The impact of the proposed statutory regulation of mortgage intermediaries by the Financial Services Authority (FSA) is likely to hit mortgage intermediary owners and senior managers the hardest. The competencies required of senior staff by the FSA will be an important consideration as firms prepare themselves to be determined ‘fit and proper’ by the FSA when they complete and submit the FSA authorisation application form with the relevant supporting evidence.
This should not come as a shock, as there has been a significant shift in the FSA’s approach to senior management since the Financial Services and Markets Act 2000 came into effect on 1 December 2001.
With effect from the implementation of the main provisions of the Financial Services and Markets Act 2000 (known as N2), the FSA now places a greater onus on senior management to ensure their firms meet high standards in the services they provide to consumers.
The FSA is determined to ensure the highest levels of management within regulated firms take a proactive stance in ensuring their business has effective systems and controls in place to meet regulatory requirements.
Hierarchy of responsibility
Previously, the compliance manager was responsible for key aspects of regulation within the firm. But it is now clear the responsibility for dividing duties among senior managers and for overseeing the establishment of the firm’s systems and controls resides with the chief executive of the firm. It is now the top people who will be held personally responsible ‘ not their appointees.
The FSA has used its powers under the Financial Services and Markets Act 2000 to set out the details of the new regime in its Handbook of Rules and Guidance.
Part one of the handbook sets out high level standards that apply to all regulated firms and persons occupying certain positions in these firms. This now includes sections such as:
• Statements of principle and code of practice for approved persons, and;
• Principles for business and senior management arrangements, systems and controls.
The handbook specifically spells out what the FSA expects of senior management within regulated firms.
The key changes in respect of management competence, which took effect on 1 December 2001, are:
• Responsibility is now placed on management to create and maintain proper systems and controls.
• The ‘approved person’ regime was introduced for key risk management roles.
• Firms are now required to comply with high-level standards for the training and competence of their staff.
• Firms are required to maintain sufficient skills and experience on their boards to provide proper control and independent challenge.
• The requirements for the reporting of financial information have been enhanced.
It is clearly evident the FSA is now putting more emphasis on the way in which firms manage themselves, focusing principally in four areas:
• Corporate governance.
• Risk management.
• Systems and controls.
• Training and competence.
At the top of the hierarchy of responsibility is the chief executive officer ‘ the most senior individual responsible for the conduct of the firm’s regulated business. This person will not be allowed to delegate their overall responsibility and could be held personally liable if there is a breach of regulatory requirements in their firm. Penalties for failure could include fines, public censure and ultimately prohibition from any future involvement in a regulated business.
This person has overall responsibility for ensuring there is a clear division of roles among the top managers, including non-executive directors, so that any individual responsibilities for various aspects of the business are clearly identified, and to ensure the firm has adequate systems and controls in place. Additionally, this person must ensure the reporting lines and decision-making processes are effective.
Any senior manager with oversight of a distinct function must satisfy themselves that the reporting lines to them, in respect of that function, are in place and effective. The FSA will expect the senior manager to take real responsibility and not just pay lip service to their obligations. They need to ensure all the necessary information about the different aspects of the firm’s business is provided clearly, in sufficient detail and on time so that senior management can make the necessary informed decisions.
It should be stressed that the FSA will be concerned with any aspects of a firm’s business that might present a risk to its regulated activities, not just those that are to do with compliance with the FSA’s Rulebook.
There is particular emphasis on the security of computer systems and the FSA’s interest in the IT systems and business strategies may well include non-regulated aspects of a firm’s business.
Senior management need to ensure a dynamic programme for the continuing review and monitoring of systems and controls is put in place, regularly reviewed and acted upon in order to ensure the systems and controls themselves evolve as the business matures.
In parallel with these actions is the need to create an audit trail of all of the steps taken. The FSA will want to inspect these records and the supporting evidence in order to ensure the senior management have taken their responsibilities seriously and implemented these steps.
Remember : ‘if it isn’t written down, it didn’t happen.’
Ian Langley is a tutor with Incisive Training, a professional training organisation set up in conjunction with Mortgage Solutions to help mortgage advisers to pass the MAQ qualification. He is also a director of IFAct Mortgage Framework, which specialises in compliance solutions for the mortgage industry and is part of the IFAct Group of Companies.