the FSA’s Handbook expectations of boards and governance arrangements
It is possible to take issue with the FSA’s insistence in consultation on this point that “there are few requirements that are the same in both the Combined Code and the FSA’s rules”.77As already shown the Code
76See, for example, speech by Philip Robinson, Director Deposit-takers Division of the FSA (17 July 2003) to the Building Societies Association, when he gave a number of examples of matters the FSA saw as peculiarly within the remit of NEDs of building societies all clearly derived from the Combined Code: “First, we think non-executives should play their part by providing an independent perspective to the overall running of the business, in setting and monitoring the society’s strategy. Second, they should scruti- nise the approach of executive management, the society’s performance and its standards of conduct . . . [T]hird . . . they should carry out other responsibilities as assigned by the society, for example as a member of a board committee on audit or remuneration.”
77Supra at n 73, para 2.20.
contains quite specific expectations about appropriate behaviours of NEDs and these must inevitably flavour and inform how any NED who is also an approved person performs the NED controlled function and thus assesses her own compliance with the FSA’s regulatory framework.
Simply because legal and regulatory requirements are not literally the same is far from meaning that, viewed from the perspective of their impact and how they are embedded and received in those subject to them, they are not intrinsically entwined. Combined Code Principle D.2 (Internal Control) provides the most striking area of similarity between the Combined Code and the FSA’s SYSC regulation:
The board should maintain a sound system of internal control to safeguard share- holders’ investment and the company’s assets
The similarities become obvious when this is read in conjunction with the Turnbull guidelines annexed to the Combined Code which amplify that main principle by way of guidance on internal controls and risk management processes.78 Both the Turnbull guidelines and SYSC requirements emphasise the need for firms to embed required control systems as part of the core business processes rather than seeing
“the business” and “risk management” (in the case of Turnbull) and
“responsibility for regulatory compliance” (in the case of SYSC) as separate processes. So Turnbull’s introductory words to the 1999 report strongly echo more recent rhetoric from the FSA on the centrality of regulatory compliance to the very core of the business as the objectives
78The Turnbull Report issued by the Institute of Chartered Accountants of England and Wales in 1999 was little commented upon by academic lawyers at the time but in fact represents a real advance in the degree of penetration and intrusion into companies’
internal affairs and organisation, far more so than the other main policy initiatives that wrought changes to the Combined Code, Cadbury Report in 1992, (Report of the Com- mittee on the Financial Aspects of Corporate Governance, Gee: London, 1992); Greenbury Report on Executive Remuneration 1995, and the Committee on Corporate Governance (commonly referred to as the Hampel Committee) in 1998. These reports were con- cerned primarily with board structure, composition and responsibility issues (Cadbury), executive remuneration (Greenbury) and the drafting and the juridical/regulatory basis of arrangements for corporate governance (Hampel).
of the guidelines are described as being to:
rreflect sound business practice whereby internal control is embedded in the business processes by which a company pursues its objectives;
rremain relevant over time in the continually evolving business environment;
randenable each company to apply it in a manner which takes account of its particular circumstances . . .
. . . [and being] based on the adoption by a company’s board of a risk-based ap- proach to establishing a sound system of internal control and reviewing its effec- tiveness. The company within its normal management and governance processes should incorporate this. It should not be treated as a separate exercise undertaken to meet regulatory requirements.79
Indeed the Turnbull guidelines specifically refer to the improved regu- latory compliance effect that should follow from their implementation when they state that sound internal controls should “help ensure compliance with applicable laws and regulations, and also with internal policies with respect to the conduct of business”. So to what extent then may a firm regulated by the FSA safely rely on those systems and processes of internal control and risk management implemented to comply with Turnbull guidelines as also being good compliance with SYSC Rule 3.1.1 “A firm must take reasonable care to establish and maintain such systems and controls as are appropriate to its business”?
From the perspective of the subjects of these differing yet overlapping systems of intra-firm regulation the practical question arises to what ex- tent will the FSA recognise and give credit for compliance with the Combined Code’s requirements on firms and management in any deter- mination of either the firm’s responsibility for breaches of SYSC rules (such as SYSC 3.1.1R extracted above) or of an individual director’s responsibility for breach of Statements of Principle applying to holders of significant influence functions under the Approved Persons regime?
The FSA stated in consultation on its high-level standards for firms and individuals, that when considering compliance of firms regulated by it which are also subject to the Combined Code’s guidance on internal controls (the Turnbull guidance), it would “give due credit for following
79Turnbull Report, Introduction (ICAEW, 1999).
corresponding provisions in the Code and related guidance” and that position is now reflected in its Handbook.80In relation to an individ- ual’s position under the Approved Persons regime the same “due credit”
approach is employed “In forming an opinion whether approved persons have complied with its requirements, the FSA will give due credit for their following corresponding provisions in the Combined Code and related guidance”.81
The FSA had been pressed in consultation by those potentially sub- ject to the overlapping regimes to be more specific about the likely practical meaning of “due credit” and to strengthen the protection of- fered to offer a “safe harbour” of compliance with the Code. However, the FSA rejected this approach while emphasising that its policy of giving “due credit” was
intended to minimise the burden of complying with the FSA’s rules where firms already comply with the Combined Code. Firms will not be expected to du- plicate procedures or documents which they have created in order to meet the requirements of the Combined Code where these also meet the requirements of the FSA’s rules and guidance.82
The FSA based its objection to the “safe harbour” effect of Code com- pliance on the ground that few requirements of the Code and the FSA are the same. That admission itself rather obviates the utility of its assurances about “due credit” and avoidance of duplication. In ad- dition, the FSA failed to address how firms themselves are to address the meta-regulatory conflict that several industry respondents pointed out to it as being “between the Code’s emphasis on board responsibility and protection of and accountability to shareholders and the focus on individual responsibility and the protection of consumers in the FSA’s requirements”.83
There are real areas of similarity between the general tenor and some of the governance and control standards contained in the Combined
80SYSC 3.1.3G and FSA CP 35, p 9.
81APER 3.1.9.
82Supra, n 73 para 2.20.
83Supra, n 73 para 2.18.
Code with the FSA’s own regulatory code for senior management con- tained in SYSC and APER. This is no accident as the two areas of regulatory concern cover the same territory, albeit from differing pol- icy motivations. Both regulatory codes expect firms subject to them to position each code’s respective compliance processes centrally into the firm’s business processes, yet the problem remains, as identified by both Haines and Gurney and Bamford as discussed earlier, that compliance with each may entail something rather different in exactly the same commercial situation. The board and/or senior manager are “enrolled”
by both the FSA’s regulatory framework and the Combined Code into, respectively, FSMA regulatory objectives and shareholder value cre- ation and accountability to shareholders. Which (very different) policy agenda is to motivate real commercial decisions?