A Detailed Look at MAS’ New Accountability Guidelines

Grace Chong and Si Rong Low at Simmons & Simmons JWS detail the key points of MAS’ final guidelines on individual accountability and conduct.

This is the third article in a series of articles by Grace Chong from Simmons & Simmons JWS analysing the implications of the Monetary Authority of Singapore’s (“MAS”) launch of the Guidelines on Individual Accountability and Conduct (“IAC Guidelines”).

The first two articles covered some of the key points from MAS’ response to feedback from its April 2018 consultation, and the proposed expansion of the scope of the IAC Guidelines.

This penultimate article will cover the key points of note from the final published version of the IAC Guidelines and the response from MAS, and share some highlights from MAS’ Information Paper on Culture and Conduct Practices of Financial Institutions (the “Information Paper”), which was recently released in September 2020. This article will also chart the timeline and course ahead.

Background

As noted in the Information Paper, culture is a key driver of conduct. Culture is generally understood as the shared values, attitudes, behaviour and norms in an organisation. It is driven by both the “hardware” (e.g. policies and processes) and “software” (e.g. beliefs and values) in an organisation.

As part of a push to embed a strong culture of responsibility and ethical behaviour in financial institutions (“FIs”), MAS issued its IAC Guidelines on 10 September 2020, which will take effect from 10 September 2021. This follows two rounds of consultations conducted by MAS, once each in 2018 and 2019, and follows amidst a slew of similar regulatory changes in the United Kingdom, Australia and Hong Kong targeting culture reform.

The IAC Guidelines set out measures that FIs should implement to promote the individual accountability of senior managers, strengthen oversight over material risk personnel and reinforce standards of proper conduct amongst all employees.

Five key outcomes

In particular, the IAC Guidelines stipulate five key accountability and conduct Outcomes that FIs must achieve (collectively, the “Five Outcomes”):

  • Outcome 1: Senior managers responsible for managing and conducting the FI’s core functions are identified.
  • Outcome 2: Senior managers are fit and proper for their roles, and held responsible for the actions of their employees and the conduct of the business under their purview.
  • Outcome 3: The FI’s governance framework supports senior managers’ performance of their roles and responsibilities, with a clear and transparent management structure and reporting relationships.
  • Outcome 4: Material risk personnel are fit and proper for their roles, and subject to effective risk governance, and appropriate incentive structures and standards of conduct.
  • Outcome 5: The FI has a framework that promotes and sustains among all employees the desired conduct.

Regardless of whether the IAC Guidelines apply to them, all entities should achieve the Five Outcomes. This applies even if the entity has less than 50 people (see our comments under section 3 below).

Scope of the IAC Guidelines and applicable exemptions

The Guidelines apply to all FIs regulated by MAS, except the following:

  • an exempt financial adviser;
  • an exempt corporate finance adviser;
  • an exempt trust business;
  • an exempt over-the-counter derivatives broker;
  • an exempt futures broker;
  • an exempt payment services provider;
  • a Recognised Market Operator incorporated outside Singapore;
  • a Recognised Clearing House incorporated outside Singapore;
  • a Licensed Foreign Trade Repository; and
  • the Continuous Linked Settlement Bank.

For the avoidance of doubt, MAS has confirmed in its response to its June 2019 consultation on the Proposed Scope of Application of the IAC Guidelines, that the IAC Guidelines will apply to (non-exempt) payment services firms regulated under the Payment Services Act as well as registered fund management companies.

In addition, FIs with less than 50 employees are not ordinarily expected to adopt the specific guidance described in the IAC Guidelines, although they may be required by MAS to adopt specific guidance if there are potential gaps in accountability and oversight, or where their operations are complex.

While FIs with 50 or more employees are expected to comply with the IAC Guidelines as a framework and best practice for achieving the Outcomes, they may also choose not to adopt a specific guidance where they have assessed this to be irrelevant to their businesses. That being said, all FIs must be prepared to justify their decision for not adopting specific guidance and demonstrate how they are still able to achieve the relevant Five Outcomes.

Determining headcount

Given the composition of total headcount could differ between FIs, MAS has indicated that, for now, it does not intend to be prescriptive in how headcount should be defined. The general principle is that headcount should include all personnel that engage in or support the FI’s core management functions (“CMFs”) (as set out in Annex B of the IAC Guidelines), whether on a full or part time basis.

MAS has clarified that such headcount would not ordinarily include non-executive directors, outsourced service providers or employees in foreign offices with the exception of overseas-based representatives. MAS may request that individual FIs adhere to a specific guidance if they assess that the exclusion of certain outsourced headcount could have a material impact on the effectiveness of the FI’s management oversight and accountability over its operations.

FIs may decide when and how often to determine whether they continue to fall under the threshold, but must minimally conduct assessments annually. 

Transitional period for small FIs that expand beyond the threshold

FIs that start off below the 50 headcount threshold, but subsequently cross the threshold, will be granted a transition period of 12 months to apply the specific guidance under the IAC Guidelines.

Conversely, FIs which fall below the threshold subsequently are encouraged to maintain the existing frameworks and systems which have been put in place to implement the specific guidance, if these have been assessed to continue to be appropriate to the nature, size and complexity of their operations.

No exemption even where similar overseas requirements apply

Even where an FI or its group operates overseas, and may already be subject to overseas requirements similar to the IAC Guidelines, the IAC Guidelines still apply specifically to the FI’s operations in Singapore.

Summary of Specific Guidance under the IAC Guidelines 

Outcomes Specific Guidance Additional Considerations Relevant Definitions

Outcome 1: Senior managers responsible for managing and conducting the FI’s core functions are identified.
  • Board of Directors or Head Office, should ensure:
    • clear identification of senior managers who have responsibility for functions that are core to the management of the FI’s affairs, including but not limited to the core management functions;
    • accurate identification of senior managers that reflects actual oversight responsibilities and decision-making authority, regardless of his or her physical location; and
    • appropriate management oversight over all material aspects of the FI’s affairs, including but not limited to the CMFs.
  • Senior managers should generally have direct reporting lines to the CEO or equivalent, and where relevant, to the Board or Head Office
  • Onus is on FIs to identify other individuals who would be considered senior managers by virtue of their seniority, decision-making authority and responsibilities, even if the particular function that they manage does not fall under the list of CMFs in Annex B
  • In determining what CMF is relevant  to its business, FIs (in particular the Board or Head Office) should consider the following factors:
    • Relevance in the context of its growth strategy and business
    • Whether those functions have, or could potentially have, a significant impact on the FI’s risk profile
  • One senior manager can be responsible for more than one CMF, so long as there is no inherent conflict of interest and he is able to discharge his multiple duties effectively
  • Where core functions (in relation to the FI’s day-to-day operations in Singapore) have been outsourced, FI should identify senior managers who are responsible for oversight of these core functions
  • Core Management Functions (“CMFs”) include the following, by whatever name described:
    • Chief Executive Officer
    • Chief Financial Officer or Head of Finance
    • Chief Risk Officer or Head of Risk
    • Chief Operating Officer or Head of Operations
    • Chief Information Officer, Chief Technology Officer or Head of Information Technology
    • Chief Information Security Officer or Head of Information Security
    • Chief Data Officer
    • Chief Regulatory Officer
    • Head of Business Function (such as Head of Retail Banking etc.)
    • Head of Actuarial, Appointed Actuary or Certifying Actuary
    • Head of Human Resources
    • Head of Compliance
    • Head of Financial Crime Prevention
  • The above are principles-based and do not constitute mandatory responsibility – FIs should apply the CMF definitions in a manner that reflects the actual responsibilities of the particular senior manager, in respect of the FI’s business

Outcome 2: Senior managers are fit and proper for their roles, and held responsible for the actions of their employees and the conduct of the business under their purview.
Outcome 3: The FI’s governance framework supports senior managers’ performance of their roles and responsibilities, with a clear and transparent management structure and reporting relationships.
  • Board of Directors or Head Office, as applicable, should ensure:
    • robust standards and processes to assess the fitness and propriety of each senior manager, prior to appointment and on an on-going basis;
    • clear specification of each senior manager’s individual areas of responsibility and his or her appointment and responsibilities in management committees;
    • appropriate delineation of the FI’s overall management structure, including reporting relationships;
    • acknowledgement by each senior manager of his or her specified roles, responsibilities and reporting lines;
    • approval by the Board or Head Office, as applicable;
    • documentation of each senior manager’s specified roles and responsibilities and the FI’s overall management structure, including timely updates where there are material changes;
    • appropriate incentive, escalation, and consequence management frameworks;
    • a succession plan that is regularly reviewed and updated; and
    • formal mandate, terms of reference and reporting lines for each management committee are established.
  • FIs may apply MAS’ Guidelines on Fit and Proper Criteria (FSG-G01) in assessing fitness and propriety of senior managers, along with factors that may be relevant to its business and the role
  • Frequency of determination of fitness and propriety is subjective to each FI
  • Senior managers may delegate their responsibilities but remain accountable
 
Not applicable.

Outcome 4: Material risk personnel are fit and proper for their roles, and subject to effective risk governance, and appropriate incentive structures and standards of conduct.
  • Board of Directors and senior management should ensure that the appropriate standards and processes are in place to:
    • identify and assess the fitness and propriety of MRPs, prior to their appointment and on an on-going basis thereafter;
    • facilitate effective risk governance; and
    • subject MRPs to standards of proper conduct, regular training, and appropriate incentive structures
  • FIs may apply MAS’ Guidelines on Fit and Proper Criteria (FSG-G01) in assessing fitness and propriety of MRPs, along with other relevant factors, especially in respect of the nature and risk implications of the particular mandates vested with the MRP
  • Reviews must minimally be conducted annually (or as and when matters arise which could affect a MRP’s fitness and propriety)
  • Material risk personnel (“MRP”) are individuals who have the authority to make decisions or conduct activities that can significantly impact the FI’s safety and soundness, or cause harm to a significant segment of the FI’s customers or other stakeholders. MRPs can include employees in front, middle, and back office functions, as applicable to the FI, as well as any other employee with supervisory capacity over such functions who are not senior managers.

Outcome 5:
The FI has a framework that promotes and sustains among all employees the desired conduct.
  • Board of directors and senior management should ensure that a framework is in place which addresses the standards of conduct expected of all employees, consistent and effective communication of the expected standards of conduct, appropriate policies, systems, and processes, and engagement strategies
  • Board and senior management should notify MAS as soon as it becomes aware of any material adverse developments
  • Board and senior management should regularly review the adequacy and effectiveness of the FI’s conduct framework
  • Conduct framework should be integrated with existing HR processes over the employee lifecycle
  • Board and senior management to identify appropriate quantitative  and qualitative indicators
  • Whistleblowing channel (pursuant to a formal policy) must allow employees to feel safe to raise issues, and there must be credible mechanisms to escalate them other than usual reporting lines
 
Not applicable.

 

Group application of Guidelines for locally-incorporated banks and insurers

In line with MAS’ consolidated supervision approach, in respect of (i) locally-incorporated banks and insurers and (ii) approved exchanges and clearing houses that are operated as a single group, the IAC Guidelines apply on a group basis. This has 2 key implications.

Firstly, senior managers’ responsibilities are to include their responsibilities in respect of both the operations of the parent entity and, if applicable, the operations of the group (e.g. Group Chief Risk Officer). Secondly, where material aspects (e.g. AUM, revenue, assets etc.) of the group’s operations include significant downstream entities (each considered a “material business function”), the CEO (or equivalent) of each significant downstream entity should be designated as a senior manager.

For the avoidance of doubt, apart from applying at group level to the parent bank, the IAC Guidelines also apply at the entity level to each downstream local FI that is within the scope of application of the IAC Guidelines.

Monitoring and Assessment

In monitoring and assessing FIs’ culture and conduct as part of MAS’ pre-emptive ongoing supervision, MAS has said that it will:

  • evaluate whether an FI has a supportive culture that incentivises the right behaviour;
  • monitor potential red flags (eg. whether risk and control functions have been sufficiently empowered);
  • assess whether incentive structures bring about ethical behaviour and prudent risk taking; and
  • leverage data analytics to perform ongoing surveillance of FIs’ practices

MAS takes supervisory or enforcement actions against FIs and individuals where lapses in risk management, misconduct, regulatory breaches or offences have occurred.

MAS can exercise a wide range of actions to achieve a deterrence effect including:

  • Issuing warnings or reprimand letters
  • Restricting an FI’s business operations
  • Requiring an FI to put in place business controls
  • Referring cases to the Attorney’s General Chambers for criminal prosecution
  • Revoking an FI’s license
  • Imposing civil penalties
  • Directing an FI to remove its director or executive officer
  • Issuing composition sums

Good practices observed

MAS has noted the following good practices observed amongst FIs:

  • The FI considers culture drivers and conduct risk as part of its risk management framework;
  • Management’s conduct risk and control awareness, as well as receptiveness to audit findings is evaluated regularly; and
  • Culture of business units is assessed as part of internal audits, or in thematic audits on behaviour and culture;

Implementation timelines

MAS will begin implementing the IAC Guidelines one year after they are published, i.e. from 10 September 2021 onwards.

Going forward

MAS has previously indicated that it will adopt a consultative approach to assessing FIs’ compliance with the IAC Guidelines in the initial phase of implementation. While there is still time given the one year transitional period, you should begin to assess whether your organisation falls within the scope of entities that are expected to comply with the IAC Guidelines, and in any event, determine how your business can meet the Five Outcomes, as it is likely that the review and restructuring work will be extensive.

Grace Chong is Of Counsel (Regulatory & ICT) for Singapore and Hong Kong at Simmons & Simmons JWS.

To Top