Oh, Behave: the Regulation of Financial Conduct and Individual Accountability in Singapore and the UK

As a global financial centre, Singapore has long been concerned with regulating the activities, actors and architecture of its financial sector. This piece provides an overview of the Guidelines on Individual Accountability and Conduct (the "Guidelines"), one of the country's recent regulatory initiatives. It also compares the Guidelines with its British counterpart, the UK Senior Managers and Certification Regime (the "Regime") and draws out some lessons learned from the Regime which those who will be subject to the Guidelines may find useful.

Context, culture and conduct

In the aftermath of the financial crisis of 2007-2008, financial regulators around the world focussed on the culture of financial institutions, as well as instances of misconduct within them. As the crisis subsided, several countries established regulatory regimes designed to address these issues. The UK established its Regime in 2016, with Hong Kong and Australia following suit.

Singapore will join this select group in September 2021, when its Guidelines are scheduled to come into effect. The country's financial regulator, the Monetary Authority of Singapore ("MAS"), has in recent years been focusing on "culture and conduct" with a view to achieving two key outcomes:

• ethical business practices that safeguard customers' interests and ensure fair treatment; and
• prudent risk-taking behaviour and robust risk management that support financial institutions' safety and soundness.

These efforts have led to the MAS' issuance of the Guidelines, alongside a Frequently Asked Questions document (the "FAQs") and a high-level infographic on them.

The Singapore Guidelines

The Guidelines set out five "accountability and conduct Outcomes" that financial institutions should achieve:

• Senior managers responsible for managing and conducting financial institutions' core functions are clearly defined.
• Senior managers are fit and proper for their roles and held responsible for the actions of their employees and the conduct of the business under their purview.
• Financial institutions' governance framework supports senior managers' performance of their roles and responsibilities, with a clear and transparent management structure and reporting relationships.
• Material risk personnel are fit and proper for their roles, and subject to effective risk governance, and appropriate incentive structures and standards of conduct.
• Financial institutions have frameworks that promote and sustain among all employees the desired conduct.

The Guidelines expand on these Outcomes by setting out the purpose of, and specific guidance for, each. The FAQs provide further detail, while the infographic notes that achieving the Outcomes involves financial institutions assessing whether they meet them, adopting appropriate measures, and reviewing the effectiveness and adequacy of those measures.

The Guidelines are applicable to all MAS-regulated financial institutions with the exception of certain statutorily-exempt categories that broadly concern specialised types of financial institutions. That being said, the Guidelines have a substantial degree of flexibility built into them. For example, financial institutions with a headcount of fewer than 50 "should still achieve the five Outcomes, but will not ordinarily be expected to adopt the specific guidance described in the Guidelines". Meanwhile, financial institutions with a larger number of employees may choose "not to adopt specific guidance they have assessed to be irrelevant to their businesses".

Financial institutions that do not adopt the Guidelines' specific guidance "should be prepared to justify their decision and demonstrate how they achieve the relevant Outcomes through other means". Moreover, the MAS may require financial institutions to adopt specific guidance where it feels there are "potential gaps in accountability and oversight, or when necessitated by the nature and complexity of the [financial institution's] operations".

The Guidelines do not contain an enforcement mechanism of their own, although they state that MAS will take enforcement action against financial institutions and individuals as necessary. The MAS has its own Enforcement Department and regularly works with other law enforcement agencies on this and other enforcement purposes. Potential enforcement outcomes include investigations, financial penalties, licence revocations, civil actions and criminal prosecutions.

The UK Regime

The UK Regime was first introduced for banks, building societies, credit institutions and large investment firms in 2016. It was subsequently rolled out to (re)insurers in December 2018 and most other financial services firms in a phased approach completed by March 2021. The Regime is structured so that individuals must take greater responsibility for their actions. This, in turn, should make it easier for both firms, and regulators, to hold individuals to account.

Key aspects of the Regime include:

• Senior Managers Regime: A person who performs a designated "Senior Management Function" must be approved by the relevant UK regulator, the Financial Conduct Authority ("FCA") or the Prudential Regulation Authority ("PRA"). All firms except for Limited Scope Firms are required by the regulators to allocate certain "Prescribed Responsibilities" to particular senior managers. This ensures that someone is ultimately responsible for key responsibilities.
• Statement of Responsibilities: To ensure individual accountability, all applications to the regulators for approval as a senior manager must contain or be accompanied by a Statement of Responsibilities which clearly sets out the areas for which each senior manager is responsible.
• Duty of Responsibility: Every senior manager also has a "Duty of Responsibility", meaning if there is a breach of a regulatory requirement in an area for which they are responsible, the regulators can consider whether the relevant senior manager took reasonable steps to stop this from happening (and potentially take action against the individual if not).
• Management Responsibility Map: These are required of larger firms and must describe the firms' management and governance arrangements. Their key purpose is to ensure the allocation of responsibilities across a firm's senior managers does not have any gaps in accountability and the firm has a clear organisational structure.
• Conduct Rules: High level standards of conduct apply to all senior managers and most employees involved in the financial services activities of regulated firms. Additional Conduct Rules apply to senior managers. The Conduct Rules aim to improve individual accountability and awareness of conduct issues across firms. Firms are obliged to train their employees in the Conduct Rules.

Enforcement of the Regime can be by one, or a combination, of regulatory actions taken by the regulators against:

• a firm for breaching its regulatory obligations;
• a senior manager for failing to take reasonable steps under the Duty of Responsibility;
• an individual who was "knowingly concerned" in a breach of a regulatory requirement by their firm; and
• an individual found to be directly liable under a breach of the Conduct Rules that apply to them.

Sanctions for regulatory enforcement action against individuals can include public censure, imposing conditions on the individual's ability to work in certain roles, withdrawal of approval to hold a senior manager position and/or financial penalties.

The regulators will always consider the facts and circumstances of each individual case before proceeding with enforcement action. However, senior managers in particular may need to evidence those circumstances. Therefore, senior managers of financial services firms in the UK now conduct themselves with a greater degree of diligence in evidencing the "reasonable steps" they have taken to discharge their responsibilities effectively and effectively oversee delegation.

How has the UK Regime fared so far?

Despite the UK Regime having been in force since 2016, the regulators do not appear to be using it as widely as was first envisaged. Data released by the FCA in response to Freedom of Information Act requests shows that, from the introduction of the Regime in March 2016 to February 2021, the FCA opened 46 investigations and closed 15 without action. In January 2021, it disclosed that 30 investigations remained active against senior managers and, as at September 2020, it had only issued a penalty under the Regime on one occasion (although this was for breach of a Conduct Rule, and not a breach of the Duty of Responsibility, so does not shed light on the FCA’s approach to the latter).

That is not to say, however, that the regulators are not pursuing individuals for misconduct in other ways: in 2019, six individuals were fined just over £80 million by the FCA, with one fine of £76 million constituting the vast majority of this total. In 2020, this dropped to just one fine of £100,000 against one individual, although this is not reflective of the FCA’s usual activity: it had meted out far fewer fines in 2020 overall due to the challenges caused by the Coronavirus pandemic. For 2018, the total value of fines was just under £1.4 million for eight individuals, which is more in line with the FCA’s usual level of penalties levied against individuals.

Looking ahead, there are indications that actions against individuals under the Regime are likely to rise. The FCA itself stated in its Annual Report published in September 2020 that the impact of the Regime will be “felt more widely” now that it has been extended to almost all firms the FCA regulates. The pandemic may give the FCA cause to put these words into action, having posed a challenge to the operational resilience of financial services firms. The FCA’s then interim Chief Executive, Christopher Woolard, has described the pandemic as the “first real test” of the Regime.

The FCA has also been clear in recent years that misconduct by an individual need not be financial misconduct for it to take action (“non-financial misconduct is misconduct, plain and simple”, as stressed by Christopher Woolard, then holding the post of the FCA’s Executive Director of Strategy and Competition, in a speech in December 2018). To date the FCA has banned four individuals for non-financial misconduct. These actions by the FCA were not under the Regime, but rather on the statutory basis that the individuals in question were not fit and proper to hold their roles. However, we may see more action under the Regime in this space going forward.

So, although enforcement action under the UK Regime has been somewhat slow off the mark, there are signs that it will pick up pace going forward.

Are there any lessons that senior managers in Singapore can learn from the experience of senior managers in the UK?

As stated above, under the Duty of Responsibility within the Regime, a senior manager can be held accountable if they failed to take such steps as they could reasonably be expected to have taken to prevent a breach of regulatory requirements in the area(s) for which they are responsible.

A similar obligation to the Duty of Responsibility rests on senior managers under the Guidelines: in determining whether, and to what extent, a senior manager might be accountable for misconduct committed by employees under his/her purview, factors such as whether the senior manager could reasonably be expected to have taken adequate steps to address the issue, should be taken into consideration (see Q14 of Section III of the FAQs).

Although it is not possible to draw up an exhaustive list that will cover every situation, in our experience there are certain generally applicable steps which can be built into systems, controls and processes, to help a senior manager discharge the duty and take reasonable/adequate steps to prevent breaches of regulatory requirements in the area(s) for which they are responsible. For example, senior managers can take reasonable steps to:

• assess areas of vulnerability within their area(s) of the business. This requires them to have an in-depth knowledge of their business area, good communication with staff within that area and, where appropriate, the ability to challenge decisions and processes.
• clearly define the structure of the business, responsibilities of individuals, levels of authorisation of staff, and reporting lines – including dual reporting lines - for staff in their area.
• satisfy themselves that each area of business for which they are responsible has appropriate policies and procedures for reviewing staff competence, knowledge and skills.
• provide and embed procedures for orderly transition and handover when staff in their area are replaced.
• put systems in place to maintain compliance with regulatory requirements for each area for which they are responsible, including:
  • Training: a comprehensive and targeted training programme for all staff within their business area, to embed awareness of the need for compliance and an understanding of what compliance with the relevant regulatory requirements entails.
  • Systems and controls: the business area for which they are responsible should have appropriate operating procedures and systems, with well-defined steps for regulatory compliance and escalation of issues.
  • Dealing with problems: where a senior manager is notified (or otherwise becomes aware of) actual or suspected problems that involve possible regulatory breaches within their area of responsibility, those problems should be dealt with in a timely and appropriate manner.
  • Obtaining legal advice: taking appropriate legal advice if an issue raises questions of law.
  • Adequately consider audit findings: where independent reviews of systems and procedures suggest improvement, unless there are good reasons not to, implementing reasonable recommendations in a timely manner. What is reasonable will depend on the nature of the issue to be addressed and the cost of the improvement.
• The reasonable steps taken by the senior manager should be recorded, so that if necessary, the senior manager is able to prove that he/she has discharged his/her duty.

Firms should also support and assist their senior managers by putting in place support systems, including, for example:

• providing guidance for senior managers on record-keeping;
• providing regular training for senior managers on their responsibilities and on topical regulatory issues; and
• maintaining appropriate and clear escalation procedures so that senior managers are made aware in a timely manner of issues arising within the areas for which they have responsibility and are then in a position to take appropriate action.

In August 2019, the FCA interviewed various leaders of banking organisations, asking them what advice they would give to organisations introducing the Regime. Those interviewed said:

• Try not to view the Regime from a fearful perspective. Although it gives the regulator a much easier way to “hook” individuals when things go wrong, if people are clear about their roles, responsibilities and accountability, even in a complex matrix organisation, it actually improves the quality of the interaction, the discussions and the control over the business, and it ensures people deliver to the best of their ability.
• Effective implementation takes a lot of planning and demands a lot of thought and resources. Fundamentally, this should not be delegated to the compliance, or other, functions of the business, but it must be owned and embraced by the business. It is the business that has to understand the Regime and drive how to best embed it.

These valuable points should be borne in mind by those implementing the Guidelines.

How we can help

Our Investigations, White Collar and Fraud and Banking and Finance teams in Singapore have advised on a wide range of regulatory and compliance matters that have arisen in the financial sector throughout Southeast Asia. Similarly, our Financial Services team in London has a wealth of experience of advising on implementation of the UK Senior Managers and Certification Regime. We would be happy to share our insights with those implementing the Guidelines.

SEA View

Since April 2019, our periodical has featured investigation, compliance, and regulatory developments in Southeast Asia (SEA). Each article showcases our insights on SEA and beyond, liaising with our extensive expertise around the globe. We draw on the firm's market leading practices, including our assembled Global Regulatory team, to lead clients' businesses through challenges encountered in and out of SEA. Find our previous insights here.

Authored by Arwen Handley, Yvonne Clapham, Daniela Vella, Khushaal Ved, and Nicole Lim