In recent years, the regulatory and governance framework in financial services organisations has become increasingly complex. A key area of focus has been in the area of remuneration structures, policies and processes, where there has been a significant amount of regulatory development.
Banking and Asset Management (including Private Equity and Hedge Funds)
Take a look at the banking sector for example. A few years ago, the remit of an internal audit of remuneration was limited to payroll and checking that monthly debits on the master payroll tied up with amounts paid to staff and changes to the master payroll were initialled by the financial controller. Fast forward to now and the banking sector is faced with a myriad of remuneration regulatory requirements, which place obligations not only on the reward function, but also the internal audit function.
A number of remuneration regulations include a requirement for an independent review of remuneration policies, procedures and implementation. For Banking and Asset Management, a review of the implementation of remuneration policy and procedures is required under CRD IV, AIFMD and now UCITS V.
These Remuneration Codes require that “a firm must ensure that the implementation of the remuneration policy is, at least annually, subject to central and independent internal review for compliance with policies and procedures for remuneration adopted by the governing body in its supervisory function”.
What about insurance?
Under Solvency II, the EIOPA Guidelines on system of governance make it clear that firms should ensure:
- an overall consistency of the group's remuneration policies by ensuring that they comply with the legal requirements and by verifying their correct application;
- that all firms within the group comply with the remuneration requirements;
- that material risks at group level linked to remuneration issues in the group entities are managed.
So what does this mean?
It is important that firms undertake a central and independent annual review of remuneration policies and procedures. Internal audit should plan to provide assurance over the rigour and robustness of this annual review where it is being performed by another function in the organisation. In practice, the actual annual review is commonly being undertaken by internal audit. All firms are subject to this requirement as it is not subject to proportionality. It is likely that ensuring compliance in this area will become an increased area of focus for the regulators.
There are three key areas for any internal audit review of remuneration:
- Design – Review of the current remuneration policies to ascertain if they comply with the regulatory framework. This includes all remuneration policies such as new hires, terminations, Material Risk Taker identification, malus and clawback and variable pay, as well as governance and disclosures
- Implementation – review of the implementation of remuneration policies across the group to ensure that the processes and procedures underpinning the remuneration policy are effective and robust
- Future – review of the firm’s readiness for future regulatory changes
To meet the requirements, it is important to develop a robust methodology for all the key areas for review.
There is a requirement on Banks and Asset Managers to undertake a central and independent review of their remuneration policies and procedures and the implementation of these annually. There are similar, but not identical, requirements for Insurance firms too. Some of the key areas for review include the remuneration policy, the Remuneration Committee and Governance framework, and disclosure. For some time, these requirements are not new and it is likely that compliance with them will become a growing area of focus for the regulator. To avoid falling short of their obligations, it is important that firms consider this as part of their internal audit work plan for 2017 and annually thereafter.