MAS Clarifies Regulatory Expectations on IAC Guidelines

In the last article, Grace Chong from Simmons & Simmons JWS analysed the implications of the Monetary Authority of Singapore (“MAS”) proposal to expand the scope of the Guidelines on Individual Accountability and Conduct (“IAC Guidelines”) (“CP2”).

In this sequel, Grace Chong recapitulates some of the key points from MAS’ response to feedback from its April 2018 consultation, and charts the timeline and course ahead.

1. Overview of the IAC Guidelines

The IAC Guidelines were first introduced on 28 April 2018 in the MAS consultation paper (“CP1”), amidst a slew of similar regulatory changes in the United Kingdom, Australia and Hong Kong targeting financial institutions (“FIs”) culture reform.

In developing the IAC Guidelines, MAS has noted that bright line rules and regulations are often insufficient to influence behaviours, and FIs need to promulgate standards of proper conduct, so as to influence both the day-to-day operations of the FIs as well as its strategic decisions. In this regard, MAS has emphasized that FIs should not take a mechanistic or check-list approach towards implementing the IAC Guidelines.

Culture guides how FIs interact with other stakeholders in the financial system, and also how those stakeholders respond to other FIs. As such, MAS has identified three prongs of approach:

  • promoting and cultivating a culture of trust and ethics in the financial industry through regular engagement, active collaboration and promulgation of good practices to promote sound industry norms;
  • monitoring and assessing culture and conduct, focusing on both “hardware” and “software” elements; and
  • enforcing and deterring lapses in risk management, misconduct, regulatory breaches, or offences through supervisory or enforcement actions.

The IAC Guidelines are outcome-based, which will provide FIs with more flexibility in taking the approaches most suitable to their unique business operations and organisational structures.

In a similar vein, MAS’ own approach to the FIs will be guided by a principle of proportionality, considering the nature, size, and complexity of the FI’s operations. MAS also stated their view that even where FIs only serve non-retail customers or exclusively conduct wholesale market activities, the expectations on fair dealing as well as proper conduct remains relevant.

2. Scope of the IAC Guidelines

The proposed expanded scope of the IAC Guidelines was covered in our previous article. In summary, MAS proposed to expand the scope of the IAC Guidelines to cover all the FIs that are currently regulated by MAS, with certain exemptions of entities that have a limited scope of activities in Singapore. MAS has also proposed that the IAC Guidelines should not apply to firms with a headcount of less than 20.

For locally-incorporated banks and insurers, MAS clarified that the IAC Guidelines would apply at the entity level to their downstream entities operating in Singapore:

  • The specification of senior managers’ (“SMs”) responsibilities should include both the operations of the parent entity, and where relevant, the operations of the group; and
  • Significant downstream entities should be identified, and would be considered a “material business function”. The head of the “material business function” should be identified as a SM.

MAS stated that as the IAC Guidelines apply specifically to an FI’s operations in Singapore, FIs who follow the UK and Australia regimes are not exempted or deemed compliant, but may still apply and adapt other group policies to Singapore operations for the purpose of complying with the IAC Guidelines in Singapore.

3. Key Outcomes

The Key Outcomes apply at various levels:

  • Board
  • Senior Management
  • Material Risk Personnel (“MRP”)
  • All other employees

We have set out a summary of MAS’ key  observations to the 5 outcomes below.

Outcome 1: SMs who have responsibility for the management and conduct of functions that are core to the FI’s operations are clearly identified
Issue MAS Observation
Identification of SMs
  • MAS has refined the definition of SMs to refer to individuals who are employed by, or acting for or by arrangement with, the FI, and are principally responsible for the day-to-day management of the FI.
  • This means that senior managers who are based overseas can be responsible for the day-to-day operations of the FI in Singapore under a regional or global management arrangement. FIs should adopt a substance test to determine the drivers of decision-making for the FI’s day to day business.
  • SMs are not limited to the FI’s executive or management committee.
Identification of CMFs
  • FIs differ in organisational structure and complexity, and should determine the CMFs, as well as any other material functions, that are relevant to their circumstances, based on a substance test of the CMFs’ responsibilities.
  • Hence, FIs can deviate from the suggested the list of CMFs if it is not applicable. FIs can also designate other individuals as CMFs.
Identification of Heads of Business Functions
  • FIs should identify SMs according to the materiality of their functions, by considering various metrics including but not limited to:
    • Relative size of a function in terms of its capital consumption;
    • Contribution towards the FI’s assets, profit, revenue, gross premium or assets under management; and/or
    • Number of employees.
Roles of Chief Information Officer (“CIO”) vs Chief Information Security Officer (“CISO”)
  • MAS has clarified that the inclusion of the CISO as a separate CMF from the CIO makes clear that the two are distinct, important functions.
  • Where the roles are played by the same person, this should not result in a dilution of responsibilities or accountability for the function.
Role of Head of Legal / Non-executive directors
  • The Head of Legal / non-executive directors will not be CMFs as they are generally not involved in managing the day-to-day operations of the FI.
Role of Head of Compliance
  • The Head of Compliance will be principally responsible for monitoring and managing the FI’s compliance with regulatory requirements under the applicable laws and regulations, which is a narrower scope than all applicable laws.
Outsourcing of functions
  • Where functions that are core to the FI’s operations have been outsourced, whether wholly or partially, the designated SMs should continue to be held responsible for the management of these core functions.
  • For core functions, where individuals other than local management have been designated as the SM for such outsourcing arrangements, FIs should be prepared to substantiate how they have met the expectations on responsibilities for outsourcing arrangements as set out in paragraphs 5.2.3 and 5.2.5 of the Outsourcing Guidelines.

 

Outcome 2: SMs are fit and proper for their roles, and held responsible for the actions of their staff and the conduct of the business under their purview
Issue MAS Observation
Assessment of SMs’ fitness and propriety
  • In assessing fitness and propriety, FIs may apply the guiding criteria set out in the Fit and Proper Guidelines, and such other factors that the FI determines to be relevant to its circumstances and the particular role.
  • Reviews should minimally be conducted on an annual basis, or as and when any matters arise which could have implications on or call into question a senior manager’s fitness and propriety.
  • Self-declarations may be one source of information, but FIs should also take reasonable steps to conduct the appropriate screening and due diligence checks.
  • FIs may rely on fit and proper assessments conducted by the Regional or Head Office for foreign SMs, where the FI is satisfied that such assessments are appropriate and sufficient to determine the senior managers’ fitness and propriety.
Multiple CMFs and Shared Responsibility structure
  • FIs may designate a SM to be responsible for more than one CMF, but should ensure that the responsibilities are clearly specified, and conflicts of interests have been considered.
  • Such sharing of responsibilities should not result in a dilution of responsibilities or accountability for that function.
Specification of Reporting Lines
  • MAS will not prescribe regulatory templates nor require submissions from FIs on the roles and responsibilities of SMs and the FI’s overall management structure.
  • SMs should acknowledge their responsibilities minimally at the point of appointment, and thereafter, reviewed as and when there are significant changes to the SM’s responsibilities.
Product management
  • MAS expects FIs to ensure that there is clear ownership and accountability of the design, delivery and maintenance of products offered to customers, including sales and transactions processing, post-sale handling and remediation of customers in respect of these products.
  • Where more than one CMF are responsible for the product life cycle, the division of roles and scope of responsibility each CMF is responsible for should be clear and unambiguous.
Responsibility for cross-border trades or transactions
  • The relevant SM with responsibility for the treasury or trading function of the FI in Singapore should ensure that there are appropriate systems and controls in place to manage the risks associated with the origination, structuring, arrangement, and/or booking of any trade or transaction in Singapore.
Accountability for predecessors
  • SMs will not be held to a presumption of accountability for the actions of their predecessors if they were not accountable.
  • Where misconduct, a breach a breach, or offence that first occurred during a predecessor’s term of appointment continued to be committed into the term of the newly-appointed senior manager, factors such as the newly-appointed SM’s level of knowledge of or participation in the misconduct, or whether the SM could reasonably be expected to have been aware or to have taken adequate steps to address the issue, should be taken into consideration.
Compensation frameworks and Performance criteria
  • The compensation framework for SMs should be designed in a manner that is aligned with the desired conduct outcomes, taking into account both the standards of conduct expected of SMs as well as the conduct of the business under their purview.
  • The compensation framework should include mechanisms that facilitate adjustments to the variable components of SMs’ compensation for poor conduct or misconduct, where appropriate, whether in the current year or a future period where the impact of such conduct failings has materialised.
Succession planning
  • MAS will not prescribe specific handover documents, but the FI will be responsible for ensuring that there is a succession plan that takes into account the FI’s circumstances and needs.
  • Each FI must establish the relevant handover policies and procedures, and ensure that these are observed by both incoming and outgoing senior managers as far as practicable.
  • Succession planning should be an active on-going process undertaken by the Board, and integrated within the FI’s strategic plans.

 

Outcome 3: The FI’s governance framework is supportive of and conducive to senior managers’ performance of their roles and responsibilities. The FI’s overall management structure and reporting relationships are clear and transparent.
Issue MAS Observation
Reporting structure
  • The IAC Guidelines do not mandate any particular reporting structure.
  • In general, the most senior individual with principal responsibility for the day-to-day management of a core function of the FI should also be responsible for reporting to the CEO and/or Board, or equivalent, on matters pertaining to that function.
  • For example, if the Chief Operating Officer and Chief Information Officer report to a third individual who in turn has ultimate responsibility for reporting directly to the CEO on matters regarding both the operations and IT of the FI, it is this third individual who should be designated as a SM with responsibility for both the “COO” and “CIO” CMFs.
Approval of Responsibilities and FI’s Overall Management Structure
  • The Board may delegate the approving authority for SM’s individual responsibilities and the FI’s overall management structure to a Board Committee, or group, regional or country-level governance committee, but bears the ultimate responsibility.
  • The Board or its delegate would only need to approve the roles and responsibilities once, as part of approving the FI’s overall management structure, unless there are changes in the management structure subsequently.
Management Committees
  • FIs have the flexibility to establish the management committees that would be appropriate to their circumstances.
  • Where these committees exercise decision-making authority over the FI’s day-to-day operations in Singapore, their mandates and terms of reference with respect to the FI’s local operations should be clearly defined.
  • SMs can delegate their responsibilities to other personnel or committees, but their accountability cannot be delegated. SMs should establish the appropriate communication procedures with the personnel to whom, or committee to which, these responsibilities have been delegated.

 

Outcome 4: Employees in material risk functions are fit and proper for their roles, and subject to effective risk governance as well as the appropriate standards of conduct and incentive structure.
Issue MAS Observation
Definition of MRPs
  • MRPs are individuals who are not senior managers, but by virtue of their delegated authority or mandates are nevertheless able to take actions or make decisions that may potentially have significant impact on the FIs’ safety and soundness, or cause harm to a significant segment of the FIs’ customers or other stakeholders.
  • It is the individual, rather than functional units, that forms the basis for identifying personnel in material risk functions.
Identification of MRPs
  • The identification of MRPs is based on the risks which an FI is exposed to due to the nature, size and complexity of its business; and the individuals who have the authority to make decisions or conduct activities that could materially impact this risk profile.
  • In identifying MRPs, the Board and senior management of FIs should establish criteria that consider:
    • The financial and non-financial risks which the FI is or may be exposed to; and
    • The materiality of the impact that an individual’s decisions or activities could have on this risk profile, based on the appropriate quantitative and qualitative indicators.
Cross-border transactions and services
  • With regard to cross-border transactions and services as raised by several respondents, MRPs should include personnel who have the authority or mandate to conduct or approve the conduct of any part of a trade which may have material impact on the risk profile of the FI in Singapore, or provide coverage for a significant segment of the FI’s customers in Singapore, regardless of where such personnel are physically located.
Supervision of MRPs
  • The direct supervisors of MRPs, as well as the direct supervisors of groups of individuals who may not be considered MRPs but whose activities could collectively have significant impact on the FI’s risk profile, should likewise be considered MRPs.
Assessment of MRPs
  • Reviews of fitness and propriety should minimally be conducted on an annual basis, or as and when any matters arise which could potentially affect a MRP’s fitness and propriety.
Incentive structure
  • The onus is on the Board and senior management to put in place the necessary policies and procedures to govern the activities of MRPs and enforce risk ownership.
  • The incentive structure for MRPs should be symmetric with risk outcomes and sensitive to the time horizon of risks, and incentivise proper conduct.
  • The compensation system should include mechanisms for adjustments to compensation arising from the materialisation of risks and realisation of profits and losses over different periods of time, as well as for improper conduct or conduct that causes harm to the FI or its customers, where appropriate.
MRPs in risk management and control functions
  • MRPs in risk management and control functions should:
    • Be suitably trained and possess should have the authority to participate in the decision-making processes of business functions, unfettered access to the information necessary to discharge their responsibilities, and sufficient stature to ensure that front-line personnel give due regard to and act upon their recommendations;
    • Possess the relevant experience and expertise with regard to the monitoring and management of the FI’s risks and internal control environment; and
    • Be independent from the business functions of the FI to ensure proper checks and balances.
  • The compensation structure should be designed in such a way as to minimise potential conflicts of interest and ensure that their independence is not compromised. Hence, in general, it is not appropriate for MRPs in risk management and control functions to have KPIs that are linked to revenue or sales.
Register of MRPs
  • FIs should maintain information on their respective MRPs to facilitate oversight of their activities, which could take the form of an internal register.

 

Outcome 5: The FI has a framework that promotes and sustains the desired conduct among all employees.
Issue MAS Observation
Codes of conduct
  • The Board and senior management should:
    • Establish the appropriate framework to enforce standards of conduct, which should be integrated with HR processes over the employee life cycle;
    • Identify the appropriate metrics for monitoring conduct across the organisation;
    • Monitor the indicators over time to identify trends and potential conduct risks, assess root causes including the underlying behavioural or cultural drivers, and take the necessary actions to mitigate such conduct risks; and
    • Regularly review the adequacy and effectiveness of the FI’s conduct framework, taking into account any gaps between observed behaviours and the desired standards of conduct.
Whistleblowing programme
  • The whistleblowing channel(s) could be internally managed by an independent party or unit within the FI, centralised at the Regional or Head Office level, externally managed by a third party service provider, or a combination of these, as the FI considers appropriate to its circumstances.
  • FIs should have a formal whistleblowing policy that sets out the availability of these whistleblowing channel(s), process for raising concerns via these channel(s) and procedures that the FI will take in response to whistleblower complaints, including to investigate the concerns raised.
Reference check requirements
  • MAS is considering extending mandatory reference check requirements to a broader segment of the financial industry beyond representatives, and will be conducting a separate public consultation on this proposal in due course.


4. Notification of Material Adverse Developments

The Board and senior management are expected to notify MAS of material adverse developments, which include but are not limited to:

  • Material impact on the FI’s viability, solvency, liquidity, funding, capital, earnings, risk profile, and/or reputation;
  • Material impact on, or compromise of the interests of, the FI’s customers or groups of customers; or
  • Material impact on the FI’s counterparties or the fair, orderly and transparent operations of markets.

5. Enforcement of IAC Guidelines

MAS stated that it may pursue the following measures to ensure that the IAC Guidelines are properly implemented:

  • MAS may require the FI to put into place additional measures to address any deficiencies;
  • MAS may take breaches of IAC Guidelines into account in its assessment of the FI and the effectiveness of Board and senior management oversight;
  • If FIs and their board and senior management demonstrate an inability or unwillingness to take remedial actions, MAS will take appropriate supervisory actions depending on the severity and potential impact of the weaknesses uncovered; and
  • MAS may communicate with the home or host regulators of the FI on the issues of concern.

6. Next Steps

FIs with global group policies and procedures should take steps to review their arrangements and risk management practices to ensure that they are in line with the IAC Guidelines.

In terms of the preparations, MAS has noted that FIs should avoid arrangements that undermine the accountability of SMs, such as insurance or other agreements that have the effect of indemnifying SMs or other employees against financial penalties for misconduct or other offences.

MAS has stated that it will announce the effective date of the IAC Guidelines after the conclusion of CP2, and there will be a transitional period of 1 year after the IAC Guidelines are published. MAS will also adopt a consultative approach to assessing FIs’ compliance.

This commentary is a sequel to a recent client bulletin published by Jason Valoti, Jek-Aun Long, Grace Chong, and Calvin Tan at global law firm Simmons & Simmons.

To Top