Executive summary
Two lasting imprints of the Great Financial Crisis (GFC) were widespread failures in corporate governance and systemic breakdowns in corporate accountability and ethics
The result was a toxic mix of bank failures or near failures that triggered financial instability and a global recession, causing widespread job losses and public bailouts of large financial firms. Amid the economic downturn, a cascade of misconduct scandals emerged, eroding public confidence in banks and fuelling societal anger
As misconduct cases proliferated, supervisory authorities encountered obstacles in determining the culpability of senior executives, particularly in large banks
The dispersion of responsibility of senior executives in large firms, where decisions are taken at various levels of the firm, made it difficult to determine accountability where the wrongdoing may have occurred “under their watch”. In addition, many prudential authorities viewed the board of directors and senior management as collective bodies and senior executives could take cover under collective decision-making.
Following the GFC, international bodies began work to strengthen the accountability of senior executives.
In 2015, the Basel Committee on Banking Supervision (BCBS) updated its corporate governance guidelines for banks (BCBS (2015)), which included a provision for supervisors to issue guidance on the clear allocation of responsibilities, accountability and transparency of a bank’s senior executives. Subsequently, the Financial Stability Board (FSB) published a toolkit to enhance oversight of misconduct risk, including the advent of bespoke regimes that tackle individual accountability (FSB (2018))
This paper outlines the contours of regulatory frameworks that govern the oversight of individual accountability in six jurisdictions and explores their implementation challenges
Aside from one jurisdiction, the findings draw from an FSI survey combined with follow-up interviews. This was supplemented by a review of relevant publications in all six jurisdictions. To date, only three authorities have introduced specific, standalone frameworks that tackle individual accountability in banks. Most authorities use general prudential frameworks to address personal accountability, with one authority using a hybrid approach that combines aspects of both standalone and prudential frameworks. For analytical purposes, we identify two broad approaches: the introduction of free-standing, consolidated “individual accountability regimes” (referred to as “IAR jurisdictions”) and reliance on broader regulatory frameworks, including hybrid approaches, to hold individuals to account (“other approaches to accountability”).
The three IAR jurisdictions share core features that distinguish them from other approaches to accountability, providing a solid foundation for supervisory review
First, IARs focus on senior executives (“covered individuals”). Second, firms are required to define and allocate certain responsibilities to covered individuals, produce “accountability statements” for each of them and develop firm-wide “responsibility maps”. Third, covered individuals can be held accountable for failings in their areas of responsibility unless they have taken “reasonable steps” to prevent breach(es) from occurring. These provisions heighten the focus on individual accountability at the highest levels of a bank, while enabling supervisors to promptly identify the senior executive(s) responsible when a supervisory concern arises and, if warranted, to hold them accountable for actions taken by their subordinates
Despite the similarities, differences exist among the three IARs
While all three regimes cover senior roles, the treatment of non-executive directors (NEDs) varies. These range from including NEDs (Australia), excluding NEDs (Singapore) or including a subset of NEDs (United Kingdom (UK)) within the scope of application. The latter is the only jurisdiction that imposes heightened conduct standards on senior executives relative to other staff and prescribes certain responsibilities that must be allocated to a senior executive(s). Finally, both Singapore and the UK extend their IARs beyond senior executives to include staff whose activities may cause material harm to the bank or consumers
Regulatory approaches also vary among the jurisdictions without a specific IAR.
The Single Supervisory Mechanism (SSM) of the European Central Bank considers individual accountability mainly during fit and proper (FAP) assessments, which applies to some senior roles. Hong Kong SAR and the United States assess individual accountability during ongoing supervision, using common law definitions of “duty of care”, “duty of loyalty” and broader prudential guidance, under which senior executives can be held accountable for misconduct. Of the three jurisdictions without a specific IAR for banks, Hong Kong SAR comes closest, as its framework contains several elements that we identify as characterising IARs. Of all six authorities, the US casts the broadest net, extending the reach of accountability to encompass banks’ senior executives, their staff and bank-affiliated parties such as significant shareholders.
All sampled jurisdictions have adopted, to varying degrees, a broad range of complementary regulatory mechanisms to support individual accountability
These mechanisms include baseline conduct rules for all staff; whistleblower policies to protect employees who speak up against misconduct; remuneration guidance to help deter misconduct and discourage excessive risktaking; constraints on the use of directors’ and officers’ liability insurance to offset financial penalties imposed on executives; and measures to prevent the recruitment of unfit individuals.
Most sampled authorities have similar enforcement tools against individuals, with some notable differences.
All authorities have some combination of preventative (warning letters) and more severe powers (removal of executives). However, some authorities do not have powers to require prior regulatory approval for appointments or reappointments of senior executives, or can only impose such requirements after a bank is in a troubled condition. In addition, three of the six authorities do not have powers to directly impose fines on individuals, although fines can serve as a deterrent against misconduct.
Regardless of variations in accountability frameworks and sanctioning powers, their effectiveness hinges on robust supervision and enforcement.
For IAR jurisdictions, the main challenge involves determining what constitutes reasonable steps and the level of culpability of senior executives if they were not directly responsible for the identified failing. In jurisdictions that follow other approaches to accountability, supervisory challenges may be compounded in the absence of detailed statements of responsibility of senior executives and the lack of an analogous reasonable steps hook to hold senior executives accountable for failures under their watch. In all jurisdictions, the institutional will to act against senior bank executives is fundamental in enforcing individual accountability rules
To facilitate implementation, authorities provide guidance on the oversight of individual accountability
All three IAR jurisdictions, with varying degrees of specificity, provide examples of reasonable steps to help implementation and have in-house experts to support supervisory reviews of accountability. In other jurisdictions, the US provides a definition of “actionable misconduct” which forms the basis for supervisory actions, while Hong Kong SAR outlines expectations about banks’ oversight of individual accountability to aid supervisory reviews. The SSM provides guidance on supervisory findings viewed as “recent, relevant and severe” which are the individual accountability triggers that help inform FAP assessments of some senior roles.
A multi-faceted approach to individual accountability is needed to get in “all the cracks” that drive senior executive behaviour
This approach, which we label as the “accountability stack”, incorporates a broad range of seemingly disparate regulatory requirements that target various dimensions of accountability. The regulatory regime needs to be underpinned by a suite of direct enforcement powers against individuals, practical supervisory guidance that help decision-making and, above all, the will to act.