8 October 2020
In a continuing effort to improve conduct, integrity and public confidence in financial and insurance markets, the Monetary Authority of Singapore (MAS) recently announced the Individual Accountability and Conduct Guidelines (the Guidelines).
While they establish a total of five outcomes that have to be achieved, arguably the most conspicuous is that senior managers will become personally accountable for the conduct of business and the actions of employees in their area of responsibility.
All affected institutions have until 10 September 2021 to achieve the five outcomes. It would be prudent not to delay the extensive work involved addressing the far-reaching implications of the Guidelines, which will have consequences at all levels of the organisation.
Who is affected?
With very limited exceptions, all financial institutions regulated by the MAS will be affected. This includes insurers, reinsurers, insurance brokerages and banks.
Contrary to some of the earlier consultation papers, there is no exemption for smaller institutions. Those with fewer than 50 employees must still achieve the outcomes, but are free to dispense with the specific implementation guidance within the Guidelines. Other organisations must be able to justify not applying the specific guidance, if they have dispensed with it, and demonstrate how they have achieved the outcomes by other means.
If the MAS detects any shortfalls in achieving the objectives in any institution, including one with fewer than 50 employees, it may require adoption of the specific guidance.
The Guidelines also apply on a group basis for Singapore-incorporated insurers and banks, as well as approved exchanges and approved clearinghouses that are operated as a single group. This means they also apply, to varying degrees, to significant local and overseas subsidiaries and branches of those banks and insurers. ‘Significance’ in proportion to the corporate group is covered by a range of metrics, including profitability, assets, revenue, number of employees, etc. Essentially, if a subsidiary or branch is significant enough to have a bearing on the corporate group’s safety and soundness, it should be considered subject to the Guidelines.
No exemptions from the Guidelines are created for institutions which may already be subject to similar regimes overseas – for example, the UK’s SM&CR and Hong Kong’s Manager-In-Charge regime. Institutions should also not fall into the trap of assuming that this is ‘just the SM&CR all over again’ in Singapore. The Guidelines contain several important differences.
What outcomes have to be achieved?
1. Senior managers have to be identified.
These are the people principally responsible for day-to-day management of the institution.
Examples of senior managers are within a non-exhaustive list in Annex B to the Guidelines and include, for example, the Heads of Business Functions, Head of Compliance, Head of Human Resources, Head of Information Security, Head of Internal Audit, Chief Executive Officer, Chief Financial Officer, Chief Operating Officer, Chief Risk Officer, Chief Data Officer, Chief Information Officer, Appointed Actuary and the Head of Financial Crime Prevention.
Where nobody within the institution actually holds a particular title within Annex B, but the role is relevant to the management of the institution’s affairs, there should be an assessment of who is performing the role in practice and consideration should be given to allocating the title to that person.
Location is irrelevant – senior managers may be located inside or outside of Singapore. The CEO of a significant overseas subsidiary of a bank or insurer is, for example, specifically named in the Guidelines as a senior manager under the designation ‘head of business function.’
Non-executive directors are not senior managers.
2. Senior managers must be fit and proper for their roles, and be responsible for the actions of employees and conduct of business in their area of responsibility.
3. The governance structure must support the senior manager in performing their role, and carrying out their responsibilities. There needs to be a clear and transparent management structure and reporting relationships.
Objectives 2 and 3 are combined within the Guidelines.
The institution must conduct adequate due diligence on the fitness and propriety of senior manager candidates before their appointment, and on an ongoing basis after appointment – at least annually.
The institution also needs to ensure the senior manager is accountable, both for the team and conduct of business within their area of responsibility. Among approaches that can be considered, the senior manager’s promotion prospects and variable elements of remuneration could be influenced by non-financial key performance indicators (KPIs), and by any risk management or control lapses; adverse internal audit findings; customer complaints; and other poor conduct in their area of responsibility.
Further, the institution must establish and record the specific roles and responsibilities of senior managers, and the overall management structure, including reporting relationships among senior managers and management committees, between senior managers or management committees and the board, and across entities within the group.
Accurate and comprehensive recording is expected. Unlike certain other senior manager regimes around the world, no related submissions on this point are required by the MAS. Senior managers should be informed of their areas of responsibility, and should acknowledge them.
Any arrangements that may undermine the accountability of senior managers – such as insurance or other indemnity arrangements – are discouraged.
In practice, establishing the roles and responsibilities of senior managers can be a very time-consuming process, since responsibilities of existing senior managers may overlap or have been inadequately described and delineation is needed. This can mean, for example, rewriting job descriptions and reporting lines, and associated discussions and negotiation with senior managers.
Likewise, ensuring the senior manager is accountable for the actions of their team and the conduct of business will frequently be tied to remuneration, performance evaluation and promotion prospects, and that may again require significant and sensitive discussions and negotiation with existing staff.
4. ‘Material Risk Personnel’ must be fit and proper for their roles, and be subject to effective risk governance and standards of conduct. Their remuneration and incentive structures must also be appropriate.
These are individuals who are not senior managers, but who have the authority to make decisions or conduct activities that can significantly impact the institution’s safety and soundness, or cause harm to a significant segment of its customers or other stakeholders. These might, for example, include staff permitted to underwrite or approve insurance policies or claims beyond a certain risk limit.
Basically, given the nature of their roles, the institution must subject MRPs to higher conduct standards and more stringent oversight compared to regular employees.
The practical process will typically be similar to that for senior managers:
(i) identify them and record this – again, location is irrelevant: MRPs can be located in Singapore or overseas;
(ii) assess their fitness and propriety prior to appointment and ongoing thereafter, at least annually, proportionately to their roles;
(iii) develop risk governance policies and set standards of conduct – for example, appropriate mandates and decision-making limits, but also provide sufficient authority so that they are able to properly and independently perform risk management or control functions;
(iv) set an appropriate incentive structure for correct conduct, in relation to remuneration, promotion and performance evaluation.
5. In general, the organisation must have a framework that encourages desired conduct among all employees.
There are basically four steps – establish the standards, communicate them, enforce them and engage with key stakeholders in relation to them:
(i) set standards of conduct expected of all employees, including on honesty and integrity; due care and diligence; treating customers fairly; management of conflicts of interest; competence and continuous development; risk management and compliance;
(ii) communicate the expected standards of conduct, by codes of conduct, training and sharing of lessons learned where misconduct has occurred;
(iii) enforce the expected standards of conduct, such as by monitoring, reporting and escalation; appropriate incentive structures; investigations and disciplinary procedures (consequence management systems); formalised whistleblowing programmes;
(iv) engage with key stakeholders, including policyholders, investors, corporate and institutional clients, shareholders and regulators to ensure the transparent and timely communication of relevant material information in relation to these standards of conduct.
Adequacy and effectiveness of the conduct framework should be regulatory reviewed, taking into account any gaps between observed behaviours and the desired standards of conduct.
Notification requirements
The Guidelines indicate that the board and senior management should notify the MAS:
(i) immediately upon becoming aware of any material adverse developments (misconduct, risk management lapses or legal/regulatory breaches among them) that have the potential to cause widespread disruption to day-to-day operations, services or activities, and/or significantly impact upon the institution’s customers and other stakeholders, or the safety and soundness of the Singaporean financial system;
(ii) in a timely manner, of any information that may have a material negative impact on the fitness and propriety of senior managers or MRPs.
We can partner with you on your implementation of the Guidelines in a range of ways, including advising on what exactly you need to do to comply, undertaking ‘readiness’ audits, assisting in developing your implementation plans and providing implementation support and training.
For further information, please contact:
Jonathan Goacher, Partner, Hill Dickinson
jonathan.goacher@hilldickinson.com