STAFF CONSIDERATIONS UNDER NEW FSA REGULATIONS
|
| Tweet |
Originally Published: Finance Week, July 14, 2008
By Fiona McNish - 14-Jul-2008
Fiona McNish looks at how personnel departments have an increasing role to play in following FSA regulations. The 2007 'Better Regulation Initiative' both eased elements of compliance while introducing other responsibilities.
The Financial Services Authority (FSA) was set up to enact the Financial Service and Markets Act (FSMA) 2000 and is a one-stop shop in terms of regulating financial services. It sets out principles and regulations centred largely upon people, behaviour and job/professional requirements - all of which are the responsibility of busy human resource (HR) departments.
As a consequence, HR management must ensure that correct levels of training, conduct and qualifications are maintained. In addition, financial organisations must provide the FSA with a clear organisational structure and outline their process of identifying and reporting risk to maintain compliance. Some of the key organisational functions affected - and the potential solutions - involve data and information management and protection, managing people and relevant reporting.
Workload increases
Although there will be an increase in work performed by the personnel department, it is important to introduce processes and technology that encourages smarter working and streamlines procedures. At the same time it is crucial to maintain high levels of risk management and compliance. It is never obvious when breaches might occur.
However even the restructuring process to work more efficiently and the expectation of continuing global financial instability, brings stresses made worse by cost-cutting pressures and redundancies.
Impact of FSA changes
In 2007 the FSA's 'Better Regulation Initiative' placed increased emphasis on rules becoming more principles-based in the financial retail sector. The objective was to make regulation more cost effective to implement for organisations and create greater flexibility in interpretation, getting rid of the 'one size fits all' formula. One example is that prior to changes, 'approved persons' fell into a variety of banded categories. This number has now been reduced and 'approved persons' no longer need notify the FSA when they transfer internally to a new role, cutting down on paperwork.
The change in some aspects of employment practices requires managers to be proactive in seeking to reduce risk. This includes identifying regulatory change and new processes. Mismanagement and failure to comply with required FSA legislation can be costly; in 2007, it levied fines totalling £5.3m on UK businesses. While some might argue this was not enough, all fines are public information so the damage is also to reputation.
At a business-wide strategic level, where firms are contemplating restructuring, close attention to systems for general management and business continuity, cannot be ignored. Risk assessments need regular reviewing as do lines of reporting change.
Managing data and information risk
Managing risk can range from security awareness by staff, to use of appropriate communication channels and data storage. HR should play a key role in ensuring that staff be aware of what rules and restrictions apply along all business channels and procedures and why.
Reducing crime is one of the four pillars of the FSMA and this includes protecting customers from identity theft. Following on from high profile fines over the past year, the regulators have recently fined stockbrokers Merchant Securities for failing to correctly handle the risk that occurs from using a webmail-based email system and instant messaging that contained sensitive customer information.
The use of these non-secure channels is often permitted in other industry sectors where traceability of communications with stakeholders is less of an issue, but those in the financial sector need to evaluate the risk involved in allowing their use in a different light.
Where individuals are concerned, the FSA performs random checks on staff suitability, so firms need to maintain stringent checks in respect of criminal and financial soundness when recruiting and thereafter provide regular development and training. Overall, both the people involved and the processes to manage risk need to be soundly vetted and regularly reviewed, especially when structural changes occur.
Vetting, training and qualifications
Economic downturn brings the prospect of downsizing and restructuring to many companies, meaning staff will come and go. One change in the rules means that the format of references are stricter, particularly for employees categorised as 'approved persons'. It is no longer suitable to provide a blanket reference that simply states name, job title and dates employed. Firms must supply a solid job description. In fact omissions of responsibilities are no longer acceptable, being considered as an inaccurate description. Even where companies outsource the HR function, they still remain responsible for references.
Where training and qualifications are concerned, in addition to ensuring that staff achieve necessary externally assessed accreditation, organisations can now design in-house training that is more relevant to their business. Authorised and regulated firms must "employ personnel with the skills, knowledge and expertise necessary for the discharge of the responsibilities allocated to them", therefore the ability to track the training undertaken and competency levels reached becomes imperative.
Technical solutions that provide organisational charting, banding and templates will help to ensure that the correct levels of staff can be mapped quickly and efficiently. It will also assist in preparing the relevant references and job descriptions when staff enter, move within and leave a firm.
Managing the change - robust reporting
The FSA regulatory changes should not necessitate painful overhauls of the entire organisation or HR department, though it is important to think and behave strategically about integrating reporting requirements company-wide.
Minor changes can sometimes have huge impact. For example, as the main holiday season approaches, stringent monitoring of absence and holidays is performed by many financial service organisations. Since the Société Générale issue erupted - involving alleged unauthorised deals by a rogue trader who didn't take leave for over two years - some firms have policies whereby staff working in certain functions are required to take leave. In theory this reduces the possibility of hiding irregularities and misdemeanours.
Robust reporting will also help in relations with FSA contacts. At the end of March 2008 the FSA admitted in their report on the demise of Northern Rock building society that their own rapid staff turnover created a problem in maintaining a close watch on activities and compliance. Therefore it becomes both imperative (as required by Principle 11) and wise to maintain thorough records to help any new FSA contacts to become appraised of what the business does and to show evidence of communication with FSA contacts.
There are various technology solutions - such as integrated elearning, automated reporting and warnings - that will support and facilitate the necessary changes. Such solutions provide the ability to extract and collate the data from disparate sources to produce relevant and timely reports in a meaningful manner. Such technical solutions will also be able to provide a certain level of 'future proofing' with the ability to access data from new sources or departments. However, expert advice and strong management will be essential to ensure that the new principles-based regulation is truly embraced in this regulated community.
Fiona McNish is a member of the Securities Institute and holds post graduate diploma in financial services regulation. She works as a specialist in financial services sector legislation forApplication Lynx, an Oracle Certified Advantage Partner dedicated to the implementation and support of Oracle's Human Capital Management (HCM) Applications suite.
