Corporate Governance – Individual Accountability in the Banking Sector: Uganda and the United Kingdom.

 Kenya Commercial Bank (KCB) head offices in Kampala, KCB is one of the largest Banks in East Africa by total assets, Photo Courtesy: Orare

The aftermath of the 2008 Global Financial Crisis exposed financial services regulators. In the United Kingdom (UK), the closure of the Northern Rock Bank (2007) and the manipulation of the London Interbank Offered Rate (LIBOR) in 2008 signaled much needed reform in the financial services sector. The unprotected customers’ efforts to join long queues to trace their savings were futile. The existing Approved Persons Regime neither offered them retribution nor cover against the senior officials responsible. Instead, it aided the senior bankers by failing to hold them individually accountable. Uganda, had a decade earlier faced its own set back in the financial services, when eight banks failed, forcing the Bank of Uganda (The Central Bank) to intervene and close some while others were resold.  This was due to management issues, in most cases attributable to oversight by the majority shareholders that used their influence over the boards of directors to facilitate insider lending that led to liquidity shortfalls and eventually, the collapse of these banks. These events elicit a general concern for regulation of senior management in the financial services.

In this article, the first part will outline the significance of trust with in the financial services, the primary justification for the enhanced standards of corporate governance. Second, I shall explore the Senior Management Certification Regime (SMCR) in the United Kingdom specifically its frame-work of accountability. Following which, the third part shall appraise and compare it to the Financial Institutions Corporate Governance Regulations of Uganda.  The measuring rod for this discussion shall be how each of these regimes ensure individual accountability for the actions committed by directors in performance of their roles and whether this is a more sustainable way to ensure accountability and proper risk management.

Depositors Trust and Individual Accountability

The nature of business conducted by financial institutions entails trust. Customers deposit their money, reasonably expecting that when they need it, it should be readily available. Given such a fiduciary relationship, financial institutions ought to be run with the highest standard of accountability. In addition, this position of trust held by these institutions in the economy and their access to government safety nets, cements the importance strong corporate governance.  Professor Emmanuel T. Mutebile, Governor of the Bank of Uganda, comments that the unique characteristics of financial institutions, particularly how they are very heavily leveraged and that most of their liabilities are owed to a large number of atomised depositors, who have the most to lose from abusive or negligent management, necessitate a priority of corporate governance in banking primarily to protect the interests of depositors.

In the United Kingdom, following the financial crisis, The Parliamentary Commission on Banking Standards (PCBS) identified several gaps within the regulation of the financial services sector. First, the lack of individual accountability noting that, most senior bankers had evaded accountability by claiming ignorance and hiding behind the veil of the collective decision making processes. Second, there were limited enforcement powers and sanctions available to the Prudential Regulatory Authority and Financial Conduct Authority (hereafter jointly referred to as Regulators). Third, owing to the above, there had been a loss of market integrity and confidence in the UK market. Thus, the recommendation that any proposed regulation should strengthen the ability of the financial regulators to hold individuals accountable. 

These collective arguments inform and support the proposition that the special nature of financial services industry requires the highest attainable standard of accountability.

The Senior Managers and Certification Regime (SMCR), United Kingdom

The SMCR was made pursuant to the Financial Services (Banking Reform) Act 2013 (Chapter 33). The rationale of the SMCR is to reduce harm to consumers, strengthen market integrity by making individuals accountable for their conduct and competence. It also seeks to encourage staff at all levels to take responsibility, by making sure that firms, and staff can demarcate where responsibility lies. The starting point consequently is to examine the efficacy and fairness of the SMCR.

Clear demarcation of responsibility and identification

The SMCR enables an allocation of responsibilities to different senior officials. It requires the relevant firms to submit a Statement of Responsibilities for each senior official performing a senior management function and a Responsibility Map for the firm. The Regulators designate senior management functions as those, which are crucial to the firm’s safety, for instance, risk management and audit. In case of failure, the statement of responsibility helps to identify the senior official responsible for that management function. Prof. Nicholas Ryder confirms that this unique format facilitates identification, which was previously a paradox to the enforcement of financial crime. Although we are yet to see any prosecutions thereunder, this could be attributable to the SMCR’s recent commencement in 2016.  This contention cannot outweigh the safeguard created by the Statement of Responsibility and Responsibility Map.  They facilitate a clear identification of where responsibility lies, regardless of whether one kept their fingerprints off any documents.

Creates a rule-based standard of conduct

The SMCR provides for standard conduct rules for senior officials in the financial services industry. The conduct rules require relevant officials to act with integrity, skill, care, diligence and cooperativeness among others. Most importantly, the conduct rules require the taking of reasonable steps to ensure that the business of the firm is effectively controlled. Thus, senior managers could become liable where they do not take reasonable steps to avert failure.

However, this has faced criticism. First, that this duplicates the previously existing obligations particularly that the conduct rules resemble the former statement of principles for the Approved Persons Regime. The counter argument to that is, the SMCR Conduct Rules introduce the new aspect of customer’s interests and delegation. Previously delegation was only guidance based but it has been raised to a level of rule.  Second, although the reference to “reasonable steps” is ambiguous and can be susceptible to subjective interpretations, the conduct rules are not a duplication of the previous regime. Regulators were previously unable to get managers at the very top because they often delegated their authority.  By requiring reasonable supervision even during the performance of delegated functions, it takes positive steps towards a high standard of performance, in effect strengthening market integrity and accountability.

Reduction of governance risk

Most failures in institutions have their root causes in a culture manifested through governance risk management. Institutions without a proper internal control framework and well-functioning independent risk management and audit functions are at risk. The requirements of; annual certification of staff, approval of persons to occupy senior management functions and responsibility maps encourage better management within the firm and promote a culture of ownership and responsibility. John Symonds, an HSBC UK Executive, notes that the SMCR improves the quality of interaction, discussion and control within a business. Accordingly, the SMCR encourages transparency and diligence that could lead to high cultural standards within the organization thus minimizing the like hood of failure. Eventually, this may restore market integrity.

The SMCR grants the Regulators enhanced supervisory roles.  These facilitate risk aversion thus reducing potential harm to consumers. The Regulators for instance can deny or withdraw approval of a person occupying a senior management function. This is important as it prevents previously incompetent persons from taking similar positions thus ensuring that there is no “rolling on of bad apples within the system.” Further, it enables greater oversight to matters that are potentially detrimental and with high risk within the financial services. In practice, the Regulators issued out notifications urging caution on intended investments in algorithmic trading and crypto assets. Although, no empirical evidence suggests that these warnings were followed, this does not override the importance of the enhanced supervisory role. It facilitates pre-emptive steps to minimise risk exposure and averts potential harm to consumers.

The Companies Act 2012 and the Financial Institutions Act 2004, Uganda

Unlike the United Kingdom, the Ugandan Regulations on senior management within the Financial Services are not as detailed. The Companies Act 2012 lays out the general fiduciary obligations and duty of directors.  For the Financial Services sector, however, the directors and senior managers’ roles are further supplemented by the Financial Institutions Act and its relevant regulations.  For instance the Companies Act, requires directors to act in a manner that promotes the success of the business of the company, requires them to exercise a degree of skill and care as a reasonable person and to act in good faith in the interests of the company as a whole. This includes treating all shareholders equally, avoiding conflicts of interest, declaring any conflicts of interest, not making personal profits at the company’s expense, not accepting benefits that will compromise him or her from third parties and ensuring compliance with any other laws. These provide the general framework by which directors of companies incorporated in Uganda are required to act.  

The Audit House in Kampala, Uganda. Photo Courtesy: Orare

The Financial Institutions (Corporate Governance) Regulations

In addition to the general framework mentioned, financial institutions in Uganda must be run in accordance with The Financial Institutions (Corporate Governance) Regulations, 2005 pursuant to the Financial Institutions Act the closest equivalent to the SMCR from the United Kingdom. The rationale for the Corporate Governance regulations is to ensure the strongest attainable level of corporate governance considering the special position of trust held by banks and also to promote public confidence in these institutions. Further, due to the ever increasing globalisation of financial markets and technological advances, these require that the quality of corporate governance in financial institutions is reasonably high.  They were enacted against the back ground that weak corporate governance was the basis for the failure of financial institutions previously. It is important to note that the Corporate Governance Regulations were enacted before the 2007-2008 financial crisis, and haven’t been reviewed regardless of the global effect of the crisis.

Framework for accountability

Corporate Governance means the process and structure used to direct and manage the business and affairs of a financial institution with the objective of ensuring its safety and soundness, operates comprising a system of checks and balances.  The Corporate Governance Regulations require financial institutions to notify the Central Bank of any appointment of senior management, these appointments are only effected when approval has been signified after applying fit and proper person test. The board of directors is also required set and enforce clear lines of responsibility and accountability throughout the organization. This must be done through clear demarcation of responsibilities of the Board and management, establish approval authority and annual evaluations. The board of directors is given overall stewardship of the financial institution and must be ready to give accountability provide supervision over the senior management and perform risk management and audit functions. The regulations further require the board to come up with strategic objectives and a set of corporate values that entail checks and balances and directing the ongoing activities of the institution.

These are undoubtedly good checks that enhance independence and objectivity, however, they do not stipulate or set out any form of individual accountability and neither do they adequately address accountability where the performance of certain roles has been delegated.  Instead, it appears that the focus is on the collective responsibility of the board, which may not be the most ideal form of accountability in the post financial crisis era. In comparison to the SMCR, which creates individual accountability where a senior manager does not take reasonable steps to avert a failure. Further, the SMCR even imposes criminal liability as mentioned. Although criminal liability may not be ideal, it undeniably has a deterrent effect, thereby raising the standard by which directors and senior managers may act. This might be an area the Central Bank of Uganda may consider for further review especially regarding the history of financial services in Uganda, where individuals who were implicit to negligent acts were not individually held accountable.  

With regards to liability or responsibility for delegation, the Corporate Governance Regulations do not expressly address those circumstances.  On the other hand, The SMCR requires reasonable supervision even during the performance of delegated functions. This ensures a higher standard of performance even when functions have been delegated. The Corporate Governance Regulations might benefit from addressing the standards of performance expected even when roles are delegated.

Responsibility enforced by sanctions

There are a number sanctions that can be imposed by the Central Bank of Uganda where a financial institution fails to meet the regulatory requirements. They include correctional measures by the Central Bank to carry out a special examination, issuing directives to improve management, entering into an agreement with board of directors, restricting transactions and in some circumstances may take over management. The Central Bank may suspend some of the activities of the financial institutions.

 Although these measures may be effective, most of them are generally targeted towards the board and the financial institution collectively.  It might be beneficial to have sanctions targeted towards the individuals, as this may help in circumstances where senior managers or directors act negligently. For instance, prohibiting such directors from ever occupying similar positions with the financial services may be more effective than generally restricting the activities of the financial institution.

Although the Corporate Governance regulations are detailed, they do not sufficiently create a frame-work that encourages individual accountability.  The Senior Management Certification Regime on the other hand, has addressed this issue to a larger extent. First, it enables an allocation of responsibilities to different senior officials, making it easier for the Financial Conduct Authority to identify and impose liability in case of failure. Second, it creates a rule-based approach that raises the standard of conduct expected of senior officials to avert a failure. Third, it reduces the governance risk by ensuring implementation of proper internal controls and by granting enhanced supervisory powers to the regulators. The Corporate Governance Regulations in part also ensure the existence of internal control frameworks. 

As discussed, both regulatory regimes create a frame work that minimizes the likelihood risk exposure for financial institutions. However, the Corporate Governance Regulations in Uganda might benefit from a detailed review. This may be targeted towards creating a framework that enhances the regulators pre-emptive ability for apportion individual liability in case of any failure by the senior management and sanctions targeted towards individuals as opposed to the board and financial institution collectively. The SMCR achieves this to a greater extent, despite its inherent ambiguities in as far as it provides for proof of ‘reasonable steps’ as a measuring rod for liability and the imposition of criminal liability. Nevertheless, the SMCR   is a step in the right direction and it is definitely worth emulating for Uganda, with a budding financial services industry.  The absence of a major failure in the financial services industry since the enactment of the SMCR is at the very least a testament to its effectiveness. 

Written by Joel Basoga
@JoelBasoga