Interviewee: Nathan Willmott I am going to talk you through some of the practical implications for senior managers of the new regulatory regimes at banks and insurers in relation to individuals. So how do we get to where we are now? The parliamentary commission on banking standards that was set up in the wake of Libor manipulation issues concluded that the current approved person regime was a complex and confused mess. It was concerned that individuals could only be notionally sanctioned for poor behaviour, that the coverage of the regime was woefully narrow and that there was really very little attempt to set clear expectations of the standards expected of senior managers. And so the recommendation of the parliamentary commission was that there should be a fundamentally different regime for the regulation of individuals within banks and of course as we all know what’s good for banks is also considered to be good for insurers. So with [?] two coming up we have a parallel regime that is similar in some respects but different in many respects for insurers. So under the new approach we will have three different regimes: we will have one regime for banks; we will have a lighter regime for insurers; and then the current approved persons regime will continue for investment firms and other authorised firms.So in relation to banks, the UK banks will have three different tiers of employees. At the top there will be a new regime for senior managers, those conducting senior manager functions, akin to the approved persons regime. Those individuals will require pre-approval from the regulator and will, as with the current regime, be subject to a number of binding obligations. But what’s new for UK banks is that there will be two other tiers of employees. There will be those who are required to be certified by the bank itself, not by the regulator but by the bank. It will be the bank that needs to assess individuals are fit and proper to carry out the role. And those people will be designated as significant harm individuals, those whose activities could cause significant harm either to the bank or any of its customers. And then the final tier of employees is essentially all other employees within a bank who conduct some sort of meaningful role. There is a category of a group of about 20 different administrative staff who will fall outside the regime: secretaries, security staff, drivers, but in reality all other individuals who conduct meaningful roles within banks will be required to abide by personal duties, conduct rules that will attach to them personally and if they don’t meet the standards set out in those rules or if they are knowingly concerned in a breach by the bank then they will be liable to disciplinary action by the regulator. In relation to insurers, the position remains pretty much as under the current regime. There will be a tier of significant individuals, those who are senior managers within the insurer, who will required to be pre approved and who will owe personal regulatory duties but all other individuals with insurers will not be subject to personal duties.So the new aspects of the regimes; a number of new aspects that are common to both insurers and banks. There are a series of prescribed functions for which individuals will be required to be approved. That looks like pretty similar to the current regime, some differences in terms of particular roles. But in addition there will be a series of prescribed responsibilities, each of which need to be allocated to a senior manager. I’ve mentioned already, there will need to be self assessment by firms in relation to the fitness and proprietary of certain of their individuals and the onus is very much on the firms to get themselves comfortable that individuals are fit and proper before applications are made to the regulator or indeed for individuals within banks who are self certified before the banks issues their certificates on an annual basis. I think one key change is the introduction of individual statements of responsibility, this is common to banks and insurers. Each member of senior management will be required to have a formal written, statement of responsibilities that clearly sets out the scope of their responsibilities and which will be used by the regulator in the future to say look, this is something clearly in your area of responsibility. Those statements of responsibility will also form part of an overall governance map within banks and insurers. There needs to be a single document that explains which members of senior management have responsibility for each area and particular allocated responsibilities and that document must also explain reporting lines and governance procedures within the firm as a whole. There will be broader conduct rules. Not only will they be applicable within banks to a far wider range of individuals but they will be wider than the current statements of responsibility for approved persons. There will be a new requirement to pay due regard to the interests of customers and to ensure that they are treated fairly and that will apply not just to customer facing staff but individuals within banks and insurers who are responsible for product governance, other aspects of products that will ultimately have an impact on how customers are treated.And then finally, and this is particularly for banks, there is a whole series of mandated compliance arrangements, matters that need to be attested on an annual basis, matters that must be reported to the regulator, fitness and proprietary checked on an annual basis, a whole series of matters that currently would be a matter of good practice for firms but they are being converted into formalised requirements and I think for many institutions there will be a significant compliance burden that these new rules will introduce.So next steps – we don’t yet have final rules either from the banking perspective or the parallel insurance regime. Those are subject to consultation and the PRA and the SCA are currently having a think about how to finalise those rules. So pending that, lots of firms that we’re working with are busy getting ready for the new regimes. The matters that I think will require particular thought and require particular input from project teams will be first of all identification of who will need to be pre approved under the new regimes and who will be certified persons within banks that will require self-certification by the banks on an annual basis. That I think will be quite a significant project and many of our clients have already started work in that area even pending finalisation of the rules.Secondly, the drafting and negotiation with individuals of their statements of responsibility. I think it’s going to be quite a resource intensive task to identify who within a bank and who within an insurer will take responsibility for particular matters and I can imagine that individuals may be reluctant to take on certain responsibilities and so that I think will be quite a lengthy process. And then drafting the governance map, what will be quite a significant document for many institutions setting out in detail the responsibility of individuals and how it all fits together in terms of reporting lines and government structures. So lots of firms have already started work thinking about what that document will look like for them.Remember, as I mentioned earlier, this is a new regime for banks and insurers but for investment firms and other regulated firms the current regime will apply and so for groups that include banks or insurers and other types of regulated firms, they will need to think about how the different regimes stick together, how that will affect their governance structures so that they have a single consolidated regime that meets the needs of the three separate individual senior manager regimes.And finally, firms are thinking ahead to think, well what sort of infrastructure will we need to meet these new compliance burdens, what sort of staffing will we need and what sort of processes should we adopt. For example, in relation to the self-certification processes, many firms are thinking about having a single day each year in which they will issue all of their certificates. They will conduct their appraisal processes in advance of that date and incorporate into that appraisal process a requirement to think about the fitness and proprietary and only to issue a certificate to those that the bank is satisfied is fit and proper to carry out the particular role.So those are the new regimes, we’re awaiting the final rules and I think once those rules come out over the next few months banks and insurers are going to be very busy indeed getting ready for their implementation.