Corporate governance aspects of CRD IV
Corporate governance systems of Financial Conduct Authority (FCA) or Prudential Regulation Authority (PRA) regulated firms will be subject to scrutiny with the implementation of the Capital Requirements Directive IV (CRD IV). New rules on corporate governance are in the FCA's and PRA's handbook: Senior Management, Systems and Controls Manual (SYSC) and have been effective from 1 January 2014 (except for rules of permitted number of directorships). Remuneration issues are not considered in this update.
Which firms will be impacted?
UK banks, building societies and investment firms as defined in MiFID (whether regulated by the FCA or PRA-designated investment firms). The FCA is the competent authority for nearly all investment firms, while the PRA is responsible for credit institutions (banks and building societies) as well as investment firms "designated" for prudential supervision by the PRA.
Impact of the new rules
The new rules will impact management bodies within firms within scope. The rules aim to combat the perceived failure by management bodies to exercise sufficient risk oversight and establish appropriately strong risk management functions. Some changes impact all firms and others only "significant" firms.
What is a "significant" firm?
Some CRD IV policies only apply to institutions which are "significant in terms of size, internal organisation and nature, scope and complexity of their activities". The FCA provides a form of methodology to determine if a firm is "significant" – based on quantitative tests of balance sheet assets, liabilities, annual fee commission income, client money and client assets. The PRA provides no such guidance other than referring to relevant rules in SYSC. In the absence of supervisory guidance it will be for firms to assess whether they are "significant". Firms not within the definition of "significant" can voluntarily comply. Of the FCA's 2,400 firms subject to current CRD rules, the FCA expects only 80 firms to be "significant". However, the FCA does have the power to require a firm not within scope to comply with the requirements for "significant" firms.
Corporate governance requirements for all firms
- Separation of role of chair and CEO – unless justified and authorised by obtaining a waiver of the relevant SYSC rule, and the regulator may give this in only exceptional circumstances.
- Members of the management body are to be of sufficiently good repute, and should possess sufficient knowledge, skills and experience not only to perform their duties but also to ensure independence of mind to effectively assess and challenge the decisions of senior management. Members are to act with honesty, integrity and independence.
- The management body will be required to possess adequate collective knowledge, skills and experience to understand the main risks arising from the activities across the firm as a whole.
- Members of the management body are required to commit sufficient time to perform their functions, and there are limits placed on the number of directorships and non-executive directorships (NEDs) a director of the management body can hold. There are specific limits for directors of "significant" firms (see below).
- The firm must devote adequate resources to the induction and training of members
- The management body is responsible and accountable for the implementation of the governance systems, including segregation of duties within the organisation and prevention of conflicts of interest.
Additional requirements for "significant" firms
- Establish a separate independent risk committee composed of NEDs to advise the management body on the firm's overall current and future risk appetite and strategy and assist in a risk oversight role – although the management body will remain ultimately accountable. Non-significant firms may combine the role of the risk committee and the audit committee.
- Establish an independent nomination committee composed of NEDs. When recruiting members to the management body, firms must consider a broad range of qualities and competences, including diversity. The committee must decide on a target for the representation of the underrepresented gender on the management body and prepare a policy on how to meet it. The committee is responsible for evaluating (at least annually) the composition of the management body, as well as assessing the knowledge, skills and experience of the individual members. The PRA expects the majority of firms who are "significant" to already have a nomination committee, but changes will be required if the committee is not composed solely of NEDs.
- Effective from 1 July 2014, members must not hold more than one of a specified combination of directorships (including directorships held outside of financial services) in any organisation at the same time – one executive directorship and two NEDs or four NEDs.
- Establish an independent remuneration committee composed of NEDs.
- Risk management function is to be independent from operational functions and to be headed by an independent senior manager with distinct authority from the function, as well as being granted sufficient authority, stature, resources and access to the management body.