In the aftermath of the financial crisis of 2008, the world’s regulators focused their attention on increasing the amounts and quality of capital that businesses operating in the financial sector were required to hold, to prevent the incidence of similar crises in the future. The Basel Committee on Banking Supervision’s response to the crisis was Basel III, a set of proposals to improve the prudential soundness of banks. Within the European Union, Basel III has been implemented by the Fourth Capital Requirements Directive, which came into effect on 1 January of this year. As the banks, building societies and investment firms covered by the directive begin to feel its effects in the UK, this article provides a summary of the key areas of change and the challenges that face firms in their struggle to comply.

Although some firms are already ‘up to speed’ with CRD IV, others are still trying to find their feet. The changes in the governance requirements have been over looked by some firms as they have been concentrating on other areas such as reporting, which is proving a significant challenge. Changes to the number of directorships that board members can hold have crept up on some firms, as has the requirement to provide written policies for certain areas such as the recruitment and on-boarding process for directors.

The call of good governance and the 'management body'

One of the main areas of change that CRD IV introduces concerns the governance-related arrangements required of firms. One of the aims of the new requirements is to address excessive and imprudent risk-taking by ensuring that the board in question is effective in its oversight, promoting a sound ‘risk culture’ and enabling the regulatory authorities to monitor internal governance. The rules are concerned with company reporting, board diversity, risk management, the responsibilities of the board and ways of keeping a rein on the remuneration of executives.

As well as changing the meaning of several terms that were previously contained in the Financial Conduct Authority’s glossary, the directive introduces a new term – the ‘management body’. This refers to the directors of a company or partners of a firm who, under CRD IV, are given the responsibility for approving and overseeing the implementation of its strategic objectives, risk strategy and internal governance in addition to guaranteeing the integrity of the firm’s ac- counting and financial reporting systems (including any financial and operational controls) and compliance with regulatory systems. In addition to this responsibility, the top stratum of management is also responsible for segregating duties adequately, preventing conflicts of interest and ensuring that proper documents and proper approval for such systems are in place.

Governance and the section 166 notice

The wording and structure of these requirements is quite new. Many firms might have already taken similar governance-related steps, but they may not have the necessary means to enshrine policies and procedures in useful documents. Significantly, management teams that use outsourced platforms and services cannot simply delegate this responsibility to their outsourced service providers. In view of the volume of governance-related section 166 notices that the FCA is issuing at the moment, firms should pay close attention to these documentary requirements. Section 166 Financial Services and Markets Act is the law under which the FCA can force firms to commission ‘skilled person reviews’, the skilled ‘persons’ in question often being the ‘Big 4’ accountancy firms.

In keeping with the FCA’s principles-based approach, the regulator has not prescribed the precise form and content of such documentary requirements. Indeed, requirements are likely to differ from firm to firm, depending upon the nature of their ‘permissions’ or the functions that the FCA allows them to perform, the range of their activities and the different risks they face or incur as a result of those. The regulator has so far provided some vague guidance to deal with the types of informa- tion that should be recorded. Firms should take time to interpret such guidance and relate it to their specific circumstances.

Fewer jobs for the boys

CRD IV also requires firms to provide clear accounts of the way their boards work and to write annual ‘updates’ that keep track of the ways in which they govern themselves. The intention is that no di- rector should hold too many directorships, the better to ensure that he is able to devote enough time to his various roles and responsibilities. Limits are being imposed on the number of directorships an individual can hold at any one time. By 1 July 2014 the director of a ‘significant firm’ should not simultaneously hold more than the following positions:

• four non-executive directorships, or

• one executive directorship plus two non-executive directorships.

Furthermore, the skills of board-members have come under further EU scrutiny and the directive requires firms to follow adequate recruitment policies in respect of directors. These must aim to gauge their expertise, their ‘diversity’ (i.e. the contributions that their gender would make to a stable ecology in the board room) and the risks they pose to various things. Firms are also required to ensure that board members are adequately trained and that they have devoted enough human and financial resources to the induction and training of members of their management bodies.

CRD IV stresses that each board is responsible for effective and prudent management and should periodically assess governance arrangements with a view to correcting deficiencies. To achieve this, the board as a whole, and the individual directors, must have the right knowledge, skills and experience to perform their duties and be capable of understanding the firm’s activities and risks. As members of the board will be required to assess each other’s skills and competence, it will be interesting to see how this works. Might it work in the same way as it does when they have to sit on each others’ remuneration committees and approve each other’s pay?

However, in relation to significant institutions, a nominations committee must be established, which should be made up of non-executive directors and will be responsible for preparing a description of the roles and capabilities required for particular appointments.

Another area on which CRD IV focuses is ‘diversity,’ which in this case entails a reasonable balance between males and females at the top. The directive states that firms should promote diversity and should consider a broad set of qualities and competencies when selecting directors. Each firm’s nomination committee should set a target number for the under-represented gender on the board and prepare a policy to reach it. It will have to make a record of every ‘target, policy and implementation’ exercise of this kind that it goes through and disclose the results, if any, to the regulator every year. There is a slight contradiction here. As the main aim of CRD IV’s governance policy is the appointment of directors with the most appropriate sets of skills, gender targets might burden boards with an irrelevant distraction while they are trying to fulfil this objective.

A separate risk committee

In relation to risk, CRD IV requires each board to produce an annual declaration about the adequacy of its firm’s risk management systems. It should establish a separate risk committee full of non-executive directors and should devote as much time to risk management “as it considers appropriate.” However, the risk management function, which should be independent of operations and management, should still have sufficient authority, status and resources.

These developments in corporate governance are in line with the FCA’s practice of interviewing members of the boards and non-executives of regulated entities with a view to assessing their competence, their understanding of the business in hand, and their aptitude for understand- ing risks and setting up whatever controls are required or appropriate.

ICAAP documents

CRD IV retains the internal capital adequacy assessment process (ICAAP) that was in place under CRD III, but with one small change. Firms are now required to implement and document their policies and processes for identification, management and the mitigation of material hazards such as market risk, counterparty risk, operational risk, business risk and residual risk.

The need to keep documents about each of these risk categories is, substantially, a new requirement and is likely to burden some firms more than others. At one end of the spectrum there will be firms that are already accustomed to writing something about every single risk category, even if it is only to record the reason why they see no need to bother with it, i.e. to record the fact that their business does not involve it. At the other extreme there will be firms that have traditionally taken the approach of grouping risks together broadly rather than listing and commenting on them individually.

Firms ought to fall into the former camp rather than the latter. They should list every risk category in their ICAAPs, which they should then keep as part of their internal records. They do not have to send the ICAAPs off automatically to the FCA, which can always demand to see them during visits or even ask for them to be sent over at any time. Although this new requirement might appear to be a tweak to the wording of the rules rather than a full-scale change, it is a change nevertheless and every firm must take account of it.

Regulatory reporting – still at the top of the agenda

The issue that is uppermost in firms’ minds today (and has been generating a lot of challenges) is the actual process of regulatory re- porting and the completion of financial returns. Although the FCA will continue to collect all the data that CRD IV requires it to by means of its GABRIEL system, it is now telling firms that they must provide it in XBRL format. Ultimately, by using XBRL, the FCA expects to be able to compare and interrogate data much more intensively and on a much larger scale than hitherto. This greater degree of data interrogation is consistent with the generally more interventionist approach of the FCA, and in the future it might lead to a deluge of section 166 notices that force firms to hire ‘skilled persons’ to examine them for shortcomings in governance.

In order to provide data in the correct format, i.e. to convert documents into XBRL and send them on, financial firms are currently either outsourcing the job to their compliance advisors or to other entities, or scouring the software market for products that will allow them do this themselves. They have encountered several problems with the peculiar taxonomy that the European Banking Authority (EBA) uses and recent changes to it have resulted in the reporting deadlines for the March quarter being pushed back, with firms now having to file by 30 June 2014, despite GABRIEL still referring to 2 June as the re- porting deadline. Moreover, following recent rule changes to do with the calculation of certain figures to go in the regulatory returns, some firms have had to increase their capital stocks.

Finally, in addition to these teething troubles, firms would be well advised to pay close attention to the changes that CRD IV has made to some of the terminology that pertains to consolidated reporting. Consolidated reporting has nothing to do with consolidated accounts but instead relates to various regulatory disclosures that the EU calls for in furtherance of its aim of standardising prudential reporting throughout its territory, the better to allow governments to identify concentrations of risk in the macro economy. These disclosures run alongside GABRIEL reporting and firms have to make them on a ‘solo’ basis and on a ‘consolidated’ basis. In any case, because of the changes contained in CRD IV, firms which might not previously have had to engage in consolidated reporting must now do so.

Remuneration

When it came into force, CRD III introduced a number of remuneration requirements relating to pay policies, governance, structure and disclosure. CRD IV has introduced further requirements and limitations, mainly in relation to a ‘bonus cap’. It expands the provisions and requirements for remuneration committees, guaranteed bonuses, payment in non-cash instruments, malus and termination payments. Malus has been defined as ‘clawback’ and in the context of CRD IV relates to the reduction of deferred pay in certain circumstances. Up to 100% of variable remuneration (such as discretionary bonuses) must be subject to ‘clawback’. Malus arrangements allow firms to reduce unvested awards or forfeit them altogether, some- times clawing them back, i.e. requiring vested awards to be repaid. Such arrangements are especially applicable to any individual who has participated in, or been responsible for, conduct which has resulted in significant losses to his or her institution, or who has failed to meet appropriate standards of fitness and propriety.

* Lorraine Bay has been advising regulated brokers, investment managers, asset managers, finacial advisors, banks and hedge fund managers for 20 years. She is available at lorraine.bay@moorestephens.com or on +44 (0)20 7334 9191.