Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Metric (Issue 07) V3


Published on

August Issue of CC Metric

  • Be the first to comment

  • Be the first to like this

Metric (Issue 07) V3

  1. 1. Click here Join Our metric Group CHASE COOPERAnti-bribery cases on the metric FSA consults on remunerationincreaseFollowing the campaigns against bribery, guidelinesincluding bribery outside of their immediate The UKs Financial Services Authority has consulted financial institutions on the implementationjurisdiction (see Metric 5), regulators have of its Remuneration Code (which came into force on 1 January 2011), This rules on compliancebrought in a number of high profile cases. Last with the remuneration requirements laid down in the EU Capital Requirements Directivemonth we reported on the first Australian (CRD3). The January policy statement applies the rules with a rigour dependent on the size andforeign bribery over a bank note printing activity of the firm under regulation. The top tier is banks (including building societies) with cap-company, half owned by the Australian ital resources exceeding £1 Bn or, for investment firms, £750 M. The bottom tier is for smallercentral bank, bribing officials in Indonesia, limited activity investment firms.Malaysia and Vietnam. Last month The new proposed guidance is in the form of a "Dear CEO" letter whichthe UK reported settlement of sets out, for top tier firms, a detailed approach to monitoring their imple-bribery charges against the insurance mentation of the Remuneration Code, including the need for firms to sub-broker, Willis, and Macmillan mit a policy statement by a given date and provides a template for this.Publishing. The Willis fine of £6.9M The version for firms in tiers 2, 3 and 4 is less onerous and it is plannedwas not for any specific bribery that the implementation will be tailored taking account of business mod-situation but for inadequate controls els and risk profiles.over third parties who helped them The consultation also includes proposals on IN THIS ISSUE OF metricsecure business in jurisdictions with definitions of impacted staff, the format of ● Managing People Risk & ORMperceived. Macmillan were charged the required long-term incentive plans and, ● Escaping capital surchargesby Londons Serious Fraud Office for firms that do not wish to remunerate in ● Dodd-Frank Act fine(SFO) regarding illegal payments for contracts part in shares, the definition of the alternative instruments. Re- ● Latest Regulatory Newsin its education business in Africa and were sponses to the above are due in by the 2nd of September mfined £11.3M. In addition, Macmillan havebeen banned from World Bank tenders for FERMA against greater risk appetite disclosurethe next three years. In its response to the EU corporate governance framework consultation (responses had to be in by late July), the Federation of European Risk Management Associations (FERMA) has told theIn the US, global drinks company Diageo has European Commission that it considers no more corporate governance rulespaid a fine of over $16M for charges of are needed and that they should concentrate on the implementation andcorrupt practices in India, Thailand and South robust enforcement of existing EU corporate governance rules on riskKorea. Diageo was charges under the US management rather than creating new ones. They say that there is anForeign Corrupt Practices Act by the US overlap in the area of board duties on risk management and risk disclosure with the EU 8thregulator, the SEC who say they are now Company Law Directive, itself not yet fully implemented. As a result, application of thesetaking corrupt practices "seriously". Diageo, as existing rules may not be equally stringent across the EU.also in the case of Willis and McMillan, FERMA also opposes any requirement to publish additional information onescaped higher penalties by cooperating with 7 ISSUE their risk appetite to what is already required. They say "… it may harmthe regulators and committing to implement companies competitive position; will not improve their riskstrengthened systems and controls to prevent management culture; and will not provide more assurance tosuch incidents in the future. m stakeholders that risks are under control". m
  2. 2. Managing people risk is the essence of behaviours, their approach to risk and to the firms appetite for risk at all levels.operational risk The strategy and objectives form the basis for risk appetite, but John Thirlwell, a past Director also for the key controls involved with people risk management: of the British Bankers’ selection, appraisal, training and personal development, and Association, is an independent remuneration. For instance, with selection, if the overall aim is to adviser on risk management to develop a firm with common values, then it makes sense to use, boards in financial services, especially at a senior level, a specialist cohort of interviewers, as and is co-author, with Tony well as the relevant line manager. They will be looking for Blunden of Chase Cooper, of candidates who embrace the firms values and behaviours. Mastering Operational Risk, Strategy and objectivespublished by Prentice Hall in 2010. metric inform the excellent Performance is not justOur people are our greatest asset, the Chairman or CEO writes in behaviours which form about meeting sales orthe annual report and accounts. That is undoubtedly true, but the the basis for profit targets. It shouldcorollary is also true, that our people are potentially our greatest performance also be about embracingliability in a service industry. People failures, whether through measurement. shared values andincompetence, poor training or, importantly, poor behaviours, lie at Performance is not justthe heart of so many of the risks to which financial services behaviours… about meeting sales orcompanies are exposed and suffer. profit targets. It should also be about embracing shared values and behaviours - what weWhen the Financial Crisis Inquiry Commission, set up by the US mean by excellence around here. If team-working is a core value ofCongress, delivered its report in January this year, it saw the the firm, it should be in the performance measurement criteria forfundamental causes of the crisis as dramatic failures of corporate everybody from the Chairman down. After all, if the board isntgovernance and risk management and a systemic breakdown in working as a team, that very quickly becomes apparent both toaccountability and ethics. All are failures of behaviour and insiders and outsiders. Actions speak louder than policy statements.therefore incidences of people risk, one of the four legs of thecommon definition of operational risk. In fact, people risk, part of Excellent behaviours are also fundamental to customer relations, aoperational risk, is a major component of risks which we classify as key element of reputation risk and a source of competitivecredit or market. Yet how often is people risk management treated advantage. If we can articulate what we mean by excellent orwith the seriousness it deserves, either as part of operational risk acceptable behaviour when it comes to dealing with customers, wemanagement, or at all? can review and appraise accordingly. The benefits in performance, risk mitigation and profit will be considerable. People risk metric…you can talk about the management starts The same applies to training and personal developmenttone at the top, but the key with governance and programmes and, perhaps most visibly of all, including to thething is to listen to the tune embedding the right public, to approaches to remuneration. Is the systemin the middle… risk culture. Whilst we transparent? Does it reward good risk behaviour, which is in often talk about the line with the firms stated risk appetite and its objectives, or 2 tone at the top, I does it encourage unacceptable risk-taking? If the firms objectivesfollow Professor Mervyn King, who chairs the King Committee on are clearly communicated and, from them, excellent behaviours arecorporate governance in South Africa. His view is that you can talk clearly identified, the rest should take care of itself.about the tone at the top, but the key thing is to listen to the tune But any consideration of managing people risk must include a wordin the middle, the sounds which tell you that a particular risk about the HR function. If people are potentially a firms biggestculture is fully embedded throughout the firm. It doesnt matter liability or risk, then HR should be a key risk oversight department.where the risk culture lies on the spectrum from entrepreneurial to Much risk is managed by good human relations, but how much isconservative. The important thing is that risk controls will be in managed by a good HR department? To what extent is the HRplace which accord with the risk culture and that the culture is Director merely somebody engaged in transactional HR -communicated throughout the firm. organising the appraisal system and training programmes orBut first, to embed a risk culture, a firm should articulate and then collating personnel data - rather than acting as a good riskcommunicate its strategy and objectives. Too often the strategy manager?and objectives are expressed in a three-yearly document presented We put in place risk management frameworks, but do we ask theby the CEO to the Board, which is as far as it goes. But those HR Director to put in place a people risk management framework?objectives should be communicated to all staff and inform their continued on page 3
  3. 3. We develop a risk register and assess the risks it catalogues, but do Free Risk & Compliance Briefingswe also pass those risks through the lens of people risk and assess Chase Cooper run two regular breakfast briefings for Risk andthem accordingly? People risk management is an essential part of Compliance in the City of London. The briefings are free tooperational risk management. Ignoring it will do serious harm to attend although due to space being limited they are open onlyyour profits. m to senior risk, business and compliance staff working in FSA authorised firms. Next month… Registration for the September briefings is now open. Details as The keynote article next month will be brought to follows: you by Nick Gibson, Chase Cooper’s Director of Compliance. Nick will write on” the International Risk Breakfast Briefing Monetary Fund report on the future of UK Making the Most of your KRI Data regulation - sense and sensibility” This will be the third in a series of three Insurers may escape capital surcharges Breakfasts focusing on using your data to Unlike their banking colleagues, large significantly assist your business, the previous two being important global insurers may escape the addition ‘Making the most of your RCA data’ held in May and ‘Making the capital levies planned for their banking equivalents, most of your Event data’ held in June. The first two breakfasts the G-SIBs (see last months ASYMmetricAL). As attracted a considerable number of attendees from a wide variety instructed by the G-20, The International of financial institutions. Association of Insurance Supervisors (IAIS), Yoshihiro Kawai Many firms are collecting significant numbers of operational risk together with the Financial Stability Board, is Secretary General indicators and yet are barely using them for the benefit of the drawing up plans for capital requirements of the IAIS business. This Risk Breakfast will look at the ways in which designed to prevent the problems experienced during the past indicators of key risks and key controls can be used in order to crisis by AIG - who had to be rescued by the US government. A benefit the firm to which the indicators belong. We will consider a Reuters source has indicated that the IAIS is not convinced that a variety of approaches and uses. capital surcharge is needed in the case of insurers as these are not required to pay out until some specific event has taken place - an As well as a participative discussion, we will use an anonymous accident, death, or financial incident. Yoshihiro Kawai, Secretary voting tool to find out the state of use of KRIs by firms in the room. General of the IAIS, told Reuters, said that no decision has yet been Both methods will give attendees useful knowledge which can be made, but that the IAIS m immediately applied at their firms. This Risk Breakfast briefing is being held at Chase Cooper’s offices in CFTC fine firm for Finsbury Square at 8.30 a.m. on Thursday 22nd September 2011. infringing Dodd-Frank Act The USs Commodity Futures Trading Risk Breakfast Briefings are provided by Tony Blunden, Director of Commission (CFTC), the independent agency our Consultancy division. Tony has worked in the city for over 30 responsible for regulating, together with the years primarily within risk management and related areas in National Futures Association, the US retail spot forex market, has fined London-based financial services organisations. He is also co-author of Mastering Operational Risk. 3 Forex Capital Markets Christopher Dodd, To register for this Risk Breakfast Briefing, please click here… Ltd. (FXCM) for Previously US Senator for Connecticut infringing the Dodd- Strategic Compliance Frank Act derived regulations by acting as a Breakfast Briefing retail forex dealer and conducting leveraged The next Chase Cooper Strategic Compliance foreign exchange transactions with US retail Breakfast briefing for 2011 is to be held at customers ("non-Eligible Contract Chase Cooper’s offices in Finsbury Square at Participants", i.e. other financial institutions, 8.45 a.m. on Wednesday 28th September corporate, funds, etc) without having Barney Frank 2011. Further details of this briefing will be published shortly.Congressman of the Fourth previously registering with the CFTC. Congressional District of Massachusetts Strategic Compliance Breakfast briefings are provided by Nick The fine of $14K was relatively light as Gibson, Director of our Compliance Solutions division. Nick has 25 FXCMs violation was only for 11 days following the enactment of years’ senior experience within regulation and compliance. the CFTC rules in October 18th 2010 but emphasises the need for non-US market traders to carry out due diligence on their To register for this Strategic Compliance Breakfast Briefing, please customers following the increased requirements brought about by click here… m Dodd-Frank. m
  4. 4. Regulatory ASYMmetricAL The back page, sometimes critical view from the EditorNEWSUS and Chinese regulators met in Beijing in A question I get asked is "what is the demarcation between operational risk and compliance".July to thrash out principles for the cross- The answer of course is that there is a huge amount of overlap, with the need for effectiveborder audit of firms active in both countries. communications between the functions. But Compliance Risk is a major concern for any risk management department and should not simply be left to the Compliance Officer.In late July, the European Banking Authority Compliance failures can have serious financial implications through regulatory fines,(EBA) published two consultation papers (CP46 suspension of a business and restitutions following court cases, they impact the businessand CP47) on guidelines for data collection on through banning certain activities and consequential loss of profits, and they have seriousbank remuneration practices. This is as part of reputational impact. Compliance risk needs to be monitored and mitigated as for anythe greater disclosure of remuneration operational risk, and compliance needs to be built into stress testing and the RCSA process.information contained in CRD III and whichcame into force on 1st January 2011. The role of the Compliance Officer typically is to ensure that there is an awareness of regulations and that effective compliance procedures are in place. The role of the operationalFollowing the down-grading of US sovereign risk manager is to evaluate the degree of compliance, the risk of control failure and thedebt from triple-A, the US SEC has announced impact of any event. Risk must be balanced against reward, and, in theory, a firm could acceptthat it will be investigating Standard & Poors a compliance violation providing the reward was high enough.(S&P) to ensure that correct procedures were Regulations are by definition external impacts and ones over which a firm has very littlefollowed. In a separate case, the SEC and the influence. These are hard enough to monitor when one is operating in a single jurisdiction;US Justice Department are both investigating when both firms and regulations are operating globally it becomes a serious concern.S&P to see if improperly issued mortgage In June Metrics looked at the impacts of the UK Bribery Act and, as reported in this issue, manysecurities credit ratings to its own benefit, other countries have similar regulations concerning bribery by employees or agents in foreignIn August the Securities and Futures countries. In this way a head office can be prosecuted for activities by its overseas subsidiaries.Commission of Hong Kong charged SC Woo More difficult to evaluate is where the regional power in a subsidiary region can prosecutewith intraday shortselling of shares that he did the firm, even though that firm lies outside its immediate jurisdiction. This has beennot own. This is the SFCs first case brought on happening with US regulations and compliance officers and operational risk managers need toa charge of naked short selling. be aware of the impact of US regulations.On August. 12th the SEC launched its new The first major case of this was with the Sarbanes-Oxley Act (SOX) in 2002 whereby an USwhistleblower program officially with a new exchange quoted firm was liable to onerous rules regarding its financial reporting. Many non-US firms discovered secondary stock quotations on US exchanges (the best place in the 1990s towebpage to enable people to report any raise money) and were dragged into SOX compliance even if they were doing little or no USviolation of the Dodd-Frank Act securities business. Now two new US acts threaten non-US companies - companies that do business in thelaws and to apply for a financial award for USA or simply have US-based clients. These are, and I give them their full names, the Wall Streetdoing so. Reform and Consumer Protection Act (known as the Dodd-Frank Act after its promoters)The China Banking Regulatory Commission and the Foreign Account Tax Compliance Account (simply known as FATCA). And, again(CBRC) and the Monetary Authority of as reported in this issue, Dodd-Frank is already impacting London brokers. 4Singapore (MAS) have signed a Supplemental Dodd-Frank is an umbrella act which tasks the US regulators with creating new rulesAgreement to their existing MoU to include and infrastructures to reduce the likelihood of a financial crisis and its impact of investors. Itcooperation on crisis management. focuses on limiting risk, protecting consumers and regulating those not currently regulated such as the OTC derivatives market. Overseas banks and brokerages with subsidiaries or salesThe FSA has published a Consultation Paper offices in the USA will have to adhere to Dodd-Frank. This is complicated as many regulationsand a Discussion Paper on proposals for the are still unclear or have not even been formulated. Also intensive lobbying by US investmentRecovery and Resolution Plans (RRP, also banks and by the Republican Party (who see it as interference in free enterprise) is dilutingknown as "living wills") now required of many of the intentions of the institutions. The G20 has called for FATCA is designed to prevent tax evasion in the US and focuses on high net-worth US taxpayers.internationally consistent, firm-specific RRPs It introduces a 30% withholding tax requirement on foreign financial institutions (FFIs) which willand the FSB has set out a timetable for be lifted if they comply with certain reporting requirements. FATCA will impact any FFI whichsystemically important firms to be completed has US clients or holds US assets in any form and violation of FATCA could result not only fromby the end of 2012. Under the Financial US or EU operations but could result from interaction with any US person regardless of whereServices Act 2010 all UK deposit-takers are resident.required to have RRPs in place and this may be Metric will be looking at the development of both Dodd- metric is published by metricextended to significantly important Frank and FATCA in future editions and extracting its Chase Cooper.investment firms. web: operational risk implications. m email: