is the online magazine of BSI Group, highlighting the vital role that standards play in today's business environment by helping organizations improve quality, save money, reduce risk and be more sustainable. Features include interviews with leading business figures, as well as news on the latest developments in management systems, standards, testing, healthcare and certification.
Building a better future: BS 8453 Compliance framework for financial services
31 Jan 2011
Topics: Financial services, BS 8453
From splitting up banking operations to restructuring bonuses, reform of the finance industry has fuelled much rhetoric and provoked fierce debate over the past two years. But as bankers now look to recover their reputations as well as any losses, compliance with new and existing rules must be a top management priority.
2010 saw a frenzy of global financial regulation, as politicians and businesses around the world strived to ensure that long-term lessons are leanrt from the credit crisis. Many finance-focused businesses, therefore, find themselves faced with the prospect of new, more rigorous compliance procedures to monitor risks and performance more effectively.
In April last year, for example, the UK's Financial Services Act 2010 received Royal Assent. This instructs regulator the Financial Services Authority (FSA) to create new rules governing pay agreements and brand those that breach them void.[1] Those authorized will have to act in accordance with a remuneration policy that is consistent with effective risk management.
A further section of the Act calls for prepared and up-to-date business recovery plans (and resolution plans in case a business becomes likely to fail), and the Treasury itself may regulate to demand specific business information in the form of an executive remuneration report in future.[2]
Then, just three months later, US President Barack Obama welcomed the US's very wide-ranging Dodd-Frank Wall Street Reform and Consumer Protection Act. This landmark piece of legislation included a new Financial Stability Oversight Council to identify emerging risks before they could cause a crisis, and details of mechanisms for winding down financial institutions that had previously been deemed too big to fail.
Finally, in September, international banks learnt that they would need to boost their core tier-one capital coffers from a current minimum of two per cent to seven per cent before 2019 under the new Basel III rules. Some 91 European banks had been subjected to so-called "stress tests" earlier in the summer to see whether they could withstand future financial shocks such as a double dip recession or sovereign debt crisis. The vast majority passed, but seven - five Spanish, one German and one Greek - failed to meet the Committee of European Bankers Supervisors (CEBS) benchmarks.[3] [The European Banking Authority (EBA) has now taken over from the CEBS.]
Called to account
Underpinning all these specific developments, however, have been a number of broad concerns that will clearly impact on management and compliance in financial businesses for many years to come.
Such organizations have been told that they must take a longer-term view of risk than has previously been visible - clearly tying promotions, management and pay mechanisms to the delivery of sustainable value over time. The more exotic financial instruments favoured by investment bankers are also set for a transparency overhaul, and regulatory gaps are likely to be closed to counter excessive risk-taking via convenient loopholes.
Consumers, meanwhile, will be given greater protection against the industry's inescapable profit-making purpose. Sales and marketing processes may need to change to ensure the necessary information is easily available and understandable, with crackdowns in cases of negligence. Banks may well be penalized financially for practices deemed irresponsible, such as lending mortgages to borrowers who will find it difficult to repay.
The UK's FSA, for example, now has the power to impose a "consumer redress scheme" in the event of "widespread or regular failings that have caused consumer detriment"[4]. The new Financial Services Act also requires the FSA to establish a financial education body for consumers. And, in the US, President Obama proudly declared that his financial reform package amounted to "the strongest commercial protections in history".
"It is designed to make sure that everybody follows the same set of rules, so that firms compete on price and quality, not on tricks and traps,"[5] he said.
Finally, the international reforming agenda shares a common emphasis on clearer accountability and reporting, and more effective oversight of all financial activities. In the UK, for example, the Financial Reporting Council has published a new Stewardship Code, designed to help international investors play a more pragmatic role in management through good corporate governance.[6] The code encourages improved communication between shareholders and company boards, providing guidance for engaging with issues such as managing conflicts of interest, voting policy and public reporting. As of 19 October 2010, 68 institutions had signed up, including HSBC Global Asset Management (UK), JP Morgan Asset Management, the Australian Council of Super Investors and global asset management firm BlackRock.
Framework for improvement
It was in the context of such calls to improve the governance and accountability structures of financial organizations that BSI has recently been developing the new voluntary standard BS 8453 Compliance framework for financial services firms,[7] due to launch in February 2011.
This timely standard provides a set of commonly agreed controls for building an overarching compliance culture within a firm and, therefore, for lowering the risk of a damaging regulatory breach, such as market abuse, money laundering or unfair treatment of customers.
"It provides a framework for managing compliance in a regulated firm, from monitoring and reporting procedures to risk assessment and training," explains BSI sector content manager Nick Fleming. "The prevention of breaches is likely to be increased through a standardized approach that complements existing regulation."
However, Fleming adds that the standard's "focus on outcomes" means its usefulness moves beyond compliance monitoring and regulatory risk management to embrace "multiple applications" that are relevant in a risk-conscious working environment. These could include conducting internal audits for benchmarking purposes, preparing for regulatory visits, evaluating the effectiveness of current systems and controls, and even launching an entirely new compliance operation. The advantages are many and complementary.
"Compliance with the standard can embed a good compliance culture in firms by engaging senior management and compliance personnel," Fleming says.
External stakeholders, such as shareholders and clients, also have greater assurance through the detailed, demonstrable process of a standard, and consumers are set to benefit both through the overall outcomes and the recommendation that BS 8453 is used alongside fellow customer-oriented, standards.
By meeting the standard's requirements, a business will be able to self-certify its procedures. For additional assurance, it can secure independent certification from a third party audit. It means more peace of mind for senior management that their compliance functions are fully fit for purpose in an increasingly unpredictable and shaken corporate world.
Building consensus
BS 8453 encourages strong company engagement and communication to foster compliance, and was itself developed through a full consensus process. This was led by an industry steering committee, comprising representatives of key trade associations, industry practitioners and professional bodies.
BSI first brought together a number of leading financial services stakeholders to discuss the move in late 2009. These included the Chartered Institute for Securities & Investment (CISI), the Association of Private Client Investment Managers and Stockbrokers, and PricewaterhouseCoopers. The British Bankers Association (BBA) was another body on board, with CEO Angela Knight describing a financial services compliance standard as "an interesting and challenging initiative" with definite potential to improve compliance team efficiency.[8]
Fleming explains that a period of public consultation has since taken comments from more than 200 relevant organizations and, while independent of specific regulatory regimes, the UK's FSA has observed its development throughout. "Research and a focus group session have shown that small firms, in particular, can see the added value in using the standard," he adds.
Indeed, the importance of having scalability to the standard was previously noted by the chief executive of the CISI, Simon Culhane. "The standard will enable firms to benchmark against industry standards independently of FSA Rules, and demonstrate the UK's leading approach in compliance,"[9] he said, welcoming its draft form in May 2010. "It is important, however, that the standard be applied proportionately and take account of the size of a firm and the simplicity or complexity of its business model."
One for all
Thus, the final BS 8453 is intended to be used by any regulated financial business, regardless of its size, focus, or specific related challenges - but also takes those differences into account. Demonstrating compliance is a challenge for all those active in the sector, and BS 8453 has been designed to help them navigate that path effectively.
Indeed, the FSA's decision to publicly penalize high-profile investment bank Goldman Sachs International (GSI) in September 2010 is a particularly potent reminder of how an incident of non-compliance can hit any firm hard and hurt.
The UK regulator saw fit to fine GSI £17.5m for failing to relay information concerning its matters in the US, where it was the subject of a Securities and Exchange Commission (SEC) investigation for violations of securities law. Although GSI did not deliberately withhold information, the FSA judged this failure to be a sign that it did not have effective systems and controls in place for full international compliance.[10] By co-operating and settling at an early stage it explained that GSI had avoided an even larger fine.
Margaret Cole, managing director of enforcement and financial crime at the FSA, said that the incident, "should send a message - particularly to the senior management of large institutions - of the need to have their firm's UK reporting obligations at the forefront of their minds".
"We have repeatedly stressed the importance of firms self-reporting regulatory issues to the FSA in a timely way," she explained. "GSI did not set out to hide anything, but its defective systems and controls meant that the level and quality of its communications fell far below what we expect of an authorized firm."
The planned reorganization and then disbandment of the FSA for 2012 may now cause some further uncertainty for the UK's financial services industry, although it is hoped that a slow transition to a new regime will help to mitigate this.
The current plans mean a proposed new arm of the Bank of England, the Prudential Regulation Authority, would have responsibility for supervising banks and insurance firms, while conduct-related matters (including treating customers fairly) will fall under a newly formed Consumer Protection and Markets Authority.
Through the interim period, and into the transition, independent guidance may well be called into action to support the handover.
Regardless of the regulator, however, the financial world knows that this year's landmark reforms are only the start of a long road to recovery and renewal. A framework such as BS 8453 can play a pivotal role in helping businesses move forwards with consistency and care, embedding an approach to monitoring and management that visibly meets the needs of all concerned.
A launch event is being held for the new financial services compliance standard, BS 8453 on 8 March 2011, London, UK.
For more information on the standard: BS 8453 Compliance framework for financial services firms
[1] http://www.fsa.gov.uk/pages/Library/Communication/Statements/2010/act2010.shtml
[2] http://npl.ly.gov.tw/pdf/7186.pdf
[3] http://stress-test.c-ebs.org/documents/CEBSPressReleasev2.pdf
[4] http://www.fsa.gov.uk/pages/Library/Communication/PR/2010/155.shtml
[5] http://www.whitehouse.gov/the-press-office/remarks-president-passage-financial-regulatory-reform
[6] http://www.frc.org.uk/press/pub2306.html
[7] http://www.bsigroup.com/en/About-BSI/News-Room/BSI-News-Content/Sectors/Services/BSI-seeks-views-on-new-financial-services-compliance-standard/
[8] http://www.bsigroup.com/en/About-BSI/News-Room/BSI-News-Content/Sectors/Services/Compliance-stadnard-announcement/
[9] http://www.bsigroup.com/en/About-BSI/News-Room/BSI-News-Content/Sectors/Services/BSI-seeks-views-on-new-financial-services-compliance-standard/
[10] http://www.fsa.gov.uk/pages/Library/Communication/PR/2010/141.shtml
Business Standards © 2010. Editorial produced by Caspian Publishing in association with The British Standards Institution. Editorial opinions expressed on are not necessarily those of BSI Group or Caspian Publishing. Neither Caspian Publishing nor BSI Group accept responsibility for advertising or editorial content, nor for that appearing on linked third-party websites. Reproduction in whole or in part is forbidden without written permission from BSI Group or Caspian Publishing.
Sapphire earns a standards hat-trick
Sapphire Energy Recovery, the waste processing and resource recovery business owned by Lafarge Cement, has achieved certification to three management systems standards (ISO 9001 Quality management, ISO 14001 Environmental management and BS OHSAS 18001 Health and safety management) from BSI. Sapphire is the UK's leading processor of used tyres, and sources and manages the logistics of a range of waste-derived fuels and raw materials for the cement industry.
A little bit extra for Kitemark® bodyshops and garages
It's all well and good for an automotive bodyshop to earn the Thatcham BSI Kitemark® for Vehicle Body Repair, but it won't have as much impact if potential clients don't know about it. As a consequence, BSI decided to offer an Extras marketing toolkit to bodyshops and garages that have earned the Kitemark.
Until now, there has been no strict guidance in the UK relating to how audiovisual (AV) installations are carried out. This includes everything from computers and projectors to interactive whiteboards, plasma screens and loud speakers. For AV installation companies, processes can vary significantly.
UK film industry pioneers sustainability standard developed by BSI
The British film industry, in conjunction with BSI, is taking the lead in the global entertainment market with the announcement at the Cannes Film Festival of a new British Standard that will improve the industry's environmental, social and economic impact. For example, in London alone, screen production accounted for 125,000 tonnes of carbon emissions in 2009, 40% of which came from studios and 28% from TV and film production.
Integra ICT Hits environmental high
Integra ICT, the Bedfordshire-based telecoms provider, has achieved certification to ISO 14001 Environmental management from BSI.
Question: Do companies need to verify their carbon footprint?
Unless a business is regulated by some form of greenhouse gas (GHG) reporting and/or cap-and-trade regulation (as is the case for some 12,000 installations in Europe), rarely is there the need to either calculate or verify the accuracy of a carbon footprint.
Have a standards-related question for BSI or a comment on the website? We'll find the right person to answer.
