• FSA Library
  • Communication documents
    • Speeches

Speech by Shelia Nicoll, Director, Retail Firms Division, FSA
Cicero conference
17th Sept 2008

I was delighted to be asked to speak today on "Survival in a volatile market."  It is certainly a subject in which we all have more than a passing interest.  Good risk management is vital to survivability.  If you, as NEDs, can properly understand your firm's risks at the right level and can see how these are being managed, then you have a better chance of helping your firm survive until the, "green shoots of recovery" start to sprout.

There are many examples of how poor governance has cost firms far more than external market forces.  I am sure many of you will remember Kidder Peabody.  The head of the government bond trading desk entered into trades which exploited loopholes in the firm's accounting system, artificially inflating profits over three years by $350 million.  Colleagues were suspicious of the extraordinary profit he was making but, to quote subsequent commentary, "He was clearly aided and abetted by a management satisfied enough not to take too close a look as what seemed like a magical source of profits¹; A key lesson from that episode was about what happens when the governance process is not challenging enough.  Directors did not require an investigation of a stream of large unexpected profits.  As a result of the loss of confidence in Kidder Peabody - following the restatement of the results - the firm was sold and dismantled.

We see good governance as being at the heart of good risk management because it is only through having good governance in place that a firm is likely to be both willing and able to face up to its key risks.  A lot has been written about governance systems and processes but  it really all comes down to the people.  Without the right people in key roles, you simply can’t expect even the best processes to function effectively.

Back to top

The FSA’s risk-based approach

Our regulatory philosophy places a great deal of emphasis on governance and, consequently, on the responsibilities of senior management.  Our risk-based regulatory framework is designed to identify the risks a firm poses to our statutory objectives.  Once we've identified the risks, we work with the firm’s senior management to mitigate these risks.  The role of senior management in making sure a firm complies with the FSA’s principles and rules is thus at the heart of our regulatory regime.  The particular nature of controls and corporate governance will, of course, vary according to the size and complexity of a firm’s operations.  But the outcome should always be the same: making sure a firm is effectively managed and that there is an appropriate degree of challenge in the decision making.

The main way we assess the governance arrangements and key aspects of the firm’s control environment is an on-site risk assessment programme - an ARROW² visit.  We will also often have more regular discussions with a firm’s senior management.  I will focus my comments today on three key areas of this programme: the nature of the discussion we have with non-executives during a visit; our focus on governance structures and, finally, how we provide feedback to you.

Firstly, during an on-site visit we usually interview the senior management team, of both the customer-facing businesses and the key control functions.  We will also routinely speak to Non-Executive Directors, particularly if they chair a key committee, such as the Audit Committee.  Although we expect our discussions with Non-Executives to be wide-ranging - given the important role you play - you should note that we do not expect a detailed, executive view of all operations.  Instead, our supervisors are more interested in your perceptions of the firm and what steps you take to satisfy yourself that risks are identified, measured, monitored and controlled. 

The types of issues that could arise during these discussions are:

• whether you, and your fellow Non-Executives, have a good oversight of the risks facing your firm;
• how effective the controls are within the firm;
• the adequacy of the firms infrastructure, including whether the firm's people know which legal entity within a group they are actually operating; and
• what controls there are in place to ensure that business is conducted properly with customers and markets.

Secondly, the governance structure is a key element of the overall assessment.  You should expect supervisors to be looking at how the decisions the Board makes are actioned appropriately.  We are also particularly concerned with the quality of risk assessment and planning.  Well thought out and clearly articulated plans are an important part of managing the business.  If we feel that the governance structure is not good enough, we will expect you to take action to rectify this.  For example, we have asked for changes where there were insufficient NEDs on the Board, or where the calibre/expertise/skills of the NEDs were not good enough.  We exert pressure on executive management to ensure the quality of NEDs.  Conversely we expect those NEDs to challenge the executive, where appropriate.  There are many examples of where FSA actions, following Arrow visits, have led to improvements in management and overall control structure.

Thirdly, each time we undertake a formal on-site assessment of your firm, we will provide the Board with a formal review letter, including a risk mitigation programme, which will detail any actions that need to be taken by your firm.  Our supervision team will also present the findings to your Board, highlighting key messages and answering any questions you may have.

Back to top

In Our View, More Principles Based Regulation is Dependent on Good Governance

At the heart of our commitment to More Principles Based Regulation, is our belief that firms with good governance arrangements can work with principles to determine what it is appropriate for their businesses to do.  Clearly, this does not work without good people, able to interpret principles.

As Hector Sants, our CEO, has noted, "market events over the last year drive home the critical importance of ensuring that a firm's senior managers engage with our regulatory objectives, adjusting approaches to delivery as circumstances change, rather than just focusing mechanically on compliance with prescriptive rules.”  

We see firms who have kept their focus on the high level outcomes - that our principles demand for their particular business - coming through this period rather better than firms who have not.

We remain convinced that one of our main priorities must be making sure that boards and senior management focus clearly on a range of stressed scenarios that could develop, and that they satisfy themselves that they can deal with those scenarios.  A good, simple test is for the board to ensure it understands the circumstances under which their firm would fail, and that it is comfortable that the risk is acceptable.

Boards need to demand relevant information and use it to mitigate these risks.  It is not enough for this risk information to remain in the hands of the specialists.  Those leading a firm must take reasonable steps to understand the risks the firm is running.

Our use of Significant Influence Functions

One of the main ways we try to ensure high quality governance is through approving and holding to account those individuals who undertake governance functions.  Since the FSA was formed, it has required individuals holding positions of significant influence in authorised firms to apply for approval as controlled functions.  I am talking here about roles such as director, non executive director and chief executive.  This helps connect those at the top of a firm or group with the firm's regulatory responsibilities.  In a world in which we rely on those at the top to inculcate cultures which support more principle based regulation, I believe our approval of individuals holding Significant Influence Functions is vitally important.

Our handbook outlines the criteria for approving those in significant influence functions..  Many think of this procedure as being about checks we do about integrity and honesty.  This is certainly an important part of the procedure but it is also about competence. A point to which I will return³.

The fact that we approve individuals in no way alleviates the need for the board, or the committee making recommendations to the board, to exercise due diligence in choosing who to appoint and who to ask the FSA to approve.  Indeed we hope that the fact that the decision of the firm's appointments body will lead to a request for FSA approval will encourage full deliberation as to the merits of different candidates.  FSA supervisers are likely to raise serious questions about the governance of the firm if the governing body puts forward individuals for approval whose quality the FSA doubts.

Our expectations of significant influence function holders are set our clearly in our handbook and are well summarised by our Statements of Principle for Approved Persons:-

1. act with integrity;
2. act with due skill, care and diligence;
3. observe proper standards of market conduct;
4. deal with the FSA and with other regulators in an open and co-operative way;
5. take reasonable steps to ensure that the business of the firm is organised so that it can be controlled effectively;
6. exercise due skill, care and diligence in managing the business of the firm; and
7. take reasonable steps to ensure that the business of the firm complies with the relevant requirements and standards of the regulatory system.

The events of the last year have reinforced our belief that it is right to hold those with significant influence over financial institutions to the high standards set out in our Statements of Principle for Approved Persons.

Back to top

Renewing our approach to Significant Influence Functions

This year we have reviewed how we treat Significant Influence Functions to ensure that, as far as is possible, our regime meets the expectations of stakeholders.  To be clear, our regime cannot be expected to capture all wrongdoers or incompetents.  The main responsibility for policing incomptence and wrongdoing will always lie with the board – if we spot an incompetent or dishonest individual exercising a significant influence function we will ask why the board did not spot it first. 

We are renewing our approach in a couple of ways:-

Firstly, we have made clear that we will be seeking to hold more individuals accountable for wrongdoing at firms.  This follows a study from Deloitte for the OFT which confirmed what we already suspected, that action against individuals has a much greater impact in terms of deterrence than action against firms.  You can expect that, if something goes wrong which we reasonably think shows incompetence or dishonesty on the part of a significant influence holder, then we will look to take enforcement action against him or her. 

Secondly, we plan to interview more of those applying to hold significant influence functions at the largest firms.  We certainly expect that those we interview will go on to be approved - those invited to interview as part of our scrutiny process should not feel that they have been singled out for attention.  We have run pilots and we expect and hope that those we interview will take up their new roles more conscious of their regulatory responsibilities.  You should, however, be clear that FSA approval of significant influence functions is not a "tick box exercise.  "We encourage all firms to take it seriously and ensure that those they put forward are fit for the role for which they are proposed.  We will also be making changes to the Form A which is filled in by firms when applying to have an individual approved, to make clear the prior scrutiny we expect the firm to have applied before an application is sent to us.

Our reasonable expectations of NEDs

I would like to finish with a few words about our expectations of NEDs.  Regardless of the level – firm or group – at which NEDs sit, we think they can play a very valuable role in ensuring that firms are well governed.  In order to do this you need to be not only honest but also competent.  We appreciate that we cannot expect you to have the same grasp of the detail as executives who work full time for a group.  That said, we expect them to ask the challenging questions, to understand the business models and sources of profit in the firm, along with the risks which those entail.  We want to see high quality NEDs committed to ensuring that their firms are run in a high quality fashion.

So, if you agree to be a NED of a regulated firm or a group containing regulated firms, you must expect us to assess your competence and to hold you to account if you have not conducted yourself in a way which falls below the standards we reasonably expect of NEDs.

I hope this is a message with which you can identify.  Boards which are mere paper tigers can be worse than useless because they give false reassurance of high standards - of checks and balances - where none exist.  We aren't ignorant of the difficulties which medium sized firms have in getting hold of good directors, but my personal view is that a firm is better served by having a smaller number of hard working, well paid NEDs than a larger number of token ones.

Concluding Remarks

We believe our aims in this critical area of governance are largely aligned with the interests of your shareholders.  Our work with firms suggests to us that, for all the hype over great leaders, it is those firms which have the best corporate governance systems, overseen by those who are not afraid to ask the awkward questions, which are most likely to ride out difficult markets successfully.  We hope that our focus on the importance of having high quality people in key posts will nudge various laggards in the industry in a direction which gives us more assurance, but we also believe that the nudging should help promote better risk management and resilience – things which should be at the forefront of investors’ minds in the current climate.

Thank you – I have a little time left for any questions.

 

¹ P. 55 Financial Risk Management by Steven Allen (2003)

²Advanced Risk Responsive Operating frameWork

³ FIT 2.2 Competence and capability

 

Back to top