In recent years, the regulatory and governance framework in financial services organisations has become increasingly complex. A key area of focus has been in the area of remuneration structures, policies and processes, where there has been a significant amount of regulatory development.

Banking and Asset Management (including Private Equity and Hedge Funds)

Take a look at the banking sector for example. A few years ago, the remit of an internal audit of remuneration was limited to payroll and checking that monthly debits on the master payroll tied up with amounts paid to staff and changes to the master payroll were initialled by the financial controller. Fast forward to now and the banking sector is faced with a myriad of remuneration regulatory requirements, which place obligations not only on the reward function, but also the internal audit function.

A number of remuneration regulations include a requirement for an independent review of remuneration policies, procedures and implementation. For Banking and Asset Management, a review of the implementation of remuneration policy and procedures is required under CRD IV, AIFMD and now UCITS V.

These Remuneration Codes require that “a firm must ensure that the implementation of the remuneration policy is, at least annually, subject to central and independent internal review for compliance with policies and procedures for remuneration adopted by the governing body in its supervisory function”.

What about insurance?

Under Solvency II, the EIOPA Guidelines on system of governance make it clear that firms should ensure:

  1. an overall consistency of the group's remuneration policies by ensuring that they comply with the legal requirements and by verifying their correct application;
  2. that all firms within the group comply with the remuneration requirements;
  3. that material risks at group level linked to remuneration issues in the group entities are managed.

So what does this mean?

It is important that firms undertake a central and independent annual review of remuneration policies and procedures. Internal audit should plan to provide assurance over the rigour and robustness of this annual review where it is being performed by another function in the organisation. In practice, the actual annual review is commonly being undertaken by internal audit. All firms are subject to this requirement as it is not subject to proportionality.  It is likely that ensuring compliance in this area will become an increased area of focus for the regulators.

There are three key areas for any internal audit review of remuneration:

  • Design – Review of the current remuneration policies to ascertain if they comply with the regulatory framework. This includes all remuneration policies such as new hires, terminations, Material Risk Taker identification, malus and clawback and variable pay, as well as governance and disclosures
  • Implementation – review of the implementation of remuneration policies across the group to ensure that the processes and procedures underpinning the remuneration policy are effective and robust
  • Future – review of the firm’s readiness for future regulatory changes

To meet the requirements, it is important to develop a robust methodology for all the key areas for review.


There is a requirement on Banks and Asset Managers to undertake a central and independent review of their remuneration policies and procedures and the implementation of these annually. There are similar, but not identical, requirements for Insurance firms too. Some of the key areas for review include the remuneration policy, the Remuneration Committee and Governance framework, and disclosure. For some time, these requirements are not new and it is likely that compliance with them will become a growing area of focus for the regulator. To avoid falling short of their obligations, it is important that firms consider this as part of their internal audit work plan for 2017 and annually thereafter.

John cotton

John Cotton - UK Head of Financial Services Reward - Banking, Deloitte LLP

John is the UK Head of our Financial Services Reward banking practice with over 15 years of reward consulting experience. He also has a broad portfolio of Financial Services clients, including Insurance and Asset Management firms. 

He has wide experience in advising a range of Financial Services companies in the structuring and implementation of remuneration strategies and incentive arrangements. Projects have included advice on reward strategy, incentive design, performance metrics, corporate governance and investor consultation, as well as a number of internal audits on remuneration. 

He is an expert on financial services regulation of reward, and advises companies regularly on performance adjustment and the embedding of risk and culture into the reward framework.

Email | LinkedIn

Shona Thomson

Shona Thomson - Director, Tax, Deloitte LLP

Shona is a director in the Financial Services Reward practice in London.

She has over 12 years of experience in the remuneration sector. She began her career at Deloitte in 2002 where she worked in the Executive Compensation Consulting team. She has also spent time working in house in a number of large US banks where she looked after the reward and regulatory aspects. During this time, was involved in the implementation of CRDIV.

She returned to Deloitte in 2015 to the FS Reward Consulting team after some time out. She works on a range of FS clients and advises on all areas of reward from plan design to Remuneration Committee advice, as well as regulatory aspects.

Email | LinkedIn


  • Great article.

    Posted by: Victor on 28/06/2017

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.