Corporate Governance in Financial Institutions

Corporate governance in financial institutions, C.O.B.
2019, 165(Apr), 1-38
For educational use only

Corporate governance in financial institutions
Jake Green, Lorraine Johnston and Bisola Williams
Journal Article
Compliance Officer Bulletin
C.O.B. 2019, 165(Apr), 1-38
Subject
Financial regulation
Other related subjects

Company law
Keywords
Audit committees; Board of directors; Brexit; Chairperson; Compliance; Corporate governance; Diversity; Enforcement; Ethics;
Financial Conduct Authority; Financial institutions; Non-executive directors; Remuneration committees; Senior managers and certification
regime; Shareholders
Cases cited
Pottage v Financial Services Authority [2013] Lloyd's Rep. F.C. 16; [2012] 4 WLUK 392 (UT (Tax))
Legislation cited
Companies Act 2006 (c.46) s.172, s.173, s.174
Financial Services and Markets Act 2000 (c.8)
Directive 2013/36
Directive 2014/65
Directive 2014/59
CONTENTS
1. Introduction
2. History of corporate governance
3. Statutory and supervisory requirements
4. Who is responsible for corporate governance?
5. Audit Committee and Audits
6. Remuneration and Remuneration Committee
7. Senior Managers and Certification Regime
8. Recovery and resolution
9. Board composition, "women on boards" and diversity
10. European and international developments
11. Transparency, ethics, culture and Brexit
12. Enforcement action of note
13. Conclusion: The view ahead
*C.O.B. 1 1. Introduction
It is over 10 years since the onset of the financial crisis that changed the corporate governance landscape in financial
institutions. The financial crisis exposed deficiencies in risk management, governance structures and processes in banks, and
© 2022 Thomson Reuters. 1

Corporate governance in financial institutions, C.O.B. 2019, 165(Apr), 1-38
highlighted the need for quality internal and external audit. The focus placed by companies on shareholder value maximisation at
the expense of other stakeholders also received greater scrutiny. Remuneration practices in financial institutions were regarded
by some observers as encouraging excessive risk-taking and were deemed to be misaligned with the long-term success of
financial institutions. Failings in non-executive oversight in terms of providing an effective challenge to board strategy, as well
as deficiencies in the composition of remuneration committees and audit committees were also highlighted.
The UK has been at the forefront of corporate governance initiatives, often introducing its own measures which are then
modified later in response to European measures.
*C.O.B. 2 The Independent Commission on Banking and the Parliamentary Commission on Banking Standards were among
the most notable examples. In promoting financial stability and competition and ending the "too big to fail" phenomenon, both
the Bank of England's resolution and resilience agenda and the UK ring fencing regime place importance on sound governance
structures. 1
Just as the financial crisis storm was settling and regulatory initiatives had been embedded to tackle some of the failings that led
to it, a new scandal hit the industry. The LIBOR and EURIBOR scandal has led to further initiatives aimed at tackling conduct
risk and embedding good culture at financial services firms.
The financial crisis also eroded the trust of the public in financial institutions. In order to regain this trust, an emphasis has
been placed on promoting high standards in banking, and reforming culture in the financial institutions. The introduction of
the senior managers and certification regime ("SMCR") in March 2016 and the Banking Standard Boards are perhaps the most
salient examples of this. The SMCR is a watershed moment for executives and senior managers at financial services firms. The
regulator has introduced the regime to increase individual accountability at banks and ensure that managers who are responsible
for areas of the financial institution in which there is a regulatory breach of the rules are held to account.
Culture remains an issue on the regulatory radar and regulators are continually highlighting the importance of aligning behaviour
with positive values, and ensuring that this is rewarded by firms. While the regulators have shied away from prescribing
a uniform approach for financial institutions, boards are being encouraged to view culture and conduct very seriously. The
regulators have also now indicated misconduct can take many forms, including non-financial misconduct such as sexual
harassment.
Increasingly, as a result of pressure from international organisations financial institutions, like other listed companies are
required to incorporate ethics and other non-financial matters in their corporate reporting and demonstrate engagement with
stakeholders other than shareholders.
Since the financial crisis, the most critical development in the last few years affecting financial institutions has, arguably, been
the decision of the UK to leave the EU. Given the UK's leadership position in setting governance standards, the impact of Brexit
on the UK corporate governance regime is not generally thought to be seismic, although it has had an effect on corporate
reporting.
2.1 The Cadbury Report

Corporate governance in the UK has undergone rapid transformation, starting with the 1992 Cadbury report which reported
on corporate governance generally and directors' responsibilities in relation to financial reporting in particular. 2 This was
followed by other notable reports such as the Greenbury report in 1995, 3 and the Hampel report in 1998. 4 The Hampel Report
addressed a concern that the emphasis on accountability in the work of the previous committees had, to an extent, neglected to
take into account that a board's primary responsibility is to act in the best interests of the shareholders by promoting the long-
term success of the company.
*C.O.B. 3 The Cadbury Report instituted key principles of modern corporate governance, first by placing a responsibility on
boards to ensure that companies complied with the "Cadbury Code" and second by requiring the inclusion in the annual report
and accounts of a statement by the directors of the extent to which they had achieved such compliance.
Drawing on the work of the Cadbury, Greenbury, and Hampel committees, the original Combined Code appeared in 1998. The
original version of the Code contained the mix of principles and provisions which has been preserved in subsequent revisions. It
also dealt with the main elements of corporate governance which had been identified in the earlier studies and which continue

to be of relevance, namely the composition and role of the board of directors, directors' remuneration, the role of the company's
shareholders and the company's relationship with them, and the role of the auditors and the board's relationship with the auditors.
Now known as the Corporate Governance Code, it is usually updated every two years and the most recent version was
published in July 2018 5 and applies to accounting periods beginning on or after 1 January 2019. Companies are expected to
be reporting against it from 2020 onwards. Amendments introduced by this version are discussed further below. Additionally,
in July 2010 the Financial Reporting Council ("FRC") published the Stewardship Code 6 (this is also discussed below). The
FRC published a revised version for consultation in January 2019. 7
2.2 The Turnbull Report

In 1999, guidance for directors on compliance with the Code was issued in the Turnbull Report. 8 The first Turnbull Report
took a best practice and principles-based approach to the implementation of a sound system of internal control and reporting to
shareholders on internal control, as required by the Code. The FRC published Guidance on Risk Management, Internal Control
and Related Financial and Business Reporting in September 2014. 9 The guidance was the result of recommendations made by
Lord Sharman in his 2012 final report into going concern and liquidity risk. The guidance replaced the Turnbull Guidance and
sets out best practice in relation to risk management (discussed further below). It is intended to, among other things, prompt
boards to consider how to discharge their responsibilities in relation to the existing and emerging principal risks faced by the
company. Associated changes were made to the Corporate Governance Code in 2014 as result (discussed in further detail
below).
2.3 The Higgs Report

In 2003, the conclusions of Sir Derek Higgs's review of the role, independence and recruitment of non-executive directors were
published and incorporated into a revised version of the Code issued the same year. 10
Higgs expanded the Code's recommendation that the board should comprise at least one-third non-executive directors, the
majority of whom should be independent, into a detailed set of tests of independence, such as length of tenure. Higgs also
recommended that all listed companies should establish a nomination committee, chaired by an independent non-executive
director and comprising a majority of independent non-executive directors.
2.4 The Smith Report

The Smith Report of 2003 comprised a set of recommendations in relation to the audit committee and the role of directors
serving on the audit committee. 11 These recommendations were incorporated into subsequent revisions of the Code.
2.5 The Walker Review

The Walker Review in 2009 was specifically addressed to banks and other financial institutions, the focus of the report was on
those failures of corporate governance which contributed to the financial crisis, but as noted in the final report, a number of
the recommendations can be applied more generally to all listed companies. 12
The Walker Review included 39 recommendations along with details about how each recommendation was to be implemented
in the related areas of board size, composition and qualification; functioning of the board and evaluation of performance; the
role of institutional shareholders; governance of risk; and remuneration.
*C.O.B. 4 2.6 The Turner Review

The Turner Review was published by the then Financial Services Authority ("FSA") in 2009. The purpose of the review was to
set out the proposals for reforming UK and international approaches to the way banks are regulated, to reduce the probability
and severity of future crises. 13
The review highlighted the importance of high standards of risk management in outlining the FSA's policy approach to
corporate governance in financial services firms. A key area of criticism was the existing decision-making capacity of boards

and the role of non-executive directors in questioning decisions of the boards. Lord Turner noted that improvements in the
effectiveness of internal risk management and firm governance are essential.
Turner recommended that non-executive directors should have appropriate technical expertise to understand all dimensions of
the risks being taken and should have sufficient time to devote to enable them properly to oversee complex business (i.e. weeks,
rather than days, per month).
The FSA amended the guidance on the "fit and proper" test for approved persons so that from 1 May 2011 it was able to have
regard to the extent to which the individual is capable of meeting the specified time commitment for the role. The consultation
paper also noted that the regulator expected firms to take into account time that NEDs have committed to other roles and at
other companies when considering whether the proposed NED is capable of performing the role.
2.7 Independent Commission on Banking Report

In 2011 the Final Report was published of the Independent Commission on Banking ("ICB"), a body established by the UK
government and chaired by Sir John Vickers, which looked into improving stability and competition in UK banking. 14 A
key component of the recommendations, which were designed to promote long-term stability of UK banking, was structural
separation between retail banking and wholesale/investment banking i.e. the ring-fencing regime. The report considered that an
effective ring-fencing regime required certain governance structures, namely that the board of the UK retail subsidiary should
have a majority of independent directors, one of whom is the chair. In response to the ICB's recommendations, the Financial
Services (Banking Reform) Bill was published by the Government.
The ring-fencing regime and, in particular its governance requirements, are set out in s.142 of the Banking Reform Act 2013. 15
Section 142H sets out the PRA's rule making powers in relation to the ring-fenced body's board membership, risk management
and human resources policy. In the Ring-Fenced Bodies Part and the Allocation of Responsibilities Part of the PRA Rulebook,
the PRA sets out its expectations in relation to board, board committees and the chairman of ring-fenced bodies. It requires half
of the board to be independent non-executives. The ring-fenced body will be required to have its own risk, audit, nomination
and remuneration non-executive board committees. There are also requirements in relation to risk management and internal
audit as well as requirements in relation to the chair of the remuneration committee. The ring-fencing regime came into force
on 1 January 2019.
2.8 Parliamentary Commission on Banking Standards

The Parliamentary Commission on Banking Standards ("PCBS") was set up to consider professional standards and culture of the
UK banking sector amid regulatory and competition concerns in relation into the LIBOR rate-setting process. It also provided
pre-legislative scrutiny for the Banking Reform Bill, offering a number of recommendations on the mechanical details of the
ring-fencing regime.
The final report "Changing Banking for Good" was published in June 2013. 16 The report identified a common cause in
banking failures, arguing that many "have their origin in a failure of standards at the most senior levels of the bank concerned.
Numerous incidents across a wide range of business areas within a bank may be indicative of wide-scale failings in leadership,
risk management and behaviour". The report contained over 100 recommendations, with 58 specifically relating to the FCA.
Recommendations included: (i) introducing a new Senior Persons Regime, to replace the existing Approved Persons Regime,
governing the behaviour of senior bank staff, and a new framework for regulating individual standards of conduct in banking;
(ii) amending remuneration for senior bank executives so that incentives more closely reflected the longer run balance between
business risks and rewards; and (iii) a new criminal offence for reckless misconduct for senior bankers.
*C.O.B. 5 The PCBS report also called for a special measures tool for the PRA and the FCA. As a result, the FCA published
"Tackling serious failing in firms: A response to Special Measures proposal of the Parliamentary Commission on Banking
Standards" in June 2014, 17 while the PRA published its "Statement of Policy: The use of PRA powers to address serious
failings in culture of firms". 18 As a result of the PCBS recommendations, the Senior Managers, Certification and Conduct
Rules Regime was introduced to replace the Approved Person Regime (which is detailed below).

2.9 The Kay Review

Professor Kay's final report on the review of UK equity markets and long-term decision making was published in July 2012. 19
The report looked into the character and quality of shareholder engagement and accountability of companies to shareholders. It
concluded that "short-termism" was a problem in UK equity markets and was caused by a breakdown of trust and misalignment
of incentives. The report noted fragmentation in the shareholding of UK entities, with a decreasing role for UK insurance
companies and pension funds and an increase in foreign shareholding. It identified a lack of investor oversight as a flaw behind
a number of corporate governance failings in banks.
The report contained a number of recommendations, including: (i) a proposal that companies consult with significant long-term
investors over board appointments; (ii) amending the Stewardship Code to incorporate a more expansive form of stewardship
and establishing an Investor Forum; and (iii) structuring remuneration to relate incentives to sustainable long-term business
performance.
The Investor Forum was launched in December 2013 by the Collective Engagement Working Group. The Collective
Engagement Framework was published in June 2016 and outlines a process whereby investors can initiate dialogue where they
feel that the long-term value of the company is at risk.
2.10 Professor Lambert report

In May 2014, Sir Richard Lambert published a report containing recommendations made by the then Banking Standards
Review Council, an organisation set up to promote high standards of behaviour and competence in UK banks in response to
the recommendation contained in the PCBS report. 20 The Lambert report followed a request from the Chairmen of the UK's
seven largest banks and building societies.
The Banking Standards Board, as it is now known, is funded by member banks but intended to be independent of them. It
is designed to, among other things, set standards of good practice and assist banks in meeting their obligations under new
legislation. It set up a working group on the certification regime under the SMCR and in February 2017, published good practice
guidance "Statement of Good Practice 1 on the Certification Regime: Fitness and Propriety Assessment", a set of high-level
principles to assist banks and building societies in implementing procedures to assess the fitness and propriety of staff. 21 It
published supporting guidance in February 2018. 22
2.11 BEIS Green Paper and House of Commons BEIS Committee Inquiry
In September 2017, the Government published a response 23 to the final report of the Department for Business, Energy
and Industrial Strategy's Select Committee Corporate Governance Inquiry. 24 In August 2017, the Government published
a response 25 to its November 2016 Green Paper on Corporate Governance Reform. The Green Paper response set out
measures relating to: addressing concerns over how companies respond to shareholder opposition in relation to executive
pay; strengthening the employee, customer and supplier voice in companies; and improving corporate governance in large
privately-held businesses. Secondary legislation in the form of The Companies (Miscellaneous Reporting) Regulations 2018
was published to give effect to these measures. 26 The Regulations apply to company reporting on financial years beginning
on or after 1 January 2019.
2.12 The current operation of the UK Corporate Governance Code

The UK Corporate Governance Code was revamped in 2018 ("2018 Code"), introducing a new structure and layout. 27 The
2018 Code is said to be shorter and sharper, containing fewer Provisions and no Supporting Principles. The 2018 Code will
apply to accounting periods beginning on or after 1 January 2019. The 2018 Code consists of 5 sections, 18 Principles, and 41
corresponding Provisions. The Principles *C.O.B. 6 set out high level standards of good corporate governance in the areas
of leadership, effectiveness, accountability, remuneration and relations with shareholders.
All companies with a Premium Listing of equity shares in the UK are required under the Listing Rules to report on how they
have applied the Code in their annual report and accounts. Companies are required to state how they have applied the Principles
of the Code, and either to confirm that they have complied with the Code's provisions or, where they have not, to provide an
explanation (the principle of "comply or explain").

Currently, the Listing Rules require the disclosure statement to include:
(a) a statement of how the listed company has applied the Main Principles, in a manner that would enable shareholders to
evaluate how the principles have been applied; and
(b) a statement as to whether the listed company has:
a) complied throughout the accounting period with all relevant provisions of the Code; or
b) not complied throughout the accounting period with all relevant provisions of the Code and if so, setting out;
c) those provisions, if any, it has not complied with;
d) in the case of all provisions whose requirements are of a continuing nature, the period within which, if any, it did not comply
with some or all of those provisions; and
e) the company's reasons for non-compliance.
Of importance are the various corporate governance voting guidelines issued by institutional investor bodies and the proxy
advisory industry, setting out how members should interpret a company's compliance with the Code, as well as recommendations
for key votes at annual general meetings. Bodies such as the National Association of Pension Funds (now The Pensions
and Lifetime Savings Association ("PLSA")) have, in the past, signalled their concerns about a company's compliance with
corporate governance best practice by issuing "amber top" or "red top" alerts on proposed policies.
3. Statutory and supervisory requirements

Whereas the 2018 Code is a statement of best practice, directors of financial institutions remain subject to mandatory statutory
and supervisory requirements in relation to governance matters through company law and financial services regulation.
3.1 Companies Act 2006

Directors of UK companies have been subject to long-established fiduciary and common law duties that have developed to
protect companies' interests. These duties were put on a statutory footing for the first time in the Companies Act 2006. UK
company law does not make a formal distinction between executive and non-executive directors and accordingly the principal
statutory duties of directors apply to both executive and non-executive directors equally. In respect of general corporate
governance matters, the most important provisions of the Companies Act 2006 are set out in ss.172-174.
1. Section 172 specifies the duty to promote the success of the company. Directors must act in a way that they consider, in good
faith, would be most likely to promote the success of the company for the benefit of its members as a whole and, in doing so,
they must have regard, amongst other matters, to the following six factors:
<DPA5>(a) the likely consequences of any decision in the long term;</DPA5> <DPA5>(b) the interests of the company's
employees;</DPA5> <DPA5>(c) the need to foster the company's business relationships with suppliers, customers and others;</
DPA5> <DPA5>(d) the impact of the company's operations on the community and the environment;</DPA5> <DPA5>(e) the
desirability of the company maintaining a reputation for high standards of business conduct; and</DPA5> <DPA5>(f) the need
to act fairly between members of the company.</DPA5>
*C.O.B. 7 2. When assessing what course of action would be most likely to promote the success of the company for the benefit
of its members as a whole and formulating a rationale for their corporate decisions, directors are under a duty to take a long-
term view of the implications of those decisions. They should pay due attention to each of the statutory factors and any other
factor which may be relevant. The effect of this provision should be to preclude excessive focus on the short-term implications
of a particular course of action, such as the immediate effect on the company's share price or a director's personal remuneration.
3. The secondary legislation introduced in response to the government's Green Paper on corporate governance requires a
statement in the strategic report section of annual reports setting out how directors have considered the matters set out in s.172(a)-
(f) when performing duties under s.172 of the Companies Act 2006. 28 The requirements apply to financial years beginning on
or after 1 January 2019. The GC 100 has published guidance to assist directors in carrying out this duty, encouraging directors

to view the duty as having in place a culture whereby consideration of the long-term, wider impact of actions forms part of
decision making. 29
Section 173 provides that directors must exercise independent judgment at all times. Directors are not precluded from delegating
the functions that have been conferred on them by the company's articles of association provided that the power of delegation
is duly exercised in accordance with the articles of association and that the delegating director has fulfilled his s.174 duty
to exercise diligence in the appointment and supervision of his delegate. Nor are directors precluded from taking third-party
advice, although the final responsibility for board decisions must remain with the directors.
Section 174 provides that directors must exercise reasonable care, skill and diligence in everything that they do for a company.
In complying with this duty, directors must not only exercise the general knowledge, skill and experience reasonably expected
of a person carrying out their functions, but must act in accordance with any general knowledge, skill and experience that they
actually possess.
3.2 The Financial Services and Markets Act 2000

The Financial Services and Markets Act 2000 ("FSMA") grants the power to the FCA to issue statements of principle which
detail the conduct expected of approved persons of financial institutions. To the extent that executives of financial institutions
do not manage those institutions in accordance with the FCA's rules and principles, the FCA has the power to remove their
approved status and this could prevent them from sitting on the board of a financial institution in future.
3.3 FCA Handbook

The FCA regulates boards of financial institutions through a combination of both principles and rules:
The FCA's Principle 3 implies a responsibility on the board of financial institutions for ensuring that it takes reasonable care
to organise and control the affairs of the financial institution effectively.
The FCA rules amplify the principle set out above. In particular, the FCA has in place rules surrounding senior management
systems and controls ("SYSC"). All regulated financial institutions must comply and monitor compliance with these rules. It
requires financial institutions to allocate and document certain senior management functions so that the division of responsibility
for complying with the FCA rules is clear. Senior managers are expected to delegate responsibility in order to meet their
regulatory obligations and institutions must demonstrate clear reporting lines from employees to the executive so that a firm
can ensure that it has all of its regulatory obligations covered.
An institution's SYSC arrangements should provide the board with the management information it needs to identify, measure,
manage and control regulatory risks and three factors will be the relevance, reliability and timeliness of that information. Part of
its role is to identify regulatory problems via the receipt of management information from the compliance monitoring team, and
it is under an obligation to act on that information to reduce regulatory risk. FCA enforcement action frequently *C.O.B. 8 cites
the failure of boards to act on management information as a strong contributory factor in fining regulated financial institutions.
The FCA rules specifically state that, where the Code is relevant to financial institutions, the FCA, in considering whether an
institution's obligations under SYSC have been met, will give that institution credit for following the principles in the Code
and related guidance.
4. Who is responsible for corporate governance?

The financial crisis led to extensive efforts by governments and regulators to establish the causes of the crisis in order to
introduce preventative measures against similar future problems. Risk management and board effectiveness came under scrutiny
and in particular the respective responsibility for corporate governance of non-executive directors, the chair of the board and
shareholders.
The FCA's approach to governance across the board is based on the simple statement "boards run businesses". In this regard,
the board should drive the business, develop the strategy, manage the risks, and hold the executives to account for delivering
on this agenda.

In its Supervisory Statement, "Corporate Governance: Board responsibilities" (SS5/16), the PRA stated that an effective
board: establishes a sustainable business model and a clear strategy consistent with that model; articulates and oversees a clear
and measurable statement of risk appetite against which major business options are actively assessed; and meets its regulatory
obligations, is open with the regulators and sets a culture that supports prudent management. 30 The Statement also provides
that the board should articulate and maintain a culture of risk awareness and ethical behaviour for the entire organisation to
follow in pursuit of its business goals.
The Supervisory Statement also provides that the PRA's expectations of boards will also be influenced by the recovery and
resolution strategies for the firm or the group (further information below), "taking account of the extent to which the PRA would
need to be satisfied that the board of a significant PRA-regulated subsidiary is constituted and performs in a way that shows
that they are capable of independent action".
Of course, within any board, a number of different roles are played by different parties. We consider next the role of non-
executive directors and chairs and various committees.
4.1 The role of the non-executive director

Although all directors, both executive and non-executive, have exactly the same duties in company law, as described above,
the two roles are distinct in corporate governance terms. At a basic level, the presence of non-executive directors effectively
differentiates the board from the management team. In a board which is composed entirely of members of the management
team, there is potential for the role of the board to be reduced in extreme cases to simply documenting the company's compliance
with regulatory, legal and shareholder requirements.
Under the Code, the role of non-executive directors requires non-executive directors to "constructively challenge and help
develop proposals on strategy". Under the Code, non-executive directors are required to scrutinise the performance of
management in meeting agreed goals and objectives and monitor the reporting of performance. Non-executive directors are
expected to be confident about the integrity of financial information and that financial controls and systems of risk management
are robust and defensible. They are responsible for determining appropriate levels of remuneration of executive directors and
have a prime role in appointing and, where necessary, removing executive directors, and in succession planning.
Taken together, these principles emphasise the necessity for proper control over the development, adoption, execution and
review of strategy. In a board with non-executive directors present, shareholders should have a reasonable expectation that those
non-executives have contributed significantly to exercise that control.
Ensuring that non-executive directors can engage effectively with boards in relation to complex financial matters has been
another key concern. Increased time input by non-executive directors was recommended by the Walker Review, as was the
implementation of structured selection, induction and *C.O.B. 9 training programmes for new appointees to the board. Non-
executive directors should also monitor their own effectiveness and ensure that they have the right experience, competence and
skills, and access to the right information about the enterprise, to make an effective contribution to corporate governance. In
addition, the Walker Review argued that the complexity and importance of risk management in a financial institution was such
that board oversight of risk should be supported by a full-time chief risk officer.
Non-executive directors are caught by the requirements of the SMCR, discussed below, which means that they may be under
a duty of responsibility and subject to conduct rules.
4.2 The role of the Chair

The chair is expected to manage the board and to be accountable to the board, shareholders and other stakeholders for the
performance of the board. Principle E in the 2018 UK Corporate Governance Code outlines the chair's responsibility for
"leadership of the board and ensuring its effectiveness on all aspects of its role".
The 2018 Code also sets the key elements of the Chair's role. These include ensuring that the board's time is constructively
used by setting appropriate agendas and promoting successful discussion of strategic issues. In particular, this entails creating
the conditions in which productive debate between the executive team and the non-executive directors can take place, being
sensitive to personal dynamics within the board (not least the chair's own relationship with the CEO) and having the ability
critically to evaluate board performance on an ongoing basis.

In addition, the Chair is the member of the board primarily responsible for ensuring that the board is accessible to major
shareholders on a regular basis and for ensuring that the board is made aware of shareholder concerns so that these can be
addressed.
The role of the Chair is therefore reliant on having an individual who has both the breadth of skills and experience to lead the
board effectively and sufficient industry expertise to ensure that strategic issues are properly debated.
The PLSA 2019 Corporate Governance Policy and Voting Guidelines provide that time commitment is important to the chair's
role, especially in the case of financial services where the company is complex and operates in a highly regulated sector. 31
In its 2015 Supervisory Statement on corporate governance, the PRA confirmed that it also expects firms to have a non-
executive chairman, who is independent on appointment, in line with the UK Corporate Governance Code. 32 Where this is
not the case, the firm should be able to explain how its governance arrangements will otherwise satisfy the need for independent
oversight of the executive. The Chair is a senior manager under the SMCR and as such a Chair will be under a duty of
responsibility and subject to conduct rules laid out by the regulators.
4.3 The role of shareholders

The FRC has noted that "satisfactory engagement between company boards is crucial to the health of the UK's corporate
governance regime. Companies and shareholders both have responsibility for ensuring that "comply or explain' remains an
effective alternative to a rules-based system". 33
The nature of the market is such that it is difficult and undesirable to prescribe through regulation a minimum level of active
corporate governance engagement by shareholders with investee companies. As discussed earlier, financial institutions, in
common with other listed companies, have a dispersed ownership and legal and regulatory rules govern the nature and form
of communication between companies and shareholders. Institutional investors have a fiduciary responsibility to their clients
which may militate against long-term engagement with investee companies. The average time for which shares are held has
reduced from six years in 1950 to less than six months. The rise of so-called passive funds (index tracking units or ETFs)
discourages deep engagement owing to the fact that investors may be less concerned with specific attributes of individual
securities. 34 The result of these so called "ownerless companies" is said to be more difficulty in influencing management from
pursuing value destroying activities. 35
*C.O.B. 10 One of the Government's action points in relation to shareholder engagement in its response to the Green Paper on
Corporate Governance was to invite the Investment Association to create and maintain a public register of listed companies
that have received votes of 20% or more against a resolution. 36 This was launched in December 2017 and features 22% of FTSE
All-Share companies. 37 This is designed to demonstrate actions companies are undertaking to address shareholder concerns.
A so-called Repeat Offenders List captures all companies that appeared on the Investment Association's Public Register in two
consecutive years for the same resolution. 38 Pay-related issues feature high on the list of shareholder concerns.
The EU Second Shareholders Directive, expected to apply in the UK in June 2019, will introduce requirements in relation to
transparency of the investment strategies and engagement policies of institutional investors and asset managers. 39 The FCA
published a consultation paper (CP19/7) in relation to these proposals aimed at MiFID investment firms providing portfolio
management services, alternative investment fund managers (excluding small AIFMs) and UCITS management companies. 40
The Stewardship Code, first published by the FRC in 2010, was said by the FRC to be complementary to the Corporate
Governance Code and aims to enhance the quality of engagement between institutional investors and companies to help
improve long-term returns to shareholders and the efficient exercise of governance responsibilities. The Code sets out good
practice on engagement with investee companies to which the FRC believes institutional investors should aspire and operates
on a "comply or explain" basis. 41
The Stewardship Code currently consists of seven main principles for institutional investors.
The FCA requires any firm authorised to manage funds, which is not a venture capital firm, and which manages investments
for professional clients that are not natural persons, to disclose "the nature of its commitment" to the Code or "where it does not

commit to the Code, its alternative investment strategy" (under Conduct of Business Rule 2.2.3(1)). The FRC also encourages
service providers, such as proxy voting agencies, to disclose how they have carried out the wishes of their clients by applying
the principles of the UK Stewardship Code that are relevant to their activities. In November 2016, the FRC introduced a tiering
system of signatories to the UK Stewardship Code, based on the quality of their code statements, designed to improve best
practice and transparency. 42
In January 2019, the FRC published proposed amendments to the content and structure of the Stewardship Code to reflect
developments in sustainable finance, responsible investment and stewardship. 43 The structure of the Stewardship Code now
mirrors the 2018 Code, consisting of Sections, Principles and Provisions accompanied by Guidance. Proposed amendments
include: a requirement for signatories to develop organisational purpose and disclose stewardship objectives so as to align with
the focus on purpose placed by the UK Corporate Governance Code; promoting stewardship beyond UK listed equity to
other asset classes, such as private equity holdings and bonds; explicit reference to environment, social and governance factors,
when fulfilling stewardship responsibilities; and tailored provisions to allow for differentiation for asset owners, asset managers
and entities providing services (e.g. proxy advisors) under the regime. Reporting will be in two parts: a Policy and Practice
Statement upon signing the Stewardship Code; and an annual Activities and Outcomes Report.
5. Audit Committee and Auditing

It is fair to say that the role and effectiveness of the audit function came under intense scrutiny as a result of the financial crisis
and questions were asked as to whether there was adequate and regular dialogue between external auditors, internal auditors
and the audit committee. Auditors were described in the PCBS report as being "cheerleaders" for "questionable reporting" in
bank accounts. The internal audit was accused of not showing enough scepticism. The PCBS report also criticised the three
lines of defence system for controlling risk, adding that responsibilities had become blurred and that those in risk, compliance
and internal audit did not have the power to challenge front line staff. It called for "distinct authority" to be given to internal
control and independence for these functions.
Both the 2008 report by the UK House of Commons Treasury Committee "Banking Crisis: reforming corporate governance
and pay in the City" 44 and the 2010 European Commission Green Paper "Audit Policy: Lessons from the crisis" 45 noted the
concentration of the market in audit services and lack of trust in the audit sector. Many questioned the value of bank audits as
they failed to forsee or warn of *C.O.B. 11 the impending crisis. This cynicism has not reduced and is evident in the response
received to the FRC's decision in 2018 to exonerate KPMG of any wrongdoing in relation to KPMG's audit of HBOS 2007
and 2008 financial statements. 46 The FRC's conclusion of its inquiry found that KPMG's audit of HBOS results did not fall
significantly short of standards expected.
5.1 Auditing
The Head of Internal Audit is a Senior Management Function under the SMCR and speeches by the regulators have given an
indication as to supervisory expectations in this regard. 47 The importance of an assertive internal audit providing a challenge
to senior management and the role the function can play in promoting regulatory objectives is key. 48 In a speech in 2016 Ms
Sasha Mills (Director, Cross Cutting Policy, Bank of England) argued that, for the internal audit function to be effective, it must
go beyond complying with the Code.
The Basel Committee on Banking Supervision's 2012 supervisory guidance on the internal audit function in banks notes the
importance of an independent and effective audit function. 49 It also requires banks to have an internal audit function with
sufficient authority, stature, independence, resources and access to the board of directors. This sits alongside other guidance
such as the Chartered Institute of Internal Auditors "Effective Internal Audit in the Financial Services Sector" which seeks
to improve effectiveness of the internal audit. 50 The 2017 update publication offered recommendations on how to enhance
internal audit in the UK financial services sector. The role of internal audit involves not just assessing processes followed by
the first and second lines of defence in the organisation, but also the quality of their work.
The Basel Committee on Banking Supervision 2014 guidance on the external audit for banks noted the need to improve external
audit for banks and set out 16 principles which included pointers on how the audit committee could contribute to audit quality in
its oversight of the external auditor. 51 It called for an audit committee to have a robust process for approving, or recommending
for approval, the appointment, reappointment, removal, and remuneration of the external auditor.

5.2 Audit market reforms

In 2014, the Statutory Audit Services for Large Companies Market Investigation (Mandatory Use of Competitive Tender
Processes and Audit Committee Responsibilities Order 2014) 52 was published, following the final report of the Competition
Commission in October 2013 into the supply of statutory audit services to large companies. That report identified features in the
audit market which led to an adverse effect on competition. Remedies proposed included shareholder votes on audit committee
reports in company annual reports; strengthening the accountability of the audit committee to the external auditor; and addressing
the dominance of the Big Four Accounting Firms (Deloitte, Ernst & Young, KPMG and PwC) by banning restrictive clauses
in loan documents. The Order requires mandatory audit tendering once every 10 years for FTSE 350 companies and there is
a greater role for the audit committee in the tender process, especially in auditor selection. The provisions in relation to audit
tendering in the Order are similar to those found in the Audit Regulation (Regulation (EU) 537/2014) 53 and the Statutory
Audit Directive (2014/56/EU). 54 Under the EU regime, Public Interest Entities with a financial year beginning on or after 17
June 2016, are required to retender their audit at least once every decade, and have a change of auditor every 20 years. Public
Interest Entities are defined in the Directive as companies with securities admitted to trading on an EU regulated market (but
not AIM-listed companies), as well as unlisted banking and insurance groups (subject to some exemptions in relation to size).
The regime has been implemented in the UK via the Statutory Auditors and Third Country Auditors Regulations 2016 ("The
Audit Regulations"), 55 which made amendments to the Companies Act 2006. 56
Guidance for audit committees carrying out the audit tender process includes the FRC's 2017 guidance note for audit committees
"Audit tenders: Notes on best practice", 57 which gives advice on timing of the tender and engagement with investors, and 2017
guidance from the Investment Association. 58 The latter recommends that the audit committee direct the planning and oversee
the process, engage major shareholders, and set clear objectives and selection criteria.
The rules led to all five major UK banks changing their external auditors, with KPMG taking over as auditor for Barclays Bank
in 2017 after PwC had occupied the position since 1886. (PwC was not invited to the tender process.) 59 Where the European
arm of a US financial institution is deemed to be a Public *C.O.B. 12 Interest Entity, the US financial institution will be
within scope of the rules. This has forced many large, US-headquartered large investment banks to consider long-held auditor
arrangements as they consider how to comply with the rules.
Efforts to enhance competition and corporate governance are also reflected in restrictions set out in the EU audit regime in
relation to non-audit services provided by an auditor to a Public Interest Entity. The Audit Regulation prohibits certain non-
audit consultancy services by an auditor (or members of the auditor's network) to a Public Interest Entity client (or certain of its
parent or subsidiary undertakings). It also introduced a cap on other non-audit consultancy services that an auditor may provide
to its Public Interest Entity client or certain of its parent or subsidiary undertakings.
Many consider that reforms, such as mandatory tendering have done little to decrease market concentration and can only be
said to have increased competition between the so-called Big Four. The CMA's December 2018 update paper 60 following its
October 2018 market study of the statutory audit market still noted concentration in the sector and remedies proposed include:
placing the responsibility for auditor selection process and engagement to an independent body; a mandatory joint audit requiring
sign-offs on the accounts of a client from two audit firms; supporting "challenger firms" by helping them to compete with the
Big Four through a tendering fund and access to technology; and a full structural and operational divide between audit and
non-audit work.
The Joint Business, Energy and Industrial Strategy and Work and Pensions Parliamentary Select Committee is currently
undertaking an independent review into the quality and effectiveness of the UK audit market following high profile accounting
failures at BHS and Carillion. The review will be hearing from so-called Big Four and "challenger" accountancy firms, Audit
Committee chairs, CFOs from FTSE 350 companies and institutional investors. 61
5.3 Audit committees

The Statutory Audit Directive also contains provisions designed to address concerns in relation to the composition of the audit
committee. It requires firms in scope to establish an audit committee as a sub-committee of the board and provides that the
majority of directors be independent non-executives.

The May 2016 PRA Policy Statement PS16/16 "Implementing audit committee requirements under the revised Statutory Audit
Directive" 62 confirmed that audit committees will be required for CRD credit institutions, Solvency II insurers, the Society of
Lloyd's and managing agents and PRA-designated investment firms. Subsidiaries of EEA parents, where the parent has an audit
committee in accordance with art.39 of the Statutory Audit Directive, do not need to have an audit committee, unless those
subsidiaries are significant. The smallest firms were invited to apply for a waiver or modification of the rules, having regard
to the minimum requirements in the Directive.
Consequential amendments were made to the disclosure and transparency rule ("DTR") 7.1 relating to, among other things,
the independence of members of the audit committee and the responsibilities of the audit committee (although, as always, the
FCA considers that compliance with certain provisions of the UK Corporate Governance Code will be deemed as compliance
with the DTRs).
5.4 Corporate reporting on auditing and structure

The UK Corporate Governance Code includes a requirement for the audit committee, as a whole, to have competence
relative to the sector in which the company operates and for the audit committee to have primary responsibility for making
the appointment process for the external auditor. 63 The FRC Guidance for the audit committee also contains enhanced
responsibilities for the audit committee in relation to the audit tender. It recommends that the audit committee should ensure
internal audit has a reporting line which enables it to be independent of the executive and so able to exercise independent
judgement. It also states that the audit committee may also wish to consider whether an independent, third party review of
internal audit effectiveness and processes is appropriate.
Developments in relation to risk management include the FRC's September 2014 guidance on risk management, internal control
and related financial business. 64 This sets out the factors that boards should consider in order to exercise these responsibilities.
Information is also given in relation to establishing and monitoring the risk management and internal control system. Separate
supplementary guidance was produced for bank directors.
*C.O.B. 13 The supplementary guidance provides background information, explaining the context of solvency and liquidity
risk assessments for banks. It considers the fact that more intense liquidity and solvency risks make banks' funding models
"inherently unstable" and so they are subject to greater vulnerability. It also provides supplementary guidance in relation to the
identification and reporting of going concern material uncertainties in financial statements and in relation to narrative reporting
about significant solvency and liquidity risks in the case of a bank.
As of 2014, the UK Corporate Governance Code has required directors to state in the annual report that they had undertaken
a robust assessment of the principal risks facing the company, including risks that could threaten the business model, future
performance, solvency and liquidity. 65 Boards are also required to state whether, taking into account the company's current
position and principal risks, they have a reasonable expectation that the company will be able to continue in operation and meets
its liabilities as they fall due over a specified period of assessment of the board's choice.
The introduction of viability statements in the 2014 UK Corporate Governance Code was designed to place greater focus on
risk management at board and senior management level. In addition to the requirement to consider whether the going concern
basis is appropriate for preparing financial statements, boards are also required to make a longer-term viability statement,
explaining to shareholders how they have assessed the prospects of the company, and why they consider the chosen period for
the viability statement to be an appropriate one. The FRC expects boards to select a viability period reflecting the nature of the
business. The largest banks seem to opt for three years, with many banks disclosing that this period aligns with their strategic
planning period and that it is within the period over which internal and regulatory stress testing is carried out. Guidance on
viability assessments from the Investment Association and other bodies suggest that these statements could be further enhanced
by providing more information on processes employed to arrive at the statement, including stress and scenario testing. 66 It is
recommended that boards distinguish between risks that impact performance and those that threaten operations, and separate
the assessment of prospects from the assessment of viability. The Investment Association states that a discussion of stress tests
should include the disclosure of specific scenarios considered and specific mitigating or remedial actions (i.e. what could cause
risks to crystallise, the likely impact and how this is mitigated or managed).

6. Remuneration and remuneration committees

As part of the diagnosis of the financial crisis, it was widely accepted (or at least argued!) that remuneration policies were
a contributory factor to the severity and duration of the crisis. The Final Report of the PCBS noted that bankers were often
rewarded for "doing the wrong things" and that bonuses were received before long-term consequences of actions became
apparent. It noted a culture of entitlement to high pay which had been encouraged partly by the composition of remuneration
committees, whereby allegiance to colleagues led members to approve unsuitable pay packages. The report called for a greater
portion of remuneration to be deferred and for a longer period. It also warned against reliance on narrow measures of bank
profitability in calculating remuneration such as "return on equity". BEIS Green Paper on Corporate Governance also noted
a widespread perception that executive pay has become increasingly disconnected from both the pay of ordinary working
people and the underlying long-term performance of companies. 67 The Investment Association's 2018 letter to remuneration
committee chairs states that remuneration committees were "overly considerate of management perspective" at the expense of
shareholders. 68
Since 2013, secondary legislation in the form of the Large and Medium-sized Companies and Groups (Accounts and Reports)
(Amendment) Regulations 2013 set out content requirements for remuneration reports. 69 This comprises: a policy report
containing a forward-looking remuneration policy subject to a binding vote every three years; and an implementation report
outlining how the remuneration policy has been implemented in the last year, which is subject to an advisory vote. As a result
of the BEIS Green Paper, the UK government introduced secondary legislation requiring quoted companies to report annually
the ratio of CEO pay to the average pay of their UK workforce, along with a narrative explaining changes to that ratio from
year to year. 70 The Investment Association recommends that this should be adopted for accounts published in 2019. 71
*C.O.B. 14 6.1 Remuneration Codes

The original remuneration code was published by the FSA in 2009 in response to the financial crisis. There now exist six
remuneration codes and the Remuneration 72 Part of SYSC 19A 73 to 19F contain the remuneration codes applicable to: solo
regulated IFPRU investment firms; AIFMs; 74 BIPRU firms; 75 dual regulated firms i.e. banks, building societies and PRA-
designated investment firms; 76 UK UCITS 77 management companies; and firms 78 with sales staff and advisers who might
not be caught under the other remuneration codes respectively. A CRR firm will be subject to both the Remuneration Part in
the PRA Rulebook as well as SYSC 19D. Under the various remuneration codes, firms are required to ensure that remuneration
policies promote effective risk management. Firms are categorised into three proportionality levels, with Level 1 firms being
the most heavily regulated. The FCA seeks to apply a proportionate approach to the Remuneration Codes, with some provisions
applying to all staff while those relating to the structure of remuneration apply to material risk takers (also referred to as
Code staff/identified staff). These are individuals who are: senior management; risk takers; staff in control functions; and those
within the same remuneration bracket. Commission Delegated Regulation EU No.604/2014 79 and certain provisions of the
SYSC 19A and SYSC 19D contain further details on identifying these staff. The PRA's Policy Statement (PS7/17) 80 and
unified Supervisory Statement (SS2/17) 81 contains further information in relation to this area, as does FCA Policy Statement
(PS17/10). 82 The FCA has issued guidance in relation to the proportionality for various Remuneration Codes.
Under the Remuneration Part of the PRA Rulebook and SYSC 19, firms within scope must ensure that the following apply to
the incentives packages for Code staff whose remuneration exceeds the de minimis threshold:
(a) at least 40% of variable remuneration paid to code staff is deferred over a period, with awards vesting no faster than on a
pro-rata basis (and with the first partial vesting no earlier than one year after the award);
(b) where the amount of the variable remuneration is particularly high, or is paid to an executive director of a "significant"
firm, at least 60% should be deferred;
(c) at least 50% of variable remuneration paid to code staff (whether paid upfront or deferred) is in a non-cash form, specifically
in an appropriate balance of non-cash instruments, for example shares, share linked instruments, bonds which convert into
equity if regulatory capital needs to be increased.
The deferral period for solo-regulated FCA firms is three-five years. For dual regulated firms, the period of deferral varies
depending on whether the individual is a senior manager (seven years deferral with no vesting faster than a pro-rata basis),

"risk manager" (five-year deferral), or "other material risk taker" (minimum three year period with vesting no faster than on
a pro-rata basis).
Firms need to ensure that their remuneration policies and practices promote sound risk management. The remuneration
proportionality rule 5.1 states that a firm can comply with the remuneration rules in a way and to the extent that is appropriate
to its size, internal organisation and the nature, the scope and the complexity of its activities. Under FCA guidance, each firm
is placed into one of three proportionality levels, determined by total assets.
6.2 Performance adjustments and buy-outs

As of 2015, the PRA has required Level 1 and Level 2 firms to apply clawback to vested variable remuneration on a group-
wide basis. 83 The regime permits PRA-authorised firms to reclaim variable remuneration where: there is reasonable evidence
of employee misbehaviour or material error/and or the firm/relevant business unit suffers a material failure of risk management,
taking into account when the material failure arose, the proximity of the particular employee and their level of responsibility.
In its Policy Statement (PS12/15), the PRA confirmed that, for performance period beginning on or after 1 January 2016, the
clawback period would be extended to 10 years in the event of outstanding internal or regulatory developments. 84 Similar
provisions were introduced by the FCA. The relevant provisions are found in Remuneration 15.20 of the PRA Rulebook and
SYSC 19D.3.61R-65R.
Buy-outs, the practice involving staff hired from competitors being compensated for any unvested remuneration that staff would
have received at their former employer (thereby subverting the malus and clawback provisions behind the remuneration code
and its general principles), were criticised in the *C.O.B. 15 PCBS report. The PRA introduced a regime in October 2016
for material risk takers at PRA-regulated banks, building societies and PRA-designated investment firms via an October 2016
Policy Statement (PS26/16). 85 Under the rules, a new employer is required to: agree a buy-out for an employee deemed a
material risk taker at previous employer after the receipt from the employee of a "remuneration statement"; operate malus and
clawback to buyout awards based on the determination "reached fairly and reasonably" by the former employer (who would
provide a reduction notice); and prevent malus and clawback from exceeding the amount of unvested variable remuneration
set out in the remuneration statement. The rules applied to buy-outs agreed from 1 January 2017. Provisions relating to malus
and clawback were made to the 2014 version of the Corporate Governance Code. An addition was made to Provision D.1.1
of the Code (Provision 37 in the 2018 Code) to provide that companies should put in place arrangements to enable them to
recover or withhold variable pay when appropriate, and should consider appropriate vesting and holding periods for deferred
remuneration. The Code also now states that remuneration policies must be designed to promote the long-term success of the
company and that performance related elements should be transparent, stretching and rigorously applied. Changes were made to
Schedule A to the Code to encourage companies to give further consideration to the arrangements they have in place for deferred
remuneration, such as vesting and holding periods for shares (these have now been incorporated into the main body of the 2018
Code). The Investment Association's Principles of Remuneration 2018 expand the circumstances when malus and clawback can
be triggered, and provide guidance for remuneration committees in relation to processes for assessment of malus and clawback.
They also call for share plans and employee documentation to be consistent with malus and clawback provisions. 86
6.3 CRD IV and MIFID II

At the EU level, the Capital Requirements Regulation and the Capital Requirements Directive ("CRD IV" 87 ) apply to
credit institutions and investment firms (i.e. firms that fall within the scope of the markets in financial instruments directive
("MiFID") 88 ) and their subsidiaries, including those established in offshore financial centres. In relation to remuneration by
way of bonus the following applies:
(a) to curb "excessive risk-taking", the basic bonus-to-salary ratio under CRD IV is capped at 1:1.
(b) The ratio can be raised to a maximum of 2:1 provided that where there is a 50% quorum, 66% of votes are in favour of
doing so or, in the event that no 50% quorum is reached, 75% are in favour.
(c) In order to incentivise deferral of bonus pay and facilitate clawback of remuneration, up to 25% of the total bonus can
consist of long-term deferred financial instruments (more than five years), discounted with reference to factors reflecting risk
inherent in the instruments.

(d) Up to 100% total variable remuneration must be subject to malus or clawback arrangements.
The relevant rules for obtaining shareholder consent are found in Remuneration 15.1 of the PRA Rulebook and SYSC
19D.3.49-51R and SYSC 19A.3.44A-3.44CR of the FCA Handbook.
The EBA guidelines on sound remuneration policies under CRD IV came into force in January 2017 and provide that smaller
and non-complex firms will not be able to use the principle of proportionality to dis-apply the application of certain remuneration
rules (including the bonus cap), but would be required to comply in a similar way to systemically important firms. 89 The
EBA also stated that small and non-complex CRD IV firms should be able to dis-apply certain pay out rules (e.g. malus and
clawback). The FCA published guidance (FG 17/5 Remuneration Codes (SYSC 19A and 19D)--Frequently asked questions)
on remuneration in 2017. It confirmed that Level 3 firms could continue to dis-apply the bonus cap where appropriate and
justified. 90
The November 2016 EU legislative proposals amending CRD IV are currently being considered by EU legislative bodies 91
("CRD V"). These amending proposals clarify that rules on deferral and pay-out in instruments apply to all firms, except for firms
below the thresholds set for derogations (although competent authorities may adopt a stricter approach). For investment firms,
the European Commission introduced legislative proposals in December 2017 proposing a three-tier system of classification for
investment firms whereby firms deemed systemically important (Class 1) would be subject to more stringent requirements. 92
The proposals do not impose a "bonus cap" for non-systemically important firms (Class 2), though the proposals provide that
firms would still need to consider a prudent relationship between fixed and variable pay in their own remuneration policies.
Deferral and pay-out in instruments *C.O.B. 16 restrictions will not apply to firms with total gross assets below a certain
threshold. The remuneration and governance rules under MiFID would apply to Class 3 firms. These provide that remuneration
structures of sales staff must not incentivise staff to recommend products which do not reflect clients' needs.
There is still debate as to whether numerous reforms to executive remuneration have made any meaningful impact. In January
2017, it was reported that Blackrock Asset Management had sent a letter to FTSE 350 companies indicating that it would
only approve increases in executive remuneration if these were matched with a similar increase in employee pay. 93 BEIS
Committee's 2017 final report on corporate governance echoed concerns raised by the Executive Remuneration Working
Group's 2017 report in relation to the effects of restrictions on variable pay and the usage of Long-Term Incentive Plans,
recommending that deferred stock rather than LTIPs be viewed as best practice for incentivising long-term decision making. 94
7. Senior Managers and Certification Regime

A key tool used by the FCA and PRA to regulate corporate governance in financial institutions is the direct regulation of those
performing controlled and significant influence functions and holding them accountable for their actions. Since March 2016
there has been a fundamental change in the way that senior managers and other individuals in the UK's largest banks, investment
firms and insurers are regulated and supervised by the FCA and PRA. The SMCR aims to improve the accountability of senior
individuals in financial services firms. This follows the recommendations of the PCBS which suggested that individuals in
financial services firms should take greater responsibility for their actions. The rules are being extended to apply to the rest of
the financial services industry from December 2019. Under the expanded regime, firms would be classified into:
1. Core Firms, i.e. FCA solo-regulated firms who will be subject to baseline requirements (these include a set of governing and
required senior management functions);
2. Enhanced Firms, i.e. FCA solo-regulated firms who will be subject to more stringent rules (such as additional senior
management functions and additional prescribed responsibilities) due to their size, complexity and potential impact on
consumers; and
3. Limited Scope Firms, who will be subject to reduced set of requirements. 95
The SMCR is comprised of the following three main pillars:
• Senior manager regime: These rules cover certain individuals who are subject to approval by the relevant regulator who
perform senior management functions ("SMFs") and to whom certain responsibilities must be allocated and who must have

their fitness and propriety to perform those roles assessed. This regime covers a narrower group of people than the current
Approved Persons Regime.
• Certification regime: This requires firms themselves to assess the fitness and propriety of certain employees who are not
senior managers but who, by virtue of their role, could nevertheless pose a risk of significant harm to the firm or any of its
customers. This moves the onus from the regulator to the firm to conduct the fitness and propriety checks on a number of the
firm's key employees.
• Conduct rules: These rules relate to professional conduct rather than conduct of business. They apply to those individuals
caught by both the senior managers regime and the certification regime to all of a firm's employees other than ancillary staff.
For most people working in a financial services firm, these rules will apply. Recent statements by the FCA suggest that these
conduct rules are viewed as minimum standards of behaviour.
7.1 Senior Management Function

Under the first pillar of the SMCR, firms must identify who is, by virtue of their role, a Senior Manager, and allocate a list of
certain prescribed responsibilities (which are set out by the regulators and will depend on your type of firm) amongst them.
A Senior Manager is someone who performs a senior management function. There is a list of senior management functions
under the senior managers regime, for example, chief executive (SMF1) or head of key business area (SMF6) for UK firms,
which may apply depending on the type of firm. The individuals who hold these functions must be identified and approved
by the relevant regulator.
*C.O.B. 17 The allocation of responsibilities must then be recorded in a statement of responsibility ("SoR") for each Senior
Manager. For dual regulated and enhanced firms, a SoR will be submitted to the regulator when applying for approval for the
Senior Manager or where there is a change in the Senior Manager's responsibilities. For all firms, a SoR must be prepared for
each Senior Manager, setting out a description for each responsibility which must be limited to 300 words and there can be no
cross-reference to other documents. The SoR will be used by the regulator to identify those Senior Managers who may be guilty
of misconduct because, where there has been a breach of a regulatory rule, that Senior Manager was responsible for the firm's
activities in relation to which the contravention occurred, as evidenced in his or her SoR. For dual regulated and enhanced firms,
SoRs will feed into management responsibility maps which such firms are obliged to prepare, update and submit to the regulator.
Recent guidance issued by the FCA in relation to SoRs suggest that firms should endeavour to make the SoR a self-contained
document containing enough information to enable an outsider to understand the accountability chain in the firm. 96 The
management responsibility map aims to ensure that there are no gaps in accountability and should, in theory, allow the regulators
to clearly pinpoint who is responsible in each area, particularly where there is a suspected breach of regulatory requirements.
Senior Managers are under a duty of responsibility (as set out in FSMA 2000). The duty of responsibility (the successor to the
presumption of responsibility which was originally proposed under the SMCR but later scrapped) allows the regulator to take
enforcement action against the senior manager where the regulator can prove a contravention of a regulatory requirement by the
firm and that the senior manager was responsible for the management of any activities in their firm in relation to which the firm's
contravention occurred. The burden of proof lies with the regulators to show that the senior manager did not take such steps as
a person in their position could reasonably be expected to take to avoid the firm's contravention. The FCA's guidance is found
in Chapter 6.2 of its Decision Procedure and Penalties manual, while PRA guidance can be found in the PRA's Supervisory
Statement: Strengthening individual accountability in banking (SS28/15). 97 The FCA published final guidance on the duty of
responsibility in relation to solo-regulated firms July 2018. 98 The guidance contains a non-exhaustive list of considerations that
the relevant regulator will keep in mind when determining whether or not a senior manager took reasonable steps to discharge
his or her duty. The FCA has highlighted that one important consideration is whether the senior manager acted in accordance
with their statutory, common law and other legal considerations, including but not limited to the Conduct Rules.
7.2 Certification
The second pillar of the SMCR is the certification regime which largely replaces the Approved Persons Regime and applies
to staff who are employed in roles where they could pose a risk of significant harm to the firm or to any of its customers
(known as a "significant harm function"). Individuals performing a significant harm function are not required to be pre-approved
by the relevant regulator in the same way as senior managers performing SMFs. Instead, the onus is on firms themselves to
make an assessment of the individual's fitness and propriety and themselves self-certify that the individual is fit and proper.

Where an employee performs more than one significant harm function, their fitness and propriety for each must be separately
assessed but these can then be covered by a single certificate. There is also an obligation on firms, under revised SYSC 5.2.14,
to consider notifying the regulators in instances where they have refused to issue a certificate to a person due to concerns about
that individual's fitness and propriety.
7.3 Conduct Rules

The Conduct Rules are the third pillar of the SMCR and replace the Principles for Approved Persons for relevant firms, but
also extend to a much wider population of firm employees. The Conduct Rules apply to almost all executives and employees
of a firm, aside from those ancillary staff who perform a role that is not specific to the financial service business of the firm.
Ancillary staff include for example receptionists, post room staff, security guards and cleaners. 99
As of July 2017, certain Conduct Rules (contained in the PRA Conduct Rules and Conduct Standards and the FCA COCON
Sourcebook) also apply to "Notified NEDs", being NEDs who do not perform a Chair function. The extension of the application
of the conduct rules to standard NEDs means that firms would need to notify their regulators if there is any internal disciplinary
action (including a formal written warning or reduction in salary) taken against such NED insofar as it relates to the conduct
rules.
*C.O.B. 18 8. Recovery and resolution: Living wills

The concept of a so-called "living will" was introduced by regulators in response to the financial crisis. The UK's approach to
bank resolution, the special resolution regime ("SRR") under the Banking Act 2009 was introduced in 2009. 100
The recovery element of the plan includes a range of practical and flexible actions that a financial institution would take in a
stress scenario to avoid failure. For example, restoring its capital or liquidity position or preventing failure through de-risking
and restructuring plans. The resolution element sets out how the FCA's resolution tools will be applied to a firm should it fail
and what action a firm should take to address any obstacles to such resolution.
Each RRP firm is required to produce and keep up to date an effective recovery plan. The recovery plan should be subject to
oversight and approval by the firm's board. The firm's board, or another appropriate senior governance committee, such as
the audit committee, should be responsible for assessing, approving and overseeing the firm's arrangements for producing the
resolution plan. Each RRP firm must produce and keep up to date a resolution pack.
The Bank Recovery and Resolution Directive (2014/59/EU) ("BRRD") was transposed into national law in December 2014,
with the majority of provisions applying from 1 January 2015. 101 The European Commission adopted a Delegated Regulation
supplementing the BRRD in relation to recovery and resolution planning. This includes the minimum elements that must be
included in firms' recovery plans, relating to the summary of the plan, information on governance, a strategic analysis, a
communication plan and a description of preparatory measures.
Entities within the scope of the BRRD include credit institutions (i.e. banks and building societies), significant investment firms
(i.e. those subject to the requirement to have an initial capital of ##730,000), financial holding companies, mixed financial
holding companies and financial institutions as defined in the Capital Requirements Regulation (provided they fit certain
criteria). Amendments were made to the Banking Act 2009 to reflect changes to the SRR. Relevant PRA rules in relation to
recovery and resolution can be found in the Recovery Plans Part, Resolution Pack Part, Group Financial Support Part. Relevant
sections in relation to recovery resolution can be found in Chapter 11 of the FCA Handbook IFPRU (Recovery and Resolution)
for certain investment firms that the FCA prudentially regulates (IFPRU 730k firms), and group entities in a group that contains
an IFPRU 730k investment firm or credit institution.
The PRA Rulebook contains significant provisions in relation to governance arrangements for recovery and resolution
plans. 102 In relation to its individual, or where appropriate the group recovery plan and resolution plan, a BRRD undertaking
responsible for creating an individual or group recovery plan/resolution plan will be required to establish and maintain
appropriate processes regarding governance of such plans, ensure that the management body oversees, assesses and approves
the plan before submission, ensure periodic review by the audit committee and nominate an executive director who is a member
of the BRRD undertaking's management body to have responsibility for the recovery/resolution plan and for overseeing internal
governance processes. Part of the changes brought about by the BRRD to the FCA rules include a requirement for firms to
identify critical functions in the recovery plans and to carry out scenario testing of recovery plan options. The Notifications Part

of the PRA Rulebook requires the management body of a firm or a holding company to notify its competent authority where
it believes that the firm is likely to fail.
8.1 The role of governance in RRPs

A May 2013 speech by Paul Tucker, deputy governor of stability at the Bank of England and board member of the PRA stressed
the importance of ending the "Too Big to Fail" phenomenon and ensuring that taxpayers do not end up footing the bill for failed
banks. 103 This, of course, places an additional corporate governance burden on the boards of financial institutions. It could
easily be argued that a board member is not acting in the best interests of its shareholders unless it ensures that the firm has
an effective living will in place. This poses a risk for directors personally, too. Even if the financial institution fails, there is a
potential for the directors to be found personally liable for failing to have adequate procedures in place to deal with such failure
in a way which is most likely to compensate shareholders efficiently.
*C.O.B. 19 In July 2016, the EBA published a comparative report on governance arrangements and indicators in recovery
plans under the BRRD following a thematic review of the recovery and resolution plans of 26 banks. 104 The report states
that for a recovery plan to be credible, it needs to provide sufficient information on key actors involved in the development
process and on the framework of indicator matrices driving activation of the plan. Overall, the EBA concludes that institutions
have understood the importance of developing sound governance arrangements for recovery purposes and have understood
that indicators are important in order to promote timely activation of the plan when institutions are in distress. The main area for
improvement is limited involvement of management in developing and updating the group plan, and the need for more detail
on steps taken to ensure the co-ordination of actions at group and local levels.
In May 2016, the FCA published its initial observations in relation to banks recovery and resolution plans. It identified positive
practices, including appropriate board and senior management sign-off, with useful allocation of recovery planning and crisis
management roles and responsibilities. It advised that summaries of a firm's general governance arrangements should align
with an appropriate communication strategy for crisis management, including timely and effective stakeholder communication,
and consideration of how responsibilities for monitoring, developing, authorising and providing responses on behalf of the firm
should be allocated and managed.
9.1 Women on boards and diversity

The Davies report perhaps heralded the most important message in relation to gender diversity in boardrooms. 105 He
recommended that, by September 2011, the Chair of all FTSE 350 companies set out the percentage of female board membership
they are aiming for in 2013 and 2015 and that FTSE 100 companies should aim for a minimum of 25% by 2015, although he
expected that many would achieve a higher figure. He went on to say that chief executives should review their percentage aims
in 2013 and 2015. Amendments to the Corporate Governance Code as a result were that from 1 October 2012 companies have
had to report annually on their boardroom diversity policy and include gender diversity in their evaluation of board effectiveness.
The 2014 Corporate Governance Code Preface to the Code was revised to stress the importance of constructive and
challenging dialogue for board effectiveness and how this can prevent "group think". It states that board diversity in its broadest
sense, including diversity of approach and experience, can help to promote constructive debate and is very important in ensuring
effective engagement with key stakeholders and delivering the business strategy. The 2018 UK Corporate Governance Code
has an increased emphasis on diversity (in its different forms, including but not limited to gender diversity), as does the FRC's
2018 Guidance on Board Effectiveness. 106
A number of progress reports have been published and the final report was published in October 2015. 107 This found that
there were no male-only boards in the FTSE 100, compared with 15 male-only boards in the FTSE 250. Women held 26.1%
of board positions in the FTSE 100, compared with 19.6% of board positions in the FTSE 250. The final report contains a
number of recommendations including increasing the progression of women to roles of chair, senior independent director and
executive director and that FTSE 350 companies extend work on gender balance to their executive committees and most senior
leadership positions.
The 2016 Hampton-Alexander review on gender balance built on the Davies review but extended its remit to include executive
committees and direct reports to executive committees of FTSE 350 companies. 108 It aims for a third of all-important leadership
roles to be occupied by women by the end of 2020. The Hampton-Alexander Review published its third report on improving

gender balance in November 2018, noting that women now make up 30.2% of FTSE100 boards and 24.9% of FTSE 250 boards
in 2018. 109 As of April 2017, Equality Act 2010 (Gender Pay Gap Information) Regulations 2017 have required employers
with 250 or more employees to report gender pay gap figures. 110 Figures released by banking groups have received particular
scrutiny.
The move to enhance diversity on UK boards gathers pace and has also been extended to ensure that UK boards are more
ethnically diverse. The 2016 Parker Review Committee report contains a number of *C.O.B. 20 recommendations on
increasing ethnic diversity of UK boards, and developing candidates for pipeline. 111 The 2017 McGregor-Smith Review on
black and minority ethnic labour market progression recommended that FTSE 100 companies provide a breakdown of their
workforce by race and pay band. The government recently launched a consultation on introducing mandatory ethnicity pay-gap
reporting for businesses with more than 250 employees, similar to the gender pay gap reporting regime. 112
At the EU level, a proposed directive requires that at least 40% of the non-executive directors of individual listed companies are
female by 2020, with listed companies controlled by the public sector reaching that target by 2018. Companies are also expected
to carry out individual voluntary targets for gender balance among executive directors. MiFID II also contains requirements on
diversity and gender balance in investment firms and market operators, which is discussed below.
9.2 Frequency of director re-election

In 2011, the FRC introduced a new requirement into the Code that all directors of FTSE 350 companies should be subject to
annual election by shareholders. All other directors should be subject to election by shareholders at the first annual general
meeting after their appointment, and to re-election thereafter at intervals of no more than three years. Non-executive directors
who have served longer than nine years should be subject to annual re-election. The names of directors submitted for election or
re-election should be accompanied by sufficient biographical details and any other relevant information to enable shareholders
to take an informed decision on their election.
9.3 Board evaluation

As part of the board's annual evaluation process, a new supporting principle was added in 2012 that requires the board to consider
in its evaluation the balance of skills, experience, independence and knowledge of the company on the board, its diversity,
including gender, how the board works together as a unit, and other factors relevant to its effectiveness. The boards of FTSE
350 companies were required from 2010 to have their board evaluation externally facilitated at least every three years and have
been required to identify the external facilitator in the annual report.
10.1 MiFID II
Articles 9 and 48 of MiFID II introduced new requirements on corporate governance and managers' responsibility for all
investment firms and market operators respectively. These include requirements relating to: the skills and experience of the
management body; establishing a nomination committee; diversity of the management body; and management body's access
to information and documents required for oversight.
European Commission Delegated Regulation on organisational requirements and operating conditions (2017/565) 113 provides
further detail. The PRA introduced new rules to implement Arts 9 and 16 of MiFID II, which relate to the management body
and organisational requirements, via amendments to Parts in the PRA Rulebook. In line with its "common platform" approach
of implementing a single set of rules for firms subject to MiFID I and CRD, the PRA extended the arrangements required
by the Delegated Regulation to all of the business of firms i.e. both MiFID and non MiFID. The rules are found in General
Organisational Requirements Part of the PRA Rulebook.
The EBA has issued guidelines, addressed to competent authorities, on the assessment of the suitability of members of the
management body and key function holders (CRD IV Art.91(12) and MIFID II Art.9(1)). CRD IV Directive requires firms
subject to CRD to have robust internal governance arrangements, including a clear organisational structure with well defined,
transparent and consistent lines of responsibility. MiFID requires investment firms to have set up adequate policies and
procedures "sufficient to ensure compliance of the firm including its managers, employees and tied agents with obligations
under MiFID Directive". Article 9(4) of MIFID states that the competent authority can refuse authorisation where there are
issues with corporate governance.

*C.O.B. 21 10.2 CRD IV

The CRD IV regime, consisting of the Capital Requirements Directive IV and the Capital Requirements Regulation applied
from 1 January 2014 and is intended to tackle some of the vulnerabilities shown by banking institutions during the crisis, namely
the insufficient level of capital, both in quantity and in quality, resulting in the need for unprecedented support from national
authorities. They set stronger prudential requirements for banks, requiring them to keep sufficient capital reserves and liquidity
and also set new requirements in relation to corporate governance. Article 91 of the CRD IV Directive contains requirements
for the management body in relation to: members of management body committing sufficient time to perform functions in the
firm; and the management body possessing adequate knowledge, skills and experience to be able to understand the business
of the firm, including its main risks.
In relation to risk management, the CRD IV Directive provides that: the management body is responsible for the firm's overall
risk strategy; a significant firm must establish an independent risk committee composed of non-executive directors to advise
the management body on the firm's overall current and future risk appetite and strategy; and the head of the risk management
function must be an independent senior manager with distinct responsibility for the risk management function.
The FCA implemented CRD IV corporate governance requirements via Capital Requirements Directive IV (governance
and remuneration) Instrument 2013, which came into force in 2014. 114 This sets out requirements and expectations for the
management bodies of significant IFPRU firms (SYSC 4.3). The PRA implemented the regime via Capital Requirements
Directive (Governance and Remuneration) Amendment Instrument 2013 and the main provisions are to be found in the Risk
Control Part and General Organisational Requirements Part of the PRA Rulebook.
In September 2016, the FCA published a letter addressed to the chairmen of the boards of significant IFPRU firms. 115 This letter
refers to the requirements for additional governance arrangements under CRD IV in relation to risk management frameworks.
The letter confirmed that the FCA has completed a number of supervisory review and examination process cycles on significant
IFPRU firms and had found that many firms had not complied with the CRD IV governance requirements, or had applied a
narrow interpretation in their implementation. The FCA stated that firms should put in place plans to address this "serious gap".
The letter stated that the top issues for firms to address are: the requirement to have a separate chair and CEO of the board;
clarification in relation to how to go about removing the head of the risk management function; and the composition of risk,
nominations and audit committees.
11. Transparency, ethics, culture and Brexit

Like other listed companies, many financial institutions are having to consider integrating their analysis of possible negative
impacts of business relationships into existing risk and compliance management processes as a result of an increased focus on
ethics, human rights and anti-corruption. This development has been largely brought about by pressure from consumers and
non-governmental organisations. In addition to the reputational and financial risk that non-observance of norms and rules in
these areas can engender, there is also possible negative impact on stakeholder relationships. Over the last few years, there have
been a number of reporting initiatives encouraging businesses to make more meaningful disclosures in these areas.
The Non-Financial Reporting Directive applies to financial years beginning on or after 1 January 2017 and requires Public
Interest Entities to disclose their policies and main risks in relation to: environmental, employee and social matters; respect
for human rights, anti-corruption and bribery matters; and whether they have diversity policies in respect of their boards and
management structures, and details of these. 116 Many of the requirements introduced can be found in existing UK regime in
relation to the strategic report produced by quoted companies as part of the annual report, save for the requirement to report on
anti-bribery and corruption. The Directive was implemented in the UK via the Companies, Partnerships and Groups (Accounts
and Non-Financial Reporting) Regulations 2016. 117
*C.O.B. 22 11.1 Climate change

As part of its efforts to address climate change and to incorporate Environmental, Social and Governance considerations
in financial services legislation, the EU published a set of proposals in March 2018, including proposed amendments to its
guidelines on the Non-Financial Reporting Directive. 118 The update to the guidelines contains information for firms on climate-
related information, taking into account the FSB Task Force for Climate-Related and Financial Disclosure. The EU's legislative
proposals in relation to climate change include creating a so-called sustainability taxonomy designed to provide guidance on
what can be considered an environmentally sustainable economic activity, as well as amendments to AIFMD and MiFID to

include ESG disclosure requirements. 119 In relation to AIFMs, there are additional disclosure measures in relation to alternative
investment products that have as their target sustainable investments. Investment firms regulated under MiFID providing advice
will be required to introduce in their suitability assessments questions that help identify a client's individual ESG preferences.
These investment firms would be required to take these ESG preferences into account in the selection process of the financial
products that are offered. The European Supervisory Authorities have consulted on changes to organisational requirements to
implement these proposals and these include: incorporating ESG considerations within processes, systems and controls; and
ensuring that staff involved in the advisory process possess skills, knowledge and expertise to assess sustainability risks. 120
In an October 2018 paper, the FCA sought views on a proposal to introduce a requirement for financial services to report
publicly on how they manage climate risks to their customers and operations, as well as the type of information that could be
included in a climate risk report. 121 The PRA also issued a consultation on a draft Supervisory statement on its approach to
managing financial risks from climate change, looking at how governance, risk management scenario analysis and disclosures
can assist. 122
The initiatives in relation to climate change sit alongside the Principles for Positive Impact Finance (a global framework
for banks and financial institutions, designed to encourage financial institutions to monitor and disclose environmental and
economic impacts of financial products they provide) and the UN's 2018 Responsible Business Principles. 123 The latter was
endorsed by a number of banks and will be launched in September 2019. 124
While these developments demonstrate that climate change will need to be incorporated into the risk management framework of
many institutions, it remains to be seen whether these proposals will encourage meaningful disclosures or result in boilerplate
disclosures that are of minimal use to users. The FRC has announced that its Financial Reporting Lab will be undertaking a
project in 2019 on climate change disclosures to assist companies.
11.2 Corporate transparency disclosures

The Capital Requirements (Country-by-Country Reporting) Regulations 2013. 125 which implement Art.89 of the CRD IV
require credit institutions and investment firms to report annually, specifying by Member State and by third country where
they have an establishment, certain information including: (i) profit or loss before tax; (ii) tax on profit or loss; and (iii) public
subsidies received. The regulations came into force in 2014 and were accompanied by guidance from HM Treasury. This
transparency initiative is designed to increase trust and promote corporate responsibility.
The Small Business, Enterprise and Employment Act 2015 received Royal Assent on 26 March 2015 and amended the
Companies Act 2006 to require companies to identify those persons with "significant control" over the company and keep a
publicly available register of those persons (the "PSC register"). The regime came into force in April 2016 and the requirement
is aimed at private or unlisted, UK incorporated companies and limited liability partnerships. It is not aimed at companies
subject to disclosure and transparency rules under DTR 5 (although these companies may qualify as registerable legal entities
and so be entered on a PSC register of a company) or companies whose shares are admitted to trading on a regulated market. A
group of wholly owned UK subsidiaries with an ultimate parent company that is listed would need to enter its immediate parent
as a relevant legal entity. The regime has been amended to ensure that it covers Scottish Limited Partnerships and Scottish
General Partnerships.
*C.O.B. 23 11.3 Human Rights and Modern Slavery

Section 54 of Modern Slavery Act 2015 ("MSA") places disclosure obligations on large companies with a turnover of over £36
million and operations in the UK. For financial years beginning on or after 31 March 2016, entities within scope have been
required to make a slavery and human trafficking statement on their website, outlining the steps they have taken to prevent/
ensure that slavery and human trafficking are not taking place in any part of their supply chain. For companies, the board of
directors are required to approve the statement and it will need to be signed by director.
Although the issue of human trafficking and slavery is more pertinent to other sectors, financial institutions are still having
to consider how relationships with intermediaries and support services may expose them to risk of non-compliance with the
requirements. Many larger banks have supplier codes of conduct and appoint third parties to carry out reviews of suppliers,
industries and jurisdictions in which the bank operates.

There is growing dissatisfaction with the operation of the regime and increasing pressure on eligible companies to move from
generic statements to more meaningful disclosures. Investors are being encouraged to view the statement on slavery within the
wider context of human rights due diligence and strong corporate governance. 126 The Home Office announced a review of
the operation and effectiveness of the MSA in August 2018 127 and also announced in 2019 that the Government would be
carrying out an audit in relation to compliance and would be undertaking work to improve the quality of statements produced
under the MSA. 128
The UN Guiding Principles on Business and Human Rights, adopted in 2011, consist of 31 voluntary principles which set out
how companies can manage the risk of having an adverse impact on human rights. 129 Central Guiding Principle 13 regarding
corporate responsibility to respect human rights requires business enterprises to: avoid causing or contributing to adverse
human rights impacts through their own activities, and address such impacts when they occur; and seek to prevent or mitigate
adverse human rights that are directly linked to their operations, products or services by their business relationships, even if they
have not contributed to these impacts. Guiding Principle 19 provides elaboration on action that should be taken. Guidance on
compliance with Principles 13 and 17 was published by the Thun Group, an informal network of European banks, in 2017. 130
11.4 Culture
The issue of culture has been discussed heavily since the global financial crisis. It features regularly in the rhetoric of the FCA.
In 2016 Andrew Bailey, Chief Executive of the FCA, said in a speech that:
"culture is an outcome more than an input. Cultural outcomes are the product of a wide range of contributory forces: the structure
and effectiveness of management and governance, including the "the tone from the top'; and the incentives they create; the
quality and effectiveness of risk management; and the willingness of people throughout the organisation to enthusiastically
adopt and adhere to the tone from the top". 131
For this reason, there are no specific requirements on the type of culture that a financial institution needs. However, the rules
on remuneration and the SMCR provides some regulatory requirements which affect how the culture of an organisation is set
and what role senior managers must play.
The 2018 Code, as discussed earlier, includes a new responsibility for boards to create a framework which will drive culture and
align company values with strategy and provide for ongoing monitoring of culture. The FRC's Guidance on Board Effectiveness
provides tips on how boards can achieve this. Attributes of a healthy culture include honesty, openness, respect, adaptability
and reliability.
The FCA recently confirmed that it would not be introducing a prescribed responsibility for culture under the SMCR and argued
that this was a matter for all in the firm including boards. 132 Its March 2018 discussion paper on the subject saw the FCA
avoid prescribing a uniform culture for financial institutions. It did, however, identify the following as drivers of culture: a
firm's purpose; leadership; approach to rewarding and managing people; and governance arrangements. 133 In a February 2019
speech, Andrew Bailey, Chief Executive of the FCA, stated that these factors carried equal weighting. 134 Key components of a
right culture include adaptability; an emphasis on quality; and integrity and supportiveness. The FCA's *C.O.B. 24 discussion
paper observed the role middle managers can play in generating unethical behaviour and the role they can play in cultivating
an environment where employees' concerns can be raised.
In a December 2018 speech, Christopher Woolard, the FCA's director of strategy and competition stated that a firm's approach
to diversity and inclusion--including how firms handle non-financial misconduct (such as sexual misconduct)--is indicative of a
firm's approach to culture. 135 The speech followed a written submission from the FCA to the Chair of the Women and Equalities
Committee in September 2018 on sexual misconduct in the workplace which stated that tolerance of sexual harassment is
"a clear example of a driver of poor culture". 136 In his February 2019 speech, Andrew Bailey, Chief Executive of the FCA
reiterated that culture and governance of firms was an FCA priority and that a diverse and inclusive culture could contribute
to positive change at firms and can reduce the risk of groupthink

11.5 Brexit
The UK voted to leave the European Union in June 2016 and, as of writing, the scheduled date for withdrawal is March 2019.
The draft Withdrawal Agreement which forsees a transition period beginning on 30 March 2019 (the date of entry into force
of the Withdrawal Agreement) and ending on 31 December 2020 (with the possibility of a two-year extension) has not, as
of writing, been ratified. Under the transitional period, the UK would still be deemed to be part of the EU's single market in
financial services and would continue to implement new EU law.
The European Union (Withdrawal) Act 2018 ("EUWA") incorporates all EU law on the day of exit into UK law with the result
that existing regulation continues to have effect after Brexit. The UK government has published a range of statutory instruments
to onshore EU and EU-derived legislation which would come into effect in the event of a so-called no deal Brexit. The Financial
Services (Implementation of Legislation) Bill 2017-2019 gives the UK government powers to implement and make changes
to so-called "in flight" files of financial legislation for two years after the UK's scheduled withdrawal. 137 "In flight" files
consists of: EU legislation already adopted by the EU but which do not yet apply and so are not captured by the European Union
(Withdrawal) Act 2018; and those that are proposed while the UK is a member of the EU but which will be finalised in the two
years subsequent to EU exit. Many of the new EU legislative proposals discussed in this Bulletin fall into the latter category. 138
As discussed earlier, the UK's system of corporate governance is highly regarded and emulated and so UK withdrawal may
not have an overly noticeable effect in terms of the UK corporate governance regime. The attendant general uncertainty
is, however, having an impact on narrative reporting and in particular disclosures relating to impacts on business model and
strategy. Since the announcement of the referendum result, companies have made reference to Brexit in risk narratives. As the
date of exit draws nearer and negotiations in relation to a withdrawal agreement become more protracted, this is becoming more
noticeable. A recent Boardroom Bellwether survey conducted in conjunction with ICSA noted an increase in the number of
boards citing Brexit as a principal risk. 139 So far as financial institutions are concerned, initial corporate reporting cited the
loss of the EU Financial Services Passport available under certain Single Market Directives and mitigating action undertaken
included establishing branches or subsidiaries outside of the UK to ensure continuity of services. In relation to corporate
reporting on Brexit, the FRC encourages companies "to distinguish between specific and direct changes to the business model
and operations, and broader economic uncertainty". 140 Investors are said to find it helpful where an explanation of different
Brexit scenarios and mitigating actions are laid out, together with information on planned response to the potential impact. 141
Companies are encouraged to arrive at their own conclusion as to whether Brexit would affect their viability statements or their
ability to continue as going concern. Companies are also advised to observe any changes between the balance sheet date and
the date of signing accounts.
12. Enforcement action of note

There have been a number of high-profile fines that have illustrated the approach of regulators like the FCA to governance
issues.
The leading case here is that of John Pottage. This is because the Tribunal disagreed with the (then) FSA, and found that he had
discharged his responsibilities properly. The key findings set out below are, in effect, the view of the courts on responsibilities--
which may, or may not, always coincide with those of the regulators.
*C.O.B. 25 Other cases against firms emphasise what the FCA thinks good behaviour looks like. Any failure to keep the
market up to date has the potential to be looked at as a corporate governance failing. Increasingly, the regulator seeks to link
governance failing by firms with the responsibilities of senior individuals. We have seen the first enforcement case in relation
to the SMCR.
12.1 Upper Tribunal: John Pottage (May 2013) 142

In early 2008, during which time Mr Pottage was CEO at UBS, the FSA took enforcement action against UBS for £8 million for
systems and controls weaknesses following the discovery of some unauthorised trading. UBS acknowledged there were certain
weaknesses and remediated them and settled the case before any further action was taken. However, the FSA also sought to
investigate whether Mr Pottage should be liable for the weaknesses that occurred during his tenure as CEO.

On 1 October 2010 the FSA issued a Decision Notice to John Pottage, imposing a penalty of £100,000 for misconduct pursuant
to the FSMA s.66. Mr Pottage referred the Decision Notice to the Upper Tribunal and on 20 April 2012, the Tribunal determined
that Mr Pottage had not committed misconduct in carrying out the role of CEO at UBS.
According to the FSA, Mr Pottage failed to take reasonable steps to ensure that the wealth management business of UBS
complied with the regulatory requirements and standards, in breach of Principle 7 of the FSA Statements of Principle and Code
of Practice for Approved Persons ("APER"). The FSA argued that were Mr Pottage a reasonable CEO, he would have initiated
a comprehensive bottom-up review of systems and controls across the business "sooner than he did". Although Mr Pottage did
not play a direct role in the issues that arose at UBS, the FSA argued that, as CEO of the business, Mr Pottage was responsible.
The FSA was also of the view that there were "serious flaws" in the design and implementation of the governance and risk-
management frameworks of the business and that Mr Pottage should have been more involved in this. In addition, according to
the FSA Mr Pottage relied overly on what his management team and information systems were telling him.
The Tribunal was of the opinion that although there were failings in the firms' compliance with relevant regulatory standards
(including compliance monitoring and the quality of the management team available to Mr Pottage), they were not satisfied
that Mr Pottage's standard of conduct was "below that which would be reasonable in all the circumstances".
Risk-related incidents that occurred in the months following Mr Pottage's promotion to CEO in September 2006 were
investigated thoroughly and had either been or were being remedied. In July 2007, Mr Pottage carried out a comprehensive
review of the controls and processes at UBS. Critically, the Tribunal were of the view that Mr Pottage initiated this review
in reasonable time (within three months of brainstorming sessions discussing such issues with senior members of risk and
compliance). The Tribunal also disagreed with the FSA's assertion that Mr Pottage overly relied on his team, and found it
reasonable that he would have relied on the opinions of the compliance and risk control experts.
Prior to the implementation of the SMCR, this case was the leading authority on the responsibilities of senior managers for
both the performance of the relevant business unit and the actions of their subordinates. Some of the findings in Pottage will be
surpassed as a result of the SMCR requirements, others will continue to be good precedent.
Key findings are as follows:
(a) The Tribunal's key finding was that "an Approved Person will only be in breach of a Statement of Principle where he
is personally culpable, and not simply because of regulatory failure has occurred in an area of business for which he was
responsible".
(b) CEOs are not required to design risk controls.
(c) CEOs are permitted to delegate, and can rely upon the views of experts to whom they delegate (e.g. risk, compliance).
(d) CEOs are not required to ensure risks are managed, but to take reasonable steps to ensure they are managed.
(e) CEOs' actions will be judged according to whether they fall within a range of reasonable responses. There is often, at the
top of an organisation, no single right way to run it.
*C.O.B. 26 (f) Committee compositions can overlap. This may enable issues to be dealt with more efficiently. There is no
requirement for separation in this regard.
There were a number of specific matters that helped Pottage make his case:
(a) He had risk and management committee minutes that showed his active involvement in risk matters.
(b) The pre-meeting materials that were produced for the committees were good.
(c) He had records of the occasions when he had sought verbal updates from key persons, and was given credit for this level
of challenge even outside the formal environment of committee meetings.
(d) He investigated each specific control failure, and remedied it or had a plan to do so. He was not expected to assume that
any single control failure meant that a drains-up review was required.

(e) He could show that he had taken steps to support and strengthen compliance.
The lesson of Pottage and good record keeping is one which senior managers under the SMCR should certainly pay attention
to, particularly in light of their duty of responsibility.
12.2 FSA: Peter Cummings (September 2012) 143

The FSA fined Peter Cummings, a former director of HBOS Plc, £500,000 and banned him from holding a significant influence
function in a UK bank, building society, investment or insurance firm. It is the highest fine imposed by the FSA on a senior
executive for management failings.
Mr Cummings was the chief executive of the corporate division of Bank of Scotland Plc (part of the HBOS Group) between
January 2006 and December 2008. He was approved to perform the CF1 (director) significant influence function.
The FSA found that Mr Cummings was personally culpable for breach of Principle 6 of the Statements of Principle for Approved
Persons, by failing to exercise due skill, care and diligence in managing HBOS's corporate division during that period. The
basis of the FSA's argument was that Mr Cummings pursued an aggressive expansion strategy within the firm's corporate
division, without suitable controls in place to manage the associated risk and despite knowing there were weaknesses (e.g. staff
being incentivised to focus on revenue rather than risk) in the control framework. It also found that Mr Cummings failed to
take reasonable care to ensure the corporate division adequately and prudently managed high-value transactions which showed
signs of stress.
According to the FSA, Mr Cummings was also in breach of Principle 3 (management and control) of the FSA's Principles for
Businesses, as he was "knowingly concerned" in the firm's failure to take reasonable care to organise and control its affairs
responsibly and effectively with adequate risk-management systems.
In reaching its decision, the FSA took into account various mitigating factors. For example, the FSA accepted that some of the
problems existed before Mr Cummings was appointed and that he did make efforts to introduce some improvements. The FSA
also accepted that Mr Cummings did not act deliberately or recklessly in breaching FSA regulations, and that the full severity
of the global financial crisis, and its effects, were not reasonably foreseeable during the early part of the time period reviewed.
12.3 FCA: Angela Burns (May 2013) 144 and Final Notice (December 2018)
The FCA published a decision notice stating that it had fined Angela Burns £154,800 and banned her from performing any role
in regulated financial services for failing to act with integrity as a non-executive director at two mutual societies, following her
failure to disclose conflicts of interest.
In January 2009 and May 2010 respectively, Ms Burns became a NED and chair of the investment committee for two UK mutual
societies. In 2006, she undertook a consultancy project for a US investment manager and stayed in contact with them, renewing
an offer of consultancy services in September 2008. Upon taking up her NED roles she informed the investment manager of
this and further renewed her offer. In 2009 and 2010 she notified the investment manager of a business opportunity at one of the
societies and again offered her consultancy services. Throughout her tenure as chair and NED of the mutual societies, one society
placed a £350 million mandate, and the other was considering placing a £750 million mandate with the investment manager.
*C.O.B. 27 The FCA stated that Ms Burns had a duty to disclose her interest in seeking work from the investment manager
to her fellow directors, but had recklessly failed to do so and had attempted to use her position to benefit herself and in doing
so had failed to act with integrity in breach of Statement of Principle 1.
The FCA noted the critical role of NEDs to the functioning of the board and customer confidence and said that because NEDs
would be more likely to have a range of appointments they needed to "manage scrupulously their conflicts of interest and
to observe basic corporate governance principles". The FCA published a final notice in December 2018 following the UK
Supreme Court's denial of Ms Burns' application for permission to appeal in November 2018. The FCA commented that Ms
Burns' behaviour was inconsistent with "standards and integrity expected from a senior manager". 145

12.4 FSA: Sumitomo Insurance Company (Europe) Ltd 146 and Yohichi Kumagai, 147 MSIEu's former executive
chairman and managing director (May 2012)
FSA fined Mitsui £3,345 million and imposed a prohibition order and fine of £119,303 on Yohichi Kumagai for breaches of
FSA's Principle 3. This was the FSA's first fine based materially on failings in respect of corporate governance and control
arrangements, the governance arrangement was described as unclear and inadequate both in design and operation and resulted
in an unacceptably high risk that policy holders' interests would not be properly protected.
The FSA carried out an ARROW review following which the FSA supervision team wrote to Mitsui and Mr Kumagai stating that
the "oversight of the new and expanded business would be reliant on good systems and controls". The then FSA also highlighted
the importance of the Mitsui board being supplied with management information of good quality and quantity, in order to be
able to exercise effective apportionment and oversight. The Mitsui corporate governance system failed to change sufficiently
quickly. The FSA found that the controls and oversight of the new business were inadequate and insufficient resources were
given to development.
The following details some of the governance failings found by the FSA:
(a) failure to take prompt action to ensure appropriate governance and control arrangements, leading to the company being
poorly organised and managed and to weak board effectiveness;
(b) failure to take reasonable care that the corporate governance arrangements were operating effectively and making key
appointments on interim bases (as opposed to making permanent appointments);
(c) failure to evidence adequate control over branch offices;
(d) failure to ensure that key positions were filled by staff with the relevant knowledge, skills and expertise;
(e) consistently ignoring material comments from non-executive directors; and
(f) failing to implement in an effective and timely way a new IT administrative system which led to shortcomings in the
management information available to the board.
12.5 FSA: Prudential group (March 2013) 148

The FSA fined certain Prudential group companies a total of £30 million for breach of the FSA principles and UKLA listing
principles, relating to Prudential's failure to inform the FSA in a timely manner that it sought to acquire the Asian subsidiary of
AIG, AIA, until it was leaked to the media on 27 February 2010. The CEO of Prudential, Tidjane Thiam, was also censured.
The proposed transaction, which would have affected Prudential's strategy, financial position and risk profile, including the
largest rights issue in the UK of £14.5 billion, should have been informed to the FSA at the earliest opportunity to allow the
FSA to decide whether to approve or reject the deal on regulatory grounds. However, despite the FSA explicitly requesting
information on Prudential's strategy for growth in the Asian market and its plans for raising equity and debt capital at a meeting
earlier in February 2010, Prudential did not disclose the proposed transaction.
As a result of the delay in notification, the FSA commented that:
(a) it was required to consider complex issues relating to the transaction within a short time frame to decide whether to suspend
Prudential's shares;
*C.O.B. 28 (b) its options for scrutinising the transaction were narrowed;
(c) the publication of Prudential's rights issue prospectus risked delay; and
(d) it was hampered from suitably assisting overseas regulators with their enquiries in relation to the transaction.

Prudential's actions were guided by the concern that there was a risk of leaks, despite its own advisers emphasising the
importance of keeping the FSA informed. The CEO's significant role in deciding to delay notifying the FSA about the proposed
acquisition was the reason for his censure, with the FSA commenting that this served to highlight to all board members that there
exists collective and individual responsibility in light of the "importance of early communication with the regulator in respect
of transformational transactions to avoid market and investor disruption". The FSA stated that Prudential's breaches were not
reckless or intentional, although the circumstances of the breaches were serious, and the fine was not intended to reflect the
current conduct of its management, nor any lack of fitness by the CEO.
12.6 FCA and PRA: Co-operative Bank (August 2015) 149

Following a joint investigation with the PRA, the FCA issued a public censure against the Co-operative Bank Plc ("Co-op
Bank") in 2015. The censure related to the breach of its Listing Rules and failure to comply with Principle Three of the Principles
for Business (requirement to manage affairs responsibly, with adequate risk management). The regulators found that Co-op
Bank's three lines of defence risk management model was "flawed in design and operation".
Between March 2013 and 17 June 2013, Co-op breached FCA Listing Rule 1.3.3R (misleading information not to be published)
by making statements about its capital position in its annual report that were false and misleading. Co-op also did not disclose
to the regulators changes to two senior positions and the reasons behind those changes.
The FCA considered that there was no reasonable basis for Co-op stating that it had adequate capital in the most severe stress
scenarios. The FCA also considered that it should have been notified about proposed changes to management so as to properly
consider and assess the management of the firm.
12.7 FCA: Aviva Investor Global Services Ltd (February 2015) 150
In February 2015, the FCA announced that it had published a Final Notice addressed to Aviva Investor Global Services Ltd
and had imposed a fine of over £17 million for breaching FCA Principles for Businesses, namely Principle 3 (Management and
control) and Principle 8 (Conflicts of interest). According to the FCA, the failings showed systemic weaknesses in management,
systems and controls in the Fixed Income Business.
Conflicts of interest were found in the management of funds paying differing levels of performance fees on the same desk within
its fixed income business (known as side-by-side management). The incentive structure meant that "side-by-side traders" had
an incentive to favour funds paying higher performance fees. A poor control environment also meant that fixed income traders
could delay the allocation of executed trades. The lack of adequate and effective control over its side by side management of
funds led to a breach of Principle 3. Aviva's three lines of defence model or risk management meant reliance on the business
to identify, assess and manage risk (which had the firm ensured it was operating effectively, could have mitigated the inherent
conflicts of interest associated with side-by-side asset management). The FCA found that the business failed to do so in relation
to conflicts of interests and risks associated with side-by-side management of funds. The FCA also found that the Internal Audit
function identified weaknesses in systems and controls but these were not adequately addressed by the firm. The conflicts of
interest and risks inherent in the side-by-side management of funds require robust risk management systems and controls.
The FCA noted that Aviva and its senior management had worked with the FCA in an exceptionally open and cooperative
manner and had tried to address weaknesses in its control environment.
*C.O.B. 29 12.8 FCA: Charles Palmer 151 and Paivi Grigg 152 (September 2017)
The FCA fined Paivi Grigg, risk management director at Standard Financial Group Ltd over £14,000 and fined Charles Palmer
over £86,000 and prohibited him from carrying out any significant influence function. Mr Palmer was the CEO of Standard
Financial Group Ltd and a director and de facto CEO of the Financial Ltd and Investments Ltd (the firms).
Mr Palmer failed to take adequate steps to ensure the firms' appointed representatives and individual advisers who had approval
to perform the CF30 (Customer) function (CF30s) would give suitable advice to approximately 40,000 customers.
The FCA stated that there was a failure to implement an effective risk and management control framework to ensure that: (i)
material risks to underlying customers arising from firms' business model were identified and understood by the board; (ii)
appropriate controls and mitigating measures were put into place in relation to these risks; (iii) the effectiveness of the controls

and mitigating measures were objectively assessed; and (iv) sufficient, relevant and reliable information was given to the board
in relation to the controls and mitigating measures.
The FCA noted that although Mr Palmer was not responsible for the risk management framework and compliance controls, his
role as the chief executive and knowledge that the business model gave rise to material risks to underlying customers meant
that he could not solely rely on that directors in the firms had been charged with risk management and compliance to ensure
that these risks were being identified and effectively managed. Mr Palmer had a responsibility to exercise due skill, care and
diligence in overseeing the risk management framework and control framework of the firms.
The decision in relation to Charles Palmer was referred to the Upper Tribunal and upheld in August 2017. 153
12.9 FCA: Andrew Tinney (September 2016) 154

In September 2016, the FCA published a Decision Notice addressed to Andrew Tinney, former Global Chief Operating Officer
of Barclays Wealth and Investment Management, banning him from performing any senior management or significant influence
function. Mr Tinney had been approved by the FCA to carry out CF29 (Significant Management) controlled function. The FCA
determined that Mr Tinney breached Statement of Principle 1 (requirement to act with integrity in carrying out a controlled
function), one of the Statement of Principles he was required to observe while carrying out the CF29 (Significant Management)
controlled function.
Mr Tinney had been charged with overseeing a remediation program that Barclays was carrying out to address certain regulatory
deficiencies identified by the SEC following an examination of its US branch. The remediation programme included a Culture
audit workstream initiated by Mr Tinney.
A report by a consultancy engaged to examine the tone of senior management had been very critical of certain senior managers
and had concluded that the branch had "pursued a course of revenue at all costs" and had a high-risk culture that was hostile
to senior management. The main recommendation of the report was that some senior managers should be replaced. Mr Tinney
ensured that the report was not seen or made available to senior managers and instructed the consultancy to not circulate a copy.
In doing so, the FCA said that Mr Tinney breached Statement of Principle 1 by recklessly making misleading statements and
omissions to some of his colleagues in relation as to the Report's nature and/or existence, which he should have been aware
would make it less likely that he or the consultancy would be asked for a copy of it.
Mr Tinney's misconduct was described in the notice as serious, particularly in the light of his seniority at the Firm, his substantial
industry experience and the obvious significance of the concerns giving rise to, and set out in, the report.
The matter has been referred to the Upper Tribunal.
*C.O.B. 30 12.10 FCA and PRA: James Staley (May 2018) 155
The FCA and PRA together fined James Staley, Chief Executive of Barclays Group, a total of £642,430 and held that Mr Staley
failed to act with due skill, care and diligence in the way he acted in response to an anonymous letter received by Barclays
in June 2016.
Mr Staley was appointed CEO of Barclays on 1 December 2015, and was approved by the FCA to carry out the SMF1 (Chief
Executive) function under the Senior Managers Regime. As part of his role, Mr Staley was required to comply with Individual
Conduct Rule 2, which provided that he must act with due skill, care and diligence.
Barclays group had received two letters expressing concern about a group employee, with the first letter believed to be from
a shareholder (which, if correct, would mean it fell outside the whistleblowing policy of the group). The second letter was
believed to be from an employee and so was within the whistleblowing policy regime. Mr Staley attempted to identify the
author of the first letter and in doing so he failed to recognise that both letters may be from the same person in which case he
was undermining whistleblowing procedures.
The FCA stated that a CEO exercising due skill, care and diligence ought, in the circumstances, to have identified that he had a
conflict of interest in relation to the first letter, and should have taken particular care to maintain an appropriate distance from the

investigation into it. This included not taking steps: (i) to involve himself in the investigation of the complaints in the first letter,
which risked interfering (and being perceived as interfering) with the group compliance's investigation process; (ii) which could
be seen to be seeking to put pressure on the complainant to withdraw or not repeat their complaint. The investigation found that
his actions constituted a breach of the requirement to act with due skill, care and diligence (Individual Conduct Rule 2).
13. Conclusion: The view ahead

Corporate governance has grown to be one of the most important topics of the business world and is much discussed by both
those attempting to implement "good" governance and by academics. The crisis-area reforms which brought about significant
changes to the corporate governance processes and structures in financial institutions have been consolidated. It is now almost
three years since (arguably) the most important UK regulatory initiative in response to the crisis, the senior managers and
certification regime, was introduced. The regulators also appear to be responding to societal trends in relation to their expectation
of firms. Financial institutions, like other listed companies continue to be under pressure to incorporate ethics and other non-
financial matters in their corporate reporting and demonstrate engagement with stakeholders other than shareholders. This
scrutiny placed on financial institutions in this respect is unlikely to be reduced in the near future. It is debatable whether
these changes are cosmetic or will bring about the far-reaching change desired by stakeholders, particularly when the industry
continues to suffer further detriment to its trustworthiness through scandals such as LIBOR.
Footnotes
1 PRA Resolution PRA Supervisory Statement Resolution planning SS19/13 August 2018; see https://
www.bankofengland.co.uk/-/media/boe/files/prudential-regulation/supervisory-statement/2018/ss1913-
update.
2 The Committee on the Financial Aspects of Corporate Governance Cadbury Report, 1992.
3 Study Group on Directors' Remuneration: Final Report (The Greenbury Report) 1995.
4 Committee on Corporate Governance: Final Report (The Hampel Report) 1998.
5 FRC, UK Corporate Governance Code, July 2018; see https://www.frc.org.uk/
getattachment/88bd8c45-50ea-4841-95b0-d2f4f48069a2/2018-UK-Corporate-Governance-Code-
FINAL.PDF.
6 FRC, Stewardship Code 2010, July 2010; see https://www.frc.org.uk/getattachment/e223e152-5515-4cdc-
a951-da33e093eb28/UK-Stewardship-Code-July-2010.pdf.
7 FRC, Proposed Revision to the UK Stewardship Code, January 2019; see https://www.frc.org.uk/
getattachment/dff25bf9-998e-44f6-a699-a697d932da60/;.aspx.
8 Turnbull Report, 1999; see https://www.frc.org.uk/getattachment/fe1ba51a-578d-4467-a00c-
f287825aced9/Revised-Turnbull-Guidance-October-2005.pdf.
9 FRC, Guidance on Risk Management, Internal Control and Related Financial and Business Reporting;
https://www.frc.org.uk/getattachment/d672c107-b1fb-4051-84b0-f5b83a1b93f6/Guidance-on-Risk-
Management-Internal-Control-and-Related-Reporting.pdf.
10 Derek Higgs, Review of the role and effectiveness of non-executive directors, 2003.
11 Sir Robert Smith, Audit Committees, Combined Code Guidance, 2003; see http://www.ecgi.org/codes/
documents/ac_report.pdf.
12 A review of corporate governance in UK banks and other financial industry entities: Final
recommendations, November 2009; see https://webarchive.nationalarchives.gov.uk/+/http:/www.hm-
treasury.gov.uk/d/walker_review_261109.pdf.
13 FSA, The Turner Review A regulatory response to the global banking crisis, March 2009; see http://
www.fsa.gov.uk/pubs/other/turner_review.pdf.
14 Independent Commission on Banking: final report, September 2011; https://www.gov.uk/government/news/
independent-commission-on-banking-final-report.
15 Financial Services (Banking Reform) Act 2013; see http://www.legislation.gov.uk/ukpga/2013/33/pdfs/
ukpga_20130033_en.pdf.

16 The Parliamentary Commission on Banking Standards, Report: Changing banking for good - Volume I
(HTML) June 2013; see https://www.parliament.uk/documents/banking-commission/Banking-final-report-
volume-i.pdf.
17 The FCA's response to the Parliamentary Commission on Banking Standards October 2013; see https://
www.fca.org.uk/publication/corporate/pcbs-response.pdf.
18 PRA: The use of PRA powers to address serious failings in the culture of firms, June 2014;
see https://www.bankofengland.co.uk/-/media/boe/files/prudential-regulation/statement-of-
policy/2014/the-use-of-pra-powers-to-address-serious-failings-in-the-culture-of-firms.pdf?
la=en&hash=D5A8F467D255274681EC7C1A3C5D1C8D46D65637.
19 The Kay Review of UK Equity Markets and Long-Term Decision Making, Final Report; see https://
assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/253454/
bis-12-917-kay-review-of-equity-markets-final-report.pdf.
20 Banking Standards (Lambert) Review, final report, May 2014; see https://
www.bankingstandardsboard.org.uk/.
21 Banking Standards Board, Statement of Good Practice 1, Certification Regime - Fitness and Propriety
Assessment, February 2017; see https://www.bankingstandardsboard.org.uk/pdf/Assessing-F&P-
Statement-of-Good-Practice.pdf.
22 Banking Standards Board, Supporting Guidance 2: Establishing pass/fail criteria and evidencing the F&P
assessment, February 2018; see https://www.bankingstandardsboard.org.uk/wp-content/uploads/2018/02/
BSB-Certification-decision-guidance-draft-incorp-reg-comments-v0.3.pdf.
23 Corporate governance: Government Response to the Committee's Third Report of Session 2016-17,
September 2017; see https://publications.parliament.uk/pa/cm201719/cmselect/cmbeis/338/338.pdf.
24 The Business, Energy and Industrial Strategy Committee Fourth Report of Session 2016-2017, Corporate
governance (HC 702), April 2017; see https://publications.parliament.uk/pa/cm201617/cmselect/
cmbeis/702/702.pdf.
25 BEIS, Corporate Governance Reform, The Government response to green paper consultation (August
2017); see https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/
file/640631/corporate-governance-reform-government-response.pdf.
26 The Companies (Miscellaneous Reporting) Regulations 2018; see https://www.legislation.gov.uk/
ukdsi/2018/9780111170298/pdfs/ukdsi_9780111170298_en.pdf.
27 FRC, UK Corporate Governance Code, July 2018; see https://www.frc.org.uk/
getattachment/88bd8c45-50ea-4841-95b0-d2f4f48069a2/2018-UK-Corporate-Governance-Code-
FINAL.PDF.
29 GC100 Guidance on Directors' Duties: Section 172 and Stakeholder Considerations October 2018.
30 PRA Supervisory Statement Corporate governance: Board responsibilities (SS5/16) March 2016; see
https://www.bankofengland.co.uk/-/media/boe/files/prudential-regulation/supervisorystatement/2018/
ss516update.pdf?la=en&hash=9FA09D82A6431745BBA95B3943C9AD13A5FB40A7.
31 PLSA 2019 Corporate Governance Policy and Voting Guidelines January 2019; see https://
www.plsa.co.uk/Portals/0/Documents/Policy-Documents/2019/CG_VotingG̈uidelines2̈019F̈INAL.pdf.
cmbeis/702/702.pdf.
33 2009 Review of the Combined Code: Final Report, December 2009.
34 FCA Research Note: Does the growth of passive investing affect equity market performance?: A literature
review (8 February 2019); https://www.fca.org.uk/publication/research/research-note-does-growth-
passive-investing-affect-equity-market-performance.pdf.
35 "Who owns a company", Speech by Mr Andrew G. Haldane, Executive Director and Chief Economist of
the Bank of England, at the University of Edinburgh Corporate Finance Conference, Edinburgh, 22 May
2015; https://www.bis.org/review/r150811a.pdf.
36 Corporate governance: Government Response to the Committee's Third Report of Session 2016-2017,
September 2017; see https://publications.parliament.uk/pa/cm201719/cmselect/cmbeis/338/338.pdf.
37 Investment Association, Public Register; https://www.theinvestmentassociation.org/publicregister.html.
38 Investment Association, Public Register, Repeat Offenders List; https://www.theinvestmentassociation.org/
publicregister/repeat-offenders.html.

39 Directive (EU) 2017/828 of the European Parliament and of the Council of 17 May 2017 amending
Directive 2007/36/EC as regards the encouragement of long-term shareholder engagement (Text with EEA
relevance).
40 FCA, Consultation on proposals to improve shareholder engagement (CP19/7), January 2019; see https://
www.fca.org.uk/publication/consultation/cp19-07.pdf.
41 FRC, Stewardship Code 2010, July 2010; see https://www.frc.org.uk/getattachment/e223e152-5515-4cdc-
a951-da33e093eb28/UK-Stewardship-Code-July-2010.pdf.
42 FRC, Tiering of Stewardship Code Signatories, 2016; see https://www.frc.org.uk/investors/uk-
stewardship-code/uk-stewardship-code-statements.
43 FRC, Proposed Revision to the UK Stewardship Code - Annex A - Revised Code, January 2019;
see https://www.frc.org.uk/getattachment/bf27581f-c443-4365-ae0a-1487f1388a1b/Annex-A-
Stewardship-Code-Jan-2019.pdf.
44 House of Commons Treasury Committee Banking Crisis: reforming corporate governance and pay in the
City, May 2009; see https://publications.parliament.uk/pa/cm200809/cmselect/cmtreasy/519/519.pdf.
45 European Commission Green Paper "Audit Policy: Lessons from the crisis", October 2010; https://eur-
lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52010DC0561&from=EN.
46 FRC, Enquiries and investigation of KPMG's 2007 and 2008 audits of HBOS, November 2017; https://
www.frc.org.uk/getattachment/646bb35a-f39f-4d75-a12e-6d2480e0b2a7/HBOS-Report-Nov-2017-
FINAL.pdf.
47 "Internal Audit and supervisory expectations - building on progress", Speech by Sasha Mills at Ernst &
Young, London, 3 February 2016; see https://www.bankofengland.co.uk/speech/2016/internal-audit-and-
supervisory-expectations-building-on-progress.
48 Speech by Stephen Brown, Head of Internal Audit Increasing the relevance of Internal Audit, December
2016; see https://www.bankofengland.co.uk/-/media/boe/files/speech/2016/increasing-the-relevance-of-
internal-audit.
49 The Basel Committee on Banking Supervision, Supervisory Guidance on lnternal Audits of Banks, June
2012; https://www.bis.org/publ/bcbs223.pdf.
50 Chartered Institute of Internal Auditors, Guidance on Effective Internal Audit in the Financial Services
Sector, September 2017; see https://www.iia.org.uk/media/1689286/iia-revised-fs-code-final.pdf.
51 The Basel Committee on Banking Supervision, Supervisory Guidance on External Audits of Banks, March
2014; see https://www.bis.org/publ/bcbs280.pdf.
52 The Statutory Audit Services for Large Companies Market Investigation (Mandatory Use of Competitive
Tender Processes and Audit Committee Responsibilities Order 2014), January 2014; see https://
assets.publishing.service.gov.uk/media/54252eae40f0b61342000bb4/The_Order.pdf.
53 Regulation (EU) No.537/2014 of the European Parliament and of the Council of 16 April 2014 on specific
requirements regarding statutory audit of public-interest entities and repealing Commission Decision
2005/909/EC Text with EEA relevance; see https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?
uri=CELEX:32014R0537&from=en.
54 Directive 2014/56/EU of the European Parliament and of the Council of 16 April 2014 amending Directive
2006/43/EC on statutory audits of annual accounts and consolidated accounts Text with EEA relevance;
see https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32014L0056&from=EN.
55 The Statutory Auditors and Third Country Auditors (Amendment) (EU Exit) Regulations 2018; see http://
www.legislation.gov.uk/ukdsi/2018/9780111174333/pdfs/ukdsi_9780111174333_en.pdf.
56 The Accounts and Reports (Amendment) (EU Exit) Regulations 2018; http://www.legislation.gov.uk/
57 FRC Audit tenders, Guidance on Best Practice, February 2017; see https://www.frc.org.uk/
getattachment/53c85956-d712-47d2-989f-2f8eff42be29/Audit-Tenders_notes-on-best-practice-
Feb-2017.pdf.
58 The Investment Association - Guidelines on Audit Tenders, January 2017; see https://www.ivis.co.uk/
media/12498/Audit-tenders-guidelines.pdf.
59 Barclays, Audit Tender, July 2015; see https://home.barclays/content/dam/home-barclays/documents/
investor-relations/IRNewsPresentations/2015News/20150̈70̈3%20-ÄuditT̈ender.pdf.
60 CMA Market Study Notice, Supply of Statutory Audit Services in the UK; https://
assets.publishing.service.gov.uk/media/5bbb680ee5274a225429e07b/market_study_notice.pdf October
2018.

61 The Joint Business, Energy and Industrial Strategy and Work and Pensions Parliamentary Select
Committee, Future of Audit Inquiry, November 2018; see https://www.parliament.uk/business/committees/
committees-a-z/commons-select/business-energy-industrial-strategy/inquiries/parliament-2017/future-of-
audit-17-19/.
62 PRA, Policy Statement, Implementing audit committee requirements under the revised Statutory Audit
Directive (PS16/16), May 2016; https://www.bankofengland.co.uk/-/media/boe/files/prudential-regulation/
policy-statement/2016/ps1616.
63 FRC, UK Corporate Governance Code, April 2016; see https://www.frc.org.uk/getattachment/ca7e94c4-
b9a9-49e2-a824-ad76a322873c/UK-Corporate-Governance-Code-April-2016.pdf.
64 FRC, Guidance for Directors of Banks on Solvency and Liquidity Risk Management and the Going
Concern Basis of Accounting, September 2014; see https://www.frc.org.uk/getattachment/a02fb892-
ee60-4cf9-89df-5b7d84536ec9/Guidance-for-Directors-of-Banks-2014.pdf.
65 FRC, 2014 UK Corporate Governance Code, September 2014; see https://www.frc.org.uk/
getattachment/59a5171d-4163-4fb2-9e9d-daefcd7153b5/UK-Corporate-Governance-Code-2014.pdf.
66 Investment Association Guidelines on Viability Statements, November 2016; see https://www.ivis.co.uk/
media/12474/Guidance-viability-statements-final.pdf.
67 BEIS, Corporate Governance Reform, Green Paper, November 2016; https://
assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/
file/584013/corporate-governance-reform-green-paper.pdf.
68 The Investment Association Principles of Remuneration, November 2018; see https://www.ivis.co.uk/
media/13874/Principles-of-Remuneration-Nov-2018-FINAL.pdf.
69 The Large and Medium-sized Companies and Groups (Accounts and Reports) (Amendment)
Regulations 2013, October 2013; see https://www.legislation.gov.uk/ukdsi/2013/9780111100318/pdfs/
ukdsi_9780111100318_en.pdf.
72 PRA Rulebook, Remuneration; see http://www.prarulebook.co.uk/rulebook/Content/Part/292166.
73 FCA, IFPRU Remuneration Code SYSC 19A; https://www.handbook.fca.org.uk/handbook/SYSC/19A/?
view=chapter.
74 FCA, AIFM Remuneration Code SYSC 19B; https://www.handbook.fca.org.uk/handbook/SYSC/19B/?
view=chapter.
75 FCA BIPRU Remuneration Code SYSC 19C; https://www.handbook.fca.org.uk/handbook/SYSC/19C/?
view=chapter.
76 FCA Dual-regulated firms Remuneration Code, SYSC 19D; https://www.handbook.fca.org.uk/handbook/
SYSC/19D/?view=chapter.
77 FCA UCITS remuneration code SYSC 19E; https://www.handbook.fca.org.uk/handbook/SYSC/19E/?
view=chapter.
78 FCA MIFID remuneration Code SYSC 19F; https://www.handbook.fca.org.uk/handbook/SYSC/19F/?
view=chapter.
79 Commission Delegated Regulation (EU) No.604/2014 of 4 March 2014 supplementing Directive 2013/36/
EU of the European with respect to qualitative and appropriate quantitative criteria to identify categories
of staff whose professional activities have a material impact on an institution's risk profile; see https://eur-
lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32014R0604&from=EN.
80 The PRA's expectations on remuneration (PS7/17) April 2017; see https://
www.bankofengland.co.uk/-/media/boe/files/prudential-regulation/policy statement/2017/ps717.pdf?
la=en&hash=BE70A5061269994F001D14D411EC4605C3B43DAB.
81 PRA Supervisory Statement Remuneration (SS2/17), April 2017; https://www.bankofengland.co.uk/-/
media/boe/files/prudential-regulation/supervisory-statement/2017/ss217.
82 FCA Policy Statement, Remuneration in CRD IV firms: final guidance and changes to Handbook
(PS17/10); see https://www.fca.org.uk/publication/policy/ps17-10.pdf.
83 PRA, Policy statement: Clawback (PS7/14); see https://www.bankofengland.co.uk/-/media/boe/files/
prudential-regulation/policy-statement/2014/ps714.

84 FCA and PRA Policy Statement: Strengthening the alignment of risk and reward: new remuneration
rules, June 2015; https://www.bankofengland.co.uk/-/media/boe/files/prudential-regulation/policy-
statement/2015/ps1215 (PRA PS12/15 FCA PS15/16).
85 PRA, Policy Statement, Buy-outs of variable remuneration (PS26/16), September 2016; see https://
www.bankofengland.co.uk/-/media/boe/files/prudential-regulation/policy-statement/2016/ps2616.
87 Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access
to the activity of credit institutions and the prudential supervision of credit institutions and
investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and
2006/49/EC Text with EEA relevance; see https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?
uri=CELEX:32013L0036&from=EN.
88 Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on
markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/
EU Text with EEA relevance; see https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?
89 Guidelines on sound remuneration policies under Arts 74(3) and 75(2) of Directive 2013/36/
EU and disclosures under Art.450 of Regulation (EU) No.575/2013 (December 2015); https://
eba.europa.eu/documents/10180/1314839/EBA-GL-2015-22+Guidelines+on+Sound+Remuneration
+Policies.pdf/1b0f3f99-f913-461a-b3e9-fa0064b1946b.
90 FCA FG 17/5 Remuneration Codes (SYSC 19A and 19D) Frequently asked questions on remuneration,
May 2017; see https://www.fca.org.uk/publication/finalised-guidance/frequently-asked-questions-
remuneration-sysc-19a-19d.pdf.
91 European Commission Proposal for a Directive amending Directive 2013/36/EU as regards exempted
entities, financial holding companies, mixed financial holding companies, remuneration, supervisory
measures and powers and capital conservation measures November 2016; https://ec.europa.eu/
transparency/regdoc/rep/1/2016/EN/COM-2016-854-F1-EN-MAIN.PDF.
92 European Commission, Prudential Review of Investment Firms December 2017; see https://ec.europa.eu/
info/law/better-regulation/initiatives/ares-2017-1546878_en.
93 FT article: BlackRock demands end to excessive executive pay, 15 January 2017; see https://www.ft.com/
content/99d4192e-d983-11e6-944b-e7eb37a6aa8e.
cmbeis/702/702.pdf.
95 FCA Policy Statement Extending the Senior Managers and Certification Regime to FCA firms, Feedback
to CP17/25 and CP17/40, and near-final rules (PS18/14), July 2018; see https://www.fca.org.uk/
publication/policy/ps18-14.pdf.
96 FCA Guidance consultation Senior Managers and Certification Regime: Proposed guidance on statements
of responsibilities and responsibilities maps for FCA firms, October 2018; see https://www.fca.org.uk/
publication/guidance-consultation/gc18-04.pdf.
97 PRA Strengthening individual accountability in banking Supervisory Statement SS28/15 July 2018;
https://www.bankofengland.co.uk/prudential-regulation/publication/2015/strengthening-individual-
accountability-in-banking-ss.
98 FCA Policy Statement Final Guidance: The Duty of Responsibility for insurers and FCA solo-regulated
firms (PS18/16), July 2018; see https://www.fca.org.uk/publication/policy/ps18-16.pdf.
99 COCON 1.1.2R(6).
100 Banking Act 2009; see http://www.legislation.gov.uk/ukpga/2009/1/pdfs/ukpga_20090001_en.pdf.
101 Directive 2014/59/EU of the European Parliament and of the Council of 15 May 2014 establishing a
framework for the recovery and resolution of credit institutions and investment firms and amending
Council Directive 82/891/EEC, and Directives 2001/24/EC, 2002/47/EC, 2004/25/EC, 2005/56/EC,
2007/36/EC, 2011/35/EU, 2012/30/EU and 2013/36/EU, and Regulations (EU) No.1093/2010 and (EU)
No.648/2012, of the European Parliament and of the Council Text with EEA relevance; see https://eur-
lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32014L0059.
102 Solving too big to fail: Where do things stand on resolution Speech given by Paul Tucker, Deputy
Governor Financial Stability, At the Institute of International Finance 2013 Annual Membership meeting,

Washington DC, October 2013; see https://www.bankofengland.co.uk/-/media/boe/files/speech/2013/

solving-too-big-to-fail-where-do-things-stand-on-resolution.
103 EBA, Comparative report on governance arrangements and recovery indicators, July 2016; see https://
eba.europa.eu/-/eba-publishes-analysis-on-governance-arrangements-and-indicators-for-recovery-plans.
104 FCA, Recovery plans, initial observations, May 2016; see https://www.fca.org.uk/news/news-stories/
recovery-plans-%E2%80%93-initial-observations.
105 Davies report, Women on boards, February 2016; https://assets.publishing.service.gov.uk/government/
uploads/system/uploads/attachment_data/file/31480/11-745-women-on-boards.pdf.
106 FRC Guidance on board effectiveness, July 2018; https://www.frc.org.uk/getattachment/61232f60-
a338-471b-ba5a-bfed25219147/2018-Guidance-on-Board-Effectiveness-FINAL.PDF.
107 Women on Boards Review, 5 Years Summary, October 2015; see https://assets.publishing.service.gov.uk/
government/uploads/system/uploads/attachment_data/file/482059/BIS-15-585-women-on-boards-davies-
review-5-year-summary-october-2015.pdf.
108 Hampton-Alexander Review FTSE Women Leaders, Improving gender balance in FTSE Leadership,
November 2016; see https://assets.publishing.service.gov.uk/government/uploads/system/uploads/
attachment_data/file/613085/ftse-women-leaders-hampton-alexander-review.pdf.
109 Hampton-Alexander Review FTSE Women Leaders, Improving gender balance in FTSE Leadership,
November 2018; see https://ftsewomenleaders.com/wp-content/uploads/2018/11/HA-Review-
Report-2018.pdf.
110 The Equality Act 2010 (Gender Pay Gap Information) Regulations 2017; see https://
www.legislation.gov.uk/ukdsi/2017/9780111152010/pdfs/ukdsi_9780111152010_en.pdf.
111 A Report into the Ethnic Diversity of UK Boards, October 2017; see https://www.ey.com/Publication/
vwLUAssets/The_Parker_Review/$FILE/EY-Parker-Review-2017-FINALR̈EPORT.pdf.
112 Race in the workplace, The McGregor-Smith Review, February 2017; see https://
assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/594336/race-in-
workplace-mcgregor-smith-review.pdf.
113 Commission Delegated Regulation (EU) 2017/565 of 25 April 2016 supplementing Directive 2014/65/
EU of the European Parliament and of the Council as regards organisational requirements and operating
conditions for investment firms and defined terms for the purposes of that Directive; https://eur-
lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32017R0565&from=EN.
114 Capital Requirements Directive (Governance and Remuneration) Amendment Instrument 2013 PRA
(2013/32), December 2013; see http://www.prarulebook.co.uk/rulebook/Media/Get/091266ac-c580-4b83-
bc86-0bb982a470ef/PRA_2013_32/pdf.
115 FCA, Letter to Chairmen of the Board: Governance requirements of a significant IFPRU firm, September
2016; see https://www.fca.org.uk/publication/correspondence/dear-board-letter-governance-compliance-
review.pdf.
116 Directive 2014/95/EU of the European Parliament and of the Council of 22 October 2014 amending
Directive 2013/34/EU as regards disclosure of non-financial and diversity information by certain large
undertakings and groups Text with EEA relevance; https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?
117 The Companies, Partnerships and Groups (Accounts and Non-Financial Reporting) Regulations 2016;
http://www.legislation.gov.uk/uksi/2016/1245/pdfs/uksi_20161245_en.pdf.
118 European Commission Action Plan on sustainable finance, March 2018; https://eur-lex.europa.eu/legal-
content/EN/TXT/PDF/?uri=CELEX:52018DC0097&from=EN.
119 European Commission, Frequently asked questions: Commission proposals on financing sustainable
growth; http://europa.eu/rapid/press-release_MEMO-18-3730_en.htm?locale=en.
120 ESMA, Consultation paper on integrating sustainability risks and factors in MIFID II, December 2018; see
https://www.esma.europa.eu/press-news/consultations/consultation-integrating-sustainability-risks-and-
factors-in-mifid-ii.
121 FCA Discussion Paper: Climate change and green finance DP18/8, October 2018; see https://
www.fca.org.uk/publication/discussion/dp18-08.pdf.
122 PRA, Consultation Paper on "Enhancing banks' and insurers' approaches to managing the
financial risks from climate change", October 2018, CP23/18; https://www.bankofengland.co.uk/-/
media/boe/files/prudential-regulation/consultation-paper/2018/cp2318.pdf?
la=en&hash=8663D2D47A725C395F71FD5688E5667399C48E08.

123 UNEP, The Principles for Positive Impact Finance: A common framework to finance the sustainable
development goals, February 2017.
124 UNEP, Principles for Responsible Banking, November 2018; see https://www.unepfi.org/banking/
bankingprinciples/read-the-principles/.
125 The Capital Requirements (Country-by-Country Reporting) Regulations 2013; http://
www.legislation.gov.uk/uksi/2013/3118/pdfs/uksi_20133118_en.pdf.
126 Small Business, Enterprise and Employment Act 2015; https://www.legislation.gov.uk/ukpga/2015/26/pdfs/
ukpga_20150026_en.pdf; Modern Slavery Act 2015; see http://www.legislation.gov.uk/ukpga/2015/30/
pdfs/ukpga_20150030_en.pdf; Business & Human Rights Resource Centre: FTSE 100 & UK Modern
Slavery Act, From Disclosure to Action; https://www.business-humanrights.org/sites/default/files/
FTSE1̈00B̈riefing2̈018.pdf.
127 Home Office Review of Modern Slavery Act: Terms of reference, August 2018; https://www.gov.uk/
government/publications/modern-slavery-act-2015-independent-review-terms-of-reference/review-of-the-
modern-slavery-act-2015-terms-of-reference.
128 Modern Slavery Act 2015: Review: second interim report, January 2019; see https://
assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/773372/
FINAL_Independent_MSA_Review_Interim_Report_2_-_TISC.PDF.
129 UN Guiding Principles on Business and Human Rights: Implementing the United Nations, "Protect,
Respect and Remedy Framework" 2011; see https://www.ohchr.org/documents/publications/
GuidingprinciplesBusinesshr_eN.pdf.
130 Thun Group of Banks, Paper on the implications of UN Guiding Principles 13b and 17 in a corporate and
investment banking context, December 2017; see https://www.business-humanrights.org/sites/default/files/
documents/2017_12_ThunG̈roupöfB̈anks_Paper_UNGPs1̈3bänd1̈7.pdf.
131 "Culture in financial institutions: it's everywhere and nowhere", Speech by Andrew Bailey, Chief
Executive of the FCA at HKMA Annual Conference for Independent Directors, March 2017; see https://
www.fca.org.uk/news/speeches/culture-financial-institutions-everywhere-nowhere.
132 FCA Policy Statement: Extending the Senior Managers and Certification Regime to FCA firms,
Feedback to CP17/25 and CP17/40, and near-final rules (PS18/14), July 2018; see https://www.fca.org.uk/
publication/policy/ps18-14.pdf.
133 FCA Discussion Paper: Transforming culture in financial services, DP18/2, March 2018; https://
www.fca.org.uk/publication/discussion/dp18-02.pdf.
134 "The Importance of Diversity", Speech by Andrew Bailey, Chief Executive at FCA at the PIMFA Wealth
of Diversity Conference 2019, February 2019; https://www.fca.org.uk/news/speeches/importance-diversity.
135 "Opening up and speaking out: diversity in financial services and the challenge to be met", Speech by
Christopher Woolard, Executive Director of Strategy and Competition at the FCA, delivered at Ropemaker
Place, London, December 2018.
136 FCA, written submission to the Chair of the Women and Equalities Committee on Sexual Harassment in
the Workplace, September 2018; see https://www.fca.org.uk/publication/correspondence/wec-letter.pdf.
137 The Financial Services (Implementation of Legislation) Bill 2017-2019, November 2018; see https://
publications.parliament.uk/pa/bills/lbill/2017-2019/0143/lbill_2017-20190143_en_1.htm.
138 The House of Commons European Scrutiny Committee Fiftieth Report of Session 2017-2019, January
2019; https://publications.parliament.uk/pa/cm201719/cmselect/cmeuleg/301-xlix/301-xlix.pdf.
139 FT-ICSA Boardroom Bellwether survey, Winter 2018; https://www.icsa.org.uk/knowledge/research/ft-icsa-
boardroom-bellwether-survey-winter-2018.
140 FRC open letter to Finance Directors and Audit Committee Chairs, October 2018; https://www.frc.org.uk/
getattachment/e49d2fa2-604a-4c0e-8e61-18344542e990/End-of-year-letter-241018-FINAL.pdf.
141 FRC Business model reporting; risk and viability reporting, October 2018; https://www.frc.org.uk/
getattachment/43c07348-e175-45c4-a6e0-49f7ecabdf36/Business-Models-Lab-Implementation-
Study-2018.pdf.
142 John Pottage v Financial Services Authority, April 2012; see https://assets.publishing.service.gov.uk/
media/5752b95640f0b64328000020/John_Pottage.pdf.
143 FCA Final Notice: Peter Cummings, September 2012; see https://www.fca.org.uk/publication/final-notices/
peter-cummings.pdf.
144 FCA Final Notice: Angela Burns, December 2018; see https://www.fca.org.uk/publication/final-notices/
angela-burns-2018.pdf.

145 FCA Press Release, FCA bans Angela Burns from acting as a non-executive director and fines her for her
failure to declare conflicts of interest, December 2018; https://www.fca.org.uk/news/press-releases/fca-
bans-angela-burns-acting-non-executive-director-fines-failure-declare-conflicts-interest.
146 FCA: Final Notice: Mitsui Sumitomo Insurance Company (Europe) Ltd, May 2012; see http://
www.fsa.gov.uk/static/pubs/final/msicel.pdf.
147 FCA Final Notice: Yohichi Kumagai, May 2012; https://www.fca.org.uk/publication/final-notices/yohichi-
kumagai.pdf.
148 FCA: Final Notice: Prudential Plc, March 2013; https://www.fca.org.uk/publication/final-notices/fsa-pru-
plc.pdf.
149 FCA Final Notice: The Cooperative Bank Plc, August 2015; https://www.fca.org.uk/publication/final-
notices/the-co-operative-bank-plc-2015.pdf.
150 FCA Final Notice: Aviva Investors Global Services Ltd, February 2015; https://www.fca.org.uk/
publication/final-notices/aviva-investors.pdf.
151 FCA: Decision Notice Charles Palmer, September 2015; https://www.fca.org.uk/publication/decision-
notices/charles-anthony-llewellen-palmer.pdf.
152 FCA Final Notice, Paivi Grigg, December 2015; https://www.fca.org.uk/publication/final-notices/paivi-
katriina-grigg.pdf.
153 FCA Press Release, Upper Tribunal upholds FCA's decision to fine and ban Charles Palmer, former CEO
of adviser network, August 2017; see https://www.fca.org.uk/news/press-releases/upper-tribunal-upholds-
fca-decision-fine-and-ban-charles-palmer-former-ceo.
154 FCA Decision Notice: Andrew Tinney, July 2016; see https://www.fca.org.uk/publication/decision-notices/
andrew-tinney.pdf.
155 FCA: Final Notice: Jes Staley, May 2018; see https://www.fca.org.uk/publication/final-notices/mr-james-
edward-staley-2018.pdf.

Corporate Governance in Financial Institutions

Uploaded by

Copyright:

Available Formats

Corporate Governance in Financial Institutions

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Corporate Governance in Financial Institutions

Uploaded by

Copyright:

Available Formats

Corporate governance in financial institutions, C.O.B.

2019, 165(Apr), 1-38

For educational use only

Compliance Officer Bulletin

C.O.B. 2019, 165(Apr), 1-38

Other related subjects

© 2022 Thomson Reuters. 1

2.1 The Cadbury Report

© 2022 Thomson Reuters. 2

2.2 The Turnbull Report

2.3 The Higgs Report

2.4 The Smith Report

2.5 The Walker Review

*C.O.B. 4 2.6 The Turner Review

© 2022 Thomson Reuters. 3

2.7 Independent Commission on Banking Report

2.8 Parliamentary Commission on Banking Standards

© 2022 Thomson Reuters. 4

2.9 The Kay Review

2.10 Professor Lambert report

2.12 The current operation of the UK Corporate Governance Code

© 2022 Thomson Reuters. 5

Currently, the Listing Rules require the disclosure statement to include:

(b) a statement as to whether the listed company has:

c) those provisions, if any, it has not complied with;

e) the company's reasons for non-compliance.

3. Statutory and supervisory requirements

3.1 Companies Act 2006

© 2022 Thomson Reuters. 6

3.2 The Financial Services and Markets Act 2000

3.3 FCA Handbook

4. Who is responsible for corporate governance?

© 2022 Thomson Reuters. 7

4.1 The role of the non-executive director

4.2 The role of the Chair

© 2022 Thomson Reuters. 8

4.3 The role of shareholders

© 2022 Thomson Reuters. 9

5. Audit Committee and Auditing

© 2022 Thomson Reuters. 10

5.2 Audit market reforms

5.3 Audit committees

© 2022 Thomson Reuters. 11

5.4 Corporate reporting on auditing and structure

© 2022 Thomson Reuters. 12

6. Remuneration and remuneration committees

*C.O.B. 14 6.1 Remuneration Codes

© 2022 Thomson Reuters. 13

6.2 Performance adjustments and buy-outs

6.3 CRD IV and MIFID II

© 2022 Thomson Reuters. 14

7. Senior Managers and Certification Regime

3. Limited Scope Firms, who will be subject to reduced set of requirements. 95

The SMCR is comprised of the following three main pillars:

© 2022 Thomson Reuters. 15

7.1 Senior Management Function

© 2022 Thomson Reuters. 16

7.3 Conduct Rules

*C.O.B. 18 8. Recovery and resolution: Living wills