Final Notice
FINAL NOTICE
To:
Bank of Scotland Plc
FSA
Reference
Number:
169628
Address:
The Mound
Edinburgh
Midlothian
EH1 1YZ
TAKE NOTICE: The Financial Services Authority of 25 The North Colonnade, Canary
Wharf, London E14 5HS ("the FSA") gives Bank of Scotland Plc final notice about the
issuance of a public censure:
1.
ACTION
1.1.
The FSA gave Bank of Scotland Plc (the "Firm") a Decision Notice on 8 March 2012
which notified the Firm that pursuant to section 205 of the Financial Services and
Markets Act 2000 (the "Act") the FSA had decided to publish a statement to the effect
that the Firm had contravened regulatory requirements. This is on the grounds that
during the period January 2006 to December 2008 (the "Relevant Period") the Firm
failed to comply with Principle 3 of the FSA's Principles for Businesses ("Principle
3").
1.2.
The Firm has confirmed that it will not be referring the matter to the Upper Tribunal
(Tax and Chancery Chamber).
1.3.
Accordingly, for the reasons set out below and having agreed with the Firm the facts
and matters relied on, the FSA publishes a statement in the form of this Notice
censuring the Firm for failing to comply with Principle 3.
1.4.
A financial penalty proportionate to the misconduct identified in this notice would be
both merited and very substantial. However in the exceptional circumstances of this
case the FSA has decided not to impose a financial penalty. The very serious
misconduct of the Firm contributed to the circumstances in which HM Government
acquired, through HM Treasury, approximately 43.4% of the enlarged ordinary share
capital of Lloyds Banking Group plc ("Lloyds") following the completion of Lloyds’
takeover of HBOS plc ("HBOS"). As such public funds have already been expended
in order to deal with the consequences of the very misconduct for which a financial
penalty would be imposed and the taxpayer would again be impacted by any such
financial penalty. In these exceptional circumstances, the most effective way in which
to balance the need for deterrence and act in the wider public interest is to issue a
public censure.
2.
REASONS FOR THE ACTION
2.1.
The FSA has decided to take this action as a result of the failings of the Firm in
relation to its Corporate Banking Division ("Corporate" or "the Corporate Division")
during the Relevant Period.
2.2.
Between January 2006 and March 2008, Corporate pursued an aggressive growth
strategy, with a specific focus on high-risk, sub-investment grade lending. Corporate
did so despite known weaknesses in the control framework, which meant that it failed
to provide robust oversight and challenge to the business. Further, Corporate
continued to do so as market conditions began to worsen in the course of 2007. The
Firm did not take reasonable steps to assess, manage or mitigate the risks involved in
the aggressive growth strategy.
2.3.
Between April and December 2008, the Firm failed to take reasonable care to ensure
that Corporate adequately and prudently managed high value transactions which
showed signs of stress.
2.4.
This conduct constitutes a failure by the Firm to take reasonable care to organise and
control its affairs responsibly and effectively, with adequate risk management systems,
throughout the Relevant Period.
2.5.
The Corporate portfolio was high risk, highly concentrated in its exposure to property
and highly concentrated in its exposure to significant large borrowers. This meant that
the portfolio was highly vulnerable to a downturn in the economic cycle. This high
risk business and lending strategy required a commensurately robust level of control
and oversight in order to achieve effective assessment, management and mitigation of
the risks in the portfolio.
2.6.
Given the high level of risk and exposure to the economic cycle in the Corporate
portfolio, the effective assessment, management and mitigation of credit risk required
the following:
(1)
an effective control framework for the sanctioning and monitoring of
individual transactions;
3
(2)
an effective framework for the management of credit risk across the portfolio
as a whole;
(3)
an effective framework for the distribution of risk through selldown, by
syndication or other means;
(4)
an effective process for the prompt identification and management of
transactions which showed signs of stress;
(5)
a culture which gave due weight to credit risk management; and
(6)
reliable management information.
2.7.
However, none of the foregoing were in place during the Relevant Period. Instead:
(1)
there were serious deficiencies in the control framework, which meant that it
failed to provide robust oversight and challenge to the business;
(2)
there were serious deficiencies with the framework for the management of
credit risk across the portfolio which meant that there was a lack of focus on
the need to manage risk across the portfolio as a whole;
(3)
there were serious deficiencies in the distribution framework which meant that
it did not operate effectively to reduce the risk in the portfolio; and
(4)
there were serious deficiencies in the process for the identification and
management of transactions which showed signs of stress which meant that
they were neither identified promptly nor managed effectively.
2.8.
Further, the culture of Corporate was strongly focused on revenue rather than on risk
adjusted returns1. This was reflected in targets which incentivised the following
behaviours:
(1)
prioritising the development of relationships with and the facilitation of
customers;
(2)
increasing the appetite to lend;
(3)
increasing the appetite to take on greater credit risk;
(4)
fostering an attitude of optimism at the expense of prudence; and
(5)
regarding risk management as a constraint on the business rather than integral
to it.
2.9.
Furthermore, there were significant issues as to the quality, reliability and utility of the
available management information which directly affected the effectiveness with
which the risks of the business could be assessed, managed and mitigated.
1 A risk adjusted return is a more sophisticated measure of reward which takes into account the level of risk
involved in a transaction.
2.10. In addition, there were issues with the oversight of Corporate by the Firm’s group
control functions:
(1)
Group Risk failed to conduct effective oversight and control of Corporate; and
(2)
there were issues with the quality and scope of assurance work undertaken by
Group Internal Audit.
This meant that the Firm’s group control functions failed to compensate for the
deficiencies in the Corporate control framework.
2.11. The serious issues outlined in paragraphs 2.5 to 2.10 meant that there was a high
degree of risk associated with maintaining existing levels of business. Despite this,
Corporate pursued an aggressive growth strategy, in pursuit of which it entered into
transactions of increasing size, complexity and downside risk. This had the effect of
increasing the already high level of risk and exposure to the economic cycle in the
portfolio at a time when it was recognised within the Firm that the economic cycle
was at or near its peak.
2.12. As noted above, the high risk profile of the portfolio meant that the business was
highly vulnerable to an economic downturn. As market conditions began to worsen
over the course of 2007, the Firm did not seek to re-evaluate the risk appetite of the
business or to restrict the risk profile of new transactions. Instead Corporate sought to
increase market share as other lenders started to pull out of the markets in which
Corporate operated.
2.13. From April 2008 it was apparent to the Firm that a number of high value transactions
had begun to demonstrate signs of stress and that this was likely to worsen over the
course of 2008. It was or should have been apparent to the Firm that a prudent
approach was essential in order to manage and mitigate the high degree of risk facing
the business. However, the culture of optimism impeded the effective management of
transactions as they became stressed. Transactions were consistently moved too late
to the High Risk area of Corporate. This delayed the assessment of transactions to
determine whether they should be formally classified as stressed or impaired. There
was a significant risk that this would have an impact on the Firm's capital
requirements. It also meant the full extent of stress in the Corporate portfolio was not
visible to the Firm’s Group Board and Group control functions ("Group"), auditors
and regulators. Further, provisions were consistently made at the optimistic rather
than the prudent end of the range, despite warnings from the divisional risk function
and the Firm's auditors.
2.14. There was a significant risk that these failings would affect the timing and scale of
impairments recognised and provisions made for Corporate in the Firm's financial
statements. In the period April 2008 to December 2008, the Firm made a number of
public statements as to the level of impaired assets within the Corporate Division's
portfolio and the level of provisions which had been made. On 13 February 2009
Lloyds2 announced that significant additional impairments had been required on the
Firm's corporate lending portfolios in the light of the application of a more
2 Lloyds Banking Group completed its take-over of HBOS on 16 January 2009.
conservative recognition of risk and the further deterioration in the economic
environment. The level of impairment was increased from £3.3 billion to
approximately £7 billion.
2.15. The Firm's failings are particularly serious in the light of the following:
(1)
it was clear that the aggressive growth strategy that Corporate pursued would
necessarily entail a significant increase in the already high level of risk and
exposure to the economic cycle in the portfolio, at a time when the Firm
recognised that the economic cycle was at or near its peak;
(2)
rather than identify that a more prudent approach was vital as market
conditions began to worsen, the Firm pursued a strategy of aggressive growth;
(3)
the Firm disregarded warnings from the divisional risk function and HBOS’s
auditors that the level of provisioning was optimistic rather than prudent.
2.16. It is accepted that:
(1)
the Firm initiated a number of projects which were designed to improve the
control framework and the approach to risk management and implemented a
number of improvements during the Relevant Period;
(2)
there was a severe financial crisis and economic downturn in the course of the
Relevant Period, which had a significant impact on the business, the full
severity of which was not reasonably foreseeable during the early part of the
Relevant Period; and
(3)
the assessment of credit quality and impairment requires the exercise of
management judgment.
2.17. Notwithstanding the foregoing factors, the FSA considers that the Firm's conduct was
not sufficient to discharge its regulatory obligations.
2.18. The FSA considers that the Firm's standard of conduct during the Relevant Period fell
below that which would have been reasonable in all the circumstances. The FSA
considers that during the Relevant Period the Firm failed to comply with its regulatory
responsibility as set out in Principle 3.
2.19. A financial penalty proportionate to the misconduct identified in this notice would be
both merited and very substantial. However in the exceptional circumstances of this
case the FSA has decided not to impose a financial penalty. The very serious
misconduct of the Firm contributed to the circumstances in which HM Government
acquired, through HM Treasury, approximately 43.4% of the enlarged ordinary share
capital of Lloyds following the completion of Lloyds’ takeover of HBOS. As such
public funds have already been expended in order to deal with the consequences of the
very misconduct for which a financial penalty would be imposed and the taxpayer
would again be impacted by any such financial penalty. In these exceptional
circumstances, the most effective way in which to balance the need for deterrence and
act in the wider public interest is to issue a public censure.
3.
RELEVANT STATUTORY PROVISIONS, RULES AND GUIDANCE
3.1.
The FSA's statutory objectives, set out in section 2(2) of the Act, are the maintenance
of confidence in the financial system, promoting public awareness, the protection of
consumers and the reduction of financial crime.
3.2.
The FSA has the power, pursuant to section 205 of the Act, to publish a censure where
it appears to the FSA that an authorised person has contravened a requirement
imposed on him by or under FSMA.
FSA Rules
3.3.
PRIN was issued pursuant to section 138 of the Act and contains general statements
regarding the fundamental obligations of firms under the regulatory system.
3.4.
Principle 3 states: "A firm must take reasonable care to organise and control its
affairs responsibly and effectively, with adequate risk management systems" (PRIN
2.1.1R).
3.5.
PRIN 3.2.3R states that Principle 3 also applies with respect to the carrying on of
unregulated activities in a prudential context.
FSA Guidance and Policy
3.6.
The FSA guidance and policy relevant to the above statutory provisions and rules are
set out in the Annex attached to this notice.
4.
FACTS AND MATTERS RELIED ON
4.1.
For the avoidance of doubt, unless otherwise stated, the facts and matters relied on
below relate to the Relevant Period, namely January 2006 to December 2008.
HBOS Structure
4.2.
Following the merger of Halifax Group plc and Bank of Scotland in 2001, the group
(also known as HBOS) of which the Firm was part operated a federal structure with
the following business divisions:
(1)
the Retail Banking Division;
(2)
the Insurance and Investment Division;
(3)
the Corporate Division;
(4)
the International Division;
(5)
the Treasury Division; and
(6)
the Asset Management Division.
7
4.3.
These business divisions were supported and/or overseen by central Group functions,
in particular Group Finance, Group Risk and Group Internal Audit ("GIA").
4.4.
In relation to the governance of risk, HBOS operated a "three lines of defence" model
whereby:
(1)
the first line of defence operated at divisional level;
(2)
the second line of defence operated at group level: this included oversight by
Group Risk, Group Finance, the Executive Committee of the Group Board
("EXCO") and the Group Chief Executive; and
(3)
the third line of defence included Group Internal Audit and the Group Audit
Committee.
4.5.
In order to manage risk effectively, it was essential that each line of defence provide
effective oversight of the business and further that there were no gaps in the scope of
that oversight.
Description of the business of the Corporate Division
4.6.
As at 1 January 2006 the business of the Corporate Division was conducted primarily
through the authorised entities of the Governor and Company of the Bank of Scotland,
Halifax plc and Capital Bank plc. On 17 September 2007, pursuant to the HBOS
Group Reorganisation Act 2006, all assets and liabilities in Halifax plc and Capital
Bank plc were transferred to the Governor and Company of the Bank of Scotland,
which was renamed Bank of Scotland plc (elsewhere referred to as "the Firm" in this
notice). Following the reorganisation, the business of the Corporate Division was
conducted through the Firm.
4.7.
The business of the Corporate Division was structured as follows3:
(1)
Real Estate;
(2)
Joint Ventures, which provided risk capital funding;
(3)
Integrated, Structured and Acquisition Finance ("ISAF"), which included risk
capital funding;
(4)
Commercial;
(5)
Specialised Industry Finance ("SIF"); and
(6)
Asset Solutions.
4.8.
Other functions within the Corporate Division included:
3 At the beginning of 2006 some organisational changes were made which restructured the business by asset
class. At that time Real Estate, Commercial and Joint Ventures all sat within the Relationships business area.
The details set out here post-date a further restructure in around July 2007. Despite these structural changes, the
types of business conducted by the Corporate Division did not change.
(1)
Risk; and
(2)
Finance.
The risk profile of the business
4.9.
The Corporate Division was the highest risk part of HBOS's business.
4.10. In addition, the Corporate book had a higher risk profile than equivalent books at
other major UK banking groups.
4.11. The risk profile of the Corporate book was high in that:
(1)
it had a high degree of exposure to property and to large single name borrowers
("concentration risk");
(2)
it had a substantial exposure to equity and subordinated tranches of debt below
mezzanine ("risk capital");
(3)
it had a substantial exposure to large highly leveraged transactions and the
leveraged finance market; and
(4)
the credit quality of the portfolio was low in that around 75% of it was sub-
investment grade.
4.12. In relation to concentration risk:
(1)
the Corporate Division's exposure to commercial property was high throughout
the Relevant Period and significantly higher than equivalent exposures at other
major UK banking groups. At the start of 2006, 52% (or £44.4 billion) of
Corporate's loan book (by drawn amounts) was exposed to the commercial
property market. By the end of 2008, this proportion had risen to 56% (or
£68.1 billion). The level of the commercial property concentration in the
Corporate book meant that it was heavily exposed to a downturn; and
(2)
the Corporate Division had a significant exposure to large single name
borrowers. At the start of 2006, the top 30 large exposures accounted for 15%
of the value of the Corporate portfolio (£19.2 billion). By the end of March
2008, this had increased to 23% (£34.1 billion). In many transactions,
Corporate's exposure to a large single name borrower also involved
commercial property and/or risk capital and/or were highly leveraged, further
deepening the level of concentration and risk. The size of these exposures
meant that any default would have a high impact on the book.
4.13. In relation to the Corporate Division's exposure to risk capital:
(1)
it primarily comprised:
(a)
equity stakes and holdings of subordinated debt from integrated finance
transactions originated by ISAF and Joint Ventures; and
(b)
equity investments in the Fund Investments area within ISAF;
(2)
this was the highest risk area of the Corporate book, given the absence of
security and the lower levels of control over assets compared to transactions
where it held senior debt;
(3)
in relation to integrated finance transactions by which the Corporate Division
provided both debt and equity finance to its clients, these risks were
compounded by issues regarding conflicts of interest, which would become
particularly acute if the transaction became stressed as the interests of senior
debt holders would differ from those of risk capital holders;
(4)
the Corporate Division operated a "one-stop-shop" model for integrated
finance, which meant that the risk in individual transactions received less
scrutiny than if debt and equity had been required to be sanctioned and
managed separately;
(5)
the Corporate Division's exposure to risk capital grew significantly over the
course of the Relevant Period. At the start of 2006, the reported value of
Corporate’s debt securities and equity shares (by drawn amounts) was £2.3
billion. By the end of August 2008, this had increased by 139% to £5.5 billion;
and
(6)
in seeking to meet challenging targets, Corporate realised significant profits
from this area by selling investments. In order to achieve increased and
sustainable earnings from Corporate’s investment portfolio despite these
realisations, the business maintained a strong and continuous pipeline of new
integrated finance deals and fund investments. This increased the exposure to
risk capital.
4.14. In relation to large leveraged transactions, these deals involved lending over £75
million or a substantial equity investment which meant they had to be sanctioned by
the Executive Credit Committee. There was a significant increase in the volume and
complexity of deals that this committee approved during 2006 and 2007. There were
199 approvals of lending in excess of £75 million in 2006 (which represented total
lending of £56 billion), which increased to 361 such approvals in 2007 (which
represented total lending of £96.2 billion). There were 56 approvals of lending over
£250 million in 2006 (which represented total lending of £36.2 billion), which
increased to 110 such approvals in 2007 (which represented total lending of £64
billion. The size of these transactions meant that any default would have a high
impact on the book
4.15. The credit quality of the portfolio was low. The Corporate Division had a specific
focus on sub-investment grade lending. The average portfolio rating reported
throughout the Relevant Period was sub-investment grade at around 6.1 (or B+)4. (A
4 6.1 was HBOS’s internal risk rating which when mapped against Standard & Poor’s risk rating is B+ or sub-
investment grade. Standard & Poor’s grade an obligor’s overall creditworthiness on a scale ranging from AAA
(extremely strong capacity to meet financial commitments) to CC (highly vulnerable) through to D (general
default). Ratings of BB and B indicate significant speculative characteristics. A BB rating indicates major
proportion of Corporate's portfolio was not rated at all, in particular risk capital
transactions which comprised the highest risk part of the book. There was therefore
limited visibility over the risk inherent in these assets.) The Corporate Division had a
higher target portfolio rating of 5.2 (BB), which was still sub-investment grade.
However, Corporate failed to meet this target portfolio rating throughout the Relevant
Period and consistently entered into transactions which had a lower credit rating than
the target.
4.16. Throughout the Relevant Period, until competition started to reduce as the financial
crisis escalated, the Corporate Division operated in highly competitive markets. The
competitive pressures in these markets meant that the Corporate Division often had to
increase its exposure on transactions that were already rated sub-investment grade in
order to avoid losing the customer to a competitor. As a consequence the Division
entered into numerous transactions with weak lending criteria and/or aggressive
structures, which both reduced the level of control over the borrower and increased
the likely impact in the event of a default. Aggressive deal structures (for example
high leverage multiples, low margins on pricing, weak covenants and/or riskier
subordinated debt tranches such as PIK notes5) were a particular feature of the
leveraged finance transactions referred to above. These aggressive structures
increased underwriting risk as they made it more difficult for the Corporate Division
to sell down its exposure.
4.17. The heavy focus on property and risk capital meant that the portfolio was highly
exposed to changes in the economic cycle. In benign market conditions, with robust
property values and equity returns, the portfolio could be expected to perform
strongly. The use of leverage would enhance performance.
(1)
this level of concentration put significant reliance on the effective assessment,
management and mitigation of credit risk;
(2)
the Corporate Division was increasing its exposure at a late stage in the
economic cycle;
(3)
the portfolio was highly vulnerable to an economic downturn. The level of
leverage in the portfolio increased both the risk and the quantum of potential
losses; and
(4)
a high level of impairments could be anticipated in a downturn given the
concentrated nature of the portfolio and its sub-investment grade credit quality.
4.19. Given the high level of risk and exposure to the economic cycle in the portfolio, the
effective assessment, management and mitigation of credit risk required the following:
ongoing uncertainties and exposure to adverse business, financial or economic conditions. A B rating indicates
greater vulnerability. A rating of BB or below is regarded as sub-investment grade.
5 A PIK note (or payment-in-kind note) is a form of debt financing that pays interest only when the note is
redeemed.
(1)
an effective control framework for the sanctioning and monitoring of
individual transactions;
(2)
an effective framework for the management of credit risk across the portfolio
as a whole;
(3)
an effective framework for the distribution of risk through selldown, by
syndication or other means;
(4)
an effective process for the prompt identification and management of
transactions which showed signs of stress;
(5)
a culture which gave due weight to credit risk management; and
(6)
reliable management information.
4.20. However, none of these was in place during the Relevant Period.
Significant flaws in the control framework of the Corporate Division: first line of
defence
4.21. The high risk lending strategy which Corporate pursued required a commensurately
robust control framework. However there were significant issues:
(1)
with the effectiveness of the control framework, such that it was not capable of
providing robust oversight and challenge to the business;
(2)
with the effectiveness of managerial oversight and supervision of the low
value/high volume business;
(3)
in relation to the culture of the business, such that risk management was
regarded as a constraint on the business rather than integral to it; and
(4)
as to the quality, reliability and utility of the available management
information, which directly affected the effectiveness with which the risks of
the business could be assessed, managed and mitigated.
Sanctioning and Monitoring
4.22. The Firm relied on the effectiveness of the credit sanctioning process within
Corporate to mitigate the high risk profile of the portfolio. This was considered to be
a key mitigant of the risks associated with increasing the portfolio's exposure to
commercial property at a time when the Firm recognised that the market seemed to be
peaking. Key features of the sanctioning process included:
(1)
a single credit approach whereby individual sanctioning decisions were made
without detailed consideration of the wider portfolio;
(2)
a high degree of reliance on relationship managers, subject to management
supervision and oversight, with regard to credit analysis and due diligence;
(3)
relationship managers dealing in lower value transactions were delegated
significant power to extend further credit to existing customers, subject to
management supervision and oversight; and
(4)
higher value transactions were considered by key sanctioning committees.
4.23. The low credit quality of transactions which made up the portfolio meant that there
was a relatively high risk of default. Effective monitoring of individual transactions
and the portfolio as a whole was therefore of particular significance. For example, the
monitoring of covenants to identify non-compliance was a key prompt for considering
whether to re-rate a transaction and/or for considering whether a transaction should be
classified as stressed and/or impaired. Significant reliance was placed on relationship
managers to perform effective monitoring, subject to management supervision and
oversight.
(1)
there were continuing and significant weaknesses in credit skills and processes
at all stages of the transaction cycle, with significant issues as to the
effectiveness of key controls. Repeated control reports highlighted significant
failings in relation to both the sanctioning stage and the subsequent monitoring
of transactions;
(2)
there were continuing, significant and widespread weaknesses in the
effectiveness of management supervision and oversight of relationship
managers;
(3)
the substantial increase in the volume and complexity of new transactions
meant that the key sanctioning committees had less time to scrutinise
individual transactions, impacting the effectiveness of the oversight of those
committees;
(4)
the increasing pressure to increase growth and the significant amount of time
and resource which was taken up by a wide range of change management
projects meant that less attention would necessarily be paid to risk
management; and
(5)
as a consequence of these serious deficiencies, the control framework failed to
provide robust oversight and challenge to the business.
4.25. There were repeated failings across all areas of the business of key controls which
were crucial to the effective sanctioning and monitoring of individual transactions in,
for example, the following areas:
(1)
due diligence at the outset of a prospective transaction;
(2)
the monitoring of adherence to delegated lending authorities;
(3)
the completion of conditions precedent;
(4)
the perfecting of security;
(5)
the monitoring of covenants;
(6)
the monitoring of compliance with credit limits;
(7)
the lack of routine indexation of Loan-To-Value data; and
(8)
the close monitoring process.
4.26. In relation to the culture of the business:
(1)
staff were incentivised to focus on revenue rather than risk, which increased
the appetite to facilitate customers, increase lending and take on greater risk;
(2)
there was a dominant single credit focus, which hindered effective credit risk
management across the portfolio as a whole;
(3)
the business was resistant to change, which would impede any efforts to
improve the control framework and to prioritise risk management;
(4)
there was a culture of optimism which affected the attitude towards assessing
credit risk in the course of the loan approval process and which also
engendered a reluctance to refer stressed transactions to the High Risk team;
and
(5)
risk management was regarded as a constraint on the business rather than
integral to it.
Management Information
4.27. In relation to the quality, reliability and utility of the available management
information:
(1)
the available management information was not sufficient for the purpose of
conducting an effective assessment of the portfolio;
(2)
the degree of manual intervention was a continuing and major risk;
(3)
there was a continuing lack of metrics for the assessment of the effectiveness
of the control environment; and
(4)
a significant proportion of the portfolio had not been risk-rated.
4.28. As a consequence, the control framework was not effective throughout the Relevant
Period. This directly impeded the ability of the business to assess, manage and
mitigate credit risk.
Significant issues with the distribution of risk: first line of defence
4.29. The high risk lending strategy which Corporate pursued also required an effective
framework for the distribution of risk.
4.30. Corporate typically entered into transactions as sole underwriter, taking 100% of the
exposure onto its book and subsequently seeking to sell this down to a targeted hold
position. In this way Corporate ran significantly higher risk in entering into
transactions than if it underwrote them on a club basis, whereby the risk (and more of
the fees) would be shared with others at the outset.
4.31. The Firm understood that achieving sell down to the target hold position was a vital
element of the Corporate business model and that this was of particular significance as
a means of reducing the degree of exposure to large leveraged transactions.
(1)
the Corporate Division's loans distribution capability was limited in
comparison to its peer group and there were issues with the effectiveness and
authority of the loans distribution unit;
(2)
deal teams were resistant to sell down as the consequent overall reduction in
fee levels directly affected their results and incentives. They priced
transactions primarily in order to secure the business rather than in order to
facilitate sell down;
(3)
aggressive structures impeded sell down, though deal teams continued to
structure deals aggressively in order to secure the business; and
(4)
in a number of large transactions, the Corporate loans distribution unit
expressed concerns as to their ability to sell down particular transactions given
the proposed pricing and/or structuring of the transaction. Those concerns
were overridden and the transactions were sanctioned. In a number of these
transactions, the target hold was not achieved.
4.33. As a consequence, the framework for the distribution of risk was not effective
throughout the Relevant Period. This directly impeded the ability of the business to
mitigate credit risk.
Significant issues with the management of portfolio risk: first line of defence
4.34. The high risk lending strategy which Corporate pursued also required a
commensurately robust framework for the management of risk across the Corporate
portfolio as a whole. However:
(1)
the dominant single credit focus hindered effective credit risk management
across the portfolio as a whole;
(2)
Corporate did not have a sophisticated process for defining its risk appetite.
Although high level industry sector limits were set for Corporate and a target
portfolio rating was reported, they were not used effectively to constrain
growth or manage the risk across the portfolio as a whole:
(a)
sector limits gave the business generous headroom and/or were
periodically adjusted to enable the business to meet its targets;
(b)
there were no limits set for specific asset classes within the high level
sector limits, such that there were no limits specific to the higher risk
areas of ISAF and Joint Ventures beyond the overarching industry
sector limits;
(c)
transactions were routinely entered into with ratings which were
significantly worse than the target or not rated at all; and
(3)
Corporate did not introduce a risk appetite statement for its risk capital
business until June 2008.
4.35. As a consequence, the framework for the management of risk across the portfolio as a
whole was not effective throughout the Relevant Period. This directly impeded the
ability of the business to assess, manage and mitigate risk.
Significant issues regarding stressed transactions: first line of defence
4.36. As set out in more detail at paragraphs 4.108 to 4.135 below, the Firm did not have an
effective process for the prompt identification and management of Corporate
transactions which showed signs of stress. This directly impeded the ability of the
business to assess, manage and mitigate credit risk.
Second line of defence
4.37. There were significant issues with the oversight of Corporate by the second line of
defence throughout the Relevant Period.
4.38. There was no clear Group-wide framework for credit risk management. Although
Group Risk recognised the need for a clear articulation of risk appetite at Group level,
which would provide a consistent view across the Group of the maximum tolerance
for credit risk, the stated risk appetite was no more than the product of divisional
profit targets and provisioning forecasts. This was not adequate in the light of:
(1)
the challenges present in the market (which Group recognised), including
competitive pressures which were leading to increased levels of credit risk in
individual transactions; and
(2)
the risk (which Group recognised) of an economic downturn.
4.39. In the absence of such a framework, Group Risk relied on sector limits and periodic
reviews to achieve oversight and control. However:
(1)
Group Risk failed to provide effective challenge to Corporate either in setting
sector limits or responding to breaches; and
(2)
the methodology underpinning Group Risk’s periodic reviews of credit risk
management within the Group was not robust. Further, due to Group Risk’s
lack of resource and expertise, these reviews were not effective.
4.40. Group Risk periodically assured the Firm that the credit risk framework was sound
and fit for purpose, despite the fact that Group Risk recognised that:
(1)
significant change was required to meet the challenges posed by the aggressive
growth targets in the light of the economic environment and the drive towards
higher risk business;
(2)
significant change was required as to the level of resource available to Group
Risk to enable it to provide effective oversight; and
(3)
there were significant weaknesses in the measures employed for the
measurement of risk, namely the use of sector limits, stress testing and
management information.
4.41. These issues meant that Group Risk failed to conduct effective oversight and control
of Corporate throughout the Relevant Period.
Third line of defence
4.42. There were also issues with the assurance provided by the third line of defence
throughout the Relevant Period.
4.43. There were issues with the quality of assurance work undertaken by Group Internal
Audit ("GIA") throughout the Relevant Period. This was the result of:
(1)
a lack of business expertise and resource within GIA; and
(2)
GIA’s focus on major regulatory and change projects rather than business as
usual, for a large part of the Relevant Period.
4.44. In addition, there were issues with the scope of GIA’s assurance work throughout the
Relevant Period. In particular:
(1)
there was a lack of clarity as to the boundary between GIA and Group Risk;
and
(2)
there was an underlap between Group Risk and GIA, particularly in relation to
credit risk, which was not reviewed by GIA.
4.45. These issues meant that GIA failed to provide effective assurance in relation to
Corporate throughout the Relevant Period.
The Reading incident
4.46. A serious control breakdown in Corporate’s Reading office (the "Reading incident")
was discovered in March 2007. The Reading incident is an example of a failure of the
first, second and third lines of defence within the Firm to identify serious issues
within the Corporate Division.
4.47. A senior member of staff had been sanctioning limits and additional facilities beyond
the scope of his delegated lending authority undetected for at least three years. The
additional facilities were provided to distressed companies, and involved the use of a
workout firm that had a potentially inappropriate link with the member of staff. This
unauthorised extension of credit may have exposed the Firm and the Firm’s customers
to potential fraud. It exposed the Firm to significant additional risk with little or no
additional security. Following detection by the Firm, a significant impairment charge
of £76 million was taken at the end of the first six months of 2007 in relation to this
matter. By the end of 2007, this had increased to £240 million.
4.48. The Reading incident illustrates significant failings of the first line of defence:
(1)
ineffective management supervision and oversight;
(2)
ineffective (or absent) directive, preventative and detective controls; and
(3)
a culture which gave insufficient weight to risk management.
4.49. It also illustrates issues with the second line of defence. Group Risk failed to identify
the issue in any of the annual provisioning reviews it conducted between 2003 and
2007.
4.50. It also illustrates issues with the third line of defence:
(1)
GIA did not review credit risk;
(2)
GIA had failed to secure an adequate resolution of a known issue of weak
access controls; and
(3)
There had been a lack of follow-up of open issues by the Audit Committee and
the Risk Control Committee.
4.51. The Reading incident was not detected by any of the three lines of defence until
March 2007.
The substantial expansion of the business between January 2006 and March
2008
4.52. Despite the matters set out at paragraphs 4.21 to 4.45 above, between January 2006
and March 2008, the Corporate Division pursued an aggressive growth strategy. This
was not prudent. Over the course of this period:
(1)
succeeding business plans set ever-increasing and highly challenging targets
for profit growth. This in turn required growth in the Division’s assets. The
high rate of portfolio turnover on the Corporate book (approximately 30% per
annum) meant that stronger origination efforts were required every year just to
ensure that the size of loan book did not reduce;
(2)
the challenging targets were consistently met and exceeded;
(3)
a substantial proportion of the profit growth arose out of higher risk areas of
the business, in particular Joint Ventures and ISAF which originated the
majority of Corporate’s risk capital; and
(4)
the average credit quality of new and renewal business remained low. The
portfolio was high risk and sub-investment grade throughout. Furthermore, the
credit quality of the portfolio was significantly worse than the target risk rating
throughout the period.
4.53. Notwithstanding this, during this period the Firm made repeated statements in its
internal business plans that the business was adopting a selective and cautious
approach to lending.
The growth of the business in 2006
4.54. Prior to the start of 2006:
(1)
the Firm had recognised that the economic cycle was at or reaching its peak;
(2)
the Firm had recognised that competitive pressures in the leveraged finance
market were having a negative impact on deal structures and increasing
underwriting risk;
(3)
there were significant unresolved issues with the effectiveness of the control
framework, which were exacerbated by issues in relation to culture and
management information;6
(4)
the framework for the management of credit risk across the portfolio was not
robust;
(5)
the loans distribution framework was not operating effectively; and
(6)
the process for the identification and management of stressed transactions was
not operating effectively.
4.55. Despite this, from the outset and throughout 2006, Corporate focused on revenue
generation. The Firm did not take reasonable steps to assess, manage and mitigate the
potential risks of this strategy.
4.56. The business plan for 2006/2010 set out the following targets for 2006:
(1)
UPBT growth of 9%; and
(2)
lending growth of 6.4%.
4.57. During the Group challenge process, the Firm had directed Corporate to double the
profit target contained in the plan. In the light of the unresolved wide-ranging and
serious issues in the business, as summarised at paragraphs 4.21 to 4.45 above,
directing growth at these levels was imprudent.
4.58. At the 2006 year end, the Corporate Division had achieved the following:
(1)
UPBT growth of 17% (which was 8% ahead of plan); and
(2)
lending growth of 8%.
6 The Firm had particular concerns about these issues in the Relationships area.
4.59. Of particular note, during 2006:
(1)
in relation to property, there was a 13% increase in lending;
(2)
in relation to risk capital:
(a)
the reported book value of Corporate’s investment portfolio grew by
42%, despite significant realisations7;
(b)
Joint Ventures' UPBT was 31% above plan; and
(c)
ISAF's UPBT was 41% above plan.
(3)
in relation to leveraged finance activity:
(a)
there were 199 transactions in excess of £75 million, with a total value
of £56 billion;
(b)
there were 56 transactions in excess of £250 million, with a total value
of £36.2 billion; and
(4)
in relation to single name exposures, the total value of the top 30 exposures
increased by 26% (from £19.2 billion to £24.2 billion), increasing the
proportion of these exposures to the overall Corporate portfolio from 15% to
17%.
4.60. The average credit quality of both new and renewal business was significantly worse
than the target risk rating: 6.1 or 6.2 rather than the target of 5.2.
4.61. The aggressive and high risk growth strategy which the business adopted contrasted
with statements in the Firm’s internal business plan for 2006/2010, which suggested
that:
(1)
the approach to credit risk was conservative with a constant drive for improved
credit quality;
(2)
Corporate would continue to apply clear parameters to lending proposals to
ensure that the inherent risk in both individual proposals and the portfolio was
appropriately managed; and
(3)
Corporate would be particularly selective in the business it chose to write.
The growth of the business in the period January 2007 to July 2007
4.62. By the start of 2007:
(1)
the Firm had recognised further indications that the economic cycle had
reached its peak and that a downturn could be anticipated;
7 Increases in reported book value despite significant realisations indicate that (in addition to any fair value
uplift) new investments are being taken on to the book.
(2)
there continued to be significant unresolved issues with the effectiveness of the
control framework, which were exacerbated by issues in relation to culture and
management information;
(3)
the framework for the management of risk across the portfolio was still not
robust;
(4)
the loans distribution framework was still not operating effectively; and
(5)
the process for the identification and management of stressed transactions was
still not operating effectively.
4.63. During the first quarter of 2007, there were increased concerns within the Firm around
the leveraged finance market. In particular, in March 2007 Group Risk advised that
there should be caution in relation to leveraged market and that targeting further
growth in that area should be avoided.
4.64. Despite this, Corporate continued to focus on revenue generation and aggressive
growth. The Firm did not take reasonable steps to assess, manage and mitigate the
potential risks of this strategy.
4.65. Corporate had originally proposed targets for 2007 of 10 to 12% UPBT growth.
During the Group challenge process the Firm directed Corporate to increase this target
substantially. In finalising the business plan for 2007-2011, Corporate set the
following targets for 2007:
(1)
UPBT growth of 22%; and
(2)
lending growth of 9%.
4.66. The targets were increased again during quarterly reforecasts in H1 2007, as Group
increasingly looked to the Corporate Division to make up for the underperformance of
the Retail Division. In April 2007 the UPBT target was increased to 30%. In June
2007 the targets set for 2007 were adjusted to:
(1)
UPBT growth of 35%; and
(2)
lending growth of 10%.
4.67. In the light of the unresolved wide-ranging and serious issues in the business
summarised at paragraphs 4.21 to 4.45 above, directing growth at these levels was
imprudent.
4.68. By the end of July 2007, Corporate had generated 85% of the profits it made in the
whole of 2006 and was 21% ahead of plan. Lending grew by 5% in this period.
4.69. Of particular note, in the first seven months of 2007:
(1)
in relation to property, there was a 11% increase in lending:
(2)
in relation to risk capital:
(a)
the reported book value of Corporate’s investment portfolio grew by
12%, despite strong realisations;
(b)
Joint Ventures' UPBT was up by 373% on the same period in 2006,
with the business having already made 82% of its planned profits for
the full year; and
(c)
ISAF's UPBT was up by 109% on the same period in 2006 and already
in excess of plan for the full year.
(3)
in relation to leveraged finance activity:
(a)
there were 198 transactions in excess of £75 million, with a total value
of £56.1 billion; and
(b)
there were 61 transactions in excess of £250 million, with a total value
of £37.7 billion.
(4)
in relation to single name exposure, the total value of the top 30 exposures
increased by 8% from the start of 2007 to the end of June 20078 (from £24.2
billion to £26.1 billion), increasing the proportion of these exposures to the
overall Corporate portfolio from 17% to 22%.
4.70. The average credit quality of both new and renewal business remained significantly
worse than the target risk rating.
4.71. The aggressive and high risk growth strategy which the business adopted contrasted
with statements in the Firm’s internal business plan for 2007/2011, which suggested
that:
(1)
the conservative approach to credit risk and the drive for improved credit
quality would continue;
(2)
the business would continue to sell down exposures to avoid a concentration of
risk; and
(3)
credit experience was expected to remain benign, reflecting the business’
cautious hold appetite and preference for asset backed lending.
Impact of the credit crunch and the resulting economic downturn
4.72. The Firm had recognised in 2006 and 2007 that the top of the economic cycle had
been reached and that there was a risk of a downturn. Despite this, Corporate had
continued to lend in a way that increased credit risk and concentration risk, thereby
increasing the vulnerability of the portfolio to such a downturn. It was also clear to the
Firm that, in addition to the unresolved wide-ranging and serious issues in the
business summarised at paragraphs 4.21 to 4.45 above, there were, as a result of the
8 These figures do not include Corporate-Europe exposures: these are included in the top 30 large exposures for
the Corporate Division from the beginning of July 2007 onwards.
changed economic environment, serious issues with the effectiveness of the
syndication/selldown strategy, a key mitigant of risk.
4.73. The credit crunch had a significant market impact during the second half of 2007:
(1)
in June 2007 there was speculation about the viability of two Bear Sterns
hedge funds and their collapse was confirmed in July 2007;
(2)
in August 2007 BNP Paribas announced that it had suspended a number of its
funds due to liquidity issues; and
(3)
in September 2007 the Bank of England announced that it had agreed to give
emergency financial support to Northern Rock.
4.74. The impact of the credit crunch and the resulting economic downturn on the existing
transactions within the Corporate Division's portfolio manifested itself in a number of
ways:
(1)
in relation to property, the downturn affected both the borrower's ability to
service the debt and also the value of the underlying security;
(2)
in relation to risk capital, the increased risk of default meant that the risks
associated with these transactions, in particular the absence of security and the
lower levels of control over assets, now became acute, as did the issues
regarding conflicts of interest;
(3)
in relation to leveraged finance, the increased risk of default meant that the
potential impact of failure of these large transactions was substantial;
(4)
in relation to significant large borrowers, the increased risk of default meant
that the potential impact was substantial;
(5)
to the extent that any existing deals had not yet been sold down to target hold
levels, the underwriting risk had increased significantly; and
(6)
the need for effective monitoring of existing transactions and the portfolio as a
whole was of increased importance.
4.75. The impact on new transactions manifested itself in a number of ways:
(1)
there was now an acute risk of syndication failure, particularly in underwriting
highly leveraged deals with aggressive structures; and
(2)
the need for a rigorous assessment of credit quality as part of the loan
sanctioning process had become acute.
4.76. Despite these issues, the Corporate Division adopted a strategy of lending through the
cycle. This strategy involved supporting existing customers (which in turn further
increased the business's exposure to significant large borrowers) and actively seeking
to increase market share. Significant volumes of new business continued to be
sanctioned by the Corporate Division in this period.
4.77. Furthermore, despite the acute risk of syndication failure, the Corporate Division
continued to lend despite the inability to syndicate the transactions. A number of
large transactions were entered into against the advice of Corporate's loans
distribution unit and without any proper assessment of the increased risks arising from
the correction in the syndication market.
4.78. The impact of the credit crunch on the syndication market meant that there were
severe constraints on the ability of the business to reduce its exposure at a time when
there was an increasing risk of default. By 30 April 2008, the value of Corporate’s
loans waiting to be sold down was £9.7 billion.
4.79. In addition the average credit quality of both new and renewal business sanctioned
across the Corporate Division remained low, and worse than the target portfolio, in
the period August 2007 to March 2008.
The growth of the business in the period August 2007 to March 2008
4.80. From the start of this period:
(1)
there continued to be significant unresolved issues with the effectiveness of the
control framework, which were exacerbated by issues in relation to culture and
management information;
(2)
the framework for the management of credit risk across the portfolio was still
not robust; and
(3)
the process for the identification and management of stressed transactions was
still not operating effectively.
4.81. During this period:
(1)
the full extent of the credit crunch and increased risk of a severe economic
downturn became increasingly apparent;
(2)
as a consequence, the risk of default increased significantly;
(3)
the syndication market was effectively closed from 10 August 2007, which
meant that Corporate was not able to reduce its exposure by selling down debt,
particularly where it was structured aggressively; and
(4)
transactions within the portfolio began to exhibit signs of stress and the level
of impairments began to increase.
4.82. Despite this, Corporate continued to focus on revenue generation and aggressive
growth. The Firm did not take reasonable steps to assess, manage or mitigate the
potential risks of this strategy. Instead, the Corporate Division continued to strive to
meet the challenging targets that had been set for 2007. Corporate sought to increase
market share as other lenders were withdrawing from the market.
4.83. Given the changed economic environment and in the light of the unresolved wide-
ranging and serious issues in the business summarised at paragraphs 4.21 to 4.45
above, directing growth at these levels was imprudent.
4.84. In the full year 2007 (despite the less favourable economic environment in the last five
months of the year), Corporate had achieved:
(1)
UPBT growth of 32%. This was 7.5% above the original plan target and just
£60 million short of the ambitious target of £2.4 billion set at the end of H1;
and
(2)
lending growth of 22%.
4.85. Of particular note:
(1)
in relation to property, in the last five months of 2007, there was a 15%
increase in lending;
(2)
in relation to risk capital, in the last five months of 2007:
(a)
the reported book value of Corporate’s investment portfolio grew by
31%, with additions significantly outweighing disposals;
(b)
Joint Ventures produced strong results contributing to UPBT results for
the full year 2007 that were 107% up on 2006 and well in excess of
plan;
(c)
ISAF continued to produce strong results contributing to exceptional
above plan UPBT results for the full year 2007 that were 73% up on
2006;
(3)
in relation to leveraged finance activity, in the last five months of 2007:
(a)
there were 163 transactions in excess of £75 million, with a total value
of £40.2 billion;
(b)
there were 49 transactions in excess of £250 million, with a total value
of £26.3 billion; and
(4)
in relation to single name exposure, the total value of the top 30 exposures
increased by 19% from the start of July 20079 to the end of 2007 (from £27.9
billion to £33.2 billion), increasing the proportion of these exposures to the
overall Corporate portfolio from 22% to 23%.
4.86. In the business plan for 2008/2012, Corporate set the following targets for 2008:
(1)
UPBT growth of 2.3%; and
(2)
lending growth of 9.6%.
9 These figures include Corporate-Europe exposures.
4.87. Given the escalating financial crisis, this represented an extremely challenging target.
In the light of the changed economic environment and the unresolved wide-ranging
and serious issues in the business summarised at paragraphs 4.21 to 4.45 above,
directing further growth at this point was imprudent.
4.88. Corporate continued to lend in Q1 2008 as the risk of a severe downturn intensified.
The Firm did not take reasonable steps to assess, manage or mitigate the potential
risks of this strategy.
4.89. During Q1 2008:
(1)
In relation to property, there was a 4% increase in lending;
(2)
In relation to risk capital:
(a)
the reported book value of Corporate’s investment portfolio grew by a
further 10%, with additions outweighing disposals;
(b)
Joint Venture’s UPBT was positive (albeit behind plan);
(c)
ISAF’s UPBT was positive (albeit behind plan).
(3)
In relation to leveraged finance activity;
(a)
there were 46 transactions in excess of £75 million, with a total value of
£11.6 billion;
(b)
there were 11 transactions in excess of £250 million, with a total value
of £7.1 billion; and
(4)
In relation to single name exposures the total value of the top 30 exposures
increased by 3% (from £33.2 billion to £34.1 billion), maintaining the
proportion of these exposures to the overall Corporate portfolio at 23%.
4.90. The average credit quality of both new and renewal business remained significantly
worse than the target risk rating throughout this period.
4.91. Despite the aggressive and high risk growth strategy which the business adopted, the
Firm’s internal business plan for 2008/2012 stated that:
(1)
the strategy of measured lending growth and sound credit quality would
continue;
(2)
the conservative approach to credit risk management would continue;
(3)
a more conservative approach would be taken to single large exposures until
the markets normalised; and
(4)
there would be aggressive sell down of exposure to leveraged finance deals.
The Firm's failings in the period January 2006 to March 2008
4.92. Between January 2006 and March 2008, the Corporate Division pursued an aggressive
growth strategy, the effect of which was to increase the risk profile of a business
which was already focussed on high-risk, sub-investment grade lending. Corporate
did so despite known weaknesses in the control framework, which meant that it failed
to provide robust oversight and challenge to the business. Further, Corporate
continued to do so as market conditions began to worsen in the course of 2007. The
Firm did not take reasonable steps to assess, manage or mitigate the risks involved in
the aggressive growth strategy.
4.93. By the start of 2006, the Firm had recognised that:
(1)
the economic cycle was at or reaching its peak;
(2)
competitive pressures in the leveraged finance market were having a negative
impact on deal structures and increasing underwriting risk.
4.94. Given the high level of risk and exposure to the economic cycle in the Corporate
portfolio, the effective assessment, management and mitigation of credit risk required
the following:
(1)
an effective control framework for the sanctioning and monitoring of
individual transactions;
(2)
an effective framework for the management of credit risk across the portfolio
as a whole;
(3)
an effective framework for the distribution of risk through selldown, by
syndication or other means;
(4)
an effective process for the prompt identification and management of
transactions which showed signs of stress;
(5)
a culture which gave due weight to credit risk management; and
(6)
reliable management information.
4.95. However, none of these were in place during the Relevant Period:
(1)
there were serious deficiencies in the control framework, which meant that it
failed to provide robust oversight and challenge to the business;
(2)
there were serious deficiencies with the framework for the management of
credit risk across the portfolio which meant that there was a lack of focus on
the need to manage risk across the portfolio as a whole;
(3)
there were serious deficiencies in the distribution framework which meant that
it did not operate effectively to reduce the risk in the portfolio;
(4)
there were serious deficiencies in the process for the identification and
management of transactions which showed signs of stress which meant that
they were neither identified promptly nor managed effectively; and
(5)
these issues were exacerbated by significant issues in relation to culture and
management information. The available management information was not
capable of giving a reliable view of the degree of risk in specific areas of the
business or the portfolio as a whole.
4.96. In addition there were issues with the oversight of Corporate provided by Group Risk
and GIA during 2006.
4.97. These serious issues meant that there was a high degree of risk associated with
maintaining existing levels of business (particularly given the high rate of portfolio
turnover required to do so) during 2006. As a consequence, from the start of 2006 and
pending the resolution of these issues the Firm should have:
(1)
taken immediate steps to improve the credit quality of the portfolio, focussing
on the areas where its concerns were greatest. Such steps could have included
restricting origination activity by setting and enforcing more specific risk
parameters and/or reducing concentration risk; and
(2)
ensured that the targets that had been set in relation to UPBT and asset growth
for the business were prudent.
4.98. The Firm failed to take these steps. Instead the Corporate Division pursued an
aggressive growth strategy, in pursuit of which it entered into transactions of
increasing size, complexity and downside risk. This had the effect of increasing the
already high level of risk and exposure to the economic cycle in the portfolio at a time
when the Firm recognised that the economic cycle was at or near its peak. This was
not a prudent approach.
4.99. Having failed to set prudent growth targets at the start of 2006, the Firm should have
acted prudently in directing and managing the growth of the business. For example, it
should have:
(1)
clearly articulated the risks associated with the growth targets and the impact
on the stated risk appetite, in particular in relation to concentrations in
commercial property, risk capital and leveraged finance;
(2)
ensured that appropriate parameters were set whereby the levels of exposure to
commercial property, risk capital and leveraged finance could be effectively
monitored and controlled in order to comply with the stated policy of
conservatism and improved credit quality;
(3)
clearly articulated risk appetite at Group level based on an effective assessment
of risk tolerance rather than profit targets;
(4)
ensured that the loans distribution framework was reorganised to ensure that
transactions were priced and structured so as to facilitate selldown;
(5)
identified that the specific risks applicable to risk capital would require
specific controls, oversight and management, in the absence of which a one-
stop-shop approach was not prudent; and
(6)
acted prudently in revising targets for 2006 during quarterly reforecasts, and in
the business planning process for 2007.
January to July 2007
4.100. By January 2007, the Firm knew that none of the issues identified at paragraphs 4.21
to 4.45 above had been resolved and that the effect of the aggressive growth during
2006 had been to increase the level of risk in the portfolio. The Firm also understood
that there were further indications that the economic cycle had reached its peak.
4.101. In addition there were continuing issues with the oversight of Corporate provided by
Group Risk and GIA during this period.
4.102. These serious issues meant that there was a high degree of risk associated with
maintaining the levels of business that Corporate had originated in achieving above
plan growth in 2006 (particularly given the high rate of portfolio turnover required to
do so). As a consequence, pending the resolution of these issues the Firm should
have:
(1)
taken immediate steps to improve the credit quality of the portfolio, focussing
on the areas where its concerns were greatest. Such steps could have included
restricting origination activity by setting and enforcing more specific risk
parameters and/or reducing concentration risk; and
(2)
acted prudently in setting UPBT and asset growth targets for the business.
4.103. The Firm failed to take these steps. Instead, having increased the profit growth target
for 2007 from 10/12% to 22% in the course of the Group challenge process, the Firm
made further increases to 30% in April 2007 and 35 % in June 2007. This was not
prudent, particularly in the light of the increased concerns being expressed within
HBOS as to the leveraged finance market around that time.
4.104. Having failed to set prudent growth targets in business planning for 2007, the Firm
should have acted prudently in directing and managing the growth of the business.
For example, it should have:
(1)
clearly articulated the risks associated with the growth targets and the impact
on the stated risk appetite, in particular in relation to concentrations in
commercial property, risk capital and leveraged finance;
(2)
ensured that appropriate parameters were set whereby the levels of exposure to
commercial property, risk capital and leveraged finance could be effectively
monitored and controlled in order to comply with the stated policy of
conservatism and improved credit quality;
(3)
clearly articulated risk appetite at Group level based on an effective assessment
of risk tolerance rather than profit targets;
(4)
ensured that the loans distribution framework was reorganised to ensure that
transactions were priced and structured so as to facilitate selldown;
(5)
identified that the specific risks applicable to risk capital would require
specific controls, oversight and management, in the absence of which a one-
stop-shop approach was not prudent; and
(6)
acted prudently in revising targets for 2007 during quarterly reforecasts.
August 2007 to March 2008
4.105. By the end of August 2007, the Firm was aware that:
(1)
none of the issues identified at paragraphs 4.21 to 4.45 above had been
resolved;
(2)
the effect of the aggressive growth during the first seven months of 2007 had
been to increase the level of risk in the portfolio;
(3)
the syndication market was effectively closed, particularly to aggressively
structured deals; and
(4)
peers were withdrawing from the market.
4.106. The Firm should have acted prudently in responding to the changed economic
environment. For example, it should have:
(1)
ensured that clear parameters were set for the level of exposure to underwriting
on a unilateral basis to reflect the closure of the syndication markets and that a
clear pricing strategy was in place commensurate with the need for prudence in
the light of the changed economic environment;
(2)
ensured that existing risk parameters were reviewed to ensure that they were
still appropriate to effectively monitor and control the level of exposure in
order to comply with the stated policy of conservatism and improved credit
quality;
(3)
clearly articulated risk appetite at Group level based on an effective assessment
of risk tolerance rather than profit targets;
(4)
ensured that the business and the Group control functions devoted greater
resource and attention to monitoring the performance of existing assets on the
Corporate book; and
(5)
acted prudently in the business planning process for 2008.
4.107. These failings constitute a failure by the Firm to take reasonable care to organise and
control its affairs responsibly and effectively, with adequate risk management systems
and hence a failure to discharge its regulatory obligations.
Approach to stressed transactions
Slow migration to High Risk
4.108. It was the responsibility of the relevant business area to identify a particular
transaction as stressed and to refer that transaction to the High Risk team. The High
Risk team would then carry out a detailed assessment of the transaction's credit risk,
re-rating the transaction as required. Following that assessment, the transaction would
either be returned to the good book, classified as High Risk, classified as Impaired No
Loss or classified as Impaired with Loss. Where appropriate, a provision would then
be made.
4.109. However, throughout the Relevant Period:
(1)
the weaknesses in the control framework meant that the identification of
potential or actual default (eg through the monitoring of covenants) was slower
than it should have been;
(2)
the culture of optimism meant that, even when potential or actual default had
been identified, the business area was slower than it should have been in
referring the transaction to the High Risk team; and
(3)
the High Risk team was insufficiently resourced and the management
information available to it was unreliable.
4.110. As a consequence, the process for the identification and management of transactions
which showed signs of stress was not effective throughout the Relevant Period. This
directly impeded the ability of the business to assess, manage and mitigate credit risk.
4.111. In the market environment which existed during the period from August 2007 to
March 2008, the need for a rigorous approach to the identification and management of
stressed transactions within the portfolio had become acute.
4.112. By April 2008, the scale of the financial crisis and its impact on the Corporate
Division's markets was recognised within HBOS. The unresolved issues in relation to
the control framework and the high risk profile of the business meant that the risk of
stress and the likelihood of default and impairment were now very high. From this
time, it became acutely important for the Firm to acknowledge the impact of the
financial crisis on the Corporate Division and to take proactive steps to understand the
nature and extent of any stressed assets, ensuring that they were promptly migrated to
the High Risk and Impaired Assets team.
4.113. As noted at paragraph 4.108 above, it was the responsibility of the relevant business
area to identify a particular transaction as stressed and to refer that transaction to the
High Risk team. However, throughout the Relevant Period the migration of stressed
assets to the High Risk team was consistently too slow. The pace of migration was
still a significant issue as late as December 2008.
4.114. It is accepted that a degree of management judgment is necessarily involved in the
assessment of credit quality and risk. It is also accepted that the severity of the
downturn was not fully foreseen. However, the vulnerability of the business to the
downturn was a direct result of the high risk lending strategy which the Corporate
Division had pursued.
4.115. The available management information was not sufficient for the purpose of
conducting an effective assessment of the portfolio. The culture of optimism had
engendered a reluctance to refer stressed transactions to the High Risk team.
Accordingly, there was a significant risk that the full extent of impairment would not
have been identified.
4.116. There was a collective denial within the Corporate Division of the impact of the
financial crisis on the portfolio. The culture of optimism which pervaded the business
impeded the identification and effective management of transactions as they became
stressed and delayed the referral of stressed transactions to the High Risk team. There
was a significant risk that this would have an impact on HBOS’s capital requirements.
It also meant that the full extent of stress in the Corporate portfolio was not visible to
Group, auditors and regulators.
4.117. Further, Group Risk failed to provide effective oversight of the process for the
identification and management of stressed transactions, despite these known
weaknesses.
4.118. The Firm consistently exhibited optimism and confidence in the credit quality and risk
profile of the portfolio and significant individual transactions within the portfolio.
This optimism was unwarranted, without foundation and at the expense of prudence,
particularly given that:
(1)
there were significant unresolved issues with the effectiveness of the control
framework, which were exacerbated by issues in relation to culture and
management information;
(2)
the framework for the management of risk across the portfolio was not robust;
and
(3)
the process for the identification and management of stressed transactions was
not operating effectively.
4.119. It should have been apparent to the Firm that a more prudent approach was now
essential in order to mitigate the high degree of risk facing the business. However, the
Firm did not adopt such an approach.
Impact on impairments and provisioning
4.120. There was a significant risk that the failings listed above at 4.109 would affect the
timing and scale of impairments recognised and provisions made for Corporate in
HBOS's financial statements. The culture of optimism also meant that, once a
transaction had been referred to High Risk, the assessment of the level of individual
provisions was consistently optimistic rather than prudent. The Firm adopted an
optimistic approach to levels of provisioning despite repeated warnings from HBOS’s
auditors and the Corporate Division’s risk function of the need for a more prudent
approach.
4.121. Group Risk failed to provide effective oversight and challenge in relation to
provisioning:
(1)
there were issues with the effectiveness of the annual provisioning review
conducted by Group Risk; and
(2)
Group Risk failed to provide effective challenge to the business’ assessment of
provisioning levels.
4.122. In the period April 2008 to December 2008, HBOS made a number of public
statements relevant to the level of impaired assets within the Corporate Division's
portfolio and the level of provisions which had been made:
(1)
on 19 June 2008, HBOS issued a prospectus in relation to a rights issue.
Corporate’s year-to-date impairment losses were not quantified or commented
on in the prospectus. Management information indicated that, as at 31 May
2008, it had year-to-date impairment losses of £369.9 million;
(2)
on 31 July 2008, HBOS published its interim results. This included details of
the financial statements as at 30 June 2008 and stated that, as at 30 June 2008,
there were year-to-date impairment losses of £469 million;
(3)
on 18 November 2008, HBOS issued a prospectus in relation to a placing and
open offer. This included details of the financial statements as at 31 October
2008 and stated that, as at 30 September 2008, there were year-to-date
impairment losses of £1.7 billion; and
(4)
on 12 December 2008, HBOS published a Trading Update. This included
details of the financial statements as at 30 November 2008 and stated that, as at
30 November 2008, there were year-to-date impairment losses of £3.3 billion.
4.123. Throughout this period, HBOS's auditors KPMG agreed that the overall level of the
Firm’s provisioning was acceptable. However, in relation to Corporate, they
consistently suggested that a more prudent approach would be to increase the level of
provision by a significant amount. The Firm consistently chose to provision at what
KPMG identified as being the optimistic end of the acceptable range for Corporate.
KPMG's view of what constituted the acceptable range was informed by
management's assessment of the degree of credit risk in particular transactions.
Further, as explained at paragraph 4.116, the slow migration to High Risk meant that
the full extent of stress in the Corporate portfolio was not visible to KPMG.
4.124. Further, the Corporate Division's risk function also consistently suggested that a more
prudent approach would be to increase the level of provision by a significant amount.
The Firm consistently rejected this advice. For example, in December 2008, the
Corporate Risk function identified a range of between £4.5 billion and £6.4 billion for
provisioning to year end. The Corporate risk function specifically warned against
provisioning at the lower end of this £2 billion range, given the likely impact of
deteriorating economic conditions on the transactions they had assessed and the
anticipated migration from the good book of other transactions, and recommended
that provisions should be taken at a higher level. However the Firm rejected this
recommendation and set the provision at the lowest end of this range.
4.125. The December 2008 Management Accounts issued by HBOS had assessed Corporate's
year-to-date impairment losses as at 31 December 2008 as £4.7 billion. On 16
January 2009, Lloyds completed its take-over of HBOS (in the course of which HM
government through HM Treasury acquired approximately 43.4% of the enlarged
ordinary share capital of Lloyds). On 13 February 2009, Lloyds issued a trading
update for the year ended 31 December 2008 which noted, in respect of the Corporate
Division, that:
(1)
year-to-date impairment losses as at 31 December 2008 were now assessed at
approximately £7 billion;
(2)
this revised assessment was as a result of:
(a)
the application of a more conservative provisioning methodology; and
(b)
the acceleration in the deterioration in the economy.
4.126. On 27 February 2009, Lloyds issued HBOS’s preliminary results for 2008. This
confirmed the impairment losses in Corporate as £6.7 billion and stated that the
following impairment losses had been established:
(1)
Real Estate: £1.6 billion
(2)
Joint Ventures: £1.3 billion
(3)
ISAF: £0.9 billion.
4.127. These impairment amounts were substantially higher (approximately £2 billion) than
the equivalent amounts accounted for by HBOS. This difference was attributable to
the following:
(1)
the level of Corporate’s exposure to property;
(2)
pronounced falls in property values and other investments had also resulted in
substantial losses from the investment portfolio, primarily in Joint Ventures
and ISAF;
(3)
the shape of the Corporate book and in particular its exposure to house
builders, risk capital and large single credit exposures, which exacerbated the
impact of the economic downturn. Property-related sectors accounted for
around 60% of the individual impairment provisions; and
(4)
the Corporate Division’s credit risk management had been unable to react
quickly enough to contain the severe economic deterioration in the second half
of 2008. This had been exacerbated by the Firm’s historic levels of exposure
concentration within property-related sectors and had resulted in a dramatic
increase in impairment losses.
4.128. The substantial increase in impairment losses reflected, in part, economic conditions.
However, it also reflected the imposition of more prudent and robust risk management
and impairment policies and methodology. As noted at paragraph 4.124 above,
Corporate Risk had recommended an increase in the level of provision of up to
approximately £6.4 billion in December 2008.
The Firm's failings in the period April 2008 to December 2008
4.129. Between April 2008 and December 2008, the Firm failed to take reasonable care to
ensure that the Corporate Division adequately and prudently managed high value
transactions which showed signs of stress.
Slow migration to High Risk
4.130. By April 2008 it was apparent to the Firm that a number of high value transactions
had begun to demonstrate signs of stress and that this was likely to worsen over the
course of 2008. However, transactions were consistently moved too late to the High
Risk area of the Corporate Division. This delayed the assessment of transactions to
determine whether they should be formally classified as stressed or impaired. There
was a significant risk that this would have an impact on the Firm's capital
requirements. It also meant the full extent of stress in the Corporate portfolio was not
visible to Group, auditors and regulators.
4.131. Further, Group Risk failed to provide effective oversight of this area, despite these
known weaknesses.
4.132. From April 2008 the Firm should have taken proactive steps to ensure that high value
transactions on the Corporate book were assessed in detail for signs of stress and
appropriately classified. It was particularly important that this was done ahead of the
public disclosures referred to at paragraph 4.122 above. For example, the Firm should
have:
(1)
clearly articulated to staff the need to adopt a conservative and prudent
approach and to devote greater resource and attention to rigorous close
monitoring of transactions on the book, reinforcing the importance of the
prompt migration of any transactions showing signs of stress to High Risk;
(2)
clearly articulated to management the need to prioritise effective oversight and
supervision of this process;
(3)
ensured that the criteria for referral to High Risk were reviewed to ensure that
they were clear, appropriate and understood by the business; and
(4)
ensured that the High Risk team was appropriately resourced. This could have
included the engagement of third party consultants.
4.133. However, the Firm failed to do this, permitting the culture of optimism to impede the
effective management of transactions as they became stressed.
Impact on impairments and provisioning
4.134. There was a significant risk that these failings would affect the timing and scale of
impairments recognised and provisions made for Corporate in the Firm's financial
statements. Whilst the FSA makes no findings regarding the accuracy of the Firm’s
financial statements, the Firm should have taken a more prudent approach to the levels
of impairment and provisioning for Corporate. However, provisions were consistently
made at the optimistic rather than the prudent end of the range, despite repeated
warnings from the divisional Risk function and the Firm's auditors. In the period April
2008 to December 2008, the Firm made a number of public statements as to the level
of impaired assets within the Corporate Division's portfolio and the level of provisions
which had been made. On 13 February 2009 Lloyds announced that significant
additional impairments had been required on the Firm's corporate lending portfolios in
the light of the application of a more conservative recognition of risk and the further
deterioration in the economic environment. The level of impairment was increased
from £3.3 billion to approximately £7 billion.
4.135. These failings constitute a failure by the Firm to take reasonable care to organise and
control its affairs responsibly and effectively, with adequate risk management systems
and hence a failure to discharge its regulatory obligations.
5.
ANALYSIS OF BREACHES
5.1.
Principle 3 requires a firm to take reasonable care to organise and control its affairs
responsibly and effectively, with adequate risk management systems. This
requirement extends to the carrying on of unregulated activities in a prudential
context.
5.2.
Between January 2006 and March 2008, the Firm failed to take reasonable care to
organise and control its affairs responsibly and effectively, with adequate risk
management systems, in that the Firm did not:
(1)
have adequate risk management systems for the high risk business and lending
strategy which it pursued;
(2)
have adequate risk management systems for the aggressive growth strategy it
pursued; and
(3)
therefore take reasonable care to organise and control its affairs responsibly
and effectively in its pursuit of the high risk business and lending strategy and
the aggressive growth strategy.
5.3.
Further, between April 2008 and December 2008, the Firm failed to take reasonable
care to organise and control its affairs responsibly and effectively with regard to the
Corporate Division’s management of high value transactions which showed signs of
stress.
5.4.
These failings had, or might reasonably be regarded as likely to have had, a negative
effect on:
(1)
confidence in the UK financial system; and/or
(2)
the ability of the Firm to meet the "fit and proper" test in threshold condition 5
(Suitability).
6.
ANALYSIS OF SANCTION
6.1.
The principal purpose for which the FSA imposes sanctions is to promote high
standards of regulatory conduct by deterring those who have breached regulatory
requirements from committing further breaches, helping to deter others from
committing similar breaches and demonstrating generally the benefits of compliant
behaviour.
6.2.
The FSA's general approach in deciding whether to take action and, if so, whether to
impose a financial penalty or public censure, is set out in Chapter 6 of Decision
Procedure and Penalties Guide ("DEPP"), of the FSA Handbook.
6.3.
The Firm’s breaches of Principle 3 are particularly serious in the light of the
following:
(1)
it was clear that the aggressive growth strategy that Corporate pursued would
necessarily entail a significant increase in the already high level of risk and
exposure to the economic cycle in the portfolio, at a time when Firm
recognised that the economic cycle was at or near its peak;
(2)
rather than identify that a more prudent approach was vital as market
conditions began to worsen, the Firm continued to pursue a strategy of
aggressive growth;
(3)
the Firm disregarded warnings from the divisional risk function and HBOS’s
auditors that the level of provisioning was optimistic rather than prudent.
6.4.
It is accepted that:
(1)
the Firm initiated a number of projects which were designed to improve the
control framework and the approach to risk management and implemented a
number of improvements during the Relevant Period;
(2)
there was a severe financial crisis and economic downturn in the course of the
Relevant Period, which had a significant impact on the business, the full
severity of which was not reasonably foreseeable during the early part of the
Relevant Period; and
(3)
the assessment of credit quality and impairment requires the exercise of
management judgment.
6.5.
Notwithstanding the foregoing factors, the FSA considers that the Firm's conduct was
not sufficient to discharge its regulatory obligations. The FSA has therefore decided
that a sanction is warranted in this case.
6.6.
A financial penalty proportionate to the misconduct identified in this notice would be
both merited and very substantial. However in the exceptional circumstances of this
case the FSA has decided not to impose a financial penalty. The very serious
misconduct of the Firm contributed to the circumstances in which HM Government
acquired, through HM Treasury, approximately 43.4% of the enlarged ordinary share
capital of Lloyds following the completion of Lloyds’ takeover of HBOS. As such
public funds have already been expended in order to deal with the consequences of the
very misconduct for which a financial penalty would be imposed and the taxpayer
would again be impacted by any such financial penalty. In these exceptional
circumstances, the most effective way in which to balance the need for deterrence and
act in the wider public interest is to issue a public censure.
7.
DECISION MAKER
7.1.
The decision which gave rise to the obligation to give this Final Notice was made by
the Settlement Decision Makers on behalf of the FSA.
8.
IMPORTANT
8.1.
This Final Notice is given to the Firm in accordance with section 390 of the Act.
9.
PUBLICITY
9.1.
Sections 391(4), 391(6), and 391(7) of the Act apply to the publication of information
about the matter to which this notice relates. Under those provisions, the FSA must
publish such information about the matter to which this notice relates as the FSA
considers appropriate. The information may be published in such manner as the FSA
considers appropriate. However, the FSA may not publish information if such
publication would, in the opinion of the FSA, be unfair to the Firm or prejudicial to
the interests of consumers.
9.2.
The FSA intends to publish such information about the matter to which this Final
Notice relates as it considers appropriate.
10.
FSA CONTACTS
10.1. For more information concerning this matter generally, contact Bill Sillett at the FSA
(direct line: 020 7066 5880 / fax: 020 7066 5881) of the Enforcement and Financial
Crime Division.
Head of Department
FSA Enforcement and Financial Crime Division
ANNEX
GUIDANCE AND POLICY TO STATUTORY PROVISIONS AND RULES
1.
Principles for Businesses (PRIN)
1.1.
The FSA’s regulatory objectives, as set out in section 2(2) of the Financial Services
and Markets Act 2000 (FSMA or the Act), include the maintenance of market
confidence and the protection of consumers.
1.2.
Under section 205 of the Act, if the FSA considers that an authorised person has
contravened a requirement imposed on him by or under the Act, the FSA may publish
a statement to that effect. Alternatively, pursuant to section 206 of the Act, the FSA
may impose a penalty, in respect of the contravention, of such amount as it considers
appropriate.
1.3.
The FSA’s Principles for Businesses (PRIN) have been issued by the FSA under
section 138 of the Act. Principle 3 (Management and control) states: ‘A firm must
take reasonable care to organise and control its affairs responsibly and effectively,
with adequate risk management systems.’.
1.4.
PRIN 3.2.3 R provides: ‘Principles 3, 4 and… 11… also:
(1)
apply with respect to the carrying on of unregulated activities (for Principle 3
this is only in a prudential context); and
(2)
take into account any activity of other members of a group of which the firm is
a member.’
1.5.
‘Prudential context’ is defined in the FSA Handbook as: ‘in relation to activities
carried on by a firm, the context in which the activities have, or might reasonably be
regarded as likely to have, a negative effect on:
(a)
confidence in the UK financial system; or
(b)
the ability of the firm to meet either:
(i)
the “fit and proper” test in threshold condition 5 (Suitability); or
(ii)
the applicable requirements and standards under the regulatory
system relating to the firm’s financial resources.’
2.
Relevant provisions from the Senior Management Arrangements, Systems and
Controls (SYSC)
2.1.
One of the purposes of SYSC, pursuant to SYSC 1.2.1 G, is ‘to increase certainty by
amplifying Principle 3, under which a firm must take reasonable care to organise and
control its affairs responsibly and effectively, with adequate risk management
systems.’
2.2.
SYSC 1.1.5 R provided: ‘SYSC 2 and SYSC 3, except SYSC 3.2.6A R to SYSC 3.2.6J
(1)
apply with respect to the carrying on of unregulated activities in a prudential
context; and
(2)
take into account any activity of other members of a group of which the firm is
a member.’
2.3.
SYSC 1.3.7 R provided: ‘The common platform organisational requirements [i.e.
SYSC 4 to SYSC 9], except the common platform requirements on financial crime,
(1)
apply with respect to the carrying on of unregulated activities in a prudential
context; and
(2)
take into account any activity of other members of a group of which the firm is
a member.’
2.4.
SYSC 2 and SYSC 3 ceased to apply to common platform firms from 1 November
2007: references to these provisions below are therefore to those in force between 1
January 2006 (the start of the Relevant Period) and 30 October 2007. The common
platform requirements (SYSC 4 to SYSC 10) became mandatory for common
platform firms from 1 November 2007: references to these provisions below are
3
therefore to those in force between 1 November 2007 and 31 December 2008 (the end
of the Relevant Period).
2.5.
SYSC 3.1.1 R provided: ‘A firm must take reasonable care to establish and maintain
such systems and controls as are appropriate to its business.’
2.6.
SYSC 3.1.2 G provided:
(1)
‘The nature and extent of the systems and controls which a firm will need to
maintain under SYSC 3.1.1 R will depend upon a variety of factors including:
(a)
the nature, scale and complexity of its business;
(b)
the diversity of its operations, including geographical diversity;
(c)
the volume and size of its transactions; and
(d)
the degree of risk associated with each area of its operation.
(2)
To enable it to comply with its obligation to maintain appropriate systems and
controls, a firm should carry out a regular review of them.
(3)
The areas typically covered by the systems and controls referred to in SYSC
3.1.1 R are those identified in SYSC 3.2. Detailed requirements regarding
systems and controls relevant to particular business areas or particular types
of firm are covered elsewhere in the Handbook.’
2.7.
SYSC 3.2.10 G provided:
(1)
‘Depending on the nature, scale and complexity of its business, it may be
appropriate for a firm to have a separate risk assessment function responsible
for assessing the risks that the firm faces and advising the governing body and
senior managers on them.
(2)
The organisation and responsibilities of a risk assessment function should be
documented. The function should be adequately resourced and staffed by an
appropriate number of competent staff who are sufficiently independent to
perform their duties objectively.
(3)
The term 'risk assessment function' refers to the generally understood concept
of risk assessment within a firm, that is, the function of setting and controlling
risk exposure. The risk assessment function is not a controlled function itself,
but is part of the systems and controls function (CF28).’
2.8.
SYSC 3.2.11 G provided:
(1)
‘A firm's arrangements should be such as to furnish its governing body with
the information it needs to play its part in identifying, measuring, managing
and controlling risks of regulatory concern. Three factors will be the
relevance, reliability and timeliness of that information.
(2)
Risks of regulatory concern are those risks which relate to the fair treatment of
the firm's customers, to the protection of consumers, to confidence in the
financial system, and to the use of that system in connection with financial
crime.’
2.9.
SYSC 3.2.12 G provided: ‘It is the responsibility of the firm to decide what
information is required, when, and for whom, so that it can organise and control its
activities and can comply with its regulatory obligations. The detail and extent of
information required will depend on the nature, scale and complexity of the business.’
2.10. SYSC 3.2.16 G provided:
(1)
‘Depending on the nature, scale and complexity of its business, it may be
appropriate for a firm to delegate much of the task of monitoring the
appropriateness and effectiveness of its systems and controls to an internal
audit function. An internal audit function should have clear responsibilities
and reporting lines to an audit committee or appropriate senior manager, be
adequately resourced and staffed by competent individuals, be independent of
the day-to-day activities of the firm and have appropriate access to a firm's
records.
(2)
The term 'internal audit function' refers to the generally understood concept of
internal audit within a firm, that is, the function of assessing adherence to and
the effectiveness of internal systems and controls, procedures and policies. The
internal audit function is not a controlled function itself, but is part of the
systems and controls function (CF28).’
2.11. SYSC 3.2.17 G provided: ‘A firm should plan its business appropriately so that it is
able to identify, measure, manage and control risks of regulatory concern (see SYSC
3.2.11 G (2)). In some firms, depending on the nature, scale and complexity of their
business, it may be appropriate to have business plans or strategy plans documented
and updated on a regular basis to take account of changes in the business
environment.’
2.12. SYSC 3.2.18 G provided: ‘It is possible that firms' remuneration policies will from
time to time lead to tensions between the ability of the firm to meet the requirements
and standards under the regulatory system and the personal advantage of those who
act for it. Where tensions exist, these should be appropriately managed.’
2.13. SYSC 4.1.1 R provided: ‘A common platform firm must have robust governance
arrangements, which include a clear organisational structure with well defined,
transparent and consistent lines of responsibility, effective processes to identify,
manage, monitor and report the risks it is or might be exposed to, and internal control
mechanisms, including sound administrative and accounting procedures and effective
control and safeguard arrangements for information processing systems.’
2.14. SYSC 4.1.2 R provided: ‘The arrangements, processes and mechanisms referred to in
SYSC 4.1.1 R must be comprehensive and proportionate to the nature, scale and
complexity of the common platform firm's activities…’
2.15. SYSC 4.1.4 R provided: ‘A common platform firm must, taking into account the
nature, scale and complexity of the business of the firm, and the nature and range of
the investment services and activities undertaken in the course of that business:
(1)
establish, implement and maintain decision-making procedures and an
organisational structure which clearly and in a documented manner specifies
reporting lines and allocates functions and responsibilities;
(2)
establish, implement and maintain adequate internal control mechanisms
designed to secure compliance with decisions and procedures at all levels of
the firm; and
(3)
establish, implement and maintain effective internal reporting and
communication of information at all relevant levels of the firm.’
2.16. SYSC 4.1.10 R provided: ‘A common platform firm must monitor and, on a regular
basis, evaluate the adequacy and effectiveness of its systems, internal control
mechanisms and arrangements established in accordance with SYSC 4.1.4 R to SYSC
4.1.9 R and take appropriate measures to address any deficiencies.’
2.17. SYSC 4.2.1 R provided: ‘The senior personnel of a common platform firm must be of
sufficiently good repute and sufficiently experienced as to ensure the sound and
prudent management of the firm.’
2.18. SYSC 6.1.2 R provided: ‘A common platform firm must, taking in to account the
nature, scale and complexity of its business, and the nature and range of investment
services and activities undertaken in the course of that business, establish, implement
and maintain adequate policies and procedures designed to detect any risk of failure
by the firm to comply with its obligations under the regulatory system, as well as
associated risks, and put in place adequate measures and procedures designed to
minimise such risks and to enable the FSA to exercise its powers effectively under the
regulatory system and to enable any other competent authority to exercise its powers
effectively under MiFID.’
2.19. SYSC 6.2.1 R provided: ‘A common platform firm must, where appropriate and
proportionate in view of the nature, scale and complexity of its business and the
nature and range of investment services and activities undertaken in the course of that
business, establish and maintain an internal audit function which is separate and
independent from the other functions and activities of the firm and which has the
following responsibilities:
7
(1)
to establish, implement and maintain an audit plan to examine and evaluate
the adequacy and effectiveness of the firm's systems, internal control
mechanisms and arrangements;
(2)
to issue recommendations based on the result of work carried out in
accordance with (1);
(3)
to verify compliance with those recommendations;
(4)
to report in relation to internal audit matters in accordance with SYSC 4.3.2
R.’
2.20. SYSC 6.2.2 G provided: ‘The term 'internal audit function' in SYSC 6.2.1 R (and
SYSC 4.1.11 G) refers to the generally understood concept of internal audit within a
common platform firm, that is, the function of assessing adherence to and the
effectiveness of internal systems and controls, procedures and policies. The internal
audit function is not a controlled function itself, but is part of the systems and controls
function (CF28).’
2.21. SYSC 7.1.1 G provided: ‘SYSC 4.1.1 R requires a common platform firm to have
effective processes to identify, manage, monitor and report the risks it is or might be
exposed to.’
2.22. SYSC 7.1.2 R provided: ‘A common platform firm must establish, implement and
maintain adequate risk management policies and procedures, including effective
procedures for risk assessment, which identify the risks relating to the firm's
activities, processes and systems, and where appropriate, set the level of risk tolerated
by the firm.’
2.23. SYSC 7.1.3 R provided: ‘A common platform firm must adopt effective arrangements,
processes and mechanisms to manage the risk relating to the firm's activities,
processes and systems, in light of that level of risk tolerance.’
2.24. SYSC 7.1.4 R provided: ‘The senior personnel of a common platform firm must
approve and periodically review the strategies and policies for taking up, managing,
monitoring and mitigating the risks the firm is or might be exposed to, including those
posed by the macroeconomic environment in which it operates in relation to the status
of the business cycle.’
2.25. SYSC 7.1.5 R provided: ‘A common platform firm must monitor the following:
(1)
the adequacy and effectiveness of the firm's risk management policies and
procedures;
(2)
the level of compliance by the firm and its relevant persons with the
arrangements, processes and mechanisms adopted in accordance with SYSC
7.1.3 R;
(3)
the adequacy and effectiveness of measures taken to address any deficiencies
in those policies, procedures, arrangements, processes and mechanisms,
including failures by the relevant persons to comply with such arrangements
or processes and mechanisms or follow such policies and procedures.’
2.26. SYSC 7.1.6 R provided: ‘A common platform firm must, where appropriate and
proportionate in view of the nature, scale and complexity of its business and the
nature and range of the investment services and activities undertaken in the course of
that business, establish and maintain a risk management function that operates
independently and carries out the following tasks:
(1)
implementation of the policies and procedures referred to in SYSC 7.1.2 R to
SYSC 7.1.5 R; and
(2)
provision of reports and advice to senior personnel in accordance with SYSC
4.3.2 R.’
2.27. SYSC 7.1.7 R provided: ‘Where a common platform firm is not required under SYSC
7.1.6 R to maintain a risk management function that functions independently, it must
nevertheless be able to demonstrate that the policies and procedures which it has
adopted in accordance with SYSC 7.1.2 R to SYSC 7.1.5 R satisfy the requirements of
those rules and are consistently effective.’
3.
Relevant provisions from the Threshold Conditions (COND)
3.1.
COND 2.5.1 (paragraph 5, schedule 6 to the Act) provides: ‘The person concerned
must satisfy the [FSA] that he is a fit and proper person having regard to all the
circumstances, including:
(a)
his connection with any person;
(b)
the nature of any regulated activity that he carries on or seeks to carry on; and
(c)
the need to ensure that his affairs are conducted soundly and prudently.’
3.2.
COND 2.5.4 G (2) provides: ‘Relevant matters include, but are not limited to, whether
a firm:
(a)
conducts, or will conduct, its business with integrity and in compliance with
proper standards;
(b)
has, or will have, a competent and prudent management; and
(c)
can demonstrate that it conducts, or will conduct, its affairs with the exercise
of due, skill, care and diligence.’
3.3.
COND 2.5.7 G (6) provides: ‘In determining whether a firm will satisfy and continue
to satisfy threshold condition 5 in respect of having competent and prudent
management and exercising due skill, care and diligence, relevant matters, as
referred to in COND 2.5.4 G (2), may include… the firm has approached the control
of financial and other risk in a prudent manner (for example, by not assuming risks
without taking due account of the possible consequences) and has taken reasonable
care to ensure that robust information and reporting systems have been developed,
tested and properly installed…’.
4.
The Decision Procedure and Penalties Manual (DEPP)
4.1.
The FSA’s approach to deciding whether to take action and, if so, whether to impose a
financial penalty or public censure, is set out in Chapter 6 of DEPP. This chapter was
amended on 6 March 2010 to implement the FSA’s new approach to penalty setting.
The provisions of DEPP set out below are those which were in force between 28
August 2007,(when DEPP came into force) and 31 December 2008 (the end of the
Relevant Period).
4.2.
DEPP 6.2.4 G provided: ‘The primary responsibility for ensuring compliance with a
firm's regulatory obligations rests with the firm itself….’
4.3.
DEPP 6.2.15 G provided: ‘In determining whether a Principle has been breached, it
is necessary to look to the standard of conduct required by the Principle in question at
the time. Under each of the Principles, the onus will be on the FSA to show that a
firm has been at fault in some way.’
4.4.
DEPP 6.4.1 G provided: ‘The FSA will consider all the relevant circumstances of the
case when deciding whether to impose a penalty or issue a public censure. As such,
the factors set out in DEPP 6.4.2 G are not exhaustive. Not all of the factors may be
relevant in a particular case and there may be other factors, not listed, that are
relevant.’
5.
Enforcement Manual (ENF)
5.1.
Prior to the enactment of DEPP, the FSA’s approach to taking action, financial
penalties and public censures was set out in ENF. The provisions of ENF set out
below were in force between 1 January 2006, the start of the Relevant Period, and 27
August 2007, the day prior to the enactment of DEPP.
5.2.
ENF 11.6.2 G provided: ‘In determining whether a Principle has been broken, it is
necessary to look to the standard of conduct required by the Principle in question.
Under each of the Principles, the onus will be on the FSA to show that a firm has
been at fault in some way….’
5.3.
ENF 12.2.2 G provided: ‘The FSA regards the decision to issue a public censure or
public statement as a serious sanction. The FSA is aware of the effect such a
statement may have on the reputation or business of a firm or approved person.
However, where it is not appropriate to impose a financial penalty, the FSA considers
that a public censure or public statement may have particular value in enabling the
FSA to pursue its regulatory objectives by highlighting the requirements and
standards of conduct expected of firms and approved persons, and demonstrating that
those standards are being effectively enforced, so helping to maintain confidence in
the financial system. In addition, public censures and public statements promote
public awareness of the standards of behaviour expected of firms and approved
persons. Increased public awareness also contributes towards greater consumer
protection.’
5.4.
ENF 12.3.3 G provided: ‘The criteria for determining whether it is appropriate to
issue a public censure or public statement rather than impose a financial penalty are
similar to those for determining the level of financial penalty listed in ENF 3
(Discipline of firms and approved persons: financial penalties). The starting point is
that the FSA will consider all the relevant circumstances of the case. Some particular
considerations may be relevant when the FSA determines whether to impose a public
censure or public statement rather than a financial penalty. The following list is not
exhaustive (not all of these factors may be relevant in a particular case, and there
may be other factors that are relevant):
(1)
if the firm or approved person has made a profit or avoided a loss as a result
of the breach or misconduct, this may be a factor in favour of a financial
penalty, on the basis that a firm or approved person should not be permitted to
benefit from its breach or misconduct;
(2)
if the breach or misconduct is more serious in nature or degree, this may be a
factor in favour of a financial penalty, on the basis that the sanction should
reflect the seriousness of the breach or misconduct; other things being equal,
the more serious the breach or misconduct, the more likely the FSA is to
impose a financial penalty;
(3)
if the firm or approved person has admitted the breach or misconduct and
provides full and immediate co-operation to the FSA, and takes steps to ensure
that consumers are fully compensated for any losses arising from the
contravention, this may be a factor in favour of a public censure or statement
of misconduct, rather than a financial penalty, depending upon the nature and
seriousness of the breach or misconduct;
(4)
if the firm or approved person has a poor disciplinary record or compliance
history (for example, where the FSA has previously brought disciplinary action
resulting in adverse findings in relation to the same or similar behaviour), this
may be a factor in favour of a financial penalty, on the basis that it may be
particularly important to deter future cases;
(5)
the FSA's approach in similar previous cases: the FSA will seek to achieve a
consistent approach to its decisions on whether to impose a penalty or issue a
public statement; and
(6)
if the firm or approved person has inadequate means (excluding any
manipulation or attempted manipulation of their assets) to pay the level of
financial penalty which their breach or misconduct would otherwise attract,
this may be a factor in favour of a lower level of penalty or a public statement.
However, it would only be in an exceptional case that the FSA would be
prepared to agree to impose a public statement rather than a financial penalty,
if a financial penalty would otherwise be the appropriate sanction. Examples
of such exceptional cases could include:
(a)
verifiable evidence that an approved person would suffer serious
financial hardship if the FSA imposed a financial penalty; and
(b)
verifiable evidence that the firm would be unable to meet other
regulatory requirements, particularly financial resource requirements,
if the FSA imposed a financial penalty at an appropriate level.