www.fca.org.uk/your-fca/documents/consultation-
papers/cp14-14
FCA CP14/25 https://www.fca.org.uk/static/documents/consultation-papers/cp14-
25.pdf
FCA CP14/31 / PRA 28/14 https://www.fca.org.uk/static/documents/consultation-papers/cp14-
31.pdf
S T R I C T L Y P R I V A T E A N D C O N F I D E N T I A L
DRIVERS FOR CHANGE
88
SENIOR MANAGERS AND CERTIFIED PERSONS (SM&CP) REGIMES: IMPLICATIONS FOR INTERNAL AUDIT
2 3 4 June 2013
PCBS Report
‘Changing Banking for Good’
Published
December 2013
Financial Services (Banking Reform)
Act 2013
Passed
2015 February
FCA CP15/05: ‘Approach to non-executive directors in banking and Solvency II firms & Application of the presumption of responsibility to Senior Managers in banking firms’.
March CP15/10: ‘Strengthening accountability in banking: UK branches of foreign banks’. FCA CP15/09: ‘Strengthening accountability in banking: a new regulatory framework for individuals’.
Policy Statement PRA CP03/15: ‘Strengthening individual accountability in banking and insurance’.
July FCA CP15/22: ‘Strengthening accountability in banking: Final rules (including feedback on CP14/31 and CP15/5) and consultation on extending the Certification Regime to wholesale market activities’.
August FS15/3: ‘Strengthening accountability in banking: UK branches of foreign banks – Feedback on FCA CP15/10’.
FCA CP15/05 https://www.fca.org.uk/static/documents/consultation-papers/cp15-
05.pdf
CP15/10 https://www.fca.org.uk/your-fca/documents/consultation-
papers/cp15-10
CP15/09 https://www.fca.org.uk/your-fca/documents/consultation-
papers/cp15-09
PRA CP03/15 http://www.bankofengland.co.uk/pra/Documents/publications/cp/201
5/cp315.pdf
FCA CP15/22 https://www.fca.org.uk/static/documents/consultation-papers/cp15-
22.pdf
FS15/03 https://www.fca.org.uk/your-fca/documents/feedback-
statements/fs15-03
2014/2015
Various FCA & PRA
Consultation Papers
S T R I C T L Y P R I V A T E A N D C O N F I D E N T I A L
PROPOSED NEW REGIME
89
SENIOR MANAGERS AND CERTIFIED PERSONS (SM&CP) REGIMES: IMPLICATIONS FOR INTERNAL AUDIT
1 SENIOR
MANAGERS REGIME
2 CERTIFICATION REGIME
3 CONDUCT RULES
UNDER THE NEW REGIME
Senior Managers can be held accountable for ‘misconduct’ that falls within their area of responsibility.
Individuals working at all levels can be held to appropriate standards of conduct.
S T R I C T L Y P R I V A T E A N D C O N F I D E N T I A L
PROPOSED NEW REGIME
90
SENIOR MANAGERS AND CERTIFIED PERSONS (SM&CP) REGIMES: IMPLICATIONS FOR INTERNAL AUDIT
1 SENIOR
MANAGERS REGIME
SCOPE
FIRMS Applies to UK Banks, Building Societies, Credit Unions, PRA – Designated Investment Firms and Incoming branches of foreign/overseas banks (also known as Relevant Authorised Persons (RAPS)) operating in the UK.
Bank of England and Financial Service Bill Amended to include all regulated/authorized firms (including Insurers, Investment Firms (Stockbrokers, Securities and Futures firms, Asset Managers) and Consumer Credit firms).
Based on FCA estimates, the number of firms impacted will rise from approx. 1,000 to just under 60,000. The newly extended regime should come into operation during 2018.
NO ‘TERRITORIAL LIMITATION’
INDIVIDUALS UK Relevant Authorised Persons
The Board and other individuals who hold key roles or have overall responsibility. Under this 6 Non Executive Directors (NEDs) functions are captured (SMF 9-14) i.e., Chairman of the Board, Chair of Risk, Audit, Remuneration and Nomination Committees and Senior Independent Directors.
Non-EEA Branches
Executive Directors of the branch and other individuals who hold key roles or have local responsibility.
EEA Branches
Individuals with significant responsibility for significant business units of the branch and other individuals who hold key roles.
The SMRs application is greater for non-European Economic Area (EEA) than EEA firms reflecting the split of EEA home and host state supervisory responsibilities under the relevant single market directives.
The focus is on the most senior individuals in firms who hold key
roles or have overall responsibility for whole areas of
relevant firms.
Intention: All members of the Board, the
second layer of governance (whether structured as an
Executive Committee or not) and anyone else carrying out an important function (e.g. a SIF)
should be made subject to regulation. The Significant
Responsibility SMF, in particular, has been designed to bring Non-
Board members in charge of particular areas into the SMR.
S T R I C T L Y P R I V A T E A N D C O N F I D E N T I A L
PROPOSED NEW REGIME
91
SENIOR MANAGERS AND CERTIFIED PERSONS (SM&CP) REGIMES: IMPLICATIONS FOR INTERNAL AUDIT
1 SENIOR
MANAGERS REGIME
KEY FEATURES
• A new set of Senior Manager Functions (SMFs) will replace the current Significant Influence Functions (SIFs).
3 New Functions Head of Key Business Area (SMF6)
Person who manages area with gross total assets of £10bn or more and
which either accounts for 20% or more of the gross revenue of the firm, or where the firm is part of a group,
accounts for more than 20% of the total gross revenue of the group.
Group Entity Senior Manager (SMF7)
Applies to individuals who exercise significant influence over the Relevant Approved Persons as part of their role
in the wider group (can operate in exec or non-exec capacity).
Significant Responsibility SMF (SMF18) Applies to individuals who have overall responsibility for each of the activities,
business areas and management functions of the firm.
Applies to those who do not already hold another SMF and with the
exception of Compliance with Cass , cannot be assigned any other Prescribed Responsibilities.
COMBINED LIST OF SMF’S
Chief Executive Function* PRA & FCA SMF 1
Chief Finance Function * PRA & FCA SMF 2
Executive Director* FCA Only SMF 3
Chief Risk Function PRA & FCA SMF 4
Head of Internal Audit PRA & FCA SMF 5
Head of Key Business Area PRA & FCA SMF 6
Group Entity Senior Manager PRA & FCA SMF 7
Credit Union SMF PRA & FCA SMF 8
Chairman PRA & FCA SMF 9
Chair of Risk Committee PRA & FCA SMF 10
Chair of Audit Committee PRA & FCA SMF11
Chair of Remuneration
Committee PRA & FCA SMF 12
Chair of Nominations
Committee FCA Only SMF 13
Senior Independent Director PRA & FCA SMF 14
Non Executive Director FCA Only SMF 15
Compliance Oversight FCA Only SMF 16
Money Laundering Reporting FCA Only SMF 17
Significant Responsibility FCA Only SMF 18 • *With exception of small credit unions, at least one person
must perform this role. • NEDs (SMF9-15) Cannot be allocated overall responsibility
for business activities or management functions.
For a Non EEA Branch, SMF 5 will only apply where branch has a dedicated individual performing this function.
S T R I C T L Y P R I V A T E A N D C O N F I D E N T I A L
PROPOSED NEW REGIME
92
SENIOR MANAGERS AND CERTIFIED PERSONS (SM&CP) REGIMES: IMPLICATIONS FOR INTERNAL AUDIT
1 SENIOR
MANAGERS REGIME
KEY FEATURES
• A new set of Senior Manager Functions (SMFs) will replace the current Significant Influence Functions (SIFs).
PRESCRIBED RESPONSIBILITIES (i) ensuring that the firm has complied with the obligation to satisfy itself that persons performing a key function are fit and proper; (ii) leading the development of the firm’s culture and standards; (iii) embedding the firm’s culture and standards in its day-to-day management; (iv) production and integrity of the firm’s financial information and regulatory reporting; (v) allocation and maintenance of the firm’s capital and liquidity; (vi) development and maintenance of the firm’s business model; (vii) performance of the firm’s Own Risk and Solvency Assessment (ORSA); (viii) induction, training and professional development for all the firm’s key function holders; (ix) maintenance of the independence, integrity and effectiveness of the whistleblowing procedures, and the protection of staff raising concerns; and (x) oversight of the firm’s remuneration policies and practices.
• ‘Prescribed Responsibilities’ (as defined by PRA & FCA), which are important functions other than SMFs, must be allocated to one of the existing SMF’s “with which the responsibility is most closely associated”.
• NEDs can be allocated certain prescribed responsibilities.
S T R I C T L Y P R I V A T E A N D C O N F I D E N T I A L
PROPOSED NEW REGIME
93
SENIOR MANAGERS AND CERTIFIED PERSONS (SM&CP) REGIMES: IMPLICATIONS FOR INTERNAL AUDIT
1 SENIOR
MANAGERS REGIME
KEY FEATURES
• A new set of Senior Manager Functions (SMFs) will replace the current Significant Influence Functions (SIFs).
LIST KEY FUNCTIONS • Establishing and operating systems
and controls in relation to financial crime.
• Safekeeping and administration of assets of clients
• Payment services • Settlement • Investment management • Financial or investment advice • Mortgage advice • Corporate investments • Wholesale sales • Retail sales • First line quality assurance of sales • Trading for clients • Investment research • Origination/syndication and
Underwriting • Wholesale lending decisions • Design and manufacturing of
products intended for wholesale customers
• Design and manufacture of products intended for retail customers
• Production and distribution of marketing materials and communications
• Customer service • Customer complaints handling • Collection and recovering amounts
owed to a firm by its customers/Dealing with customers in arrears
• Middle office • The firm’s information technology • Business continuity • Human resources • Incentive schemes for the firm’s staff
• ‘Prescribed Responsibilities’ (as defined by PRA & FCA), which are important functions other than SMFs, must be allocated to one of the existing SMF’s “with which the responsibility is most closely associated”.
• 27 ‘Key Functions’ which are important functions other than SMFs and Prescribed Responsibilities, if they exist in a particular firm, must be allocated to a Significant Responsibility SMF (SMF 18).
S T R I C T L Y P R I V A T E A N D C O N F I D E N T I A L
PROPOSED NEW REGIME
94
SENIOR MANAGERS AND CERTIFIED PERSONS (SM&CP) REGIMES: IMPLICATIONS FOR INTERNAL AUDIT
1 SENIOR
MANAGERS REGIME
KEY FEATURES - APPROVALS
• Subject to Pre-Approval All Senior Management Functions (SMFs) are subject to approval by the relevant regulator (FCA or PRA) before they may begin carrying out a SMF.
• Required Submissions When applying for an individual to be approved for an SMF, or whenever there is a significant change in a Senior Manager’s responsibilities, a firm will need to submit:
• Statement of Responsibility A “..statement setting out the aspects of the affairs of the authorised person concerned which it is intended that the person will be responsible for managing in performing the function”; these statements must be kept current.
• Management Responsibilities Map This must be comprehensive, up-to-date and set out how the various responsibilities have been allocated. Must demonstrate that: • There are no gaps in accountability; • Robust governance arrangements are in place; and • A clear organisational structure with defined,
transparent and consistent lines of responsibility.
• Other supplementary information i.e. CVs, job desc., org. charts and development plans.
S T R I C T L Y P R I V A T E A N D C O N F I D E N T I A L
PROPOSED NEW REGIME
95
SENIOR MANAGERS AND CERTIFIED PERSONS (SM&CP) REGIMES: IMPLICATIONS FOR INTERNAL AUDIT
1 SENIOR
MANAGERS REGIME
KEY FEATURES - APPROVALS
• Handover Arrangements Reasonable steps (i.e., Handover Arrangements) should be taken to make newly appointed Senior Managers aware of all relevant information and risks of regulatory concern in order to perform responsibilities effectively.
• Conditions & Time Limits The regulators can impose conditions and time limits on approvals of Senior Managers, both at the initial approval stage and subsequently through a variation of approval. For example, approving an SMF subject to a training requirement or imposing a probationary time limit on an approval.
S T R I C T L Y P R I V A T E A N D C O N F I D E N T I A L
PROPOSED NEW REGIME
96
SENIOR MANAGERS AND CERTIFIED PERSONS (SM&CP) REGIMES: IMPLICATIONS FOR INTERNAL AUDIT
1 SENIOR
MANAGERS REGIME
KEY FEATURES - ENFORCEMENT
• Individual Enforcement Action Each of the regulators will be able to take individual enforcement action against any Senior Manager.
• Presumption of Responsibility The proposed ‘Presumption of Responsibility’ will now be replaced by a ‘New’ Statutory Duty responsibility on Senior Managers to take ‘reasonable steps’ to prevent a regulatory breach.
So what is the significance of this recent change?
Bank of England and Financial Services Bill – Section 3.1 https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/468328/SMCR_policy_paper_final_15102015.pdf
Under the original controversial proposal (i.e., reverse burden of proof), if a firm breached a regulatory requirement, the Senior Manager responsible for the area of the breach could be held individually accountable unless they were able to satisfy the regulators that they had taken ‘reasonable steps’ to stop, prevent, or remedy the breach. This was perceived as draconian and had deterred many from taking up senior manager roles for fear of regulatory exposure.
The burden of proving that a Senior Manager has failed to meet the expected standard in an enforcement action will now rest firmly with the Regulator. The “new” Statutory Duty however represents little if any change in substance of Senior Manager obligations as it bears a very close resemblance to the Conduct Rules underpinning the Approved Persons Regime and the new SM&CP regime.
Statement of Principle 7 for Approved Persons
An approved person performing an accountable significant influence function must take reasonable steps to ensure that the business of the firm for which he is responsible in his accountable function complies with the relevant requirements and standards of the regulatory system.
Senior Manager Conduct Rule 2 You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory systems.
S T R I C T L Y P R I V A T E A N D C O N F I D E N T I A L
PROPOSED NEW REGIME
97
SENIOR MANAGERS AND CERTIFIED PERSONS (SM&CP) REGIMES: IMPLICATIONS FOR INTERNAL AUDIT
1 SENIOR
MANAGERS REGIME
KEY FEATURES - ENFORCEMENT
• New Criminal Offence Senior Managers will be liable to prosecution for the new criminal offence ‘relating to a decision causing a financial institution to fail’ i.e., of taking (or failing to prevent) a decision causing a financial institution to fail, where one is aware of the risks and one’s conduct fell “far below what could reasonably be expected”. This offense is punishable by up to 7 year’s imprisonment and/or an unlimited fine.
Financial Services (Banking Reform) Act 2013 – Section 36 http://www.legislation.gov.uk/ukpga/2013/33/pdfs/ukpga_201
30033_en.pdf
• New Criminal Offence Under the regime, enforcement action may occur due to: An individual breach (‘failed to comply’) of the conduct rules (FSMA ‘Condition A’); By being “knowingly concerned” in a breach of rules by the firm (FSMA ‘Condition B’); or Through breaches occurring in the areas for which they are responsible (FSMA ‘Condition C’).
CRIMINAL OFFENSE Does not apply to Credit Unions or Incoming
Branches
S T R I C T L Y P R I V A T E A N D C O N F I D E N T I A L
PROPOSED NEW REGIME
98
SENIOR MANAGERS AND CERTIFIED PERSONS (SM&CP) REGIMES: IMPLICATIONS FOR INTERNAL AUDIT
1 SENIOR
MANAGERS REGIME
KEY FEATURES
• Annual Assessment Firm duty to assess ‘fitness and propriety’ of Senior Managers initially and thereafter on an annual basis.
• Employee Hiring Checks Firms must perform criminal record checks and request references from the previous employer of an SMF candidate, covering previous 5 years employment history (and disclose breaches and details of any disciplinary action. References must be true, fair and accurate).
• Job Sharing Arrangements More than one individual can perform a Senior Management Function. In the case of a job share arrangement, each individual will be responsible for all the responsibilities conferred by that SMF.
S T R I C T L Y P R I V A T E A N D C O N F I D E N T I A L
PROPOSED NEW REGIME
99
SENIOR MANAGERS AND CERTIFIED PERSONS (SM&CP) REGIMES: IMPLICATIONS FOR INTERNAL AUDIT
1 SENIOR
MANAGERS REGIME
KEY FEATURES
RELATED TEMPLATES Form K: Grandfathering Notification
http://www.bankofengland.co.uk/pra/Documents/authorisations/simr/formk.pdf
• Grandfathering Arrangements There will be ‘grandfathering’ provisions for Senior Managers currently performing Significant Influence Functions, so as not to require fresh approval to perform the equivalent SMF. An individual can only be grandfathered into a new SMF role if: • They are performing the role under the current APR
regime on the date of notification to the regulators; and on the date the regime comes into force. Grandfathering to a non-equivalent role requires additional approval; • The function is equivalent to a SIF function that they hold in the same firm. i.e., they cannot grandfather over to new regime in a different entity in the same group; and • Applications for regulatory pre-approval of those in SMF must include a “Statement of Responsibilities” setting out the areas of the firm for which the prospective Senior Manager will have responsibility (one per legal entity).
S T R I C T L Y P R I V A T E A N D C O N F I D E N T I A L
PROPOSED NEW REGIME
100
SENIOR MANAGERS AND CERTIFIED PERSONS (SM&CP) REGIMES: IMPLICATIONS FOR INTERNAL AUDIT
2 CERTIFICATION REGIME
SCOPE
FIRMS Applies to UK Banks, Building Societies, Credit Unions, PRA – Designated Investment Firms and Incoming branches of foreign/overseas banks (also known as Relevant Authorised Persons (RAPS)) operating in the UK.
TERRITORIAL LIMITATION UK Firms & Non EEA Branches
Material Risk Takers: No Territorial Limitations (applies irrespective of location).
All Other Certified Persons: Territorial Limitation (only if based in the UK or dealing
(having contact) with Client in the UK.
EEA Branches Only applies to Individuals present/based in the UK.
INDIVIDUALS Material Risk Takers;
Most former ‘Approved Persons’ not covered by SMR; Customer facing roles with a Required Qualification (e.g.,
Investment Adviser); Proprietary Traders; and
Line Managers of ‘Certified Persons’.
Applies to staff who perform a function which either regulator believe could pose “Significant
Harm“ to the firm or any of its customers.
Intention: To reduce the firms risk of
an individual causing significant harm to the firm or its customers.
S T R I C T L Y P R I V A T E A N D C O N F I D E N T I A L
PROPOSED NEW REGIME
101
SENIOR MANAGERS AND CERTIFIED PERSONS (SM&CP) REGIMES: IMPLICATIONS FOR INTERNAL AUDIT
KEY FEATURES
• Registration Individuals falling under the Certification Regime (CR) will not be subject to regulatory approval (as SMFs are).
2 CERTIFICATION REGIME
• Assessment of Employees It is a Firms duty to certify that employees performing a “significant harm function” are ‘fit and proper’ to do so. Fitness and Propriety checks also apply to Notified NEDs. However a NED moving from an SMF to be a ‘Notified NED’ is not subject to further ‘Fitness and Propriety’ checks • Integrity; • Knowledge, competence and experience; and • Qualifications and training.
Certification will need to be renewed on an annual basis.
A Senior Manager will assume responsibility for the internal review and certification process, and be accountable for shortcomings.
• Employee Movements If a person moves from one CR role to another CR role, that person must be certified as ‘fit and proper’ for the new role immediately; the firm cannot wait until the annual renewal of the certificate.
S T R I C T L Y P R I V A T E A N D C O N F I D E N T I A L
PROPOSED NEW REGIME
102
SENIOR MANAGERS AND CERTIFIED PERSONS (SM&CP) REGIMES: IMPLICATIONS FOR INTERNAL AUDIT
KEY FEATURES
• Exceptions In exceptional circumstances, a person may perform a CR function for up to two weeks without certification where they are providing cover for a certified person whose absence was reasonable unforeseen. (This does not apply, however, to CR functions that have a qualification requirement.)
2 CERTIFICATION REGIME
• Employee Hiring Checks Firms must request references from the previous employer of an CR candidate, covering previous 5 years employment history (and disclose breaches and details of any disciplinary action. Additional references are not required for people performing Certification Functions if they were performing the same function immediately prior to 7 March 2016. Criminal record checks are not required. Firms may carry out checks for other employees where legally allowed to (part of employment contract). With such an extended population, this represents a significant burden to the firm [SYSC 5.3.4R to SYSC 5.3.11R].
• Multiple Functions Where individuals are performing multiple certification functions, they must be assessed as ‘fit and proper’ for each function, although all the different functions may be covered by a single certificate.
S T R I C T L Y P R I V A T E A N D C O N F I D E N T I A L
PROPOSED NEW REGIME
103
SENIOR MANAGERS AND CERTIFIED PERSONS (SM&CP) REGIMES: IMPLICATIONS FOR INTERNAL AUDIT
SCOPE
3 CONDUCT RULES
FIRMS Applies to UK Banks, Building Societies, Credit Unions, PRA – Designated Investment Firms and Incoming branches of foreign/overseas banks (also known as Relevant Authorised Persons (RAPS)) operating in the UK.
TERRITORIAL LIMITATION
Code of Conduct Replaces existing principles and guidance set out in the FCA statements of Principles and
Code of Practice for Approved Persons (APER) for employees working for Relevant
Firms.
Applies to all staff at a relevant firm (except
Ancillary Staff)
Intention: To extend the new
behavioural standards against which individuals
will be judged down through the
organisational structure.
Bank of England and Financial Service Bill Amended to include all those sitting on the board of an in-scope firm (including all NEDs) so that enforcement can be taken against these individuals where they fail to act with ‘honesty and integrity’.
UK Firms &
Non-EEA Branches EEA Branches
Senior
Manager
No Territorial Limitation
Applies wherever they are based
Material
Risk Taker
Applies wherever they
are based
Applies if individual
based in UK only
Other
‘Certified
Persons’
Applies if individual
based in UK or
dealing with a client
in the UK only
Applies if individual
based in UK only
Other
Conduct
Rules Staff
Applies if individual
based in UK or
dealing with a client
in the UK only
Applies if individual
based in UK only EXAMPLES
UK-based EEA Branch Senior Manager of a UK branch of a
Spanish Retail Bank. New York-based Chair of Audit Committee‘ of a UK subsidiary
of a US Bank. Swiss-based Senior Manager with overall responsibility for
Fixed Income business within a UK Wholesale Bank.
S T R I C T L Y P R I V A T E A N D C O N F I D E N T I A L
PROPOSED NEW REGIME
104
SENIOR MANAGERS AND CERTIFIED PERSONS (SM&CP) REGIMES: IMPLICATIONS FOR INTERNAL AUDIT
‘Second Tier’: Conduct Rules - Apply to Senior Managers only
3 CONDUCT RULES
Proposed New Rules Corresponding Rule from APER or PRIN
SM1. You must take reasonable steps
to ensure that the business of the firm
for which you are responsible is
controlled effectively.
APER Statement of Principle 5.
An approved person performing an
accountable significant-influence function
must take reasonable steps to ensure that
the business of the firm for which he is
responsible in his accountable function is
organised so that it can be controlled
effectively.
SM2. You must take reasonable steps
to ensure that the business of the firm
for which you are responsible complies
with relevant requirements and
standards of the regulatory system.
APER Statement of Principle 7.
An approved person performing an
accountable significant-influence function
must take reasonable steps to ensure that
the business of the firm for which he is
responsible in his accountable function
complies with the relevant requirements
and standards of the regulatory system.
SM3. You must take reasonable steps
to ensure that any delegation of your
responsibilities is to an appropriate
person and that you oversee the
discharge of the delegated
responsibility effectively.
SM4: You must disclose appropriately
any information of which the FCA or
PRA would reasonably expect notice.
PRIN 11.
A firm must deal with its regulators in an
open and cooperative way, and must
disclose to the appropriate regulator
appropriately anything relating to the firm
of which that regulator would reasonably
expect notice.
SENIOR MANAGERS Must ensure that there is:
• Effectiveness of business controls; • Compliance with regulatory requirements; • That there is appropriate delegations of responsibility with effective
oversight; and • There is appropriate disclosure of information to regulators.
S T R I C T L Y P R I V A T E A N D C O N F I D E N T I A L
PROPOSED NEW REGIME
105
SENIOR MANAGERS AND CERTIFIED PERSONS (SM&CP) REGIMES: IMPLICATIONS FOR INTERNAL AUDIT
‘First Tier’: Conduct Rules - Apply to All Staff*
3 CONDUCT RULES
Proposed New Rules Corresponding Rule from APER or PRIN
1. You must act with integrity.
Manage risk, exercise sound judgment, observe rules as well as honesty
APER Statement of Principle 1.
An approved person must act with
integrity in carrying out his accountable
functions.
2. You must act with due skill, care and
diligence.
Understand the business, the regulations and act compliantly & competently.
APER Statement of Principle 2.
An approved person must act with due
skill, care and diligence in carrying out his
accountable functions.
3. You must be open and cooperative
with the FCA, PRA, and other
regulators.
APER Statement of Principle 4.
An approved person must deal with the
FCA, the PRA and other regulators in an
open and cooperative way and must
disclose appropriately any information of
which the FCA or the PRA would
reasonably expect notice.
4. You must pay due regard to the
interests of customers and treat them
fairly. (Applied by FCA Only)
PRIN 6.
A firm must pay due regard to the
interests of its customers and treat them
fairly.
5. You must observe proper standards
of market conduct. (Applied by FCA
Only)
All markets, not just listed securities
APER Statement of Principle 3.
An approved person must observe proper
standards of market conduct in carrying
out his accountable functions. SENIOR MANAGERS, CERTIFIED FUNCTIONS & OTHER RELEVANT STAFF Under the Bank of England and Financial Service Bill, the rules of Conduct have now been extended to Non Executive Directors. This plugs a perceived gap necessary to address CRD IV, incorporated by reference into MiFID II, which requires Member States to be able to take action against members of an institution’s management body (including NEDs).
*ANCILLIARY STAFF Staff carrying out a role which would be fundamentally the same in a non-financial services firm. Approximately 20 Designated categories (e.g., cook, cleaner, receptionist and security guard).
S T R I C T L Y P R I V A T E A N D C O N F I D E N T I A L
PROPOSED NEW REGIME
106
SENIOR MANAGERS AND CERTIFIED PERSONS (SM&CP) REGIMES: IMPLICATIONS FOR INTERNAL AUDIT
3 CONDUCT RULES
*Fair and Effective Markers Review (FEMR)
http://www.bankofengland.co.uk/markets/Documents/femrjun15.pdf
KEY FEATURES
• Requirement to report breaches and suspected breaches has been rescinded.
Bank of England and Financial Service Bill Removed obligation to notify the regulators of breaches or suspected breaches to the Conduct Rules: • To the PRA within 7 days of suspicion
that there has been a breach of the rules; and
• To the FCA within 7 days for SMR, for FCA Certified Persons and Relevant staff this is annually (end of October) each year.
Low legal threshold for a ‘suspected’ breach meant firms would have had to report lots of individuals to the regulator with many of those allegations subsequently being unfounded.
• Notify the regulators of disciplinary action taken Firms are required to notify the regulators of disciplinary action taken again against an employee for conduct which amounts to a breach of the Code of Conduct.[FSMA s54C(1)]
• Conduct Rules Training Firms must make individuals aware if they are subject to the new conduct rules, and provide suitable and role specific training to ensure understanding and compliance with the rules. (*FEMR)
• Whistleblowing Includes a “duty to whistleblow” to the FCA/PRA where Senior Managers are aware of information of which the regulators may expect notice.
RELATED TEMPLATES Form C: Notice of ceasing to perform controlled functions (including
senior management functions) https://www.handbook.fca.org.uk/form/sup/SUP_10A_ann_6R_Form_C_20160307
Form D: Notification: Change to personal information/application details and conduct breaches/disciplinary action
related to conduct https://www.handbook.fca.org.uk/form/sup/SUP_10A_ann_7R_Form_D_20160307.p
df
Form H: Notification of Conduct Rules Breaches and Disciplinary Action relating to certification employees and other conduct rules staff
https://www.handbook.fca.org.uk/form/sup/SUP_15_ann_7R_Form_H_20160307.pdf
S T R I C T L Y P R I V A T E A N D C O N F I D E N T I A L
PROPOSED NEW REGIME
107
SENIOR MANAGERS AND CERTIFIED PERSONS (SM&CP) REGIMES: IMPLICATIONS FOR INTERNAL AUDIT
2
1
3
SENIOR MANAGERS FUNCTION
CERTIFIED INDIVIDUALS
ALL OTHER RELEVANT STAFF
‘Subject to’ CONDUCT
RULES
‘Pre-Approved
by’ FCA/PRA
ANCILLARY STAFF (Not in Scope)
‘Fitness’ FIRM
ASSESSED
S T R I C T L Y P R I V A T E A N D C O N F I D E N T I A L
CHALLENGES
108
SENIOR MANAGERS AND CERTIFIED PERSONS (SM&CP) REGIMES: IMPLICATIONS FOR INTERNAL AUDIT
1 SENIOR
MANAGERS REGIME
2 CERTIFICATION REGIME
3 CONDUCT RULES
KEY CHALLENGES
• Attracting & Retaining the right Staff Shift towards individual responsibility may make it harder to attract and retain Senior Managers.
• Disclosure of sensitive information to potential candidates at the Hiring stage At the hiring stage, potential SMF candidates are likely to want as much detail about any issues in the bank in general and the relevant business area in particular before taking on the significant regulatory responsibility. Firms will be wary of divulging highly sensitive information to individuals who may remain at current employer or join a competitor. • Lengthy negotiations around detailing Senior Managers responsibilities Employer and employee interests are diametrically opposed. Whilst firms will want to ensure that the Statement of Responsibilities is detailed and comprehensive, Senior Managers will want to minimize the area for which they would be held responsible, leading to lengthy negotiations.
• Reluctance of SMFs to assume additional responsibilities SMFs will want to have a high level of clarity about their areas of responsibility and will resist taking on additional responsibilities.
S T R I C T L Y P R I V A T E A N D C O N F I D E N T I A L
CHALLENGES
109
SENIOR MANAGERS AND CERTIFIED PERSONS (SM&CP) REGIMES: IMPLICATIONS FOR INTERNAL AUDIT
1 SENIOR
MANAGERS REGIME
2 CERTIFICATION REGIME
3 CONDUCT RULES
KEY CHALLENGES (CONT’D)
• Increased turnover of poor performing staff SMFs are likely to be unwilling to retain any members of staff who they believe are not up to the job and will not want to spend time performance managing poor performers if they fear regulatory failures could arise in the meantime. This will create tension with HR organizations and increase the risk of employment claims.
• Excessive caution and risk avoidance The focus on individual responsibility and the more draconian sanctions, may result in excessive caution, stunting growth and profitability.
• Increased clarity around ‘cover’ for Senior Managers Plans will have to be made for the absence of an SMF. Someone who is to deputize for an absent SMF will want a clear apportionment of responsibilities to avoid the impact of a breach occurring while he/she is deputizing that related to a failure for which the SMF should be held responsible. • Recording of ‘disclosable’ Information SMF’s who do not agree with particular commercial decisions are likely to document their concerns in order to protect themselves against regulatory sanction. This will result in more convoluted decision making, the emergence of a culture of ‘finger pointing’, and disclosable items.
S T R I C T L Y P R I V A T E A N D C O N F I D E N T I A L
CHALLENGES
110
SENIOR MANAGERS AND CERTIFIED PERSONS (SM&CP) REGIMES: IMPLICATIONS FOR INTERNAL AUDIT
1 SENIOR
MANAGERS REGIME
2 CERTIFICATION REGIME
3 CONDUCT RULES
KEY CHALLENGES (CONT’D)
• Handling SMF Grievances or Exits Banks could see an increase in whistleblowing allegations from Senior Managers who are dismissed as they try and minimize culpability and extract exit packages. Similarly Senior Managers may threaten to provide unhelpful handover documentation unless they receive favorable severance terms. With the proposed changes, FCA entries will now contain more detail on disciplinary action taken against Senior Managers, this could have significant implications for an individuals future employment prospects. • Increased documentary burden on Firms In addition to the requirements for Statement of Responsibility (limited to 300 words) and the Responsibilities Maps, the new regime will require changes to employment contracts and policies to ensure that there is a requirement to comply with the Conduct Rules and ensuring that there is a contractual basis for dismissing employees where requirements are not meet.
S T R I C T L Y P R I V A T E A N D C O N F I D E N T I A L
CHALLENGES
111
SENIOR MANAGERS AND CERTIFIED PERSONS (SM&CP) REGIMES: IMPLICATIONS FOR INTERNAL AUDIT
1 SENIOR
MANAGERS REGIME
2 CERTIFICATION REGIME
3 CONDUCT RULES
KEY CHALLENGES (CONT’D)
• Enforcement Action: Firm v Individual interests In the case of enforcement action, where a firm is motivated to settle early and obtain a discount, this admission of guilt then makes it more difficult for an individual to defend. Firms need to clarify to prospective Senior Managers at the hiring stage under what circumstances legal expenses will be paid by the firm; and in the event this enforcement occurs a number of years after the firm and the employee have parted company, how long they are eligible for this assistance?
• Enforcement Action: Impact of investigation Investigating authorities are likely to require a high degree of access to the financial institution and its records. The interference of an ongoing investigation may prove to be a significant burden for the institution in question due to the potential breadth of the investigation (i.e., how far back); the impact on daily operations (i.e., drain on time); it may create tensions/conflict amongst management regarding historical decisions; and the availability of good records demonstrating transparent decision making processes.
S T R I C T L Y P R I V A T E A N D C O N F I D E N T I A L
CHALLENGES
112
SENIOR MANAGERS AND CERTIFIED PERSONS (SM&CP) REGIMES: IMPLICATIONS FOR INTERNAL AUDIT
1 SENIOR
MANAGERS REGIME
2 CERTIFICATION REGIME
3 CONDUCT RULES
KEY CHALLENGES (CONT’D)
• Other Challenges • How to evidence decision making and reasonable steps
taken; • What information is considered sufficient before a
Senior Manager becomes ‘informed’ of a risk or issue that requires ‘reasonable steps’ to be taken;
• How to illustrate the manner in which responsibilities are delegated and appropriately controlled; and
• Ownership of ‘prescribed responsibilities’ and key functions, particularly where they cut across reporting lines and geographical locations.
S T R I C T L Y P R I V A T E A N D C O N F I D E N T I A L
TRANSITION TO NEW REGIME
113
SENIOR MANAGERS AND CERTIFIED PERSONS (SM&CP) REGIMES: IMPLICATIONS FOR INTERNAL AUDIT
1 SENIOR
MANAGERS REGIME
2 CERTIFICATION REGIME
3 CONDUCT RULES
KEY TASKS
KEY DATE
Senior Manager & Certified Persons (SM&CP) Regime
Commencement Date
7 March 2016
• Gap Analysis Determine the role of Senior Managers under the new regime in order to identify those carrying on a SMF and to identify and complete a Management Responsibilities Map.
• Governance Systems & Controls Have in place appropriate governance systems and controls relating to policies; regulatory reporting; training; assigning responsibility for the production of reports; and be able to demonstrate to regulators that the systems and control in place are robust and effective.
• Statements of Responsibility Draft Statements of Responsibility for individuals performing a SMF, including aligning contracts of employment and having systems in place for responding to requests from the regulators for personal attestations for such individuals.
• Policies & Procedures Review relevant policies and consider amending contracts to include indemnities; legal representation at meetings; suspension; notification of disciplinaries to regulators; handling of reference requests; consent to criminal records checks for SMFs; and provisions to support handover arrangements.
S T R I C T L Y P R I V A T E A N D C O N F I D E N T I A L
TRANSITION TO NEW REGIME
114
SENIOR MANAGERS AND CERTIFIED PERSONS (SM&CP) REGIMES: IMPLICATIONS FOR INTERNAL AUDIT
1 SENIOR
MANAGERS REGIME
2 CERTIFICATION REGIME
3 CONDUCT RULES
KEY TASKS (CONT’D)
KEY DATE
Senior Manager & Certified Persons (SM&CP) Regime
Commencement Date
7 March 2016
• Certifying Employees Certify SMFs as ‘fit and proper’ by 7 March 2016 and then individuals falling within the Certification Regime by 7 March 2017.
• Bespoke Training Individuals who are subject to the SMR or the CR will be subject to the new Conduct Rules from the commencement of the new regime on the 7 March 2016. Firms then have until 7 March 2017 to prepare for the wider application of Conduct Rules to other relevant staff.
• Grandfathering Arrangements Notify the regulators of the names and roles of individuals who are subject to the SMR by 8 February 2016 (i.e., Grandfathering Notification (including Statements of Responsibilities and Firm Responsibilities Maps), after which the FCA will publish the names of Senior Managers in its register.
S T R I C T L Y P R I V A T E A N D C O N F I D E N T I A L
FUTURE PUBLICATIONS
115
SENIOR MANAGERS AND CERTIFIED PERSONS (SM&CP) REGIMES: IMPLICATIONS FOR INTERNAL AUDIT
1 SENIOR
MANAGERS REGIME
2 CERTIFICATION REGIME
3 CONDUCT RULES
DEVELOPMENTS
• Winter 2015 Final Rules on incoming branches of overseas firms.
• Pre March 2016 Final Rules on inclusion of wholesale activities in the Certification regime.
Final Rules on Regulatory references.
S T R I C T L Y P R I V A T E A N D C O N F I D E N T I A L
CONCLUSIONS
116
SENIOR MANAGERS AND CERTIFIED PERSONS (SM&CP) REGIMES: IMPLICATIONS FOR INTERNAL AUDIT
1 SENIOR
MANAGERS REGIME
2 CERTIFICATION REGIME
3 CONDUCT RULES
It’s not just about Instilling individual ‘Accountability’ within the organisation
Demonstrating that the ‘right culture’ is embedded and permeates throughout the whole organisation.
Demonstrating that we have the right balance between what individuals are doing (i.e., generating revenue, margin, shareholder return in a financial sense) and how they are behaving (i.e., relationship with clients, counterparties and internal stakeholders).
Link between SM&CP Regime and Remuneration Code
S T R I C T L Y P R I V A T E A N D C O N F I D E N T I A L
117
BFSS/IIA Annual Conference 2015
The changes, the challenges, the new focus of Institute
support
11 November 2015
Role of internal audit in outsourcing
and contract management - key
lines of questioning
Papiya Chatterjee
11 November 2015
The role of internal audit in
outsourcing
• Trends, benefits and challenges of outsourcing
• The need to provide assurance
• Case studies
Outsourcing – the drivers
Outsourcing – be aware of the
risks
Regulatory expectations
IIA report - case studies
The role of internal audit
• Early involvement of internal audit.
• Assess how well risk is being jointly considered between the
customer organisation and the provider.
• Audit coverage is commensurate with the scale, nature and
number of contracts.
• Team - multidisciplinary and some contract management
background.
• Benchmarking supplier/contractor performance to drive overall
improvements.
• Co-ordinate assurance properly.
• Invoke the right to audit clause when necessary.
• Complement a systems-based approach with an element of
substantive testing.
Case study - Crossrail
• Integrated assurance
• Benchmarking providers
Header here max 30 characters Are Tier 1 contractors getting better?
Ave R4
High Performance
Performance Level
OUTPUTS Performance Risk
Pe
rfo
rman
ce L
eve
l
INP
UTS
Hig
h P
erf
orm
ance
P
erf
orm
ance
Ris
k
3
2
1
0 1 3 2
World Class Zone Value Added Zone
Indicative average compliance line
Ave R3
Ave R2
Ave R1
Best Collective Score R4
Case study – Ministry of
Justice
key areas for improvement Internal audit’s tiered approach
An increased Internal Audit coverage Tier 1 is a desktop assessment of all
contracts with annual spend above
£10 million using the National Audit
Office contract management
framework
A change in the methodology applied Tier 2 is a systems-based review with
the inclusion of substantive testing
A greater rigour in following up
recommendations and escalating
concerns
Tier 3 is a more detailed forensic
review
Concluding thoughts
• Outsourcing the service does not outsource the risk
• Big risks associated with outsourcing
o Poor relationship and interaction with contractor.
o Inconsistent approach to day-to-day contract management.
o Third party provider ethical/cultural issues.
• Internal audit has a key role to play
o Strategic intent and feasibility.
o Implementation and management.
o Contract management arrangements.
If you want to know more…
• https://www.iia.org.uk/policy/publications/outsourcing-and-the-
role-of-internal-audit/
Cyber Security
Glenn Bluff
Associate Director – Cyber Security and Privacy Services
Business Risk Services
Grant Thornton
© 2015 Grant Thornton UK LLP. All rights reserved.
Biography and Background
Glenn Bluff
Associate Director
Cyber Security and Privacy Services
Business Risk Services
Grant Thornton
© 2015 Grant Thornton UK LLP. All rights reserved.
1. Leapt up the risk table with 500 Global Risk Managers
to 2nd and 3rd place (Source: Allianz Risk Barometer)
2. Recent examples: Sony, Talk Talk
3. Malware malicious software increased 400% since
2012
Reputation and Brand Value
So what has this got to do with Cyber Crime?
© 2015 Grant Thornton UK LLP. All rights reserved.
All it takes is one major issue and your business
reputation and brand value is destroyed
Everything!
© 2015 Grant Thornton UK LLP. All rights reserved.
What does it mean?
"Any crime that involves a computer and a network.
The computer may have been used in the
commission of a crime, or it may be the target."
- Wikipedia 25/04/2015
Cyber Crime
Let's look at a recent case that's still in the
news
© 2015 Grant Thornton UK LLP. All rights reserved.
1. What happened
2. Impact
- Loss of Customer data
- Client confidentiality compromised
- Some clients suffer loss
- Reputation and Brand
3. What could they have done better?
Case Study: Talk Talk
Let's take a step back…
© 2015 Grant Thornton UK LLP. All rights reserved.
Traditional response by audit:
The traditional response has been to audit the
standard ITGC controls:
Access Management, Change Management,
Development, Backup and Recovery.
© 2015 Grant Thornton UK LLP. All rights reserved.
The Cyber Security risk base is changing. The
biggest risk is the low frequency but high reward
targeted attack or Advanced persistent threat
(APT). The traditional response is no longer enough.
Other Examples:
HSBC data theft – Geneva
Carbanak attack - £650m stolen
Stuxnet
© 2015 Grant Thornton UK LLP. All rights reserved.
Traditional response by audit:
Anti virus
Patching
IDS
IPS
Firewalls
Access
Management
Baseline Build
Firewall / router Configuration
OS Configuration Application Controls
Change control
© 2015 Grant Thornton UK LLP. All rights reserved.
Traditional response by audit:
Anti virus
Patching
IDS
IPS
Firewalls
Access
Management
Baseline Build
Firewall / router Configuration
OS Configuration Application Controls
Change control
Targeted attacks
are designed to
bypass the
standard controls.
© 2015 Grant Thornton UK LLP. All rights reserved.
1. Need to do more than traditional audit work
2. Need to ensure experts are employed
3. Key Areas of internal control
Cyber Crime Prevention and Detection
© 2015 Grant Thornton UK LLP. All rights reserved.
1. Cause damage or disrupt
2. Obtain data
3. Amend data
Split into 3 main areas:
© 2015 Grant Thornton UK LLP. All rights reserved.
Deeper response by audit requiring
specialist knowledge:
To use specialist knowledge to validate
the configuration and setup of technical
elements
In addition to preventative controls,
detective controls need to be effective.
© 2015 Grant Thornton UK LLP. All rights reserved.
Deeper response by audit requiring
specialist knowledge:
Baseline Build
Infrastructure Technical Configuration
Monitoring Systems
Reporting Systems
Encryption and Key Management
Advanced network rerouting (DNS),
© 2015 Grant Thornton UK LLP. All rights reserved.
Deeper response by audit requiring
specialist knowledge examples:
DDoS review
Active Directory Job / Batch Scheduling
Encryption / Certificates
Incident alerting /
monitoring information
File Transmission /
Messaging
© 2015 Grant Thornton UK LLP. All rights reserved.
1. Better Monitoring and Testing controls
2. Classification of data that link to the Monitoring
control policy
3. Resolution of issues identified
Back to the Case Study: Talk Talk
What could they have done better?
© 2015 Grant Thornton UK LLP. All rights reserved.
Is it just State sponsored? OFF THE SHELF.
1. Malware, attack kits, and vulnerability information off the shelf.
2. Crimeware as a service
3. A drive-by download web toolkit, which includes updates and 24/7
support!
(The online banking malware SpyEye (detected as Trojan.Spyeye)
is offered from $150 to $1,250 on a six-month lease, and DDoS
attacks can be ordered from $10 to $1,000 per day)
4. Designer software
Preparation
© 2015 Grant Thornton UK LLP. All rights reserved.
Targeted attacks. How to look for and detect the
unusual. Potential Audits:
1. Phishing Education
2. DDoS Audit.
3. Detect and response.
Just buying the software is not enough, you need to configure and
analyse the results.
4. Threat knowledge and intelligence. Do you receive regular intelligence
on the latest threats? (Dell secure works) How do you mange intelligence?
© 2015 Grant Thornton UK LLP. All rights reserved.
1. Keep up to date with threats and vulnerabilities and look
external
2. IT, the Business and Security functions know how to
respond and can detect unusual behaviour even if we cannot
prevent it.
3. Audit functions need a more detailed set of audits focused
not just on technical prevention but on detection.
Conclusion
© 2015 Grant Thornton UK LLP. All rights reserved.
Questions?
Glenn Bluff
Associate Director
Cyber Security and Privacy Services
Business Risk Services
Grant Thornton
Copyright © 2015 Deloitte Development LLC. All rights reserved. 151 Human Capital Trends 2015
Private Sector Webinar 2015 UK Human Capital Trends
Leading in the new world of work
Copyright © 2015 Deloitte Development LLC. All rights reserved. 152 Human Capital Trends 2015
Copyright © 2015 Deloitte Development LLC. All rights reserved. 152 Global Human Capital Trends 2015
Barriers
between
work
and life
dissolve
Talent
in high
demand
Millennials
make up
50% of
workforce
Global
transparenc
y
in job
market
Copyright © 2015 Deloitte Development LLC. All rights reserved. 153 Human Capital Trends 2015
3,300+ Business and
HR leaders
106 countries
Global Human Capital Trends 2015
One of the
largest-ever longitudinal
global talent studies
Unless otherwise cited, all data referenced in this presentation is from
the Global Human Capital Trends 2015 survey.
Copyright © 2015 Deloitte Development LLC. All rights reserved. 154 Human Capital Trends 2015
Global Human Capital Trends 2015
LEADERSHIP
Why a perennial issue? LEARNING AND
DEVELOPMENT
Into the spotlight
LEADING
CULTURE AND
ENGAGEMENT
The naked organization
PERFORMANC
E
MANAGEMENT
The secret
ingredient
WORKFORCE
ON DEMAND
Are you ready?
ENGAGING
REINVENTING HR
An extreme makeover
PEOPLE DATA
EVERYWHERE
Bringing the outside
in
HR AND PEOPLE
ANALYTICS
Stuck in neutral
REINVENTING
MACHINES AS
TALENT
Collaboration, not
competition
SIMPLIFICATION
OF WORK
The coming revolution
REIMAGINING
Copyright © 2015 Deloitte Development LLC. All rights reserved. 155 Human Capital Trends 2015
Performance management
People data everywhere
Machines as talent
54
40
39
Learning & development
Reinventing HR
HR & people analytics
Simplifying work
63
60
59
68
Leadership
Culture & engagement
Workforce capability
77
74
69
% VERY
IMPORTANT
46%
42%
34%
36%
0 10 20 30 40 50 60 70 80 90 100
30%
23%
23%
20%
8%
9%
10 human capital trends for 2015
Copyright © 2015 Deloitte Development LLC. All rights reserved. 156 Human Capital Trends 2015
LEADERSHIP
Why a perennial issue?
• Need to focus on
developing leaders at all
levels
• Commitment to leadership
development needs to start
from the top
• Develop a leadership
framework for assessment,
development and coaching
and ensure it is clearly
linked to business
outcomes
• Treated as short-term
training instead of a strategic
initiative
• Weak leadership pipeline,
driven by a lack of leadership
accountability for identifying
and developing successors
• Leadership for the few, not
the many. Companies tend to
primarily focus on developing
leaders at the Executive level
Pressuring
challenges:
Where to focus:
86% see leadership shortfalls as a top-5 issue
Copyright © 2015 Deloitte Development LLC. All rights reserved. 157 Human Capital Trends 2015
CULTURE AND ENGAGEMENT
The naked organisation
• Create meaningful
work, deep engagement,
and job fit
• Make engagement a top
corporate priority – it
needs to be the no. 1 job for
leaders
• Listen to Millennials, as
their needs and values will
shape the organisation’s
culture in the next 10 years
• Employees are now more like
customers. Websites like
Linkedin make it easier for
employees to learn about new
job opportunities
• Leaders lack an
understanding of culture and
struggle to define and
disseminate it
• Employee motivations have
changed – there is a new focus
on purpose, mission, and work-
life integration
42% say the problem is “very important”– double the 2014 percentage
Pressuring
challenges:
Where to focus:
Copyright © 2015 Deloitte Development LLC. All rights reserved. 158 Human Capital Trends 2015
REINVENTING HR
An extreme makeover
• Align HR capabilities
with business goals
• Redesign HR with a focus
on consulting and service
delivery, not just efficiency
of administration
• Invest in HR development
and skills, with a focus on
capabilities such as
business acumen,
consulting and HR
analytical skills
• Traditional HR practices are
undergoing radical change,
forcing HR to throw away the
old playbook and deliver more
innovative solutions
• The move to the global
business services model and
the use of cloud technology is
on the rise
• HR is being redefined
as an enabler and builder
of talent
Pressuring
challenges:
Where to focus:
30% see an urgent need to reskill the HR function
Copyright © 2015 Deloitte Development LLC. All rights reserved. 159 Human Capital Trends 2015
SIMPLIFICATION OF WORK
The coming revolution
• Redesign work to focus
on what matters
• Invest in more
integrated, simple
technology
• Reduce the number of
emails, meetings, and
conference calls
• Make simplification a
priority - implement
design thinking and
process simplification
• Technology and globalisation
creating overwhelmed
employees
• Family, and work are all
blending together as our
mobile devices deliver constant
access to work information
• Business and HR processes
and systems have become
overly complex
Pressuring
challenges:
Where to focus:
63% see need to simplify work; 23% say need is very important
Copyright © 2015 Deloitte Development LLC. All rights reserved. 160 Human Capital Trends 2015
MACHINES AS TALENT
• Explore and learn about
how cognitive technologies
can impact business, jobs,
and productivity
• Stay vigilant for
opportunities to apply
technology
• Find opportunities to pilot
cognitive technologies
and present leaders with
options for creating value
with them
• Increasing power of
computers and software to
perform cognitive tasks
• Poor understanding at the
leadership level of how
cognitive computing will impact
the workforce
Pressuring
challenges:
Where to focus:
Collaboration, not competition
37% say that cognitive technology at work is important or very important
Copyright © 2015 Deloitte Development LLC. All rights reserved. 161 Human Capital Trends 2015
“Softer” areas
such as culture and engagement, leadership, and
development have become urgent
priorities
Leadership
and learning have dramatically
increased in importance, but
the capability gap is widening
HR organisations and HR skills are not keeping up with business
needs
Talent and
people analytics are a high priority and a tremendous
opportunity, but progress is slow
Simplification
is an emerging theme; HR is
part of the problem
6 KEY FINDINGS
HR technology systems are a
growing market, but their promise may be largely
unfulfilled
Human Capital Trends 2015 Copyright © 2015 Deloitte Development LLC. All rights reserved. 161
Copyright © 2015 Deloitte Development LLC. All rights reserved. 162 Human Capital Trends 2015
This publication contains general information only and Deloitte is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or
services.
This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or
taking
any action that may affect your business, you should consult a qualified professional advisor.
Deloitte shall not be responsible for any loss sustained by any person who relies on this publication.
As used in this document, "Deloitte" means Deloitte Consulting LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte
LLP
and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.
Copyright © 2015 Deloitte Development LLC. All rights reserved.
Member of Deloitte Touche Tohmatsu Limited
BFSS/IIA Annual Conference 2015
The changes, the challenges, the new focus of Institute
support
11 November 2015