Corporate governance is the system of rules, practices and processes by which a company is directed and controlled. For regulated firms, the governance structure is not prescribed, although there are the general requirements under SYSC. Much of “what does good looks like” is based on these relatively general guidelines set out in SYSC.
With the world moving into unchartered territory, regulators still expect firms to be run effectively and efficiently, even when the managers of the business are working remotely. Board meetings need to still take as usual, decisions discussed, actions taken, and outcomes recorded. Firms must be able to demonstrate they have considered the impact of volatile markets and demonstrate that actions taken continue to treat clients fairly, particularly retail clients. The regulators expect businesses to very much continue as usual.
What does good governance look like?
Broadly, good governance means effective oversight, sound decision making, resulting in the reduction of potential harm to consumers and the markets.
Below, we point out areas that firms need to focus on when reflecting on their own governance arrangements.
- Roles and Responsibilities
Firms should ensure that there is a transparent, documented governance framework setting out clear roles and responsibilities.
All employees within the firm should be aware of this governance structure, which includes a suitable escalation procedures for whistleblowing and other reasons. Decisions made need to be discussed and decided by the correct cohort of individuals.
Firms need to ensure that the roles and responsibilities within the firm are well understood, with clear reporting lines. Particularly since overlap and underlap is confusing for employees and can result in inconsistent governance. This is important with respect to the Three Lines of Defence model to ensure that clear responsibility of controls’ ownership by the correct department and mapped to the correct senior manager is in place.
Governance should be appropriate to the size and nature of the firm and should not be too complex nor too simple.
If the firm is a small brokerage in the UK or a multi-national company, with branches in the UK or other parts of the world, governance will look very different from larger more global businesses and so, not all firms will be taking the same approach. It is worth taking time to consider what is required in order to make the right decisions in the right places so that risks can be managed across the Three Lines of Defence in an appropriate and efficient way.
- Management Information (MI)
What story does the MI tell and how does it assist with decision making?
The provision to the Board of timely, accurate, complete and relevant MI by executive management is a fundamental component in supporting its responsibilities. The Chairman and Non-Executive Directors (NEDs) should actively manage the content and frequency of the MI provided and guard against the risk that the amount and nature of the data are such as to be practically unworkable.
Management are expected to be open and transparent with the Board to make sure it is informed about all significant matters it needs to be aware of to operate within its guidelines. Management should not only do this in relation to matters formally reserved for the Board or falling outside the Firm’s risk appetite, but also where, the size, nature or impact of an issue suggest that disclosure or escalation would be appropriate. NEDs must have unrestricted access to employees and information to enable them to carry out their duties.
The Board is responsible for oversight of the business, but not for managing the business (which is the responsibility of the executives).
MI should include a consequences framework, which documents the actions that need to be taken when risk appetite limits or other thresholds are triggered. Other considerations include:
- In order that MI is meaningful there must be quantitative and qualitative evaluation;
- MI should not be reviewed too far after the fact and should be in line with frequency of committee or Board meetings in order that any issues can be dealt with contemporaneously; and
- The information provided needs to be relevant to the specific business.
- Record Keeping
If it is not written down, you could say that it does not exist or was never said. It is therefore important firms not only keep thorough records of Board and committee meetings, to ensure that decisions and details of challenges are recorded, but also ad hoc conversations involving important decisions. Decision making is generally a collective process, and therefore there needs to be clear reference to which individuals were involved in any decision. Under the Senior Managers’ Regime (SMCR) senior managers are required to take “reasonable steps” to control their areas of responsibility and ensure that regulatory breaches do not occur in those areas.
Culture is the habitual behaviours and mindsets that characterise an organisation and is closely inter-twined with governance. To have a good culture a firm needs good governance and to have good governance requires a good culture.
Firms’ culture shapes the outcomes for consumers and markets. As the FCA states in their 2020/21 Business Planit is their aim is to assess and address the drivers of culture within organisations. This includes looking at firms’ leadership, purpose, governance and approach to managing and rewarding their employees.
Over the coming year we will be shifting our focus towards smaller firms. Many, but not all, of the 60,000 firms we regulate are committed to acting in line with our rules and principles. Some are not. We will shift our focus towards those firms that consistently fail to meet our required standards. We will move more swiftly to enforcement action against those that fail to do this and so cause harm.
If there have been issues in the past where there has been regulatory correspondence regarding governance issues, or concerns around the firms’ structure and controls it would be wise for the Board to have a review of the firm’s governance.
An external review, to add a certain degree of independence could ultimately save businesses time and money in the future if the regulator decides to take regulatory action or requests that the firm undertake a Skilled Person Report (section 166). In addition, a pre-emptive course of action by firms is more likely to result in the regulator thinking twice when commencing enforcement action.
Help and Advice
Now is a good time to review your current governance and controls arrangements.
We are able to undertake governance reviews to consider potential weaknesses or room for improvement across the governance and control framework, for example in relation to Board and committee structures, conflicts of interest, outsourcing or product governance.
In addition, we can provide scenario-based test post-reviews to ensure that governance is adequately embedded.