Parliamentary Commission on Banking StandardsLetter from the FSA to James Crosby on 24 December 2002 regarding Risk Assessment—HBOS Group
As you are aware, the FSA conducted its risk assessment of HBOS Group during October this year. This assessment covers the banking operations and Group functions only. The insurance and investment firms within IID have been subject to separate assessments conducted by the FSA’s Insurance Finns Division and Investment Firms Division earlier this year, the results of which have already been communicated to you.
The FSA has not carried out an assessment of the regulated sales area of the Retail division. My team is now responsible for the Group supervision of HBOS, and we intend to undertake a risk assessment of this business once we have completed our familiarisation work on our new areas of responsibility. We will integrate the results of the review with the findings contained in this letter and as a result the overall probability scores may be amended.
For those areas of the Group that have already been the subject of separate risk assessments by the FSA, we intend to address the issues by way of the actions set out in the risk mitigation programmes. However, the timing of some of those actions may change as we prioritise our work on the HBOS Group and undertake familiarisation work on those areas of the Group that are new to Major Financial Groups Division.
The purpose of this letter is to summarise our findings and to advise you of our intended risk mitigation programme. This includes actions we expect you to take. In undertaking this assessment we have split the Group into “material business units” (MBUs) based on your own business divisions. The Group assessment covers group-wide issues, issues relating to Group functions and the high level control framework. This split is mirrored in the structure of the risk mitigation programmes.
The background to the FSA’s risk assessment framework, including an explanation of impact and probability together with the FSA’s statutory objectives under the Financial Services and Markets Act 2000, is set out in Appendix 1. Please read this in order to put into context this letter and the risk mitigation programme.
The FSA’s risk assessment process is a high level review. It is not an examination or audit and may not identify all of the risks associated with current and proposed activities. The ultimate responsibility for identifying and assessing risks remains with the Board of Directors.
Overall Assessment
The table below show’s our aggregate assessment of the risks posed by HBOS against each of the FSA’s statutory objectives. The impact scores reflect the scale of the effect of HBOS on the FSA’s statutory objectives were particular risks to crystallise. The probability scores reflect our assessment of the likelihood that such crystallisation will occur. This is based on an assessment of the information gathered from our onsite work, the results and findings of previous supervisory work and other relevant information.
|
Statutory objective |
Impact |
Probability |
|
Market Confidence |
High |
Medium High |
|
Public Awareness |
High |
Medium Low |
|
Consumer Protection |
High |
Medium High |
|
Reduction of Financial Crime |
High |
Medium Low |
Operating Environment
Our assessment has been completed against the backdrop of the wider environment within which the Group currently operates. We have taken these issues into consideration when formulating our assessment of the firm specific risks but we acknowledge that they are outside your scope of influence.
The majority of HBOS’ business is in the UK and the Group therefore is heavily impacted by changes in the UK operating environment. Since the merger, global economic conditions have become more difficult and this has already had an impact on multinational companies. To date, the domestically focussed part of the economy has been relatively stronger as consumer spending has remained high, supported by strong personal borrowing. There are clearly concerns whether this will continue. If consumer confidence were to suffer a significant setback then this could impact on asset quality in all areas of the business, including the mortgage book where HBOS has a material concentration.
The nature of global economic conditions, together with recent large scale corporate failures have impacted severely on equity markets and hence on the performance of the life insurance and investment sectors. The solvency of many life insurers has been particularly heavily affected and HBOS’s insurance operations have been no exception. Substantial capital injections have been made during the year. HBOS’s capital planning will need to continue to take account of the possibility of further stock market falls and other “shocks” which could lead to calls for additional capital from the insurance operations.
A number of regulatory changes will also have an impact on the Group’s strategy and HBOS will need to ensure that it positions itself strategic ally to deal with these changes. The FSA’s review of the polarisation regime, the introduction of mortgage regulation and the Sandler review of retail investment products will all have the potential to change the markets in which HBOS operates and in some cases (the structure of the products which it sells. The findings of the Competition Commission enquiry into SME banking in the UK. while having an obvious and immediate impact on HBOS’ key competitors in this market, makes it more difficult for HBOS to differentiate itself on price from its peers. The proposed changes to the Basel Accord will also mean that HBOS will have a considerable programme of work to complete to ensure that it is positioned to take advantage of the capital savings that the new Accord could offer to banks with strong risk management systems and controls.
Key Findings
Following the merger of the Halifax and Bank of Scotland groups last year, HBOS is both more complex and better diversified than its predecessors. You have aggressive plans for the Group across all sectors of its business and HBOS is growing rapidly: A key strategic opportunity resulting from the merger is combining the strengths of Bank of Scotland’s experience in business banking with the Halifax branch network to exploit the potential to increase market share in the SME market in England and Wales. The merger has also brought increased scale and allows the Group to compete for larger deals on the Corporate Banking side, whilst enlarging Retail and Treasury operations. The revenue and cost synergy targets the Group has set itself also provide an important backdrop to the assessment of the Group. Over the regulatory period, shareholders will expect the Group to deliver against these targets, whilst it continues to pursue strong growth in all areas. The Group’s delivery of its growth plans must be achieved in a manner that is compliant with our regulatory objectives. A key challenge for you is to ensure that the quality and effectiveness of the control infrastructure keeps pace with the growth in the business and the associated risks. You have made considerable progress since the merger last year, however there have been a number of compliance issues (eg the banking code and advertising standards breaches) and we expect to see improvement in future. You have explicitly positioned the group as a “consumer champion” and as such face increased reputational risk in your dealings with customers, and scrutiny from the media and other interested parties if you are perceived not to have lived up to this ethos.
Group control functions
The group functions have had to move quickly to integrate people, systems and approaches to establish a new infrastructure that is fit for purpose for the HBOS Group, You have chosen to follow a model where the divisions are clearly responsible for all areas of their activity including Risk, Finance, IT and Compliance, with functional leadership, oversight and challenge being provided by the Group central functions. Within this structure, Group Risk functions need to provide an additional layer of challenge to the businesses, over and above the divisional risk units, and provide an independent view to the Board on the nature and quantum of risk facing the Group as a whole. The introduction of a Group Risk function with a remit to provide functional leadership and oversight of the businesses is welcome. It has particular importance given the growth strategy and amount of change taking place across the Group. However, working alongside a Group Risk function requires a cultura1 shift by some parts of the Group and the model is taking some time to bed down within HBOS. The development of the role of the function and its relationships with the business divisions is something that we will monitor over the regulatory period. Although the model appears to be evolving in the right direction, there are a number of areas where further progress is required to ensure that the standard of implementation of the model across the Group is satisfactory, and consistent between divisions.
Group Regulatory Risk
Group Regulatory Risk has gradually devolved responsibility for compliance to the business divisions over the year. As we noted at the time of the merger, the function of Head of Regulatory Risk within HBOS has a different and more demanding role than in cither of the predecessor organisations, and you will need to ensure that Regulatory Risk is adequately resourced. We consider the number of regulatory issues around the Group, particularly in IID, (eg those related to SJPC and the Equitable) to raise some serious risks of management stretch. In addition the division of responsibilities between Group Regulatory Risk and IID Regulatory Risk, including the nature of the role of Head of 1ID Regulatory Risk, has yet to be clarified. We expect there to be clarity between the roles of the respective functions and you will need to demonstrate to us that there is a separation of responsibility for delivery of risk management and oversight and challenge.
Group capital and funding
The Group’s strong asset growth, particularly in the mortgage book and in Corporate Banking, has exceeded growth in customer deposits, leading to the Group being increasingly reliant on wholesale funding. As the Group acknowledges, this creates liquidity risk and a need for a robust plan that will ensure adequate access to wholesale funding. It is likely to require diversification of funding sources away from traditional markets. We are aware that the aim to extend the maturity profile of funding targeted in this year’s plan has not been achieved, in part due to the current interest rate environment. You will need to demonstrate to us that the Group’s funding plan for 2003 and subsequent years is achievable and robust in the face of market “shocks”. We will monitor the way in which the funding profile develops during the year. As noted above, as a bancassurer, the Group needs to be prepared for calls for capital from its insurance operations in the face of adverse stock market conditions. This, together with the strong growth across the group exacerbates the need for careful capital planning to ensure that the Group’s capital position is comfortable going forward.
Integration programme
The ongoing integration work is a key operational risk. Business divisions are affected to different extents, with Retail and Treasury having heavy programmes of integration work continuing out to 2004. The operational risks associated with integration have been mitigated with varying degrees of success across the Group. Retail division has an extensive, complex programme of integration work to deliver, a key component of which is the migration of Bank of Scotland retail customers and products onto Halifax systems. This systems migration work brings with it considerable operational risk and there is a risk of customer detriment if this work is not completed successfully. If the strong growth HBOS have achieved in the retail market, particularly in mortgages, is to be repeated in 2003, this will further raise the inherent operational risk profile to the point where we consider the aggregate risk to be high. To date this integration work appears to have been well planned and managed. However, you will need to demonstrate that you have plans in place to manage and mitigate such risks throughout the integration project.
Treasury
Progress with the integration programme within Treasury has been slower than initially planned and has encountered a number of difficulties. While there are always cultural issues to resolve in any merger, it appears that these have restricted the ability of Treasury to deliver systems integration to the original timetable. This delay has had a negative impact on key control functions such as Risk Management and Finance, who will have to continue to consolidate reports from two systems for the foreseeable future. This heightens operational risk, and restricts the ability of Treasury to expand its product range until systems integration is complete and the infrastructure is more robust. Given the growing complexity of the business-and the current infrastructure in Treasury, the strength of the risk management function, including its technical ability to keep pace with front office developments and its ability to challenge the business when necessary, is a key concern and is an area of focus in our risk mitigation programme.
Business and Corporate Banking
Both Business Banking and Corporate Banking are targeting growth in new markets at a time of economic uncertainty. Credit risk is clearly the key risk for these divisions and the control infrastructure, both within the divisions and at Group level, must ensure that the credit quality of new business is maintained at an acceptable level. Your work to improve the risk grading system is a key project. We will review the effectiveness of the new grading systems being developed in these divisions and the adequacy of the portfolio analysis being undertaken during the regulatory period.
Risk Mitigation Programme
The full risk mitigation programme (RMP) is set out in Appendix 2. This is subject to review should there be any significant change, or potential change, to HBOS’s business or control structure. In line with your general obligations under the FSA Handbook, you should therefore notify us of any such changes.
Within the risk mitigation programme, an immediate priority is for us to understand the impact of senior management changes that have been made within the Group since the end of our on-site work. We intend to meet with senior management within affected areas to discuss the changes and their implications for the businesses in more detail.
As noted above, our key objective is to ensure that the rapid growth planned by the Group is achieved in a controlled, compliant manner and you will need to satisfy us that there is an appropriate control infrastructure supporting the growth of the business. We will expect to see confirmation both through the actions set out in the RMP and through our routine close and continuous supervision of the group. In setting the RMP we have taken account of our assessment of the quality of control functions across the group. In particular, in a number of areas we have decided to address risk issues by placing reliance on internal audit. Should our view of the quality or independence of the internal audit function change then we would need to revisit the supervisory programme and consider a more intensive regime which could include making use of our powers to engage skilled person under section 16 of FSMA.
Three key areas of focus in our risk mitigation plans for the group, which address issues described above are:
Treasury—as the business grows and develops new products, the risk management function will need to keep pace and ensure that there is a robust control environment in place. We will visit Treasury in Q1 to review the risk management function, including the impact of recent management and organisational changes. The control environment will need to continue to take account of the additional operational risks being run, and we will be conducting a visit in Q2 2003 to review progress with systems integration and controls in place where there is dual running of systems.
Integration within Retail—there is a complex programme of integration work within Retail. While we have been impressed with the quality of the planning and controls around the programme, we will want to ensure the Group is maintaining strong controls in this area. We will have regular meetings with senior management responsible for the integration work so that we can monitor progress.
Wholesale funding—the Group has recognised that its growing demand for wholesale funding is a risk. We will need to understand your plans to meet this requirement and propose to meet with senior management in the new year to discuss your plans in more detail. The FSA’s Risk Review Team will conduct a visit to the Group to review the asset and liability management framework in the second half of the year. This will supplement our work earlier this year to review liquidity management in Treasury and will allow us to better understand the way that the Group ALM model is working.
Period to the next Risk Assessment
On the basis of our current assessment we plan to undertake the next full risk assessment in 24 months. It is important to note that the FSA may undertake further work at any time, or expect HBOS to undertake additional work, if for example additional risks are identified or crystallise. In any event, the FSA will undertake an internal interim review of the risk mitigation programme in 12 months and will consider then whether any further action needs to be taken.
Confidentiality and Response to this Letter
We regard the contents of this letter as confidential. You should copy this letter to your auditors but we ask that you discuss with us any intended disclosure to any other third party.
Please confirm to me by 31 January that the Board has considered this letter and that HBOS will implement the sections of the risk mitigation programme, in Appendix 2, which require action by you.
APPENDIX 1
BACKGROUND NOTES TO THE FSA’S RISK ASSESSMENT FRAMEWORK
1. The FSA’s approach to risk is published .and explained in the Building the new regulator pages of our website. In summary this explains that the priority the FSA gives to a particular risk depends on our assessment of two factors:
(a)
(b)
2 The probability assessment is a high level review aimed at assessing the likelihood of particular risk in a firm posing a threat to the FSA’s statutory objectives. Any visit to a firm undertaken by the FSA as part of a probability assessment is not an examination or audit and may not identify all of the risks associated with current and proposed activities. The ultimate responsibility for doing so remains with the Board of Directors.
Impact
3 Firms are assessed as having a high, medium high, medium low or low impact to the FSA’s statutory objectives, An explanation of the four impact bands is given in the Building the New Regulator Progress Reports, which are also available on our website.* This assessment is based on indicators relevant to the sector in which the firm, operates.
Probability
4 The FSA undertakes a probability risk assessment of all firms other than those that are assessed as low impact.
5 The assessment quantities the risk a firm poses to the FSA’s statutory objectives. For example, a firm might pose a material risk to the consumer protection objective while posing little or no risk to the market confidence objective. This analysis assists the FSA in targeting its resources.
6 Probability risk is categorised as high, medium high, medium low or low. Where particular risks are identified the FSA will consider appropriate action to mitigate those risks.
The FSA’s Statutory Objectives
7 These four objectives were established by the Financial Services and Markets Act:
Maintain confidence in the UK financial system. “Market Confidence”
Promote public understanding of the financial system. “Public Awareness”
Secure the appropriate degree of protection for consumers. “Consumer Protection”
Reduce the scope for financial crime. “Reduction of Financial Crime”
APPENDIX 2
RISK MITIGATION PROGRAMME
|
Assessment Name |
HBOS Group |
|
Regulatory Period/End Date |
24 month(s)/24-Dec-2004 |
FSA REGULATED FIRMS INCLUDED IN THE ASSESSMENT
|
FSA Firm Ref No |
Firm Name |
|
204759 |
Bank of Scotland (Ireland) Limited |
|
201944 |
CAPITAL BANK PLC |
|
106048 |
HALIFAX PLC |
|
197542 |
HBOS Treasury Services Plc |
|
169628 |
The Governor and Company of the Bank of Scotland |
|
Nature of Issue |
Firms to which issue relates |
Intended Outcome |
Action |
Timetable |
|
Bank of Scotland had entered into two large outsourcing contracts (with IBM and Xansa) that did not fit with the HBOS operating model and are consequently being unwound and brought back in-house over the next 18 months. |
All |
The unwinding of the contracts with IBM and Xansa is well controlled. HBOS have adequate quality and quantity of resource internally to manage the new responsibilities. In the interim periods HBOS ensure that the third party providers continue to meet specified service standards. |
Internal Audit to share with FSA any reports on the unwinding of outsourcing contracts that indicate material issues with the programme. |
Ongoing |
|
HBOS to have quarterly meetings with the FSA to discuss plans and progress with transfer of responsibilities back to HBOS. |
Quarterly from 01-Jan-2003 to 31-Dec-2003 |
|||
|
BankWest: HBOS are currently considering strategic options in respect of their 56% shareholding in BankWest. If the shareholding is retained then it is likely that HBOS will seek to strengthen the relationship between BankWest and the UK Group, using Retail experience in the UK to grow the Australian business. This would increase the risk of management stretch. |
All |
HBOS has clear strategy for the future of their holding in BankWest. HBOS has appropriate corporate governance arrangements in place over BankWest. |
HBOS senior management to keep FSA informed of any significant developments in their intended strategy for BankWest. |
Ongoing |
|
Business Continuity Planning: HBOS came out behind best practice in FSA review of BCP in late 2001. There are a number of areas around the Group where plans have not been tested. There is no back up site or units are too far from the designated recovery site. Some of these issues may not be rectified in the immediate future. |
All |
HBOS has detailed effective BCP plans for all parts of the Group. These plans are regularly updated and tested. |
HBOS to provide FSA with a copy of the paper to the December Group Audit Committee regarding the status of BCP across the Group. |
By: 31-Jan-2003 |
|
HBOS Group Internal Audit to provide the FSA with a report on the effectiveness and status of BCP across the Group. |
3Q2003 |
|||
|
Growth: HBOS has stated clear merger synergy and revenue targets to the market following the merger, and is targeting strong growth at a time when they have a significant merger integration programme to undertake. There is a risk that the infrastructure will be unable to manage. |
All |
HBOS has adequate controls in place to manage the risks arising from business growth and the integration programme. |
HBOS to provide FSA with a copy of the Group Business Plan and senior management to meet with FSA to present and discuss the plan. |
1Q2003 |
|
HBOS to continue to provide FSA with monthly Group level MI from the divisions. |
Monthly from 01-Jan-2003 to 31-Dec-2004 |
|||
|
FSA to meet with Group Financial Risk and Group Regulatory Risk quarterly to discuss business development generally, including the adequacy of the controls environment in the business divisions. |
Quarterly from 01-Jan-2003 to 31-Dec-2004 |
|||
|
Funding: The HBOS group has a large wholesale funding requirement, which will continue to grow significantly each year. Unless HBOS can successfully diversify their funding sources there is a risk that they will be unable to meet requirements. |
All |
HBOS has a detailed funding plan, aligned to the business plan, which ensures that the group has a stable supply of funding diversified across a spread of sources and maturities. Group monitors progress against plan and has a contingency plan in place in the event that it experiences difficulties with funding. |
Group Finance Director and Head of Treasury to give FSA a presentation on the funding plan for 2003. |
1Q2003 |
|
Firm to provide FSA with copies of quarterly GALCO reports on progress against funding plans. |
Quarterly from 01-Jan-2003 to 31-Dec-2004 |
|||
|
FSA Risk Review team will conduct a visit to assess the quality of asset and liability management across the HBOS Group. |
3Q2003 |
|||
|
Risk Management: Within the HBOS structure the Group Financial Risk function has been set up to provide functional leadership and oversight of the business. This model is taking some time to bed down, and the role of the centre in relation to each of the divisions is still evolving. Financial risk management also needs to develop skills in looking at the IID business. |
All |
HBOS has a strong Group Risk function that provides challenge to and oversight of all business divisions. There is clarity of roles between Group Risk and the divisional risk functions. HBOS Group Risk has adequately skilled resources to fulfil its role. |
FSA to have quarterly meetings with the Head of Financial Risk to discuss development of the GFR role, issues/concerns, resourcing, and GFR’s programme of work. |
Quarterly from 01-Jan-2003 to 31-Dec 2004 |
|
Intra-group exposures: Because of its unusual group structure, with a treasury in a subsidiary bank funding two large banks above it, HBOS has difficulty in managing its LF position effectively, necessitating the use of capital maintenance agreements and parental guarantee structures. The process of managing and monitoring intra-group funding flows is not robust. HBOS has recently begun a project to address these issues. |
All |
HBOS has clear and robust procedures for approving, managing and monitoring intra-group funding flows at both a divisional and legal entity level, with clear senior management accountability. HBOS has a Group policy on treasury concessions including limit approvals, monitoring against limits and escalation of breeches, and applications to the FSA are made at an early stage with a credible business case. |
Firm to continue to meet with the FSA on a quarterly basis to provide update on progress with ongoing project to address the issue and discuss any changes required to current treasury concessions and limits. |
Quarterly from 01-Jan-2003 to 31-Dec-2003 |
|
HBOS Internal Audit to conduct a review following the conclusion of HBOS’s internal project to assess the adequacy of the new procedures and report back to FSA. |
4Q2003 |
|||
|
Money Laundering: As a major group operating in the retail, SME and corporate sectors, HBOS is a target for money laundering activities. HBOS is one of six major UK banking groups committed to reviewing accounts opened since 1994. |
All |
HBOS have fit for purpose money laundering procedures and controls across the Group. HBOS have appropriate plans for undertaking the remedial action required as part of the Big 6 backlog project. |
HBOS will provide FSA with copies of its quarterly money laundering report to the Group Audit Committee. HBOS will also provide KPI information on anti-money laundering controls across all business divisions on a regular basis. |
Quarterly from 01-Jan-2003 to 31-Dec-2004 |
|
FSA will meet with HBOS MLRO and his deputy on a quarterly basis to discuss progress with the remedial action project and other money laundering detection and prevention issues relevant to the Group. |
Quarterly from 01-Jan-2003 to 31-Dec-2003 |
|||
|
Finance: Although senior management within the function appears strong, it is not clear to FSA that there is sufficient depth within Finance both at Group level and within the business divisions. We have seen some evidence of stretch within Finance given the ongoing integration programme. There have been a number of regulatory reporting problems since merger, particularly around the transfer of business from Halifax plc to HBOS Treasury. |
All |
HBOS has a strong Finance team across the business divisions and within the Group Function. There is a clear succession plan in place for key Finance appointments. HBOS submits reliable and timely regulatory returns to the FSA and the Bank of England. |
FSA to meet with Group Finance Director to discuss the adequacy of Finance resources across the Group and succession plans for key roles. |
1Q2003 |
|
FSA will consider commissioning a skilled persons report under s.166 of FSMA to examine the robustness and accuracy of the reporting process. |
2Q2003 |
|||
|
Regulatory Risk: It is currently unclear how the relationship between Group Regulatory Risk and IID Regulatory Risk will work, given the differing nature of the newly appointed IID Head of Regulatory Risk role to other divisional roles. There is a lack of clarity between the roles of Group and IID Regulatory Risk. Given the number of compliance issues within IID, there is a risk of management stretch. |
All |
There is clarity over the respective roles of Group Regulatory Risk and IID Regulatory Risk in respect of compliance issues in IID. |
FSA to meet with Head of IID Regulatory Risk to discuss the nature of his role. FSA will also discuss the respective roles in the course of regular meetings with the Head of Group Audit, Regulatory and Operational Risk. |
1Q2003 |
|
Joint venture relationships: HBOS has a significant number of joint venture relationships across all divisions of the Group. These include *** and ***, Joint ventures have higher levels of operational and legal risk associated with them. |
All |
HBOS has robust governance arrangements in place over joint ventures, and is able to exert the level of influence over the venture that is appropriate to the shareholding and risks. |
We are aware that HBOS have done some work in looking at joint venture governance and have produced documentation templates and minimum standards for future JVs to adhere to. HBOS also looking at current JV arrangements to identify the extent to which they comply with these standards. HBOS to provide FSA with a copy of their assessments of current joint venture relationships and the templates devised for future relationships. |
2Q2003 |
APPENDIX 2
RISK MITIGATION PROGRAMME
|
Assessment Name |
HBOS Group |
|
Regulatory Period/End Date |
24 month(s)/24-Dec-2004 |
FSA REGULATED FIRMS INCLUDED IN THE ASSESSMENT
|
FSA Firm Ref No |
Firm Name |
|
106048 |
HALIFAX PLC |
|
169628 |
The Governor and Company of the Bank of Scotland |
|
Nature of Issue |
Firms to which issue relates |
Intended Outcome |
Action |
Timetable |
|
The retail division has an extensive program of integration work. Many of the individual project strands are interrelated adding to the complexity of the overall program. The expected synergies arising from this work are important to the division’s ability to meet publicly quoted cost targets. There is a risk that integration related work will cause other business as usual tasks to be given an inappropriately low priority. There is also a risk that any failure to adequately plan or deliver the integration work could result in a failure to meet cost targets or operational problems that could result in an inadequate service to customers. The loss of any of the key individuals managing the integration project (Head of Operations, Head of IT or Head of Retail Strategy) could have a significant impact of the overall success of the project. |
All |
The program of integration work is adequately planned and controlled and adequate resources are available to maintain business as usual functions and controls. |
Contingency plans are in place to cover the loss of any one of the three key individuals leading the integration work. The form should keep these plans under review and discuss arrangements with FSA should it become clear that any of these individuals will not continue in their current posts. |
On-going |
|
FSA to meet senior management responsible for the integration project on a quarterly basis. |
Quarterly from 01-Jan-2003 to 31-Dec-2004 |
|||
|
Mortgage concentration: The division has a high concentration of residential property lending. Although residential mortgages have a relatively low credit risk and historically default rates have been low, a substantial increase in unemployment could increase the risk significantly, particularly if combined with increased interest rates. |
All |
The firm continues to take account of the risks associated with the high degree of concentration in residential mortgage lending and continues to conduct appropriate stress testing. |
The division is currently engaged in a stress testing exercise. The results of this work should be shared with FSA on completion. |
On completion |
|
FSA to visit the firm to assess the quality of portfolio monitoring of the mortgage book. |
3Q2003 |
|||
|
Euro Implementation: In common with other major retail banking operations, the retail division would face extensive work to prepare for entry to the Euro. Total costs for the division are estimated to be £225 million, including an IT spend of £150 million. An early entry into the Euro would also cause the division to deprioritise other IT work including that related to the integration project. |
All |
The planning process continues to take account of the risks associated with possibility of an early entry into the Euro. |
Senior management to inform FSA of any significant changes to their project prioritisation resulting from a change to their assessment of the timing of Euro related systems work. |
On-going |
|
Intelligent Finance Systems and Controls: Reflecting its status as a new business, there have been a number of issues that suggest that the control framework within IF has not in the past been as robust as in other areas of the retail division. Internal audit have also graded “amber” a larger proportion of their reports on IF than on other areas within the Retail division. |
HALIFAX PLC |
A robust control environment is maintained within IF, reflected in a continued increase in the proportion of “green” findings in the internal audit work carried out on the division. |
Firm to continue to devote adequate internal audit resources to IF and to inform FSA of any significant adverse findings. |
On-going |
|
Money Laundering: The division has a large retail network which creates the scope for money laundering. The increased use of direct channels, including IF, might increase the money laundering risk. HBOS is one of the six major UK banking groups committed to reviewing accounts opened since 1994. |
All |
The firm has robust money laundering controls and appropriate plans and resources to undertake the remedial action required as part of the Big 6 backlog project. |
Risk mitigation actions relating to money laundering controls across the group are contained in the group RMP. FSA will also use ad-hoc meeting with senior management within the Retail division to discuss divisional issues including process with the remedial programme. |
On-going |
|
Risk management: The risk management function within the retail division was enhanced earlier this year by the appointment of a Head of Retail Risk (previously the heads of credit, regulatory and operational risk separately reported to the Head of Operations). It has now been decided that the function should be further enhanced by the appointment of a higher profile Head of Credit Risk from outside the group. Part of the retail division (including card services and IF) have separate risk functions. Although all decision making committees have representation from retail risk, there is a possibility that risk decisions within the division are not taken on a consistent basis and that the retail board does not have a full and complete understanding of the risk level across the division. |
All |
The firm has an adequately resourced risk function and all areas of the business have adequate risk coverage and a consistent standard of risk management. |
The divisional executive should formally reconsider the appropriateness of the current risk arrangements within IF and Card Services and should either provide a report explaining the rationale for the current structure or plans for increased integration. |
By: 30-Apr-2003 |
|
FSA will discuss the findings of the review and resourcing level of the risk functions with the Head of Retail Risk. FSA will also meet the new Head of Credit Risk when appointed. |
2Q2002 |
|||
|
Customer understanding: HBOS has a clearly stated aim of offering customers relatively straightforward, easy to understand products. However, it does offer some innovative products such as the netting concept used in IF. In addition there have recently been adverse findings against HBOS under banking code and advertising standards regimes. Given HBOS’s very wide retail customer base, which includes relatively unsophisticated individuals, there is a risk that customers will not understand the products they are offered. |
All |
The firm has a robust system for product approvals, which takes account of the level of understanding consumers can be expected to have and the way in which the product will be sold. |
Internal audit to conduct a review of the adequacy of the arrangements for approving products within the retail division and to comment specifically on the measures taken to ensure that product documentation is likely to achieve the desired level of consumer understanding. |
By: 31-Dec-2003 |
|
Business strategy: The divisional strategy involves a substantial level of growth and in some cases generating new business by offering short term incentives. In part the success of this strategy depends on an ability to control costs and continue to provide an adequate level of customer service at a time when volumes are growing rapidly. It also depends on the adequacy of pricing models including the ability to predict customer behaviour when offer periods come to an end. The high level of planned growth during a period where there is also extensive integration work leads to risk of management stretch. |
All |
The firm continues to have a robust business planning process which considers all relevant factors including the availability of management resources. The firm also has effective arrangements for monitoring delivery against the plan and adequately assesses and manages any resource strains that arise. |
FSA to meet the Retail CEO on a quarterly basis to discuss performance against the divisional business plan and major issues arising within the business. |
Quarterly from 01-Jan-2003 to 31-Dec-2003 |
|
Intelligent Finance (IF) Profitability: IF is following an unproven business model and has yet to breakeven. HBOS has indicated to the market that it expects the business to breakeven by Q4 2003. There is a risk that there might be undue pressure to reduce costs to meet public targets at the expense of ensuring control and customer servicing functions are adequately resourced. |
HALIFAX PLC |
HBOS to continue to monitor the financial performance of IF and to have appropriate contingency plans should business targets not be met. |
Firm to continue to supply FSA with monthly management information on IF. |
Monthly from 01-Jan-2003 to 31-Dec-2003 |
|
FSA to meet the senior management of IF and the Retail CEO to discuss the performance against the 2003 business plan and on-going strategy. |
2H2003 |
|||
|
Balance of management experience: The senior management team of the retail division includes a relatively small number of experienced bankers, with a number of recent results coming from marketing or consultancy backgrounds. There is a risk that this balance of experience amongst senior management could lead to a culture which is overly sales focused and gives inadequate priority to risk issues. |
All |
The senior management team has an appropriate balance of skills and experience. |
A review of succession planning within the retail division is nearly complete. This review should consider the need to ensure that the senior management team includes a sufficient number of experienced bankers should the current Head of Finance, Head of Risk or Head of Operations leave the division. Once this is completed the firm should share the results with FSA. Going forward the divisional CEO should ensure that FSA remain up to date with succession plans. |
1Q2003 |
|
Unsecured lending: The retail business has increased the level of business carried out in unsecured products (such as credit cards and personal loans) that have a higher credit risk than its traditional core mortgage business. However, the level of unsecured lending represents a small proportion (less than 10%) of the division’s total lending. |
All |
The firm is able accurately to monitor and manage the credit risk arising from its unsecured lending portfolio. |
FSA’s risk review team to visit the Cards Services and Personal Loans area to assess the level of risk being taken and the credit controls applied in these areas. |
2Q2003 |
APPENDIX 2
RISK MITIGATION PROGRAMME
|
Assessment Name |
HBOS Group |
|
Regulatory Period/End Date |
24 month(s)/24-Dec-2004 |
FSA REGULATED FIRMS INCLUDED IN THE ASSESSMENT
|
FSA Firm Ref No |
Firm Name |
|
197542 |
HBOS Treasury Services Plc |
|
Nature of Issue |
Intended Outcome |
Action |
Timetable |
|
New business developments: Treasury plan to extend the scope of the business, including building an equity derivatives business and potentially a debt capital markets function, next year. Given ongoing integration work and associated stretch, there is a risk that the infrastructure will not be able to cope with entering complex new business lines in addition to the ongoing integration and business as usual activities. In addition new businesses will require particular skills that may not be present in the current management team. |
Treasury has adequate controls, systems, and resources for any new business lines. Treasury has appropriately skilled staff to understand, measure, control and report on the risks associated with new business developments. Treasury has a robust new product approval process. |
The firm should inform FSA of plans to develop material new businesses at an early stage. Treasury to share and discuss project plans with FSA, and must demonstrate that appropriately skilled staff and a robust control framework are in place for any new business line. |
When the firm is beginning a new business project. |
|
Adequacy of Risk Management: Risk Management currently have to aggregate risk figures across two systems and will do for the foreseeable future for the sales and trading businesses given delays to integration. The front office has ambitious growth plans, including introduction of new more complex products, increasing pressure on the risk function. In addition there is a new unproven Head of Risk in place and a potential gap in Group Financial Risk for Treasury Oversight. There is a risk that the risk management function cannot keep pace with business development and cannot manage the risks being run by the business appropriately. |
Treasury Risk Management provides adequate, independent challenge and oversight of the front office. Risk Management produces timely, accurate risk reports. Head of Risk keeps senior management fully informed about the risks being run in the front office. |
The new Head of Risk, Treasury, to present his business plan for 2003 to FSA, highlighting key areas of concern and plans to address them. |
By: 28-Feb-2003 |
|
FSA to conduct a Traded Risk team visit to HBOS Treasury to examine the risk management framework in detail. |
By: 31-Mar-2003 |
||
|
Market Risk: HBOS has higher VaR limits than most other banks in its peer groups and has some complex trading strategies in place. In addition, the products that Treasury is trading in are increasing in complexity. Senior management are reliant on Risk Management in Treasury to provide and accurate and detailed picture of the risks. There is a risk that senior management within the Group do not fully comprehend the risks being run. |
Senior management ensure that limits within Treasury reflect their risk appetite and that there is a robust risk management structure in place to mitigate the risks being run in front office. |
FSA to conduct a Traded Risk team visit to HBOS Treasury to examine the risk management framework in detail. |
By: 31-Mar-2003 |
|
Integration: The timetable for full systems integration has slipped considerably over the year, with the consequence that the Funding & Liquidity integration will not be complete until H1 2003, while integration of the trading book systems has been postponed indefinitely. Consequently Treasury will continue to operate indefinitely with two front office systems, Summit and Enterprise, with associated increased operational risks. |
The additional risks arising from continued dual running of systems are acknowledged and well controlled. |
The scheduled quarterly update meetings between FSA and Treasury management with responsibility for integration to continue. Treasury should continue to share relevant Internal Audit reports with the FSA. |
Quarterly from 01-Jan-2003 |
|
FSA Traded Risk Review team will conduct a visit to assess the quality of integration of the funding and liquidity systems, and the risks associated with and quality controls surrounding continued use of non-integrated systems for sales and trading businesses, including the use of spreadsheets. |
2Q2003 |
||
|
Overseas Treasury Operations: Following a review of overseas treasury operations earlier this year, HBOS intend to bring all overseas Treasury operations under the control of the London operation. These include Treasury functions operating in remote locations, different regulatory regimes and time zones. There is a risk that London cannot exercise adequate levels of control over remote locations if an appropriate management and reporting framework is not put in place. |
Treasury has a robust control framework covering HBOS treasury operations in overseas locations and can demonstrate how the performance is measured and risks are controlled. |
Treasury to discuss with FSA its detailed project plan for the change in reporting and management structure. |
1Q2003 |
|
HBOS Internal Audit to review the new reporting arrangements once they have been in place for a period of 3 months and report on the adequacy of controls being exercised by Treasury in London. |
2H2003 |
||
|
Treasury is responsible for accessing the market and providing funding for the Group. Consequently, the risks indentified in the Group MBU regarding funding reside primarily in the Treasury MBU. Action is being taken at the group level to address the issue. |
HBOS has a detailed funding plan, aligned to the business plan, which ensures that the group has a stable supply of funding diversified across a spread of sources and maturities. Group monitors progress against plan and has a contingency plan in place in the event that it experiences difficulties with funding. |
Risk mitigation for this issue is included in the Group RMP |
1Q2003 |
APPENDIX 2
RISK MITIGATION PROGRAMME
|
Assessment Name |
HBOS Group |
|
Regulatory Period/End Date |
24 month(s)/24-Dec-2004 |
FSA REGULATED FIRMS INCLUDED IN THE ASSESSMENT
|
FSA Firm Ref No |
Firm Name |
|
204759 |
Bank of Scotland (Ireland) Limited |
|
201944 |
CAPITAL BANK PLC |
|
469628 |
The Governor and Company of the Bank of Scotland |
|
Nature of Issue |
Firms to which issue relates |
Intended Outcome |
Action |
Timetable |
|
Management structure: followed recently announced changes to senior management within Business Banking. Customer Relationships and Sales & New Business will now both report to the current Head of Marketing and Product Development. This is a significant change to the operating model for the division. It is unclear how the division will be organised in the future. |
All |
There is clear management structure and allocation of responsibilities within Business Banking. |
FSA to meet with Colin Matthew and *** to discuss the changes to the structure of the division and rationale for these changes. |
1Q2003 |
|
Economic conditions: HBOS is trying to expand its SME mending book. Any major downturn would hit small businesses which could lead to a deterioration in asset quality and a need for increased provisioning levels. A slowdown could also affect the number of new start ups. |
All |
HBOS is aware of the risks presented by the current economic climate. HBOS has appropriate resources in place to handle an increase in high risk connections and non performing assets. |
Periodic meetings with divisional risk management to discuss changes/trends seen in asset quality and any areas of concern within the portfolio |
Quarterly from 01-Jan-2003 to 31-Dec-2004. |
|
Strategy: Rapid expansion of Business Banking into England is a key selling point of the HBOS merger to the market. At the small end growth in customer account opening has been slower than predicted, with the average balance well below plan. Consequently HBOS are re-thinking their business model for the Direct Business Bank. For medium customers HBOS have recruited 200 relationship managers from competitors to attract business in England and Wales. There is a risk that HBOS is taking on business in new regions using salesmen that are new to the Group, and therefore that the new business is not with HBOS’ risk appetite tolerance. |
All |
HBOS has a clear strategy for the expansion of its Business Banking business into England and Wales and a credible business model for the Direct Business Bank. |
Business Banking to provide a copy of their strategic plan for 2003. Firm to use periodic meetings between senior management within the divisions to discuss performance against anti-ML KPIs and progress with the remedial programme of work. |
1Q2003 |
|
Property Lending: Nearly 40% of the Business Banking portfolio is commercial property lending. Although it is investment not speculative lending, this represents a material concentration in the portfolio. Due to the limitations in HBOS’ risk grading system most property lending is given the same risk grade making portfolio monitoring more difficult. |
All |
HBOS is aware of and monitors material concentrations in the portfolio and takes mitigating action where necessary. HBOS conducts appropriate stress testing of the portfolio. |
HBOS to provide FSA with quarterly risk management information. FSA will discuss concentrations in the portfolio as part of regular discussions with divisional risk management team. |
Quarterly from 01-Jan-2003 to 31-Dec-2004 |
|
Risk grading: The risk grading system used is unsophisticated and does not currently cover the whole of the portfolio within Business Banking. The credit risk MI does not give an accurate reflection of the risks in the portfolio. HBOS is aware of the issue following a section 39 report last year, but until the new system is in place, this remains a risk. |
All |
HBOS to have a robust internal ratings system in place, covering the whole portfolio. |
HBOS to meet with FSA in H1 and H2 2003 to discuss progress with the programme of ongoing work on internal ratings. |
Semi-annually from 06-Jan-2003. |
APPENDIX 2
RISK MITIGATION PROGRAMME
|
Assessment Name |
HBOS Group |
|
Regulatory Period/End Date |
24 month(s)/24-Dec-2004 |
FSA REGULATED FIRMS INCLUDED IN THE ASSESSMENT
|
FSA Firm Ref No |
Firm Name |
|
106048 |
HALIFAX PLC |
|
169628 |
The Governor and Company of the Bank of Scotland |
|
Nature of Issue |
Firms to which issue relates |
Intended Outcome |
Action |
Timetable |
|
Risk grading: The credit grading system currently used by Corporate Banking is unsophisticated. The firm is aware of the issue but until the new system is in place, this remains an issue. |
All |
The division has a robust system for assessing and monitoring credit risk across the portfolio as a whole. |
See Business Banking RMP |
Risk mitigation for this issue will be dealt with in conjunction with Business Banking. |
|
Political and Legal Risks: The division is a leading player in the PPI/PPP market. These transactions might be subject to a high degree of political risk. It is also involved in more complex structured transactions (eg leasing deals) where in some cases the documentation is untested. |
All |
The division has a robust system for assessing and mitigating political and legal risks. |
Internal audit to carry a review of the way in which the Corporate Banking division assesses and mitigates legal and political risks and to provide a copy of their report to FSA |
By: 30-Sep-2003. |
|
Provisioning policy: HBOS’s auditors disagree with the firm over the point at which provisions should be made in respect of problem accounts. However, they indicate that the impact of changing the treatment would not be material on the financial statements of HBOS as a whole. |
All |
HBOS has a clear and robust provisioning process. |
FSA to assess the division’s provision policy as part of a cross-firm review. We will contact you during 2003 to advise the information we require to conduct this review, which might involve an on-site visit. |
By: 31-Dec-2003. |
|
Credit risk: HBOS has limited exposure to most of the difficult sectors of corporate lending (such as technology). However, it has significant exposure in the UK power sector and to split capital investment trusts, both of which will require increased provision in the annual accounts. Any substantial economic downturn could lead to a more general deterioration in asset quality and a need for increased provisioning levels. |
All |
The division has adequate procedures and expertise to assess the credit risk it undertakes, including in specialist areas. |
The firm to provide FSA copies of the Corporate Banking Credit Quality Report on a quarterly basis. |
Quarterly from 01-Jan-2003 to 31-Dec-2004 |
|
Strategy: The divisional strategy is for a continuation of a high level of asset growth, albeit at a lower rate than in the last two years. Since the merger the division has used the size of the HBOS balance sheet to carry out deals of a size that neither Halifax nor BoS would have considered. For example it provided the financing for the recent buy-outs of *** and ***, each of which were around £800 million. There is an increased risk of financial loss if the firm does not ensure that it has an infrastructure appropriate to deal with the greater volumes and larger transactions. |
All |
The division has a robust business planning process, which takes full account of all the risks associated with the level of asset growth and the underwriting of larger transactions. |
The Corporate Banking CEO to give FSA a presentation on the divisional business plan. |
1Q2003 |
Letter from James Crosby to the FSA on 12 March 2003 regarding ARROW Risk Assessment Banking Operations and Group Functions
Your letter of 24th December 2002, confirming the outcome of this ARROW Risk Assessment, was considered by the Board at its meeting on 29th January 2003. The Board had a very full discussion and considered the assessment to be fair and well balanced overall.
In readiness for our meeting with you next week I am sending, under separate cover, four copies of our Business Plan from which you will see your key points are well covered. This Business Plan was approved by the Board on 26th November 2002. In very broad terms:
we accept that we have yet to fully embed the risk management culture within HBOS. We will be reviewing the Operating Philosophy for the management of risk throughout HBOS to underpin a compliant culture and one that facilitates rather than prevents business;
we believe the Operating Philosophy model works well in general terms, but accept that we need to make more progress in some areas—notably the relationship between Group Risk and Divisional Risk functions;
funding is fully appreciated as a key risk. We are intent upon developing our wholesale funding capacity and growing customer deposits and have a clear strategy for doing both;
the possible need to introduce further capital into our life businesses, and the impact on our capital ratios, is fully understood. We do, however, have significant leverage capacity (subject to markets) and a strong Tier 1 position;
excellent project management disciplines are in place in relation to the merger integration programmes, particularly within Retail. Nevertheless we are only too conscious of the tension between completing merger integration and our growth plans; and
we are fully aware of the need to ensure that development of our Treasury activities does not outpace the appropriate control framework.
Whilst we understand that your assessment of the potential impact arising from failures within HBOS was always going to be “High”, it is less clear to us why your probability assessment of such risks posing a threat to your statutory objectives should also be so high. We would like to increase our understanding of your thinking on this point before the next assessment is undertaken.
A detailed action plan (the attached “Risk Mitigation Programme”) has been devised and agreed, with clear timetables and accountabilities for delivery. This is intended to address all of the issues that you raise. Our Internal Audit team will monitor progress against the Risk Mitigation Programme and will report regularly to GMB and the Board. Delivery of this Programme is a key priority for the individuals concerned, and the Group as a whole.
If you have any queries or concerns about the contents of the detailed Risk Mitigation Programme please let me know. Thank you again for the very clear and fair report.
Letter from the FSA to George Mitchell on 11 December 2003 regarding Corporate Division—Commercial Property Risk Review Visit 13–15 October 2003
As you are aware, *** and *** from the Financial Services Authority’s Risk Review Team, accompanied by ***, visited Corporate Banking to discuss the controls around the commercial property book in October. *** and I subsequently held a feedback/validation meeting with you and ***. This letter sets out the key findings and recommendations arising from the visit.
I should emphasise that our findings are based solely on the team’s discussions with, and information supplied by, management in accordance with the scope of their work.
Overall Findings
The strategy for Corporate Banking division has led to significant growth in its commercial property portfolio in recent months. This is in the context of HBOS having a significant share of the commercial property market. There are clearly potential risks arising from a rapid expansion of the business and the FSA has concerns that the business is not monitored or controlled as tightly as it might be. The Risk Review Department found a number of specific weaknesses and have made specific proposals for addressing those. These are listed in the annex at the end of the letter. Examples of these include a lack of clarity surrounding the point at which the executive management would cease to feel comfortable with continuing to increase the exposure of the group’s balance sheet to commercial property. In addition, there is no detailed analysis of the investment part of the commercial property book. The lack of a reliable risk grading system has clearly meant that it has been difficult to monitor the quality of your portfolio. The FSA will monitor progress in the use of management information by corporate division as the new risk grading methodologies are embedded into your business during 2004.
We are concerned that, despite these shortcomings in controls, the group is pushing ahead with its rapid expansion of the commercial property book. In addition to implementing solutions to these specific control weaknesses, we consider it is the group’s senior management’s responsibility to ensure the overall control environment in this area is appropriate.
In addition to this, the visit highlighted wider issues which we will be want to pursue and expect to capture in the risk mitigation programme created from the interim update of the Group arrow assessment. These are set out below.
Role of Group Financial Risk
The role and responsibilities of the Group Financial Risk (GFR) function with regard to Corporate Banking need to be further understood by the FSA as the precise remit (including how far they should and do go in forming a view of and challenging the exposures taken on by the business) is not yet clear. We are considering what further work should be undertaken to assess the effectiveness of GFR in this and other areas.
Business Banking Integration
Clearly the size of the commercial property portfolio within Corporate Banking division will increase when the parts of the Business Banking book that have been allocated to you are absorbed within it. The FSA will want to understand the impact the change makes to the business and the size and nature of the book (in particular the way in which credit approval decisions are made for each size transaction that the enlarged Corporate Banking division takes on).
I look forward to receiving your comments on the matters raised in this letter and an action plan for addressing the specific issues in the annex. We would be grateful for these by 5 January 2004. In the meantime, if you have any specific questions, please let me know.
You should be aware that it is likely that Oliver Page will be arranging a meeting with James Crosby to discuss this and other issues relating to the risk profile of the group.
Finally, on behalf of *** and ***, I should like to take this opportunity to thank all those at HBOS who assisted them in this review.
Specific findings and recommendations
Risk appetite
There is no statement of risk appetite in respect of commercial property lending at either Group or Divisional level. Executive management does not appear to have a clear view of the extent to which it is comfortable in exposing its balance sheet to property risk. Without a defined risk appetite the growth of the book may lack direction and focus. As a result excessive concentrations of risk may be created which may significantly impact Corporate Banking division’s performance in the event of a market downturn. The development part of the portfolio was assigned as a “red sector” over a year ago and yet the portfolio has grown by 20% over this period. It is recommended that an articulation of risk appetite should be prepared and considered at Board and Corporate Board level. This should be achieved and communicated to us within three months of receiving this letter.
Published parameters
There are no published parameters in respect of key aspects of property lending such as minimum interest cover ratios and residual values, policy on amortisation etc. We are aware that HBOS strives hard to avoid a “tick box” mentality in its corporate lending and wishes to assess each credit on its own merits. However, the total absence of any published parameters may result in relationship managers lacking guidance on acceptable risks. The “case by case” approach could lead to a gradual increase in the proportion of loans which are written with ratios and terms at the riskier end of the spectrum (especially given the division’s growth targets). It is recommended that detailed guidance in respect of these aspects should be included in Corporate Banking’s lending procedures manual, including requirements for a higher level of review when a proposal contains a recommendation to exceed one or other of the parameters. This should be achieved within three months of receiving this letter.
Management information
The limitations of the bank’s risk grading system have been known by HBOS and by the FSA for some time. The FSA appreciates the work that has gone into to introducing new methodologies and will remain close to HBOS to ensure that these are used effectively. The portfolio information particularly in respect of the investment part of the book needs to be made substantially more comprehensive as it represents such a significant part of the portfolio. It will be important that the information is sufficient for management to understand the nature of the portfolio and in particular, key trends within it. It is necessary to be able to quickly identify factors such as changes in credit quality, emergence of risk concentration. We understand that this work will begin once the new risk grading methodologies have bedded down (ie within the next six months or so). We will want regular updates on progress.
Tenant Exposure
Tenant exposure is not regularly measured or aggregated with other direct forms of exposure. The risk from this is that Corporate Banking division may fail to recognise and assess the full extent of its exposure to its counterparties. Although we have been assured that aggregation of exposures to tenants occurs to the extent that this is possible, we recommend that this is formalised and a comprehensive report produced on a regular basis. Credit proposals for property transactions should include an assessment of aggregate HBOS exposures to tenants. Work towards achieving this objective should be commenced within three months.
Selling down procedures
The discipline of selling down underwritten exposures appeared to be more relaxed than we would expect. In addition to the concerns identified on our visit, the September 2003 internal audit high level controls report highlighted concerns that the Distribution team is not always consulted on new transactions (although these were not necessarily specifically related to property transactions). Clearly, failure to sell down would leave an exposure at a higher level than that approved. It is recommended that the discipline is enhanced to ensure the firm is not left with unwanted exposure if and when conditions deteriorate. It has been made clear that the division’s strategy for 2004 depends on containing asset growth and therefore that the drive to sell down will be increased in order to avoid stifling loan generation. The action from the audit report is that Corporate Banking, in consultation with GFR, will conduct a formal review of the infrastructure of the area to ensure there is “clarity over responsibilities with regard to credit approval input, ownership of the actual sell down process and the link to balance sheet and credit risk management”.* The conclusions of this review should be shared with the FSA.
Stress testing
Stress testing of the portfolio is not carried out in a regular or reliable manner. The consequence of this is that it is difficult for management to understand fully the potential vulnerability of its book. It is recommended that following the implementation of the revised risk rating methodologies, regular stress tests should be undertaken. This should be commenced within one year.
Credit approval process
The credit approval process within Corporate Banking division is atypical in that it lacks formal involvement of an independent credit function in the approval of every credit. In addition, although some senior members of staff within the division might be experts in particular fields of lending, there is no specialisation at relationship manager level of the property sector or by location. There is no formal process for consulting with property expertise or particular knowledge of the specific region within HBOS when a new property credit is being considered. These factors will be considered during the interim Arrow work to be conducted by the FSA during December.
References
* Quote from the September 2003 Group Internal Audit report on High Level Controls in Corporate Banking
Letter from George Mitchell HBOS to the FSA on 9 January 2004 regarding Corporate Division—Commercial Property Risk Review Visit—13–15 October, 2003
I have received your letter of 11 December setting out your findings and recommendations following the above visit. I will comment on each of these, using your own headings, later in this letter but before doing so wish to make some general comment on your overall findings.
You will be more than aware from our earlier meeting on this subject that I am extremely disappointed by the overall tone of your letter and indeed find many of the comments and findings to be very unfair. It is clearly true that our property lending has shown strong growth over the past few years. It is also true that improvements need to be made to our current risk rating system which will in turn improve the quality of our portfolio information. This is something we have always acknowledged to you and as you know we are well advanced with our plans to roll out new models as part of our Basle II preparations and this will address most, if not all, of our current system’s shortcomings. Having said that, I do not believe that effective control of a property book can ever be achieved by looking at it on a portfolio basis. Our approach is to carefully review credits on a quarterly basis with covenants being checked and tenant quality being re-assessed. Irrespective of the amount of portfolio information available to us, these quarterly reviews will always be our primary way of managing risk in our portfolio. It has to be kept in mind that although our property investment book has shown strong growth in monetary terms, it still comprises less than 800 individual credits
Turning to your specific findings and recommendations:
Risk Appetite
I believe our sector limit, which is set and regularly reviewed by the Group Credit Risk Committee, clearly defines the extent to which we are comfortable in exposing our balance sheet to property risk. In addition, a number of papers on this topic were presented to the Board last year (Credit Crunch in March, Group Credit Overview and Analysis in June and a Review of Corporate Banking’s Property Exposures in October). If you do not already have a copy of these papers I will of course be happy to forward them to you. Notwithstanding this, we will as you request prepare a formal statement of risk appetite for consideration by the Corporate Board and the Group Credit Risk Committee. It is also Mike Ellis’s intention to present a paper to the Board this month regarding the Group’s Risk Appetite, which will include details of property exposure within the enlarged Corporate Banking.
As you rightly point out, the property development part of our portfolio was classified as a red sector some time ago. This was not because of any concern with our book at that time, but an acknowledgement on our part that in certain areas there were early signs of speculative development taking place. As you know, we have never regarded a red traffic light as a bar to doing business—what it means is that a higher level of sign-off is required. Although I agree that our development portfolio grew by 20% in the period you reviewed, this surely has to be kept in perspective in that we started from a relatively low base. In monetary terms, your figure of 20% amounts to less than £300 million of additional lending.
Published Parameters
At the high value end of the market in which we operate I believe criteria based lending is very dangerous and our experience of the property recession of the early 1990’s strengthens this belief. Criteria also have a tendency to become the standard rather than the maximum. I strongly believe that experienced lending bankers judging each proposal on its merits is a far more responsible approach to lending at this end of the market and I would appreciate an opportunity to discuss this specific issue with you further. I do fully accept that criteria based lending is appropriate at the lower end of the market, for example in the business I will be taking on from the previous Business Banking. As you know parameters are already in place for this type of business and I can confirm that they will remain in place in the combined Division.
Management Information
As mentioned earlier, I believe the investment part of our property book is monitored and controlled extremely tightly, but I do agree that our new risk rating system and methodologies will provide us with additional useful information. The introduction of our new system is broadly on time but in order to address the concerns you have expressed we will establish a central team to accelerate the risk rating of our Property Investment loans. The intention is that we will have this exercise completed for the existing Corporate Banking book by the early part of Quarter three of this year and we will keep you regularly updated on our progress in this area. Thereafter the exercise will be extended to include the existing Business Banking portfolio. with the intention that this will be completed by the early part of Quarter four of this year.
Tenant Exposure
I agree that this is an area where we could do better. As you are aware from the Corporate Banking Property Review submitted to the Board in October last year we have aggregated the tenants of our top 50 property investment exposures covering around half of our total property investment exposure. This list shows a well spread list of high quality tenants with no undue concentration to any one industry or counterparty. I do acknowledge that this is not exhaustive but the work that is underway to risk rate the entire portfolio will correct this.
Selling Down Procedures
1 believe this finding is particularly unfair in that one or two isolated incidents have been used to infer there is a widespread problem. Our distribution area is in fact operating extremely well and in the current year we have sold down more than originally planned—well over £2 billion. There have been a few examples of originators not fully consulting their distribution colleagues before finalising transactions, but this loophole has now been closed. There have also been a few examples of failed selldowns not being reapproved at the end of six months, although in all such cases the Corporate Board was fully aware of the delay. This process has also been tightened up.
Group Internal Audit issued a report on our Loans Distribution area in November 2003, which concluded that “ ..the processes undertaken by the Loans Distribution Team are well managed, with an appropriate level of analysis, review and recording of transactions”. Clearly the exceptions detailed above were also noted within the report but I think it is fair to say that the overall conclusion of Internal Audit was that the area operates in a satisfactory manner. We will however ask GFR to review the area and will ensure you are provided with a copy of their report.
Stress Testing
Stress tests of the Corporate Banking portfolio were conducted by GFR as part of the annual planning process in November 2002 and 2003. The Credit Overview and Analysis paper submitted to the Board in June 2003 further stress tested the portfolio. I would therefore argue that stress testing is being undertaken on a regular basis albeit I would acknowledge that it is a little rudimentary in nature. Completion of the risk rating of our portfolio will enable us to undertake stress testing on a more sophisticated basis.
Credit Approval Process
I recognise that the credit approval process within Corporate Banking is atypical, but I believe our track record on credit quality clearly indicates that it is also robust. As far as property is concerned, the ability to identify and assess risks in such transactions is a core competency of the lending practitioners in the Division and I do not believe it would be sensible to establish a specialist area. Every property transaction should be carefully assessed on its merits with local advice and expertise being used as appropriate. Particular focus needs to be on the quality and quantity of the cash flow generated by the asset, and I believe that it is far more appropriate for this to be evaluated by experienced lending bankers than by specialists who are likely to regard the property as the “core” rather than the “support” in a transaction. I should stress that we are not against the concept of specialisation—we already have such areas for many sectors, for example oil and gas, telecoms, power, housing associations, shipping and aircraft. However, to establish a similar area for property would in our view destroy one of our key competitive advantages and thereby do lasting damage to our business.
Finally, I note your comments regarding the role of GPR and the integration of Business Banking. As far as the former is concerned, my GFR colleagues and I will be happy to discuss this with you at any time. The role and responsibilities of GFR with regard to Corporate Banking are however very clear and comprise:
the post approval review of lending decisions on a sample basis;
themed reviews on the Division’s processes and exposures;
approving new lending decisions as an alternative to Executive Directors; and
monitoring of overall exposures and limits.
Given GFR’s separate reporting line, it clearly has the ability to escalate any concerns to Mike Ellis.
The integration of Business Banking is proceeding satisfactorily with our year- end credit milestones having been achieved as a result of the approval by the Group Credit Risk Committee of sector limits and a Credit Risk Policy Statement for the combined Division. Details of the amended sanctioning procedures are attached for your information.
Please let me know if you require anything further, or wish me to expand on any of the above points.
UP TO £50 MILLION
LENDING AUTHORITIES FOR MEDIUM RELATIONSHIPS/ASSET FINANCE/CONTRACT HIRE/MOTOR/SPECIALIST FINANCE (EXCLUDING HOUSING FINANCE)
|
Lending Approval Limit Up to and including |
“Reduced Challenge” Score 1–2 |
“Standard Approval” Score 3 |
“Increased Challenge” Score 4–8 |
|
£6m (UK only) |
Credit Sanction Teams |
Credit Sanction Teams |
Credit Sanction Teams |
|
£10m (UK only) |
Credit Panel |
Credit Panel |
Credit Panel |
|
£20m (UK only) |
Credit Committee |
Credit Committee |
MD Credit Committee |
|
UK Renewals * £50m (of which up to £10m mezz and £4m equity) |
Credit Committee |
MD Credit Committee |
MD Credit Committee |
|
New Business £50m (of which up to £10m mezz and £4m equity |
MD Credit Committee |
MD Credit Committee |
MD Credit Committee |
LENDING AUTHORITIES FOR OTHER BUSINESS AREAS
|
Lending Approval Limit Up to and including |
“Reduced Challenge” Score 1–2 |
“Standard Approval” Score 3 |
“Increased Challenge” Score 4–8 |
|
£10m (UK only) |
Head of Business |
Head of Business |
Managing Director |
|
£20m (UK only) |
Credit Committee |
Credit Committee |
MD Credit Committee |
|
UK Renewals * £50m (of which up to £10m mezz and £4m equity) |
Credit Committee |
MD Credit Committee |
MD Credit Committee |
|
New Business £50m (of which up to £10m mezz and £4m equity |
MD Credit Committee |
MD Credit Committee |
MD Credit Committee |
Credit Sanction Team Approval
Up to £500,000—Managers
Up to £2 million—Associate Directors
Up to £6 million—Directors
Individuals limits will be agreed by the Head of Sanctioning and advised to the individuals
Credit Panel/Committee composition
Credit Panels—three voters from pools (mainly Credit Risk personnel) to be agreed by Head of Sanctioning.
Credit Committee—three Business Heads or two Business Heads and one Director of Credit
MD Credit Committee—one independent Managing Director and two Business Heads
ABOVE £50 MILLION—ALL BUSINESS AREAS
SANCTIONING AUTHORITIES
|
Lending Approval Limit (up to and including) |
Approval Required from: |
|
£100m (of which up to £25m may be by way of mezzanine and/or up to £10m may be by way of equity). |
Sponsoring Divisional Chief Executive (failing whom another Divisional Chief Executive) Plus One other Executive Director or a nominated representative of Group Financial Risk |
|
£250m (of which up to £50m may be by way of mezzanine and/or up to £20m may be by way of equity). |
Sponsoring Divisional Chief Executive (failing whom another Divisional Chief Executive) Plus Two other Executive Directors or one other Executive Director and a nominated representative of Group Financial Risk |
|
In excess of £250m Mezzanine in excess of £50m And/or Equity in excess of £20m. |
Sponsoring Divisional Chief Executive (failing whom another Divisional Chief Executive) Plus Two other Executive Directors or one other Executive Director and a nominated representative of Group Financial Risk Plus One non-executive Director |
LIMITS FOR NORTH AMERICA
|
Lending Approval Limit (Up to and including) |
Approval Required from: |
|
US$10m |
Executive Vice President |
|
US$20m (of which up to US$5m may be by way of mezzanine) |
One Managing Director |
|
£50m at current exchange rate (of which up to US$7.5m may be by way of mezzanine and/or up to US$2m by way of equity) |
MD Credit Committee |
LIMITS FOR EUROPE
|
Lending Approval Limit (Up to and including) |
Approval Required from: |
|
€10m |
Head of Corporate Banking |
|
€20m (of which up to €5m may be by way of mezzanine) |
One Managing Director |
|
£50m at current exchange rate (of which up to €7.5m may be by way of mezzanine and/or up to €2m by way of equity) |
MD Credit Committee |
Letter from the FSA to James Crosby, on 13 January 2004 regarding Risk Assessment—HBOS Group
As you are aware, the FSA conducted a full risk assessment of the banking operations and Group functions of the HBOS Group in late 2002. In undertaking that assessment we split the Group into “material business units” (MBUs) based on your own business divisions. The Group assessment covers group-wide issues, issues relating to Group functions and the high level control framework. This split is mirrored in the structure of the risk mitigation programmes.
At that time we noted that FSA would undertake an internal interim review of the risk mitigation programmes after a period of 12 months. We have now completed our interim review for the Group, Treasury and Corporate Banking MBUs. In light of the Group reorganisation, we have combined the previous Business Banking MBU with the Corporate Banking one. The purpose of this letter is to summarise our findings and to advise you of the risk mitigation programme for the coming year. This includes actions we expect you to take.
The background to the FSA’s risk assessment framework, including an explanation of impact and probability together with the FSA’s statutory objectives under the Financial Services and Markets Act 2000, is set out in Appendix 1. Please read this in order to put into context this letter and the risk mitigation programme.
As you will be aware, the FSA’s risk assessment process is a high level review. It is not an examination or audit and may not identify all of the risks associated with current and proposed activities. The ultimate responsibility for identifying and assessing risks remains with the Board of Directors.
Overall Assessment
The table below shows our aggregate assessment of the risks posed by HBOS against each of the FSA’s statutory objectives. The impact scores reflect the scale of the effect of HBOS on the FSA’s statutory objectives were particular risks to crystallise. The probability scores reflect our assessment of the likelihood that such crystallisation will occur. This is based on an assessment of the information gathered from our onsite work, the results and findings of previous supervisory work and other relevant information.
|
Statutory objective |
Impact |
Current Probability |
Previous Probability |
|
Market Confidence |
High |
Medium high |
Medium high |
|
Public Awareness |
High |
Medium high |
Medium low |
|
Consumer Protection |
High |
High |
Medium high |
|
Reduction of Financial Crime |
High |
Medium low |
Medium low |
This interim assessment reflects our judgment that the risk posed the by HBOS Group to FSA’s four regulatory objectives is higher than it was perceived to be at the time of the last assessment.
Key Findings
HBOS continues to target and deliver ambitious growth across all areas of the business, putting the Group out of line with its peers. As noted in my letter to you following last year’s risk assessment, it is important that delivery of such growth is achieved in a compliant manner and the control infrastructure of the Group must keep pace with the growth in the business and the associated risks. It is our perception that there are a number of areas where this has not been the case, and consequently we perceive the risk profile of the Group to have increased. Business growth is also taking place at a time when a considerable programme of integration work is ongoing within the Group, which heightens the operational risks being run. The Group’s risk appetite is not clearly articulated and appears to be increasing in a number of areas of the business.
The Group Financial and Regulatory Risk functions are a key part of the overall control infrastructure of the Group, particularly in providing an additional layer of challenge to the business and an independent view to senior management and the Board on the risks facing the Group. It is not clear to us that the model adopted by HBOS has been sufficiently well embedded to allow the Group Risk functions to fulfil this role effectively.
The strategy for Corporate Banking division has led to significant growth in its commercial property portfolio in recent months. There are clearly potential risks arising from a rapid expansion of the business and the FSA has concerns that the business is not monitored or controlled as tightly as it might be. The FSA Risk Review Team found a number of specific weaknesses that impact on your ability to monitor and control the risk profile of the book. Some of the findings have wider implications for the control environment in the division, in terms of the credit approval process, quality and use made of management information and the role of Group Financial Risk.
The increased scores for Public Awareness and Consumer Protection in particular arise from the increased risk assessments of IID and the Retail division. As you are aware following our recent assessment, we remain to be convinced that the control framework within Retail is robust, following a number of issues that have arisen which imply that the controls have failed to keep pace with the sales growth seen in the business. These issues and the action required to address them were outlined in the Retail risk assessment sent to you last month.
IID faces a number of risks across its three operating divisions. Our key concerns relate to the potential exposure of *** with profit fund to guarantee costs, the current difficulties in accurately assessing the realistic financial strength of the fund, issues of fairness of charging guarantee costs to asset shares, and doubts over the adequacy of disclosures made to new policyholders regarding the likely impact of guarantee charges. Whilst we accept these issues are being addressed, further progress is required before we can consider reducing our risk assessment of this part of the group.
We have reviewed the appropriateness of the Group’s ICR in the light of our findings. We have concluded that the banking book ICR for the banks in the HBOS Group on both a solo and consolidated basis should be increased by 0.5% to 9.5% with effect from 1 February 2004. This increase reflects our view of the current control environment. We will review the appropriateness of removing this increase once we have received the skilled persons report on risk management. In particular we will take into account the outcome of this report, together with progress made with the Commercial Property recommendations, and our view of the control environment within Retail at that time.
Risk Mitigation Programme
The full RMP is set out in Appendix 2. This is subject to review should there be any significant change, or potential change, to HBOS’s business or control structure. In line with your general obligations under the FSA Handbook, you should therefore notify us of any such changes.
Within the risk mitigation programmes we have specified actions for the Group to demonstrate to the FSA that the control framework for the Group is fit for purpose and the growth you are delivering is appropriately controlled. As part of this we have decided to commission a skilled persons report under s.166 of FSMA on the risk management framework within the Group. This will provide us with a detailed, independent view on the adequacy of the risk management functions, at both a divisional and Group level.
There are also a number of actions designed to ensure that the Group can validate that identified weaknesses have been satisfactorily addressed. With regard to the recommended actions coming out of the Risk Review team visit on Commercial Property, we ask that Group Internal Audit undertake a review to verify that the actions have been satisfactorily completed within the timescales requested.
As the Treasury business expands and takes responsibility for overseas locations, including the launch of a new branch in New York, we will look to Internal Audit to provide assurance that the governance framework in place is appropriate. We will conduct a further Traded Risk team visit to review the planned integration work within Treasury and ensure that this continues to be progressed in a well controlled manner.
Finally, you will note that the programme sets out a “close and continuous” schedule of periodic meetings with senior management, internal audit, and risk. Such meetings are intended to complement the actions specified against “identified risks” arising out of the Arrow’ assessment, and are intended to ensure that we maintain a good understanding of the Group’s business strategy, progress with the continuing integration programme and emerging business and control risks.
Period to the Next Risk Assessment
On the basis of our current assessment we plan to undertake the next full risk assessment for the whole Group in 12 months. It is important to note that the FSA may undertake further work at any time, or expect HBOS Group to undertake additional work, if for example additional risks are identified or crystallise.
Confidentiality and Response to This Letter
We regard the contents of this letter as confidential. You should copy this letter to your auditors but we ask that you discuss with us any intended disclosure to any other third party.
Please confirm to me by 13 February that the Board has considered this letter and that HBOS will implement the sections of the risk mitigation programme, in Appendix 2, which require action by you.
APPENDIX 2
RISK MITIGATION PROGRAMME
|
Assessment Name |
HBOS—Corporate Banking |
|
Regulatory Period/End Date |
24 month(s)/24 December 2004 |
FSA REGULATED FIRMS INCLUDED IN THE ASSESSMENT
|
FSA Firm Ref No |
Firm Name |
|
204759 |
Bank of Scotland (Ireland) Limned |
|
201944 |
CAPITAL BANK PLC |
|
106048 |
HALIFAX PLC |
|
169628 |
The Governor and Company of the Bank of Scotland |
|
Nature of Issue |
Firms to which issue relates |
Intended Outcome |
Action |
Timetable |
|
Strategy The new corporate division will have a new strategy to fit with the new, enlarged business. The FSA would like to understand the strategy once it has been completed and the control environment that will support the business, This will include the governance arrangements and the process for merging the two businesses. |
All |
HBOS corporate division has a clear strategy for the new, enlarged division. This includes the governance and controls and the process for change that will be in place to ensure risks are mitigated. |
CEO of corporate division to give FSA a presentation outlining the detail of his strategy. |
1Q2004 |
|
Risk Grading System and Management Information The new risk grading system for corporate banking division will be launched at the start of 2004 with models being added throughout the year. In addition, the platform will be used for the parts of business banking which are to be absorbed into corporate banking division. Parts of the new business banking risk grading system (still under development) will be used but it will require substantial amounts of redevelopment. The upgraded system is urgently required for improved monitoring of the portfolio and to provide comprehensive, reliable management information. It should also facilitate a more proactive approach to analysis of the portfolio and following up of any adverse trends. |
All |
HBOS corporate division successfully implements the new risk grading system in a timely fashion, including absorbing the business banking methodologies onto the corporate platform. HBOS’s new corporate division produces management information of the depth and quality appropriate for the strategy and nature of the businesses undertaken. |
FSA will be kept informed of progress of the implementation of the new risk grading system including the work undertaken by internal audit to monitor it. Any delays or issues will be communicated promptly to the FSA. |
Ongoing |
|
Commercial Property A significant and growing proportion of the enlarged division’s assets lie in commercial property. A risk review visit identified issues surrounding the control framework of the division and an action plan will be put in place to address these issues. Progress against this action plan needs to be monitored. |
All |
The commercial property book is well controlled and its rate of growth is prudent in the context of the current weaknesses in the control framework. |
Internal audit to provide a report confirming that the action plan has been implemented satisfactorily. The FSA will agree the scope of this report in advance. |
By: 30-Sep-2004 |
|
Senior management will keep FSA informed of its progress against the action plan which will have been provided to FSA by 12 January 2004. |
Quarterly from 05- Jan-2004 to 31- Dec-2004 |
|||
|
Credit Sanctioning The FSA would like to understand the way in which credit sanctioning processes work in practice in the new division. There were a number of issues raised at the commercial property risk review visit which relate more generally to credit sanctioning in corporate banking division. An example of such an issue is the lack of an independent credit sanctioning function and how the objectivity of sanctioning decisions is ensured in the absence of such a function. These will be reviewed and considered by FSA as the new structure is set up. |
All |
HBOS’s new corporate division has a credit sanctioning process that is appropriate for the strategy and nature of the businesses undertaken. |
Senior management liaise with FSA to demonstrate that the credit sanctioning process and management information in place are appropriate. |
By: 30-Jun-2004 |
|
Provisioning Given the continued growth in the book and the need the division have had to assign provisions to some loans, the FSA would like to look more deeply into the provisioning process within the division and the way it works in practice. |
All |
HBOS corporate division has demonstrated to FSA that is has a satisfactory provisioning process and policy. |
FSA risk review team will go into corporate division and undertake an analysis of the provisioning policy. |
2Q2004 |
|
Close and Continuous The nature and scale of HBOS Corporate division’s business means we want to have a close & continuous relationship with the Division and maintain our knowledge of the MBU, its strategy and emerging business risks. We also need to maintain our knowledge of the management and control functions so that we can judge the extent to which we can place reliance on them as part of the wider risk mitigation programme. |
All |
FSA is kept abreast of key developments relating to business strategy and the control structure, and is able to identify emerging risks at an early stage. |
FSA lineside supervision team will meet with key individuals from the division on a regular basis. |
Ongoing |
- END OF REPORT -
APPENDIX 2
RISK MITIGATION PROGRAMME
|
Assessment Name |
HBOS—Treasury |
|
Regulatory Period/End Date |
24 month(s)/24 December 2004 |
FSA REGULATED FIRMS INCLUDED IN THE ASSESSMENT
|
FSA Firm Ref No. |
Firm Name |
|
197542 |
HBOS Treasury Services Plc |
|
Nature of Issue |
Intended Outcome |
Action |
Timetable |
|
Risk Management: The risk management function lost a couple of its more experienced staff in 2003, although we understand that there are plans to recruit a senior market risk manager this year. The front office have plans to introduce new more complex products, increasing pressure on the risk function. Until further systems integration work is complete, Risk management will have to aggregate risk figures across two systems for the derivatives business. There is a risk that the function cannot keep pace with business development and cannot manage the risks being run by the business appropriately. |
Treasury Risk Management provides adequate, independent challenge and oversight of the front office, keeping pace with the growth in the business. Risk Management produces timely, accurate risk reports. Head of Risk keeps senior management fully informed about the risks being run in the front office. |
Head of Risk to keep FSA informed of progress with recruitment to the Risk function. |
Ongoing |
|
We will track the development of the Risk Management function through our regular meetings with the Head of Risk as part of the close and continuous relationship. |
Ongoing |
||
|
Regulatory Risk: In 2003 Treasury reported a serious breach of the FSA’s client classification rules. A subsequent review of the Regulatory Risk function identified a number of areas of weakness to be addressed. In addition the Head of Regulatory Risk has left the Group and a replacement is yet to be recruited. |
Treasury has an adequately resourced, proactive Regulatory Risk function. The weaknesses highlighted by the KPMG review are addressed in a timely manner. |
Internal Audit to share with FSA the findings of its review of the Regulatory Risk function, currently scheduled for completion in Q1 2004. Following receipt of the report, FSA to consider whether further action is required. |
By: 30-Apr-2004 |
|
Treasury to present 2004 Regulatory Risk business plan to FSA, including resource plan. Head of Finance to keep FSA informed of progress with recruitment of Head of Regulatory Risk. |
1Q2004 |
||
|
Overseas Treasury Operations: Following a review of overseas treasury operations, HBOS intend to bring all overseas treasury operations under the control of the London operation. These include treasury functions operating in remote locations, different regulatory regimes and timezones. In addition, a New York branch of HBOS-Treasury Services has been set up and is due to begin trading in Q1 2004. There is a risk that London cannot exercise adequate levels of control over remote locations if an appropriate management and reporting framework is not put in place. |
Treasury has a robust control framework covering HBOS treasury operations in overseas locations and can demonstrate how the performance is measured and risks are controlled. |
In the previous RMP we requested that HBOS Internal Audit review the new reporting arrangements once they have been in place for a period of 3 months and report on the adequacy of controls being exercised by Treasury in London in 2H2003. We await this report. |
2H2003 |
|
Treasury to discuss with FSA its detailed project plan for the change in reporting and management structure. |
1Q2004 |
||
|
Systems integration: Although the funding and liquidity business has now been consolidated onto one front office system there remains further work to be done on systems integration, notably the integration of the derivatives business. Until this integration work is completed, two front office systems will be used with associated increased operational risks. |
The planned systems integration is conducted in a well controlled manner. The additional risks arising from continued dual running of systems are acknowledged and controlled. |
Senior management to keep FSA informed of progress with systems integration, including the findings of any internal audit reports related to the project. |
Ongoing |
|
FSA’s traded risk team to conduct a visit to review the quality of systems integration work, following up on the visit conducted in Q3 2003. |
3Q2004 |
||
|
Grampian: HBOS have a major ABS conduit which has grown significantly in the last 2 years. Amongst other services, HBOS Treasury provides liquidity facilities to Grampian. Conduit structures can pose significant operational, market and reputational risks. |
The risks arising from the Grampian structure are well controlled. |
Internal Audit to review the controls and infrastructure surrounding the Grampian conduit. |
1H2004 |
|
Treasury is responsible for accessing the market and providing funding for the Group. Consequently, the risks identified in the Group MQU regarding funding reside primarily in the Treasury MBU. Action is being taken at the Group level to address the issue. |
HBOS has a detailed funding plan, aligned to the business plan, which ensures that the group has a stable supply of funding diversified across a spread of sources and maturities. Group monitors progress against plan and has a contingency plan in place in the event that it experiences difficulties with funding. |
Risk mitigation for this issue is included in the Group RMP |
1Q2004 |
|
Close & Continuous: The nature and scale of the Treasury’s business means we want to have a close & continuous relationship with the Division and maintain our knowledge of the MBU, its strategy and emerging business risks. We also need to maintain our knowledge of the management and control functions so that we can judge the extent to which we can place reliance on them as part of the wider risk mitigation programme. |
FSA is kept abreast of key developments relating to business strategy and the control structure, and is able to identify emerging risks at an early stage. |
A close and continuous relationship is maintained between the division and the FSA. As part of this we will aim to have regular meetings with, among others. Head of Treasury, Head of Risk, Head of Finance, Head of Regulatory Risk once appointed, and Group Internal Audit. |
Ongoing |
- END OF REPORT -
APPENDIX 2
RISK MITIGATION PROGRAMME
|
Assessment Name |
HBOS Group |
|
Regulatory Period/End Date |
24 month(s)/24 December 2004 |
COMPONENT ASSESSMENTS
|
Assessment Name |
|
HBOS Insurance & Investment Group Limited—Insurance and Asset Management |
|
HBOS—Corporate Banking |
|
HBOS Group—Retail |
|
HBOS –Treasury |
|
Nature of Issue |
Component assessments to which issue relates |
Intended Outcome |
Action |
Timetable |
|
Growth: HBOS has stated clear merger synergy and revenue targets to the market together with an overall ROE target for the Group to achieve by end 2004. The Group continues to target strong growth and there is a risk that the infrastructure and in particular the control framework will be unable to manage the growth. |
All |
HBOS has adequate controls in place to manage the risks arising from business growth and She integration programme. |
FSA to meet with Group Financial Risk and Group Regulatory Risk quarterly to discuss business development generally, including the adequacy of the controls environment in the business divisions. |
Quarterly from 01-Jan-2003 to 31-Dec-2004 |
|
HBOS to continue to provide FSA with monthly Group level Mi. FSA will also request divisional business and risk Ml from the divisions. |
Monthly from 01- Jan-2003 to 31- Dec-2004 |
|||
|
Senior management to meet with FSA to present and discuss the-Group business plan for 2004. |
1Q2004 |
|||
|
Risk Management: Within the HBOS structure the Group Financial Risk function has been set up to provide functional leadership and oversight of the business. This model is taking some time to bed down, and the role of the centre in relation to each of the divisions is still evolving. Financial risk management also needs to develop skills in looking at the IID business. The function will also face a heavy workload given the work required on the Risk Based Capital Directive, IAS and other forthcoming legislative and regulatory changes. |
All |
HBOS has a strong Group Risk function that provides challenge to and oversight of all business divisions. There is clarity of roles between Group Risk and the divisional risk functions. HBOS Group Risk has adequately skilled resources to fulfil its role. |
FSA to have quarterly meetings with the Head of Financial Risk to discuss development of the GFR role, issues/concerns, resourcing, and GFR’s programme of work. Also to discuss business development generally including the adequacy of the controls environment in the business divisions. |
Quarterly from 01-Jan-2003 to 31-Dec-2004 |
|
Given the importance of a successful risk management framework; to the Group, FSA will appoint skilled persons to undertake a review of the HBOS Risk Management framework. |
1H2004 |
|||
|
Regulatory Risk: There has been a recent change in the head of Regulatory Risk (or the Group and in the relationship between Group Regulatory Risk and IID Regulatory Risk. There has been a lack of clarity in the past over the respective roles of Group and divisional Regulatory Risk functions and there is a question over the effectiveness of the Group function. Given the number of compliance issues within IID, there is a risk of management stretch. |
All |
Group Regulatory Risk is an effective control function providing appropriate oversight and challenge to the business and divisional regulatory risk functions. The function is appropriately resourced in terms of both skills and numbers. |
Head of Group Regulatory Risk to present his plan tor 2004 to FSA, including an explanation of how the relationship with divisional functions will work: |
By: 30-Apr-2004 |
|
FSA to have quarterly meetings with the Head of Regulatory Risk to discuss development of the GRR function, issues/concerns, resourcing, and GRR’s programme of work. Also to discuss business development generally including the adequacy of the controls environment in the business divisions. |
Quarterly from 01-Jan-2003 to 31-Dec-2004 |
|||
|
Group Regulatory Risk to provide FSA with a copy of their quarterly reports to the Group Operational and Regulatory Risk Committee. |
Quarterly from 01-Jan-2004 to 31-Dec-2004 |
|||
|
Funding: The HBOS group has a large wholesale funding requirement, which will continue to grow significantly each year. Unless HBOS can successfully diversify their funding sources there is a risk that they will be unable to meet requirements. |
All |
HBOS has a detailed funding plan, aligned to the business plan, which ensures that the group has a stable supply of funding diversified across a spread of sources and maturities. Group monitors progress against plan and has a contingency plan in place in the event that it experiences difficulties with funding. |
Firm to provide FSA with copies of quarterly GALCO reports on progress against funding plans. |
Quarterly from 01-Jan-2003 to 31-Dec-2004 |
|
FSA Risk Review team will conduct a visit to assess the quality of asset and liability management across the HBOS Group, |
1Q2004 |
|||
|
Group Finance Director and Head of Treasury to give FSA a presentation on the funding plan for 2004. |
1Q2004 |
|||
|
Finance: Although senior management within the function appears strong, it is not clear to FSA that there is sufficient depth within Finance both at Group level and within the business divisions. The Finance function will face a heavy workload given the work required in preparation for International Accounting Standards and other legislative and regulatory changes. |
All |
HBOS has a strong Finance team across the business divisions and within the Group Function. There is a clear succession plan in place for key Finance appointments. HBOS submits reliable and timely regulatory returns to the FSA and the Bank of England. |
Group Finance Director to keep FSA updated on key developments within the Finance function. As part of our regular meetings with the Group FD, we will seek updates on progress with key Finance initiatives and status reports on the Finance function. |
1H2004 |
|
Intra-group exposures: Because of its unusual group structure, with a treasury in a subsidiary bank funding two large banks above it, HBOS has difficulty in managing its LE position effectively, necessitating the use of capital maintenance agreements and parental guarantee structures. The process for managing and monitoring intra-group funding flows has not been robust. HBOS is conducting a project to address these issues. HBOS are also considering the viability of moving to a one bank structure which would eradicate the majority of these issues. |
All |
HBOS has clear and robust procedures for approving, managing and monitoring intra-group funding flows at both a divisional and a legal entity level, with clear senior management accountability. HBOS has a Group policy on treasury concessions including limit approvals, monitoring against limits and escalation of breaches, and applications to the FSA are made at an early stage with a credible business case. |
HBOS to continue to keep FSA informed of progress with Project Lomond. |
Ongoing |
|
In the previous RMP we requested that HBOS Internal Audit conduct a review following the conclusion of HBOS’s internal project to assess the adequacy of the new procedures and report back to FSA in Q4 2003. FSA will consider whether further action is necessary in the light of the findings. We have yet to receive this report. |
4Q2003 |
|||
|
BankWest: Following the acquisition of 100% control of BankWest, HBOS are now formulating a strategy for the Australian businesses. It is likely that HBOS will seek to strengthen the relationship between BankWest and the UK Group using Retail and lID experience in the UK to grow the Australian business. This increases the risk of management stretch. |
All |
HBOS has a clear strategy for BankWest and its other Australian businesses. HBOS has appropriate corporate governance arrangements in place over BankWest. |
HBOS senior management to advise FSA of detailed strategy for BankWest and other Australian businesses, including the management structure and governance framework in place. FSA will consider what further work is necessary in the light of the strategy. |
Once finalised |
|
Business Continuity Planning: There are a number of areas where HBOS are behind best practice within their peer group for BCP. There are areas around the Group where plans have not been tested, there is no back up site or staff are too far from the designated recovery site. Some of these issues may not be rectified in the immediate future. |
All |
HBOS has detailed effective BCP plans for all parts of the Group. These plans are regularly updated and tested. |
HBOS to provide FSA with a copy of the business self-assessment exercise undertaken annually by the HBOS Group BCM function. |
Once completed |
|
Group Internal Audit to share with FSA any reports that indicate material BCP issues. |
Ongoing |
|||
|
Money Laundering: As a major group operating in the retail, SME and corporate sectors HBOS is a target for money laundering activities. HBOS is one of six major UK banking groups committed to reviewing accounts opened since 1994. |
All |
The Group has robust systems in place to identify and reduce the occurrence of money laundering. The remedial work ongoing following the weaknesses discovered last year is completed to a satisfactory standard. The CCR programme remains on track to deliver in accordance with our timetable. |
FSA will meet with HBOS MLRO and his deputy on a regular basis to discuss progress with the remedial action project and other money laundering detection and prevention issues relevant to the Group. |
Semi-annually from 01-Jan-2003 to 30-Dec-2004 |
|
HBOS to continue to provide FSA with copies of the quarterly GMB updates on progress with anti-money laundering remedial work. |
Quarterly from 01- Jan-2004 to 31- Dec-2004 |
|||
|
HBOS will provide FSA with copies of its quarterly money laundering, report to the Group Audit Committee, HBOS will also provide KPl information on anti-money laundering controls across all business divisions on a regular basis. |
Quarterly from 01- Jan-2004 to 31- Dec-2004 |
|||
|
Close & Continuous: The nature and scale of the HBOS Group means we want to have a close & continuous relationship in order to maintain our knowledge of the Group, its strategy and emerging business risks. We also need to maintain our knowledge of the management and control functions so that we can judge the extent to which we can place reliance on them as part of the wider risk mitigation programme. |
All |
FSA is kept abreast of key developments relating to business strategy and the control structure, and is able to identify emerging risks at an early stage. |
A close and continuous relationship is maintained between the Group and the FSA. As part of this we will aim to have regular meetings with, among others, the Group Finance Director, the heads of Group Financial Risk, Group Regulatory Risk, Group Internal Audit and Group Services. We will also meet with the chair of the Group Audit Committee annually. |
Ongoing |
56 MRDG ARROW Panel minutes 8 December 2004
MINUTES
Minutes of the meeting of the
MRGD ARROW PANEL—HALIFAX BANK OF SCOTLAND GROUP (HBOS)
Held on 8 December 2004–15.30
At FSA Committee Room F
Present
Oliver Page
- Grey Panther
—Panel Member
—MSU
John Tiner—Observer
—(Presenting Team)
—(Presenting Team)
—(Presenting Team)
—(Presenting Team)
—(Presenting Team)
—(Presenting Team)
—(Presenting Team)
—(Secretary)
Apologies
—(Presenting Team)
|
Minute No |
Action |
|
|
1. |
Opening Remarks (by KC) First full assessment of the group as a whole. Overall the risk profile has reduced as a result of strengthening systems and controls. HBOS have addressed previous RMP actions and have bought into the need to strengthen the control environment. In some cases there is still more to do but, in these cases we are generally content that they have credible action plans. The most significant risks we see at the moment are MECs and Basel Implementation. There was general agreement that the issue of MEC was a high priority and should be highlighted in the letter. In terms of Basel Implementation, HBOS has opted for the advanced approach and to be in the first wave for approval. Key questions remain about their ability to complete their preparations on time and to embed Basel into their business practice and thereby satisfy the use test. The largest inherent business risk for the group is credit risk. Given the nature of the HBOS credit portfolio, there is significant downside exposure to a downturn in the residential mortgage market. We are satisfied that the group are taking appropriate steps to manage this risk by reducing their appetite for mortgage and corporate lending. Their strategy centres around “Less is more”. Finally, we are happy to place reliance on GIA and Group Risk to deliver a number of RMP actions. The basis for this reliance follows close contact with these functions, with us drawing comfort from their effectiveness to mitigate risks. The panel did though suggest that the FSA should ask the Audit Committee for an independent assessment of the effectiveness of the GIA in due course. |
Agree that the letter should refer to the issue of MECs. FSA to ask HBOS Audit Committee to carry out an independent assessment of GIA. |
|
2. |
Risks in the Retail and Insurance MBUs The panel asked about the risks contained in the retail and insurance MBUs. On the retail side, the presenting team felt that the risk attached to the MBU had lessened now that the merger of the two banks had been largely integrated into the business and, that growth targets had been lowered with the Sales Culture Review. Regarding whether insurance business risk had declined relative to the other risks within the business, the presenting team answered positively. A contributing factor was the lower growth targets in this area of the business. Nevertheless, while a number of issues have been resolved, there is still more work that needs to be completed and this is detailed in the RMP for that MBU. |
No action. |
|
3. |
Risk Appetite in Corporate Banking There was a question from the panel as to whether the FSA is comfortable with the risk appetite of HBOS, especially in the area of specialised lending and commercial property (both HBOS and RBS appear to be the leading firms in these markets). The presenting team provided some background, commenting on the relatively small size of the commercial property book as opposed to the residential mortgage book, and noting the improvements in HBOS’ analysis of the credit portfolio along with the introduction of stress testing. Further work on the delivery and embedding into the business of the credit sanctioning unit and stress tests are noted in the HBOS corporate banking RMP. |
No action. |
|
4. |
HBOS Strategy and International HBOS’ activities in Australia were discussed. The presenting team highlighted increased risks from HBOS’ plans to expand BankWest’s retail activities into Western Australia, while there were also some concerns over their proposed Treasury model. They felt that an on-sight investigation would be beneficial, perhaps in cooperation with the proposed NAB trip. The panel asked whether HBOS GIA or APRA could instead provide this assessment. The presenting team felt that the nature of the request would be different to the previous work they had asked GIA to do for them, and were uncertain over whether APRA would be effective. Further discussions over this proposed trip will be scheduled. |
To discuss proposed trip to HBOS Australia and NAB. |
|
5. |
HBOS Growth Target and Strategy There was a question, given HBOS’ relatively low share price versus its peers, as to how confident the FSA is that HBOS has a controlled growth target. Coupled with this, was whether HBOS are now in a “strategy vacuum” following the decision not to purchase ***? The presenting team felt that the share price reflected the fact that market analysts had marked HBOS down due to the quality of its asset growth along with concerns over its risk management. Given that HBOS have indicated that growth targets are to be moderated downward to focus on higher quality (as opposed to higher quantity) credits, and that risk management is now commensurate with this growth, it was felt that HBOS’ share price would improve over time. In terms of strategy, no immediate issues with strategy exist from the FSA’s perspective. Nonetheless, there is a more medium to long term question of where to go from here: emerging markets, US and Europe all pose particular difficulties. There is no easy answer to this question and it is one HBOS management will need to address in due course. |
No action. |
|
6. |
HBOS Corporate Governance A discussion centered around HBOS’ management of conflicts of interests and whether the FSA is satisfied with the effectiveness of HBOS’ corporate governance arrangements. With respect to the management of conflicts of interest, the discussion focused on the *** take over bid where HBOS was a key backer for the bid vehicle. HBOS had subsequently acknowledged that this was a mistake on their part due to conflicting interests. The presenting team and panel agreed that there had been an improvement in HBOS corporate governance since the Section 166, with sign-offs now the responsibility of executive directors; previously NEDs had also had this authority. On the positive side regarding NEDs, their active participation in sub committees of the Audit Committee was seen as demonstrably improving their information flow and knowledge of the business, and hence was regarded as an improvement to the corporate governance structure. |
No action. |
|
7. |
Message to HBOS and the ICR The panel asked what type of message we are sending HBOS, as on the one hand, the Lite Score is still high yet we are intending to reduce their ICR by 0.5%. The presenting team responded by stating that since the last Arrow, there had been an improvement in several key areas resulting in a lower—though still high—risk profile for the firm. As the FSA had communicated previously to HBOS that their ICR would be moderated downward if they made improvements in certain key areas, this reduction would now take effect. However it was made clear that while HBOS had bought into the RMPs highlighted over the last year, there was still much work to be done in ensuring that the delivery of these plans were followed through and embedded into the business. This was reflected in this Arrow’s RMPs but it was also agreed that the reduction in the ICR (from 9.5% to 9.0%), should be tied to certain requirements surrounding the FSA’s continued desire to see HBOS push through delivery of RMP actions (including with respect to Basel). |
ICR to be lowered from 9.5% to 9.0%; linked to ontinued RMP actions. |
|
8. |
RMP and Letter Actions There were a number of action points regarding adjusting the individual RMPs for the MBUs. These largely focused on slight adjustments to the language used, in particular in terms of increasing the acknowledgement that the RMP issues must not only be delivered but also be embedded into the business and have an influence on the decision making processes. It was also decided that, where environmental information was replicated across multiple MBUs, the core source would be in the HBOS Group RMP, with other MBUs cross-referencing to this On the letter, the panel felt that it conveyed the appropriate language and issues, and hence there were only minor points to address. In particular, it was re-iterated that the letter should clearly state that while HBOS has improved its systems and controls (and hence the ICR has been reduced), there is still further to go, in particular with the delivery of various RMPs and embedding of these into the business. It was agreed that a draft of the letter should be shown to HBOS ( ) |
Individual MBU RMPs to be adjusted along the lines suggested in the meeting. Draft of the letter to be shown to ***
|
57 Letter from the FSA to James Crosby on 21 December 2004 regarding ARROW Risk Assessment—HBOS Group
As you are aware, the FSA conducted a risk assessment of HBOS Group during October/November this year. This is the first full assessment to cover all of the Group’s business and supersedes all previous assessments of the Group.
This letter and the accompanying risk mitigation programme (RMP) sets out the findings of our assessment. The RMP includes actions we expect you to take. In undertaking this assessment we have split the Group into “material business units” (MBUs) based on your own business divisions. A RMP has been produced for each division plus one for the Group covering Group-wide issues, issues relating to Group functions and the high level control framework.
You will recall that the different divisions of HBOS were subject to review at the end of 2003. Some of those assessments were “full assessments” and others were ‘‘interim reviews” of the full assessment that had been produced in 2002. This reflected the fact that supervision of the Group prior to that point had been undertaken by different teams within PSA and hence not all of its business had been on the same assessment cycle. Going forward the regulatory period, and hence the liming of future assessments, for all parts of the Group will be aligned.
The FSA’s risk assessment process is a high level review. It is not an examination or audit and may not identify all of the risks associated with current and proposed activities. The ultimate responsibility for identifying and assessing risks remains with the Board of Directors.
The background to the FSA’s risk assessment framework is set out in Appendix 1. Please read this in order to put this letter and the new RMP into context.
Overall Assessment
The table below shows our aggregate assessment of the risks posed by HBOS against each of the FSA’s statutory objectives. The impact scores reflect die scale of the effect of HBOS on the FSA’s statutory objectives were particular risks to crystallise. The probability scores re fleet our assessment of the likelihood that such crystallisation will occur. This is based on an assessment of the information gathered from our onsite work, the results and findings of previous supervisory work and other relevant information. We have included in the table below the probability scores for last year’s assessments and interim reviews for comparison purposes.
|
Statutory objective |
Impact |
Current Probability |
Previous Probability |
|
Market confidence |
High |
Medium High |
Medium High |
|
Public Awareness |
High |
Medium High |
Medium High |
|
Consumer Protection |
Hi eh |
Medium High |
High |
|
Reductions of Financial Crime |
High |
Medium Low |
Medium Low |
Operating Environment
Our assessment has been completed against the backdrop of the wider environment within which the Group currently operates. We have taken these issues into consideration when formulating our assessment of the firm specific risks but we acknowledge that they are outside the scope of your influence.
While we acknowledge that the UK economy lost some momentum in the autumn, nevertheless the most likely outcome in the short term is still expected to be continued steady growth and low inflation. However there are many uncertainties surrounding this central projection, with the overall risks to both growth and inflation being more on the downside. If realised, these would lead to more difficult trading conditions for both the retail and corporate businesses. The housing market has slowed considerably in the last 3 months which as well as having direct mortgage book implications could lead to a more general reduction in consumer confidence. HBOS will need to remain on the front foot with respect to managing both new and existing credits in the corporate and retail businesses given the trend of rising consumer indebtedness.
Equity markets appear to be recovering slowly but still remain vulnerable to external shocks. Positive equity markets should over time strengthen the financial outlook and capital position for the life insurance businesses. However, there remains the potential for a sudden and perhaps prolonged shock to the markets so the life insurance companies need to have sufficient capital to manage through such a scenario. Lack of consumer confidence in equity based investments can also be expected to limit the growth prospects of the Group’s investment businesses. Accordingly the Group will need to ensure its sales targets for these products reflect market conditions.
The Group faces considerable demands from regulatory change. Preparations for mortgage regulation have been successfully completed and those for general insurance regulation are well in hand. Implementation of the Capital Requirements Directive (Basel) and the 1CAS regime for insurers remain short term priori ties. In the medium term the Group will also need to position itself for the implications of the Markets in Financial Instruments Directive. It will need to ensure that it is resourced to address these changes as well as retaining capacity to drive through business led initiatives lo enhance and increase the efficiency of its systems and organisation.
Key Findings
Our assessment is that the risk profile of the Group has improved, in particular in respect to FSA’s consumer protection objectives. We consider that the Group has made good progress in addressing the key risks that we highlighted to you in our letter of 1 February 2004 and led to the increase in the Group’s Individual Capital Requirement (ICR) to 9.5% at that time. That said there remain a number of initiatives aimed at strengthening the control framework within the group and these need to be followed through. Effective delivery on these will be a prerequisite if the Group is to achieve further reductions in our assessment of the probability of the risk it poses to FSA’s objectives.
Following the skilled person’s review of the Group’s risk management framework we are content that this is fit for purpose. We will be seeking to place considerable reliance on the Group Internal Audit and Group Risk functions during the regulatory period of this assessment. This reflects our confidence in the calibre and expertise of these functions. A reflection of this is that the RMP requests review’s of various parts of the Group’s business by these functions. However, we consider the Group Risk functions still need to enhance their ability to influence the business and we see this as a key challenge for the new Director of Risk.
We observe that Corporate Division has made a good start in modernising its techniques for assessing and monitoring credit risk within the business. It is also noted that they continue to work towards developing comprehensive MI and stress testing methodologies so that the business gains the full benefits from the new’ credit risk grading system that has now been implemented. We are also supportive of the planned changes to the credit sanctioning processes within the Division. All these initiatives need to be followed through and it should not be underestimated the challenge that the Division faces in terms of delivering the cultural change necessary if it is maximise the benefits it reaps from these initiatives. We will want to monitor your assessment of progress with the reform agenda as well as experiencing this first hand, for example when we assess preparations for Basel II.
In Retail we consider that there is now much greater recognition of the need to balance messages about risk management and sales growth and the need for proactive risk management (as opposed to reactive issue management). A plan has been formulated to address the issues identified within the Sales Culture Review and those relevant lo Retail in the skilled persons report on risk management. We see delivery of that plan as important in achieving the necessary control culture within the Group’s Retail operations. There are a number of other initiatives in Retail, such as the reorganisation of IF and Project Trinity, that need to be carefully managed to ensure the transitional risks arc effectively mitigated and they do not act to undermine the improvements in the control environment being targeted through the plan to address the findings of the Sales Culture Review.
There is an urgent need to resolve the on-going dispute with FOS regarding the standards against which Pre A-day mortgage endowment complaints are assessed. Currently there is the risk of complainants being treated unfairly (in breach of PSAs Principle 6) as it appears that the firm and FOS are applying different standards. Moreover, while the situation persists it is leading to high volumes of complaints being referred lo FOS as many complaints are not being resolved by the firm. This is in conflict with PSA’s Principle II (co-operation with regulators). We will expect the Group lo assess the need to re-review past complaint handling decisions in the light of the resolution of the issues with FOS.
Within Advisory Sales there have been considerable systems changes recently within BOSIS and there arc proposals to change the way in which technical knowledge is maintained and validated for the PFA sales force. These changes coupled with plans to grow both these distribution channels (through increased numbers of advisors and productivity improvements) appear to pose potential risks to the quality of advice given. These risks will need to be effectively monitored and managed by the business.
Within Insurance and Investment Division we continue to see the source of risks to FSA’s objectives being concentrated within HBOS Financial Services (HBOS FS) and this is reflected in the balance of RMP actions that relate to this operating division. That said we acknowledge that HBOS FS’s risk profile has improved as it has addressed the heavy regulatory reform agenda and its own programme of systems enhancements. However, there is still more to be done to refine newly developed financial monitoring tools (such as realistic balance sheets and individual capital assessments) and embed them within the management of the business. In addition we see risks lo the business if the planned rapid growth of *** European business is not effectively managed. The growth in the control framework will need to lead (or at least keep pace with) the growth in the business if the control environment within the business is to remain stable.
The planned development of the Group’s international operations in Ireland and Australia is another area of potential risk to the Group. There are, in our view, particular risks related to Bank West because of its geographical remoteness from the rest of the Group and plans to grow (he business outside its previous conservative product lines at the same lime as integrating it with the Group’s other Australian businesses.
Treasury faces a growing challenge in servicing the business passed to it by other parts of the Group. It will need to ensure that expansion of its product range is well controlled and does not lead to expertise being too thinly spread in some of the less frequently traded instruments. In addition they will need to put in place robust controls around the proposed Sydney branch of HBOSTS.
The biggest Group-wide issue facing HBOS is preparations for Basel II. Considerable effort has already been devoted to developing the models and techniques that will be needed if the Group is to be successful in obtaining waivers to use advanced approaches. However, we consider that there is much further to go in terms of the Group being able to demonstrate that it will meet the Use Test, particularly in areas like corporate credit risk. Another challenge that HBOS faces, along with its peers, in applying for advanced approaches is developing the necessary level of Board and senior management understanding and ability to challenge the modelling techniques operated by the Group.
Risk Mitigation Programme
The RMPs are set out in Appendix 2. These are subject to review should there be any significant change, or potential change, to the business or control structure of the Group. In line with your general obligation under the FSA handbook, you should therefore notify us of any such changes.
Period to the next risk assessment
We plan to undertake our next full risk assessment of HBOS which will include on-site work where appropriate, in H2 2006. The assessment is expected to be subject to an interim review at the end of 2005. It is important to note that the FSA may undertake further work at any time, or expect HBOS to undertake additional work, if for example additional risks are identified or crystallise.
Individual Capital Ratio (ICR)
Based on our assessment of the business and internal control risk to which HBOS is exposed, we have taken the decision to reduce the ICR in respect of both the banking book and the trading book from 9.5% to 9.0% with immediate effect. In accordance with IPRU (Bank) Chapter CO 4.1.1 paragraph 2, you should contact the FSA immediately if capital ratios fall below these respective levels on either an individual or consolidated basis.
The reduction reflects in the main the comfort we take from the skilled persons report on the effectiveness of the Group’s risk management framework and the progress made in the remediation of control risks we highlighted at the start of the year (the adequacy of the control environment in the retail network, the controls around the growing commercial properly book and the risks of guarantee costs to which *** was exposed). The reduction in ICR anticipates that the progress in these areas continues and the outstanding plans deliver the expected further remediation of these risks. It is also predicated on the Group satisfying us that adequate stress testing of its commercial property book is undertaken to enable it to accurately assess the risks arising from its growing exposure to this market and act where appropriate.
The FSA’s assessment of the ICR should not be seen as an alternative to an internal assessment or review of the level of capital appropriate for the business needs. The ultimate responsibility for identifying and assessing risks remains with the Board of Directors. Should there be any significant change, or potential change, to HBOS’s business or control structure, you should notify us in accordance with Principle 11 (Relations with Regulators). The FSA may review the ICR at any time if we feel that the risk profile of the Group has changed sufficiently to warrant it.
Confidentiality and Response to This Letter
We regard the contents of this letter as confidential. We would therefore ask that you do not pass on details of its contents to anyone other than your auditors, to whom you should copy it.
Please confirm to me by 30 January 2005 that the Board has considered this letter and that HBOS will implement the sections of the risk mitigation programme, in Appendix 2, which require action by you.
Appendix 1
BACKGROUND NOTES TO THE FSA’S RISK ASSESSMENT FRAMEWORK
1. The FSA’s approach to risk is published and explained in the ‘Building the new regulator1 pages of our website. In summary this explains that the priority the FSA gives to a particular risk depends on our assessment of two factors:
(a)
(b)
2. The probability assessment is a high level review aimed at assessing the likelihood of particular risk in a firm posing a threat to the FSA’s statutory objectives. Any visit to a firm undertaken by the FSA as part of a probability assessment is not an examination or audit and may not identify all of the risks associated with current and proposed activities. The ultimate responsibility for doing so remains with the Board of Directors.
Impact
3. Firms are assessed as having a high, medium high, medium low or low impact to the FSA’s statutory objectives. An explanation of the four impact bands is given in the Building the New Regulator Progress Reports, which are also available on our website. This assessment is based on indicators relevant to the sector in which the firm operates.
Probability
4. The FSA undertakes a probability risk assessment of all firms other than those that are assessed as low impact.
5. The assessment quantifies the risk a firm poses lo the PSA’s statutory objectives. For example, a firm might pose a material risk to the consumer protection objective while posing little or no risk to the market confidence objective. This analysis assists the FSA in targeting its resources.
6. Probability risk is categorised as high, medium high, medium low or low. Where particular risks are identified the FSA will consider appropriate action to mitigate those risks.
The FSA’s Statutory Objectives
7. These four objectives were established by the Financial Services and Markets Act:
Maintain confidence in the UK financial system. “Market Confidence”
Promote public understanding of the financial system. “Public Awareness”
Secure the appropriate degree of protection for consumers. “Consumer Protection”
Reduce the scope for financial crime. “Reduction of Financial Crime”
APPENDIX 2
RISK MITIGATION PROGRAMME
|
Assessment Name: |
HBOS Group |
|
Regulatory Period/End Date: |
24 month(s)/24-Dec-2006 |
COMPONENT ASSESSMENTS
|
Assessment Name s |
|
HBOS—Corporate Banking |
|
Nature of issue |
Component assessments to which issue relates |
Intended outcome |
Action |
Timetable |
|
Base: The Capital Requirements Directive has broad and high expectations of senior management in approving, understanding and using the approaches and techniques being developed and implemented now for enhanced measurement and management of credit and operational risk. It is not clear either how extensively these requirements are met currently amongst board members and senior management or what the Group plans to do over time to ensure the requirements will be achieved and maintained. It is also not clear what comfort the Board will seek from the Group businesses before the Group CEO signs applications for waivers to use advanced approaches. |
All |
Senior management develops awareness and understanding of how the business is to operate in a post CRD implementation world, which is at least equivalent to the FSA’s expectations as they continue to evolve. |
Firm to play a full part of ongoing thematic and firm specific visit programme. Senior management to provide periodic updates to the FSA including pre and post 2005 shadow application. |
Continuing Quarterly from 31-Mar-2005 to 30-Dec-2005. |
|
Intra-group exposures: Because of its unusual group structure, with a treasury in a subsidiary bank funding two large banks above it. HBOS has difficulty in managing its LE position effectively, necessitating the use of capital maintenance agreements and parental guarantee structures. A recent audit report on intra-group lending and Treasury Concessions was rated Amber (adequate with reservations). HBOS are also considering the viability of moving to one bank structure which would eradicate the majority of these issues. |
All |
HBOS has clear and robust procedures for approving, managing and monitoring intra-group funding flows at both a divisional and a legal entity level, with clear senior management accountability. The eventual approach is either consistent with or anticipates moving towards an approach consistent with the requirements of the Integrated Prudential Sourcebook when implemented. |
HBOS to continue to keep FSA informed of the progress with Project Lomand. Group Finance to consider moving to CP97 type structure and discuss their conclusions with the FSA. |
Continuing 1H2005 |
|
Treating Customers Fairly: HBOS aspires to being ‘Consumer Champion’ and has a clearly stated aim of offering customers simple, easy to understand, value for money products together with service excellence in order to differentiate itself from its peers. A project to define the ‘customer contract’ has just been initiated and a coherent group wide strategy has yet to be articulated and delivered. The recent sales culture review highlighted that a number of changes needed to be made to ensure that sound sales practices were delivered for non regulated sales. |
All |
TCF strategy is delivered across the relevant operating divisions and HBOS is able to provide tangible examples of how adopted changes have made positive differences in respect of TCF. |
Senior Management is to set out plans for successful implementation of the ‘customer contract’ strategy and to communicate progress with FSA as part of FSA’s close and continuous meetings. Summary details of desired outcomes and action plans on customer contract project to be communicated to FSA quarterly. |
Date: 01-Apr-2005 |
|
Business Continuity Planning: The FSA plans to conduct a benchmarking project on BCP resilience in 2005, involving a number of firms. We plan to include HBOS in this work and will factor in the results of the Internal Audit review of BCP due by the end of 2004. |
All |
HBOS has detailed effective BCP plans for all parts of the Group. These plans are regularly updated and tested. |
Group Internal Audit to share with FSA any reports that indicate material BCP issues. Risk Review Team supported review of BCP resilience to be conducted. |
Ongoing |
|
New Product Approval: The PwC Skilled Persons report commented on uncertainty as to the extent to which the Group Policy for the Approval of New Products and Significant New Initiatives is rolled out across the Group (section 5.38). Discussions during the course of the regulatory period have led us to conclude it is unclear how well embedded and effective the policy is at mitigating financial, operational and reputational risk and ensuring customers are treated fairly. |
All |
The new product approval policy is applied consistently across the group, involving all relevant stakeholders throughout product lifecycles. |
Group Risk/GIA to assess how consistently and well embedded the new product policy is across the group. |
Continuing |
|
Close & Continuous: The nature and scale of the HBOS Group means we want to have a close & continuous relationship in order to maintain our knowledge of the Group, its strategy and emerging business risks. We also need to maintain our knowledge of the management and control functions so that we can judge the extent to which we can place reliance on them as part of the wider risk mitigation programme. |
All |
FSA is kept abreast of key developments relating to business strategy and the control structure, and is able to identify emerging risks at an early stage. |
A close and continuous relationship is maintained between the Group and the FSA. As part of this we will aim to have regular meetings with, among others, the Group Finance Director, the Group Risk Director, the heads of Group Financial Risk, Group Regulatory Risk and Group Internal Audit. We will also meet with the chair of the Group Audit Committee at least annually. |
Continuing |
APPENDIX 2
RISK MITIGATION PROGRAMME
|
Assessment Name |
HBOS Group |
|
Regulatory Period/End Date |
24 month(s)/24 December 2006 |
FSA REGULATED FIRMS INCLUDED IN THIS ASSESSMENT
|
FSA Firm Ref No |
Firm Name |
|
1446*1 |
Bank of Scotland Independent Financial Advisers Limited |
|
201944 |
Capital Bank Plc |
|
143722 |
Halifax Independent Financial Advisers Limited |
|
106048 |
Halifax Plc |
|
183332 |
Halifax Share Dealing Limited |
|
116179 |
iWeb (UK) Limited |
|
169626 |
The Governor and Company of the Bank of Scotland |
|
304154 |
The Mortgage Business Plc |
|
Nature of issue |
Component assessments to which issue relates |
Intended outcome |
Action |
Timetable |
|
Mortgage and general insurance regulation HBOS Retail Banking division is currently the biggest UK mortgage provider and a large seller of non investment insurance products. Retail has delivered the mortgage regulation project and appears to be on track with preparations for general insurance regulation. Until systems and sales monitoring mechanisms are fully embedded there is a higher risk of non compliance. This could lead to a lack of market confidence in the new regimes delivering the expected benefits in terms of consumer protection. |
Bank of Scotland Independent Financial Advisers Limited Halifax Independent Financial Advisers Limited Halifax Plc The Governor and Company of the Bank of Scotland |
The issue with the FOS to be resolved by the end of January 2005. After resolution of the issue, HBOS to re-review pre A day cases, where necessary, to satisfy the principle of TCF. The FSA needs to be confident going forward that HBOS are continuing to use appropriate standards for assessing complaints. |
HBOS to keep FSA informed of progress in resolving this issue with the FOS. |
By: 31-Jan-2005 |
|
Once the standards for reviewing complaints are clear HBOS to consider whether past cases should be re-reviewed in light of the agreed standards and report to FSA. |
By: 04 Mar-2005 |
|||
|
FSA to undertake a supervision visit to review the quality of Pre A Day complaints handling. |
1Q2005 |
|||
|
Sales Culture The sales culture review by GRR has confirmed that there are areas of the business where controls need to be strengthened to prevent inappropriate behaviours by staff in the retail network. A plan is currently being developed by HBOS to ensure that the sales culture is improved on the ground and effectively monitored by management. However, the plan needs to be delivered and the outputs assessed before we can be assured that the underlying issues have been resolved. |
Halifax Plc The Governor and Company of the Bank of Scotland |
The plan to improve the sales culture in retail is rolled out during 2005. When tested sales staff demonstrate appropriate and balanced behaviours with respect to risk and sales and a clearer understanding of acceptable sales practice is embedded in the business. The control framework can be relied on to detect and address any breaches in policies and procedures. Any detriment to consumers as a result of past sales practices is remedied. |
Firm to assess whether previous sales behaviours have led to consumer detriment and to outline what further action is going to be taken in respect of any disadvantaged customers |
Semi-annually from 03-Jan-2005 to 29-Dec-2006 |
|
Firm to keep FSA informed of progress in delivering us implementation plan for improving controls and monitoring outcomes. |
Quarterly from 03-Jan-2005 to 01-Mar-2006 |
|||
|
Project Trinity This project aims to reduce costs substantially in retail by reducing duplication and rationalising operations. The project will require careful monitoring as it consists of a large number of inter related micro managed rationalisations, in particular we will wish to ensure that rationalisations do not have a negative impact on the control framework or on areas of the business that have been recognised as requiring careful nurturing and improvement such as the credit risk area. During the change process the risk of negative impacts on consumer service standards and the integrity of BCP still need to be monitored. |
Halifax Plc The Governor and Company of the Bank of Scotland |
The business case for rationalising retail is achieved with minimal disruption, without lowering standards, to consumers and retail’s other stakeholders including the FSA and HBOS retail. Business Continuity plans are updated to take into account the phased changes. |
FSA to receive half yearly an update on Retail Risk’s assessment, monitoring and mitigation plans for the project. Senior management to keep FSA informed on a close and continuous basis of any material operational issues that emerge as a result of Project Trinity rationalisations. |
Semi-annually from 03-Jan-2005 to 29-Dec-2006 |
|
As scope of rationalisations become clearer Internal Audit should develop plans to ensure that projects are managed and overseen in accordance with Group project management disciplines and project benefits are property tracked. IA health checks should aim to detect any adverse impact on BAU from the rationalisations. IA to provide an overview of Trinity work to the FSA half yearly as part of close and continuous. |
Semi-annually from 03-Jan-2005 to 29-Dec-2006 |
|||
|
Intelligent Finance Re-Organisation Retail plan to re-organise substantially the stand alone IF offering. IF will be brought closer into mainstream network offerings and a significant amount of the current ‘stand alone’ infrastructure will integrate into mainstream systems, with the IF offset mortgage platform being rebuilt on MSP. Current estimates assume that staff numbers in Edinburgh will reduce from 2300 to 1350 over 18 months. This creates a potential operational risk in relation to IT delivery, continuity of service, staff retention and morale and may divert management from business as usual activities whilst these changes take place. |
Halifax Plc |
The business case for rationalising the IF proposition is achieved with minimal disruption to consumers and IF’s other stakeholders including the FSA and HBOS retail. The IF business is successfully migrated on to MSP. Business Continuity plans are updated to take into account the phased changes |
Internal Audit set out plans for monitoring the project including achievement of key deliverables, impact on BAU and BCP effectiveness. IA to report findings against these plans. |
Semi-annually from 03-Jan-2005 to 29-Dec-2006 |
|
Senior management to keep FSA updated on their monitoring of the project workstreams and business as usual activity. Retail to update their risk assessment of the project and mitigating actions and report quarterly on this to FSA. |
Quarterly from 31-Mar-2005 to 30-Dec-2005 |
|||
|
FSA will visit IF to assess senior management’s transformation plans in detail including the mitigation and management of IT/operational risks. |
2Q2005 |
|||
|
Management of credit risk in the unsecured business. The management of credit risk requires a keener focus particularly for unsecured business. It has been recognised by retail that a significant increase in credit risk resources is required for Bases modelling and to keep pace with changes and growth in the business. However, it will take time to recruit, train and bed down new resources. The recent RRT visit noted that necessary work to overhaul the collections and recoveries operation was in progress, including integrating systems and improving the collections process but momentum in this area needs to be maintained. Personal loans have suffered losses significantly above those anticipated. Credit risk will need to ensure that the dynamic behind these losses are fully understood and provided for and that the function is on the front foot to respond to any more adverse default experience across product lines, taking into account the economic environment and the propensity for higher personal IVAs and bankruptcies. |
Halifax Plc The Governor and Company of the Bank of England |
The retail business is adequately resourced lo understand and therefore mitigate any further increase in defaults as well as for regulatory change. Expected credit losses are managed more proactively throughout the credit cycle. |
Firm to commission a review (independent from the retail credit risk function) on the effectiveness of the credit risk function with particular focus on unsecured credits. Timetable of any improvements recommended by the review or previously planned to be produced together with an assessment of the benefits. |
2Q2005 |
|
Business Knowledge Testing Proposals are in place to change the way in which technical knowledge is maintained and validated for the PFA sales force. The proposals have not yet been fully ratified however the aim is to move towards a system whereby the individual Adviser determines when they need to refresh and vacate their knowledge, in addition, the firm’s pass mark and failure policy are being removed and the tests will be primarily non invigilated and open book. Supervisors will use their judgement about what action should be taken if remedial needs are identified with their direct reports. Whilst HBOS has proposed controls and minimum standards around this system this approach is atypical in the industry. There is a risk that the Sales Forces will not take ownership of this and therefore knowledge fade may result which could impact on the advice provided to consumers. |
Halifax Plc |
The PFA sales force maintains its technical knowledge and that this can be demonstrated by the firm. Systems to detect early signs of any degradation in Advisers or Supervisors technical knowledge are in place along with contingency plans for addressing this scenario. |
The FSA should be provided with a copy of the ratified proposals. HBOS to monitor the test results and be able to identify early signs of degradation and implement appropriate action. FSA to be kept informed of the results during close and continuous meetings. |
Quarterly from 31-Mar-2005 to 30-Dec-2005 |
|
Bank of Scotland Investment Services {BOSIS) B0SIS has experienced a number of fairly significant changes (implementation of Plan II Compass and the new T&C Scheme). These changes have contributed to a reduction in the quality and Supervisor correlation rates (circa 6S% ©October 2004). The same issues are apparent for the sales of the Income Drawdown Plan (IDP). There are also plans to grow the business by circa 29% in 2005 and BOSIS have experienced a higher level of attrition at Supervisor level than expected which could adversely impact on spans of control. Given the number of changes and plans to grow the business there is a risk that the quality of advice to consumers could suffer. |
Halifax Plc |
The drivers behind file quality (including the sales of IDPs) and supervisor correlation rates are better understood and improve to meet the firm’s benchmarks. Spans of control are adequate and effective. |
Senior Management to keep FSA informed of their progress against benchmarks on a quarterly basis or ad hoc when issues arise. |
Quarterly from 03- Jan-2005 to 30- Dec-2005 |
|
Given the number of changes taking place within BOSIS, Retail Regulatory Risk (RRR) should oversee the implementation of these changes ensuring that the potential risks are identified and mitigated accordingly and that FSA are kept informed of progress and emerging issues. |
Quarterly from 03- Jan-2005 to 30- Dec-2005 |
|||
|
Mortgage and general insurance regulation HBOS Retail Banking division is currently the biggest UK mortgage provider and a large seller of non-investment insurance products. Retail has delivered the mortgage regulation project and appears to be on track with projections for general insurance regulation. Until systems and sales monitoring mechanisms are fully embedded there is a higher risk of non compliance. This could lead to a lack of market confidence in the new regimes delivering the expected benefits in terms of consumer protection. |
Capital Bank Plc Halifax Plc The Governor and Company of the Bank of Scotland The Mortgage Business Plc |
M and GI regulation is implemented smoothly providing the enhanced consumer protection that it is expected to deliver. |
Thematic on site supervision work will assess aspects of the industry’s application of the new standards. Date and scope of the work to be confirmed during 2005 |
By: 01-Sep-2005 |
|
MCOB regulation Internal Audit to assess that controls are in place and operating in a business as usual environment across the brands. |
Date: 31-Mar-2005 |
|||
|
ICOB regulation Internal Audit to assess that controls are in place and operating in a business as usual environment across the distribution channels. |
Date: 02-May-2005 |
|||
|
Close and continuous The nature and scale of HBOS Retail’s business means we want to have a close and continuous relationship with the Division and maintain knowledge of the MBU, its strategy and emerging business risks. We also need to maintain our knowledge of the management and control functions so that we can judge the extent to which we can place reliance on them as part of the wider risk mitigation programme. |
Halifax Plc The Governor and Company of the Bank of Scotland |
FSA to be made aware of emerging issues early and ensure timely mitigation. |
Regular meetings with Head of Risk. In the event that Risk becomes aware of an emerging issue that may have a significant impact on FSA’s objectives, an issue summary is to be submitted in writing, followed by the mitigation plan as and when it is formulated. |
Quarterly from 03-Jan-2005 to 29-Dec-2006 |
|
Senior management to advise us of strategy and implementation plans, and emerging risks and their mitigation as and when they arise. |
Quarterly from 03-Jan-2005 to 29-Dec-2006 |
|||
|
Internal Audit to meet with FSA half yearly. |
Semi-annually from 03-Jan-2005 to 29-Dec-2006 |
- END OF REPORT -
APPENDIX 2
RISK MITIGATION PROGRAMME
|
Assessment Name |
HBOS Insurance and Investment Group Limited – Insurance and Asset Management |
|
Regulatory Period/End Date |
24 month(s)/24 December 2006 |
FSA REGULATED FIRMS INCLUDED IN THIS ASSESSMENT
|
FSA Firm Ref No |
Firm Name |
|
*** |
*** |
|
Nature of issue |
Component assessments to which issue relates |
Intended outcome |
Action |
Timetable |
|
European Growth Proposals/Aspirations *** wish to expand their business in Europe and McKinsey are to conduct a strategic review in H1 2005. The challenge is to identify how *** can become 4–5 times bigger in Europe in the next 4–5 years, given that the expectation is that margins on products sold in Europe are likely to contract. *** need to demonstrate how they will achieve growth whilst maintaining an appropriate control environment. |
*** |
*** continues to meet regulatory requirements (TCP etc) whilst expanding in a sector where margins are squeezed because of competition. |
Discussion with senior management of the results of the McKmsey review. Firm to provide FSA with a plan to mitigate risks from expansion. |
2Q2005 |
|
Supervisory visit to *** 1o assess capability to deliver this strategy and mitigate the associated risks. |
3Q2005 |
|||
|
Financial Monitoring The life Insurance companies have needed to modify and enhance their financial monitoring capabilities. Considerable progress has already been made in developing realistic balance sheet models and the ICA methodology. However, further work is required to develop these techniques and embed understanding of them within the business, in particular there is a need !o continue refining the RBS model and developing in-house expertise in producing and interpreting the outputs from the model. |
*** |
Robust realistic balance sheet and ICA methodologies are in place which are understood and applied in house. Use of the results is embedded with financial monitoring and planning processes. |
Senior management to provide FSA with a plan of for further improvements in its RBS modelling and in-house expertise in applying this. |
1Q2005 |
|
Senior management to keep FSA informed of progress in delivering plan to enhance RBS monitoring and its ICA assessment |
Quarterly from 07-Mar-2005 to 30-Dec-2005 |
|||
|
Desk Based review; FSA to review ICA for each of the life companies. |
4Q2005 |
|||
|
Management of Life Company Funds Doubt as to whether the life companies’ customers are best served by having the management of equity funds carried out by ***. FSA’s concern is that the management of any potential conflict of interest between *** and the life companies in this regard may not be adequately demonstrated. The life companies need to ensure that they select the best overall provider of investment management services to meet their needs. The current provision of these services by *** raises potential conflict of interest issues within the group. The life companies need to demonstrate robust and transparent procedures for reviewing the performance of their fund managers and ensuring that potential conflicts of interest are appropriately managed |
*** |
Firm to demonstrate that such potential conflict of interest is properly managed and that the selection of the fund manager for the life companies’ funds is an arms length transaction and in the best interests of policyholders. Senior management to demonstrate that contingency plans of action for management of the life companies’ funds exist in the event that retention *** is concluded not to be in the best interests of policyholders. |
Group Risk Review to carry out a review of the management of the potential conflict of interests within the group and to report to the FSA accordingly. |
By: 29-Apr-2005 |
|
FSA Risk Review Team to undertake a visit to the life companies to review the setting and monitoring of investment policy by the firms. |
2H2005 |
|||
|
*** group is scaling up its use of derivatives. The FSA needs to be satisfied that appropriate expertise, processes and procedures are in place to monitor and control the risks associated with the greater use of derivatives. |
*** |
The increased use of derivatives is appropriately controlled and does not result in the crystallisation of risks to the FSA’s statutory objectives. |
GFR to report to FSA on the adequacy of the expertise, processes and controls in place to monitor and control the additional risks. |
By: 29-Apr-2005 |
|
Policyholder Statements The HBOS FS Risk Function has reported a number of issues in respect of the production of customer statements. These include inaccuracies in the SMPI accompanying pension statements and the introduction of new products without ensuring IT functionality for producing annual statements was in place by the first anniversary of these products. |
*** |
HB0S FS is able to issue accurate and timely customer statements as appropriate across its entire product range. HBOS FS identifies and applies the wider lessons to be learnt from these failures across all relevant areas of its systems and controls. |
To keep FSA informed of progress in resolving the current statement issues and to confirm when this work is complete. |
By: 27-Apr-2005 |
|
GRR to review and report to the FSA on the extent to which existing reorganisations and control enhancements within HBOS FS are sufficient to ensure similar failings should not reoccur in the business in the future. |
By: 30-Jun-2005 |
|||
|
Complaints Handling Process improvement HBOS FS have reviewed their complaints handling process and have implemented a personalised complaints review action plan. There is a risk that this bespoke process leads to inconsistent application and measurement of the complaints handling process. HB0S FS needs to ensure that the new process delivers a complaints process which treats customers fairly and meets regulatory requirements. |
*** |
The review delivers a consumer friendly complaints handling process which treats customers fairly and is in line with FSA requirements. Adequate training and competence arrangements are in place for complaint handling staff. |
Firm to report to FSA on implementation of the action plan and: a) How the feedback loop from complaints lo product design, distribution and operational systems is working; b)How complaints handling policy compares with industry benchmarks: and c) improvements to “customer experience” |
1Q2005 |
|
Supervisory visit to monitor implementation of complaints review action plan. |
2Q2005 |
|||
|
Close and Continuous The nature and scale of HBOS IID’s business means that we want to have a close and continuous relationship with IID, so that we can maintain our knowledge of the Group, its strategy, emerging business risks (including *** susceptibility to the loss of key staff and equity performance). We also need to maintain our knowledge of management and control functions so that we can judge the extent to which we can place reliance on them as part of the wider risk mitigation programme. |
All |
FSA maintains a close and continuous relationship with HBOS IID which facilitates a pre-emptive approach to risk mitigation and avoids the crystallisation of unexpected risks. |
Executive responsible for IID Internal Audit to meet half yearly with the FSA. |
Semi-annually from 03-Jan-2003 to 24-Dec-2006 |
|
FSA lineside supervision team will meet with key individuals from the Division on a regular basis, in particular we would expect to have quarterly meetings with the CEO of IID and the CEO and heads of Risk to the 3 operating divisions and half yearly meetings with the Non-Executive Directors of the LTBGC. |
Quarterly from 15-Mar-2005 to 24-Dec-2006 |
- END OF REPORT -
APPENDIX 2
RISK MITIGATION PROGRAMME
|
Assessment Name |
HBOS |
|
Regulatory Period/End Date |
24 month(s)/24 December 2006 |
FSA REGULATED FIRMS INCLUDED IN THIS ASSESSMENT
|
FSA Firm Ref No |
Firm Name |
|
197542 |
HBOS Treasury Services Plc |
|
Nature of issue |
Intended outcome |
Action |
Timetable |
|
Market Risk Model Development HBOSTS Internal Audit recently issued a red-graded report citing issues surrounding the model build process, change control anti model validation and testing. Though the business proposes to address the issues largely by 31 December 2004, the adequacy of the response is not yet clear. There could be consequent implications for current capital concessions granted by the FSA in terms of CAD 1’ model recognition and any future extensions which the firm might seek if the issue is not addressed adequately. |
HBOSTS’s Market Risk Standards tor Model Development and Market Risk Model Building Guidelines are fully and consistently implemented. |
Senior management to confirm to the FSA that the issues identified by Group Internal Audit have been resolved to senior management’s satisfaction. |
By: 31-Jan-2005 |
|
Group Internal Audit to revisit findings to ensure business response is embedded and operating adequately. |
By: 30-Jun-2005 |
||
|
Overseas Treasury Operations HBOSTS has applied to APRA for permission to open a branch in Sydney. BankWest (headquartered in Perth) intends. subject to regulatory approval, to outsource its Treasury function to HBOSTS Sydney, it remains to be demonstrated that London can exercise adequate control over this remote location. |
Treasury has a robust control framework covering HBOS treasury operations in overseas locations and can demonstrate how the performance is measured and risks are controlled. |
Firm to keep FSA advised of progress with branch application to APRA. |
By: 29-Apr-2005 |
|
Risk Review/supervision team visit to review Australian Treasury operations, potentially coordinated with BankWest review (see Strategy & International RMP) |
2H2005 |
||
|
Close & Continuous The nature and scale of the Treasury’s business means we want to have a close & continuous relationship with the Division and maintain our knowledge of the MBU, its strategy and emerging business risks. We also need to maintain our knowledge of the management and control functions so that we can judge the extent to which we can place reliance on them as part of the wider risk mitigation programme. |
FSA is kept abreast of key developments relating to business strategy and the control structure, and is able to identify emerging risks at an early stage |
Firm senior management to keep in regular contact with supervision team. |
Continuing |
- END OF REPORT -
APPENDIX 2
RISK MITIGATION PROGRAMME
|
Assessment Name |
HBOS – Corporate Banking |
|
Regulatory Period/End Date |
24 month(s)/24 December 2006 |
FSA REGULATED FIRMS INCLUDED IN THIS ASSESSMENT
|
FSA Firm Ref No |
Firm Name |
|
204759 |
Bank of Scotland (Ireland) Limited |
|
201944 |
Capital Bank Plc |
|
106048 |
Halifax Plc |
|
169628 |
The Governor and Company of the Bank of Scotland |
|
Nature of issue |
Component assessments to which issue relates |
Intended outcome |
Action |
Timetable |
|
Risk Grading System and Management Information The new risk grading system for corporate banking division was launched at the start of 2004 with models being added throughout the year. In addition. The platform has been used for the parts of business banking which have been absorbed into corporate banking division. The upgraded system was required for improved monitoring of the portfolio and to provide comprehensive, reliable management information (which is now becoming available). Whilst work has begun to integrate the enhanced management information into normal working practices, further development of the information is required before it can be fully operational. |
All |
HBOS corporate division, successfully implements the new risk grading system in a timely fashion, including absorbing the business banking methodologies onto the corporate platform. HBOS’s new corporate division produces management information of the appropriate depth and quality, and it is used to shape the strategy and nature throughout the businesses undertaken. |
FSA will be kept informed of progress of the implementation of the new risk grading system including the work undertaken by internal audit to monitor it. Any delays or issues will be communicated promptly to the FSA. |
By: 31 -Mar-2005 |
|
The supervisory team will visit corporate banking to discuss the management information; its content and the way it is being used within the division. |
Date: 30-Sep-2005 |
|||
|
Credit Decisioning Process A new credit sanctioning process is to be rolled out within Corporate Division, including a new independent function. The new function will have responsibility for assessing all credits above £6million and providing a written assessment of them to the credit sanctioning committee. The function will not have sanctioning authority but should have a strong voice in the decision-making process. The initial paper proposing the changes to the credit sanctioning arrangements was agreed at the October Group Management Board with the aim of the function being ready to operate from the beginning of 2005. Whilst this should ensure additional rigour in the sanctioning process there are transitional risks which need to be managed effectively. |
All |
The new credit decisioning process is established, embedded in the culture and has the necessary expertise, resource and influence to perform its function effectively |
Corporate Division to keep FSA closely in touch with progress on the establishment of the independent credit unit, paying particular attention lo keeping FSA informed of any delays or problems in recruiting the right number or calibre of people (or any knock-on effects on other parts of the business). |
By: 31-Mar-2005 |
|
Group Financial Risk to review the operation of the new system to ensure procedures are being accurately followed and that the independent credit unit has the necessary expertise, resource and influence to perform its function effectively. |
By: 30-Dec-2005 |
|||
|
Stress Testing A core part of the preparations for Basel will include introducing technology for stress testing and embedding the use of these tests in the business. This implementation has been delayed but will occur in the near future. In addition to this, the scenarios and methodology surrounding the stress testing needs to be fully considered, articulated and documented by Corporate Division to ensure clarity and transparency within the Division, to Group and to the FSA. Stress testing of me portfolio is a key risk management tool and its effective use is needed to satisfy FSA that the risks are being managed properly |
All |
The use of stress testing is embedded in Corporate Division and is an integral part of its strategy and risk management decision process. |
Senior management to provide FSA with an interim report on what they see as an adequate suite of stress tests. |
Date: 31-Mar-2005 |
|
The Basel application process will require a thorough analysis by the FSA of the level of compliance with the Use Test. Special attention will be paid to the management information, stress testing technology and extent to which its use is embedded in the business. |
Date: 30-Sep-2005 |
|||
|
Provisioning The nature of the calculation of the provisions within Corporate Division will be changing in response to new International Accounting Standards, in particular there will be a shift in the balance of general (or collective) provisions to specific provisions. The FSA’s risk review visit in June 2004 identified concerns with the current provisioning methodology and we expect to see these addressed as part of the IAS changes, in addition. Corporate Division will conduct a review of its collective provisioning methodology and confirm that it is content that all of the risks are sufficiently well mitigated. |
All |
The level of total provisions are prudent and adequate and a robust methodology is in place for determining the specific and collective elements of this provision. |
Senior management should set out their plans for updating their provisioning policy. |
By: 31-Mar-2005 |
|
Senior management lo have confirmed in writing they are content with the collective provisioning model, especially in respect of the particular aspects of the model named in the letter of 14 October 2004 to George Mitchell. |
By: 29-Apr-2005 |
|||
|
GFR (in conjunction with KPMG) should report to FSA on their assessment of the robustness of the revised provisioning policy. |
Date: 30-Jun-2005 |
|||
|
Close and Continuous The nature and scale of HBOS Corporate Division’s business means we want to have a close & continuous relationship with the Division and maintain our knowledge of the MBU, its strategy and emerging business risks. We also need to maintain our knowledge of the management and control functions so that we can judge the extent to which we can place reliance on them as part of the wider risk mitigation programme. We should get to know the various businesses and ensure that the reports by the risk functions are adequately responded to by the business. |
All |
FSA is kept abreast of key developments relating to business strategy and the control structure, and is able to identify emerging risks at an early stage |
FSA lineside supervision team will meet with key individuals from the division on a regular basis. |
Ongoing |
- END OF REPORT -
APPENDIX 2
RISK MITIGATION PROGRAMME
|
Assessment Name |
HBOS Strategy and International |
|
Regulatory Period/End Date |
24 month(s)/24 December 2006 |
FSA REGULATED FIRMS INCLUDED IN THIS ASSESSMENT
|
FSA Firm Ref No |
Firm Name |
|
204759 |
Bank of Scotland (Ireland) Limited |
|
Nature of issue |
Intended outcome |
Action |
Timetable |
|
Overseas businesses HBOS Group operates a federated management structure. Supporting this is a control framework following the group’s three lines of defence model. In the case of the Irish and Australian businesses, roles and responsibilities of local and UK based control functions have been less clear cut and it remains to be demonstrated how effective these oversight arrangements are in practice. Any deficiencies could be exacerbated by the geographical remoteness and, in the case or Australia, the need to embed the ‘HBOS way of doing things’ into the businesses. |
There is an effective control framework in the international businesses which is commensurate with those businesses’ strategic objectives |
HBOS Group Risk to review the effectiveness of UK and locally based control functions and report to the FSA. |
1H2005 |
|
Supervisory team visit to assess local control functions and meet host regulators, potentially coordinated with Treasury review (see Treasury RMP). |
2H2005 |
||
|
Close & Continuous The nature and scale of the HB0S Group means we want to have a close & continuous relationship in order to maintain our knowledge of the Group, its strategy and emerging business risks. We also need to maintain our knowledge of the management and control functions so that we can judge the extent to which we can place reliance on them as part of the wider risk mitigation programme. |
FSA is kept abreast of key developments relating to business strategy and the control structure, and is able to identify emerging risks at an early stage. |
A close and continuous relationship is maintained between the group and the FSA. |
Ongoing |
58 Letter from the FSA to Andy Hornby on 29 June 2006 on HBOS Interim Risk Assessment
As you are aware we conduct an interim desk-based risk assessment of HBOS Group (“the Group”) during the designated regulatory period. In this fetter, we summarise our assessment and advise you of the actions we cxpect you to take.
We assessed your group by applying our risk assessment framework—ARROW. For an explanation of this please see Appendix I. We also attach the revised risk mitigation programmes (RMPs) in Appendix 3 for each material business unit (“MBU”). This assessment was carried out using the original ARROW framework, your next full assessment will be carried out under the Arrow II framework during 2H 2007.
Overall assessment
Since the last full ARROW assessment in 2004, the Group has made progress in enhancing its systems and controls but there remain control issues in the Group. There have also been a number of changes in the Group’s senior management ancl it is yet to be seen how the most recent of these will bed in.
While we recognise the progress that has been made by the Group in strengthening its control environment, we consider there is still more to be done. In the UK the financial control issues within the Insurance and Investment Division are a particular concern. Like you, we will expect to track closely the progress made in resolving them.
The Group’s Basel II/CRD implementation programme, in our view remains a high risk, As you are aware significant progress needs to be made on credit risk modelling and demonstration of compliance with the use test. The quality of data and documentation are key underlying factors requiring improvement. The Basel II programme will be a key focus of our work on the Group in 2006,
The Group has made progress in implementing and embedding TCF since the publication of your Customer Contract. TCF is a high priority for FSA and. will need to remain a key regulatory focus for the Group.
The aggressive overseas growth strategy poses risks to the whole Group. We warn to be satisfied that the Group and its senior management manage and mitigate appropriately the risks arising from the growth strategy, especially in Ireland and Australia.
In addition, we have identified a number of specific issues arising from your business that could raise material risks to our statutory objectives. These issues are largely of an operational nature. To this end, the attached RMP is aimed at addressing these issues and ensuring that you continue to develop your control functions so that they are aligned to the risks in the business.
We recognise that you have an open dialogue with the FSA and that the Group’s systems and controls are improving. Accordingly we have relied upon the Group’s senior management to deliver the RMP actions where we consider it appropriate to do so. In addition in a number of cases we have removed issues from the previous RMP as we are satisfied that the remaining follow up activity can be undertaken as part of our Close and Continuous dialogue with the Group. In taking this approach we will continue to seek assurance that the Group’s systems and controls are sufficiently robust for us to place reliance on them.
Risk mitigation programme
The RMP, which sets out what steps you need to take, is subject to review if there is any significant change or potential change in the Group’s business or control structure, or the nature of the issues identified. In line with your general obligations under the FSA Handbook, you should notify us of any such changes in order that we can consider the need to review our risk assessment of the Group.
We will only highlight here the two biggest risks to the Group which are included in the RMP:
Financial and administrative controls within HBOS FS
The financial controls within the life companies of HBOS FS are poor and we are concerned that the overall control environment within HBOS FS is inadequate and not sufficiently robust.
There is a fundamental accountancy issue which needs to be addressed to ensure that all money is where it should he within the *** and *** funds. It is essential that this rectification process is carried out to an appropriate level of accuracy and the procedures adopted for the future are resilient and robust. In addition the South West box management issue must be satisfactorily concluded and we will want to see that all business is appropriately administered.
We are content that remedial plans are in place and accept that there is little to be gained at this stage in our commissioning further investigations into the issues and their root causes. However, given the seriousness of the nature and scope of the issues we think it important that we verify that they have been resolved fully and effectively. Accordingly once the remedial work is complete we will seek confirmation from the Group CEO that each of the life companies has a robust overall control environment which will be resilient in the face of change. We will also want to see an independent review of the remedial work carried out and the post remediation control environment to satisfy ourselves as to the adequacy of the work done by the Group, We will discuss with you at a later stage whether the independent review should be conducted by Group Internal Audit or by a third party.
Basel II
As indicated above we consider the Group’s Basel II programme remains high risk. You have acknowledged that it remains challenging to meet the Q4 2006 IRB waiver submission deadline. Accordingly we expect you to develop a contingency plan in case you do not meet the deadline. We also expect to see a clear and realistic plan in place for the Group to meet IRB and AMA standards going forward. To reflect the importance of this issue we will continue to hold monthly updates with the Basel programme directors and have scheduled several visits during 2006 to review the Group’s progress in modelling credit and operational risk. We are very disappointed that the Corporate GCM or PIM models will not be at a suitable standard for the scheduled July 2006 visit. We expect to continue to need regular meetings in 2007 and as part of the review of any waiver application. By far the biggest challenge is for the Corporate credit risk models (and the corresponding international models) to be IRB credible and this will remain the key focus of our attention. However, we will want to see improvements across all of the Divisions in the development, documentation and use of IRB and AMA models. We appreciate your continued open dialogue with us.
We will also expect further work on embedded waivers and individual guidance, especially amendments to the integrated groups regime as a result of CRD implementation.
Close and continuous work
The FSA is committed to a risk-based approach to supervision (ARROW) and, where appropriate, focused Group Supervision. We propose to continue our “Close and Continuous” (C&C) supervisory working relationship with the Group. Underpinning this is our willingness to place increasing emphasis on senior management to ensure that the business and control risks are properly identified and mitigated.
A C&C relationship is characterised by frequent and on-going contact between us and your senior management to discuss pertinent issues. We will continue to meet regularly with your senior management. Of course, we still expect you to raise promptly significant issues with us outside these meetings.
Highlighted below are the main points that we will wish to discuss as part of our C&C dialogue with the Group and or specific Divisions over the coming months. Typically, the items included here are those we consider sufficiently significant to warrant some monitoring action by us but not so material as to be the subject of specific actions in the RMP.
Group-wide issues
Treating Customers Fairly—You have kept us informed of the development of your Customer Contract initiative and progress in rolling it out across the business. Due to the ongoing nature of this issue and the importance FSA places on firms demonstrating tangible progress in embedding TCF in their business we will continue to monitor your progress at Group level and the Divisional programmes for product reviews.
BCP is another group wide issue that we will want to continue to monitor. There has been considerable activity in this field given the heightened perception of risks from terrorist threats and natural disasters such as Avian flu. Accordingly we would expect this to continue to be a topic covered in Divisional C&C meetings and an annual stock take meeting with Group Services Internal Audit.
Corporate issues
Credit Control—Corporate has made good progress in developing credit grading systems and enhancing its credit decisioning process and as such we no longer consider specific actions on these points are required in the RMP. We expect that through a combination of our C&C discussions and Basel model review work we will be able to test the degree to which the Division has embedded the credit grading and decisioning systems in its business and is able to use them to track trends in credit approvals and the quality of the back book.
Insurance issues
HBOS FS systems and controls—we explained earlier in this letter our concerns about the financial and administrative controls in HBOS FS and we intend to monitor the investment accounting issues and the box management rectification process via a regular reporting structure. These issues will also be discussed as part of C&C along with the other financial controls project work such as the ICA.
HBOS FS other issues—there is an issue relating to the setting of *** investment strategy and compliance with the PPFM which remains outstanding. This issue has TCF implications and we are concerned that it has not yet been fully resolved. It has been discussed extensively as part of C&C and we would like to see this issue brought to a conclusion swiftly.
HBOS GI issues—we will want to discuss embedding the ICA within the firm and continue to track developments in the variable price PPI.
International issues
Ireland and Australia—We acknowledge the work done to address our concerns over the adequacy of controls in the Irish and Australian businesses during their current growth phase. Good progress has been made in implementing Group Risk’s recommendations for strengthening their control environment. Nevertheless we will want to continue to track developments in the business and control environment.
ENA—The composition of ENA raises challenges in respect of that Division’s control framework. We acknowledge that the Group is aware of these and is actively seeking to mitigate them through the governance arrangements it has put in place. However, we will want to monitor the progress being made with the ongoing integration of its respective businesses, the development of the risk control framework and the quality and quantity of resources across key functions. In addition, given ENA’s growth plans for the European insurance business we will want to discuss with you how you have satisfied yourselves that adequate controls are in place to management the growth in the business.
Retail issues
Sales Culture Review—Retail has undertaken a substantial programme of work to boost the compliance culture amongst its customer facing staff. A rolling monitoring programme is being developed to ensure that compliance culture improvements are sustained. We will want to track the results of this monitoring work and satisfy ourselves that compliance will continue to receive appropriate attention.
Management of credit risk in the unsecured business—Good progress has been made on understanding the underlying causes for the poor credit performance of parts of the unsecured book and the resource devoted to credit risk analysis has been substantially increased.
However given the significance of credit risk to the Division we will continue to want to track the credit trends you experience both within the secured and unsecured book and your assessment of the implications for the business.
PPI—The Group will receive in due course more detailed feedback on the results of the recent thematic visit. Follow up action on specific points identified during the visit will then be necessary. In addition we would expect to maintain our on-going dialogue with the group about its programme of work to enhance selling practices and record keeping procedures for this product range.
Other areas which we would expect to cover as part of our close and continuous dialogue are progress with Project Trinity, performance of the Business Knowledge Testing regime, and the control environment within Bank of Scotland Investment Services (BOSIS) given the continued programme of change in this business.
Treasury
The FSA acknowledges the work HBOS has undertaken to deliver the Treasury RMP and as a result of this we have not thought it necessary to include any RMP actions for the Division. Instead we will rely on a C&C dialogue which we would expect to include coverage of:
Systems and Controls—Major systems developments are occurring within Treasury and it is paramount that these deliver an appropriate control framework for the business planned. Treasury has experienced major system problems in the last few months and we will want to understand how you have satisfied yourselves that these are isolated incidents and not an indicator of more fundamental system weaknesses.
Compliance Monitoring—We view the recent compliance monitoring review as a positive step and welcome the open dialogue regarding the transaction reporting breach. We expect to be updated on the outcome of compliance monitoring review and will want written confirmation of work carried out to rectify the client money audit issues.
Australian Branch—We acknowledge the work earned out to develop the governance, systems and controls within the new Sydney Treasury branch, but will continue to want to monitor the growth of the branch.
***
Amongst the issues that we will include in our C&C discussions over the coming months are the planned establishment of your property company and progress with your outsourcing to ***.
Period to the Next Risk Assessment
On the basis of our current assessment we plan to carry out the next full risk assessment in 18 months. It is important to note that we may undertake further work at any time, or expect the Group to start additional work if, for example, additional risks are identified or crystallise. We expect management to inform us of any significant developments.
Confidentiality and Response to This Letter
This letter has been prepared for regulatory purposes only and its contents should be treated as confidential. You should copy this letter to your auditors but please discuss with us if you intend to disclose it to any other third party. This is because its contents could be misunderstood or misinterpreted if disclosed in another context.
Please confirm to me by 31sl July 2006 that the Board of the Group has considered this letter and has agreed to implement the sections of the risk mitigation programmes in Appendix 3 which require action by you.
APPENDIX I
ARROW Risk Assessment Methodology
The FSA’s risk assessment process—ARROW—is a high-level review aimed at assessing the significance of a particular risk posing a threat to our statutory objectives. It is not an examination or audit, and may not identify all of the risks associated with current and proposed activities. The ultimate responsibility for identifying and assessing risks remains with the Board of Directors.
Our four statutory objectives were established by the Financial Services and Markets Act 2000:
“Market Confidence”—Maintain confidence in the UK financial system;
“Public Awareness”—Promote public understanding of the financial system;
“Consumer Protection”—Secure the appropriate degree of protection for consumers; and
“Reduction of Financial Crime” — Reduce the scope for financial crime.
The ARROW framework is at the core of our risk-based approach to regulation. Using the ARROW process, we consider the particular risk your firm might pose by assessing:
the impact on our statutory objectives if the particular risk actually materialised; and
the probability that the particular risk will materialise.
Further information can be found on our website at:
http://www.fsa.gov.uk/Pages/About/What/Approach/index.shtml
Internal Capital Adequacy Standards (ICAS)
Our approach to ICAS is set out in Policy Statement 04/16—Integrated Prudential sourcebook for insurers. Under the ICAS framework, a firm is required to make an individual assessment of its capital needs (ICA). In addition, we will give most firms individual capital guidance (ICG) reflecting our own view of what an adequate level of capital is for their particular business. 1CG is set taking into consideration capital consistent with a 99.5% confidence level over a one year period or, if appropriate to the firm’s business, a lower confidence level over a longer period. We consider that, as the ICG gives our view of what an adequate level of capital is for a particular firm, it represents a regulatory intervention point.
APPENDIX 3
RISK MITIGATION PROGRAMME
|
Assessment Name |
HBOS Group |
|
Regulatory Period/End Date |
36 month(s)/24 December 2007 |
COMPONENT ASSESSMENTS
|
Assessment Name |
|
HBOS—Corporate Banking |
|
HBOS Group—Retail |
|
HBOS Insurance and Investment Group Limited—Insurance and Asset Manangement |
|
HBOS Strategy and International |
|
HBOS—Treasury |
|
Nature of issue |
Component assessments to which issue relates |
Intended outcome |
Action |
Timetable |
|
Basel Implementation The Capital Requirements Directive has broad and high expectations of senior management in approving, understanding and using the approaches and techniques being developed and implemented now for enhanced measurement and management of credit and operational risk. It is not clear either how extensively these requirements are met currently amongst board members and senior management or what the Group plans to do over time to ensure the requirements will be achieved and maintained. There is a risk that the models will not be IRB credible, especially in Corporate- data quality, use test, stress testing and documentation are four key areas which require focus. We are concerned by the continued delays in the programme. It is your choice to apply for the waiver and it is paramount that you either have a realistic plan to meet the waiver requirements or have plans in place to be compliant with the CRO requirements if you decide not to submit the waiver. HBOS will also need to have an agreed integrated groups regime. |
All |
HBOS develops awareness and understanding of how the business is to operate in a post CRD implementation world including integrated groups regime, which is at least equivalent to the FSA’s expectations as they continue to evolve. |
Senior management to provide monthly updates to the FSA including pre and post application. |
Continuing |
|
Firm to play a lull part of’ ongoing thematic and firm specific visit programme. |
Continuing |
|||
|
HBOS Group Finance to review their integrated groups regime, individual guidance and embedded waivers in line with CRD implementation and FSA guidelines. |
By: 29-Dec-2006 |
|||
|
Group Finance to update the FSA on implementation of integrated groups and embedded waivers for CRD |
By: 29-Dec-2006 |
|||
|
Group internal audit to provide quarterly updates on the progress of Basel implementation |
Quarterly from 03-July-2006 |
|||
|
Group Risk to provide details of their implementation plan, roll-out plan and contingency plan for Basel implementation via formal updates |
Quarterly from 03-July-2006 |
|||
|
Group Financial Risk to review the operation of the new credit decisioning system in Corporate to ensure procedures are being accurately followed and that the independent credit unit has the necessary expertise, resource and influence to perform its function effectively. |
Date: 29-Sep-2006 |
|||
|
The supervisory team will visit corporate banking to discuss the manangement information for risk management, its content and the way it is being used within the division. |
1Q 2007 |
|||
|
Project Holly HBOS has set up a cost leadership programme to significantly reduce the cost/income ratio. The programme is still being developed. Given the crystallisation of financial control risk in HBOS FS there is a risk that controls will not be maintained, or that there will be inadequate resources and/or failure to oversee change management effectively. |
All |
The HBOS cost leadership programme is implemented without detriment to the management of risk, controls and adequate resources. |
H80S to submit an implementation plan to show how they will ensure there is a measured consideration of key risks including effective change management, and managing key resources end controls. |
Date: 29-Sep-2006 |
|
HBOS FS financial accounting, systems and controls HBOS FS has identified significant weaknesses with its financial accounting systems and controls some of which have crystallised in losses. FSA is concerned about the fragility of the HBOS FS systems, the extent of past control failures, and potential for further consequential losses, together with the historic inability to manage change effectively. |
HBOS Insurance & Investment Group Limited—Insurance and Asset Management |
Group is able to demonstrate that it has provided appropriate oversight and support to ensure that a robust systems and controls environment operates in HBOS FS which will be resilient in the face of change. |
The Group CEO to confirm that HBOS FS has a robust control environment which will be resilient in the face of change. |
2H 2007 |
|
FSA will require an independent review of the financial control work carried out in HBOS FS and the post remediation environment. |
2H 2007 |
- END OF REPORT -
APPENDIX 3
RISK MITIGATION PROGRAMME
|
Assessment Name |
HBOS – Corporate Banking |
|
Regulatory Period/End Date |
36 month(s)/24 December 2007 |
FSA REGULATED FIRMS INCLUDED IN THIS ASSESSMENT
|
FSA Firm Ref No |
Firm Name |
|
204759 |
Bank of Scotland (Ireland) Limited |
|
201944 |
Capital Bank Plc |
|
106048 |
Halifax Plc |
|
169628 |
The Governor and Company of the Bank of Scotland |
|
Nature of issue |
Component assessments to which issue relates |
Intended outcome |
Action |
Timetable |
|
Stress Testing A core part of the preparations for Basel will include introducing technology for stress testing and embedding the use of these tests in the business. This implementation has been delayed but will occur in the near future. In addition to this, the scenarios and methodology surrounding the stress testing needs to be fully considered, articulated and documented by Corporate Division to ensure clarity and transparency within the Division, to Group and to the FSA. Stress testing of the portfolio is a key risk management tool and its effective use is needed to satisfy FSA that the risks are being managed properly. |
All |
The use of stress testing is embedded in Corporate Division and is an integral part of its strategy and risk management decision process. |
The Basel application process will require a thorough analysis by the FSA of the level of compliance with the Use Test. Special attention will be paid to the management information, stress testing technology and extent; to which its use is embedded in the business. |
Date: 29-Dec-2006 |
END OF REPORT -
APPENDIX 3
RISK MITIGATION PROGRAMME
|
Assessment Name |
HBOS Insurance and Investment Group Limited – Insurance and Asset Management |
|
Regulatory Period/End Date |
36 month(s)/24 December 2007 |
FSA REGULATED FIRMS INCLUDED IN THIS ASSESSMENT
|
FSA Firm Ref No |
Firm Name |
|
*** |
*** |
|
*** |
*** |
|
*** |
*** |
|
*** |
*** |
|
*** |
*** |
|
*** |
*** |
|
*** |
*** |
|
*** |
*** |
|
*** |
*** |
|
*** |
*** |
|
*** |
*** |
|
*** |
*** |
|
Nature of issue |
Component assessments to which issue relates |
Intended outcome |
Action |
Timetable |
|
Financial accounting, systems and controls HBOS FS has identified significant weaknesses with its financial accounting systems and controls some of which have crystallised in losses. FSA is concerned about the fragility of the HBOS FS systems, the extent of past control failures, and potential for further consequential losses, together with the historic inability to manage change effectively. |
*** *** *** *** |
HBOS FS is able to demonstrate that its financial accounting, systems and controls are robust and will be resilient in the face of change. |
HBOS FS implements a project to remedy the weak systems and controls environment and adequately compensates any consumer loss. Senior management reports regularly to FSA the progress in delivering the project plan to ensure appropriate systems and controls are in place in HBOS FS. Specific project milestones should be agreed with the FSA and reported on. |
Monthly from 01- Jul-2006 to 31-Dec- 2007 |
|
Management of Life Company Funds FSA has expressed doubt as to whether the life companies’ customers are best served by having the management of equity funds carried out by ***. FSA’s concern has been that the management of any potential conflict of interest between *** and the life companies in this regard may not be adequately demonstrated. FSA is also concerned to ensure that the setting of the investment policy of *** with- profit fund is in accordance with the commitments made in the PPFM. |
*** *** *** *** |
FSA is satisfied with how the firms set and monitor their investment policy, in particular the investment policy for *** with- profit fund |
FSA Risk Review Team to undertake a visit to the life companies to review the setting and monitoring of investment policy by the firms. |
2H2006 |
- END OF REPORT -
APPENDIX 3
RISK MITIGATION PROGRAMME
|
Assessment Name |
HBOS Group |
|
Regulatory Period/End Date |
36 month(s)/24 December 2007 |
FSA REGULATED FIRMS INCLUDED IN THIS ASSESSMENT
|
FSA Firm Ref No |
Firm Name |
|
1446*1 |
Bank of Scotland Independent Financial Advisers Limited |
|
201944 |
Capital Bank Plc |
|
143722 |
Halifax Independent Financial Advisers Limited |
|
106048 |
Halifax Plc |
|
183332 |
Halifax Share Dealing Limited |
|
116179 |
iWeb (UK) Limited |
|
169626 |
The Governor and Company of the Bank of Scotland |
|
304154 |
The Mortgage Business Plc |
|
Nature of issue |
Component assessments to which issue relates |
Intended outcome |
Action |
Timetable |
|
Mortgage and general insurance regulation HBOS Retail Banking division is currently the biggest UK mortgage provider and a large seller of non investment insurance products. Retail has delivered the mortgage regulation project and appears to be on track with preparations for general insurance regulation. Until systems and sales monitoring mechanisms are fully embedded there is a higher risk of non compliance. This could lead to a lack of market confidence in the new regimes delivering the expected benefits in terms of consumer protection. |
Capital Bank Plc Halifax Plc The Governor and Company of the Bank of Scotland The Mortgage Business Plc |
M and Gl regulation is implemented smoothly providing the enhanced consumer protect on that it is expected to deliver. |
Thematic on site supervision work will assess aspects of the industry’s application of the new standards. Date and scope of work to be confirmed during 2005. |
By: 01-Sep-2006 |
|
Pre A Day Mortgage Endowment Complaints (MECs) The Financial Ombudsman Service (FOS) has concerns about the quality of pre A day MEC handling. However the FOS and HBOS do not agree on what suitability standards should be applied. HBOS advise that they are applying the same standards of complaint investigation handling to pre and post A day cases. Whilst the dispute with FOS remains there is a risk that complainants may suffer disadvantage and therefore the firm should resolve this issue as soon as possible. Depending on how the issue is resolved HBOS may need to re-review declined Pre A day complaints |
Bank of Scotland Independent Financial Advisers Limited Halifax Independent Financial Advisers Limited Halifax Plc The Governor and Company of the Bank of Scotland |
The issue with the FOS to be resolved by the end of January 2005. After resolution of the issue, HBOS to re-review pre A day cases, where necessary, to satisfy the principle of TCF. The FSA needs to be confident going forward that HBOS are continuing to use appropriate standards for assessing complaints. |
HBOS to review their pre A day MEC handling |
Date: 31-Aug-2006 |
- END OF REPORT -
APPENDIX 3
RISK MITIGATION PROGRAMME
|
Assessment Name |
HBOS Strategy and International |
|
Regulatory Period/End Date |
36 month(s)/24 December 2007 |
FSA REGULATED FIRMS INCLUDED IN THIS ASSESSMENT
|
FSA Firm Ref No |
Firm Name |
|
204759 |
Bank of Scotland (Ireland) Limited |
- END OF REPORT -
APPENDIX 3
RISK MITIGATION PROGRAMME
|
Assessment Name |
HBOS |
|
Regulatory Period/End Date |
36 month(s)/24 December 2007 |
FSA REGULATED FIRMS INCLUDED IN THIS ASSESSMENT
|
FSA Firm Ref No |
Firm Name |
|
197542 |
Bank of Scotland (Ireland) Limited |
59 Letter from Lord Stevenson to the Chairman of the FSA on 26 June 2007
No letter from the Chairman of a bank to the Chairman of the FSA can ever be regarded as completely informal but this is as near as it comes!
A number of your colleagues I know are burning the midnight oil, as are a number of mine, to make sure that the decision we heard about this morning is properly dealt with. You may take it that no one here has got the process out of perspective... namely, the very difficult job the FSA has of trying to ensure that when you give us the green light you and we can be as near as damn it certain that we are ready for it.
Having sat in a corner and thought about it—and with little knowledge of the detail—I think it is probably right to communicate with you directly so as to share two worries which, if at all correct, might lead you and your colleagues to want to have a quick review of where we have all got to. I may well have—almost certainly have!—some of the wrong perspective but I have that feeling in the middle of my back of a potential Greek tragedy unfolding.
The first—and the lesser—of my worries is about process. In simple terms....
Tens of thousands of hours have been devoted here and in Canary Wharf over two years to get your Line-side Team and your Technical Risk Review Team comfortable with our Waiver Application, and in particular with the Corporate Bank’s Application, so that approval could be given subject to conditions.
My understanding is that both teams having reached that position, their recommendation has been turned down by a decision making committee meeting for a few hours.
It may be that there is some “force majeure” thunderbolt that has come off left field which could produce that outcome....if so, much better that we all understand it now rather than later...but from what I have been told, based on the telephone conversation that my colleagues have had with *** , it is difficult to see it.
It is also a little difficult to see why such a major change would be made concerning Risk Weighted Assets which make up less than 10% of the Risk Weighted Assets of the bank. My Board colleagues this morning did ask how a decision that could be so material for the bank could be justified by the residual concerns about this amount of the bank’s assets.
To repeat, as I hope is clear, we do not have this at all out of perspective. We recognise this is a process which as one’s Mother used to say “is for our own good”! And if there are good reasons we will be very glad of them. For the avoidance of doubt, my colleagues’ main concentration is in ensuring that they do everything necessary to remove the problem over the next three months specified by the committee....indeed they will be pressing very hard for the process to be expedited.
However, on that assumption, can I switch to my second—and much greater worry—that of reputation and the difficult and unfortunate financial and legal consequences that regrettably flow in this day and age from reputational issues.
I obviously have no knowledge of how you are treating our three major competitors; the banks against whom we are compared by analysts, journalists and investors. And this worry, I think, only stands if the other three are being treated differently than us, so that they will be able, whether now or perhaps in the early Autumn, to announce that they have been completely approved subject to conditions.... whereas, as I understand it, we will be in the somewhat “Alice in Wonderland” position of having been approved as to our main Retail and Treasury portfolios but you will not, for legal reasons, be able to make this public.
I am very very worried about the consequences of this getting into the public domain, which it is difficult to imagine will not happen....and I worry the more so if there could be any legitimate grounds for concern about the consistency, the proportionality or the fairness of the process. As I am writing this letter I have not thought through how we and you would cope with some of the more unpleasant consequences but I sure hope that you and your colleagues have! Either way, if the decision making committee’s verdict is to stand it is of the utmost priority that the FSA—because it is the FSA that inevitably is in the lead on this, of course with our full co-operation—works out how they will handle any public disclosure so as to minimise damage.
I am writing this letter without the benefit of legal advice, and frankly, having had only a brief conversation with my executive colleagues and discussed it for half an hour with my Board this morning, and without any other input. I thought of hot writing on the grounds that decisions taken by large organisations like the FSA are rarely reversible in the short term. Having thought about it however, I think that it would have been wrong of me at a personal level not to share these worries with you.
60 Evaluation of progress against issues raised in the ARROW letter and RMP of December 2004 and the Interim ARROW of June 2006
Group
Interim ARROW June 2006
1. Basel
Outcome: We had material concerns over their IRB credit risk models and implementation programme. We heavily monitored/reviewed their model development and programme during 2006 and 2007. This led to more rigorous model development and realistic planning. The IRB waiver was granted in September 2007. HBOS is now in a much better position with IRB credible models, significant governance oversight and model development that will continue after January 2008. We expect significant improvements in their corporate models, which we will be monitoring during supervisory business as usual work. Issue closed.
2. Financial and administrative controls within HBOS FS
The financial controls within the life companies of HBOS FS are poor and we are concerned that the overall control environment within HBOS FS is inadequate and not sufficiently robust. There is a fundamental accountancy issue which needs to be addressed to ensure that all money is where it should be within the *** and *** funds.
Outcome: This is an on-going issue that we are heavily monitoring and will take time to resolve. HBOS are fully aware of this issue and we expect an independent review to be completed before the year end. Issue open.
3. Project Holly
HBOS are in the process of implementing a cost leadership programme focusing on reducing costs by centralising finance and HR functions.
Outcome: HBOS assessed the impact of this programme adequately. However, due to the control failures that have arisen, which are not directly because of this programme, we will be reviewing the adequacy of controls and resources across HBOS. Issue closed.
Full ARROW 2004
1. Intra-Group exposures
Outcome: HBOS successfully completed its banking licence consolidation programme in September 2007. This significantly reduced the complexity of the banking entities and solo- consolidated entities. HBOS now has a much clearer process for managing intra-group exposures (UK and Wider Integrated Groups regime, fewer banking entities) and has also reduced the number of solo consolidated entities. Issue closed.
2. New Product Approval and TCF
The RM team decided to commission a full review by HBOS Group Risk/Group Internal Audit and ultimately felt comfortable in relying on their findings that the control environment around this area was adequate (Green RAG status).
Outcome: HBOS has developed a TCF strategy and formal annual product review. HBOS is in the process of implementing their customer contract. In line with our next steps we will be focusing on how embedded TCF is within the business. Issue closed but further work required on TCF embeddedness.
3. Business Continuity Planning
It was determined following the last ARROW assessment that we required further assurances around BCP arrangements within the HBOS Group. As a result, we included HBOS in the 2005 Resilience Benchmarking Exercise undertaking a series of meetings with the firm and asking them to complete an in depth questionnaire. Following this, the RM team undertook a regular series of meetings with the Head of Internal Audit (Group Services) and gained additional comfort around BCP arrangements at HBOS. We have since taken this issue forward in divisional close and continuous meetings with the firm.
Outcome: Procedures at HBOS are generally robust with just a few areas requiring further consideration by the firm. Issue closed, but IT systems resilience will be reviewed during the ARROW.
Asset Management
Use of derivatives
Outcome: The increased use of derivatives was reviewed during the C&C meetings and is appropriately controlled. Issue closed May 2005.
Corporate
1. Stress Testing
One of the core parts of preparations for Basel was the introduction of stress testing—both from a technological and a cultural point of view.
Outcome: HBOS has improved their stress testing and it is a core part of their risk management process. The required actions have been satisfied, and the use of stress testing is now embedded in corporate division. We have picked this up through the SREP work conducted during 2007. Issue closed and it will be monitored during Basel BAU work, where we expect improvements to occur in the modelling of the stress tests.
2. Credit Decisioning Process
A new credit sanctioning process was to be rolled out within Corporate Division during 2005, transferring responsibility for assessment of credits above £6m to a newly established independent function. The intention here was to add rigour to the sanctioning process. The system was successfully implemented and reviewed by group risk.
Outcome: The credit decisioning process was fully embedded leading to improved sanctioning. Issue closed.
3. Risk Grading System and Management Information
A new risk grading system was introduced across corporate throughout 2004, giving improved monitoring and management information. We were concerned to monitor implementation progress including work being done to develop new MI. This issue was absorbed into our work on consideration of the HBOS AIRB Waiver, which was approved in September 2007.
Outcome: HBOS has significantly improved their MI and risk grading system through their Basel IRB model development work. Issue closed. Basel BAU work will provide opportunities for monitoring the situation.
4. Provisioning
Changes to international accounting standards meant the nature of calculations of provisions within corporate required revision. Alongside this we asked the firm to make alterations to the credit provisioning methodology.
Policies were updated and a report conducted by group risk (in conjunction with KPMG) looking at the robustness of the updated credit provisioning procedures.
Outcome: HBOS has prudent corporate credit provisions in place. Issue closed.
Insurance & Investment
Interim ARROW 2006
Financial accounting, systems and controls
The financial controls within the life companies of HBOS FS are poor and we are concerned that the overall control environment within HBOS FS is inadequate and not sufficiently robust. There is a fundamental accountancy issue which needs to be addressed to ensure that all money is where it should be within the *** and *** funds.
Outcome: This is an on-going issue that we are heavily monitoring and will take time to resolve. HBOS are fully aware of this issue and we expect an independent review to be completed before the year end. Issue open.
Full ARROW 2004
European Growth Proposals/Aspirations
Outcome: *** has demonstrated sufficient oversight and controls for the growth of its European business. Issue closed.
HBOS FS Complaints Handling Process
Outcome: HBOS FS complaints handling process has been strengthened and the feedback loop from complaints to product design, distribution and operational systems was shown to be working adequately. Issue closed.
Investment Management of Life Company Funds
This issue is ongoing. This will be dealt with as part of the Insurers Governance Project.
Accuracy of Policyholder Statements
Outcome: HBOS FS are able to issue accurate and timely customer statements as appropriate across its entire product range. Issue closed.
Financial Monitoring: development of realistic balance sheet models and ICA methodology
Outcome: Robust realistic balance sheet and ICA methodologies are in place which are understood and are being embedded across the business. Issue closed.
INTERNATIONAL
Overseas business
The team raised concerns about the effectiveness of local and UK based control functions in terms of providing oversight and control within the overseas ventures, at a time of ambitious retail expansion in Australia and Ireland. At our request, HBOS Group Risk embarked on a wide ranging review of its overall control frameworks (having agreed the terms of reference with the FSA) and as a result made a number of procedural enhancements. We were generally content with the outputs from this review.
Outcome: improved oversight and controls for the overseas businesses. Following our review of the Australian operations we have put in place further RMP actions for HBOS to increase their systems and controls in line with their planned growth.
Retail
The previous RMP (which was relatively extensive) was completed satisfactorily and to time, and included the following key areas:
1.
2.
3.
4.
5.
6.
Mortgage endowment complaints (MEC’s)]
In terms of achieving fair outcomes for consumers, this was probably the most extensive and important piece of work undertaken by the RM team in the last two years. At the time of the last ARROW assessment the Financial Ombudsman Service (FOS) had concerns about the quality of ‘Pre-A-Day’ MEC handling at HBOS. Following an extensive period of negotiation, HBOS agreed to carry out a retrospective review of all pre-A-Day complaints it had previously declined during 2003 and 2004 (FSA was comfortable with HBOS’ approach to handling pre-A-Day complaints from 2005 onwards). HBOS subsequently completed this work at the end of 2006 at which time it had upheld 87% of the total 2003/2004 cases and paid out in excess of £19m in redress payments. Having reviewed the remediation work carried out by the firm we were able to close this RMP issue in 2007.
Outcome: MEC remediation work carried out by HBOS and re-dress payments given to customers; thereby improving their MEC process and reducing customer detriment. Issue closed.
Treasury
1. Market risk model development. We were concerned to note that an internal audit review of the project to implement market risk models was graded “red”. Issues were identified around the model building process, project governance, data validation, and testing. The RMP point was raised given the potential impacts on the firm’s CAD1 model development work. Internal audit were asked to revisit the project and confirmed the issues had been dealt with satisfactorily.
Outcome: market risk model development was enhanced and HBOS was able to submit a CAD2 general market risk waiver in June 2007. Issue closed.
2. Overseas treasury operations. Our concern was around the ability of London-based control functions and management to properly oversee the Sydney branch of the firm. Having visited the Sydney office to assess controls, our concerns were assuaged.
Outcome: Sydney branch has a clear governance and oversight structure. Issue closed. We monitor how this works in practice during the C&C meetings.
*** Full ARROW 2006
1. Basel II
*** indicated that it was undertaking a cost benefit analysis to determine the most appropriate approach in terms of implementing the requirements of the CRD ie advanced or standardised. The firm eventually established that it would adopt the standardised approach and provided us with a copy of their Basel II implementation plan. We have received regular updates on progress against this plan and will be reviewing **’s ICAAP in 2008.
Outcome: *** has identified the most appropriate decision regarding CRD implementation and has a robust Basel compliance plan. Issue closed.
2. Joint Venture Agreement
At the time of the last ARROW, and in accordance with the parental agreement entered into in 1997, *** was in discussions with both *** and HBOS to decide on the future strategy and ownership of the bank. We were concerned that in order for *** to move forward it must have the full backing of both parents and we identified that their level of engagement was critical to *** success.
Outcome: Strengthened governance arrangement within ***, including amongst other things rotating the chair every 2 years between HBOS and ***. Issue closed. Given *** strong reliance on HBOS we will be carrying out some additional work within ARROW to establish the degree of independence of the *** board in terms of decision making.
3. Credit Risk
In 2005 *** financial performance was being hampered by an increase in the provisioning requirement brought about by rising levels of bad debt in the unsecured book. *** has since completed a wide ranging personal lending review and incorporated improvements and enhancements to its credit risk framework as a result.
Outcome: Improved credit risk management processes. Issue closed. Retail credit provisioning will be reviewed during the ARROW assessment.
4. Operational Risk
*** operates a highly outsourced model and had reported a number of failings in the management of 3rd party relationships. At our request, *** undertook a full review of its operational risk framework making several changes to procedures as a result. We have maintained a close and continuous relationship with *** over the last two years and no new material areas of concern have been identified.
Outcome: *** has a more robust operational risk framework in the light of the review undertaken. Issue closed.
*** Full ARROW 2005
1. Corporate Governance
There was concern that consideration of corporate governance risks had not been documented, there was no evidence of mitigating actions and we had concerns over the dominant role of the Chairman, ***. Senior management were asked to review the corporate governance risks faced by *** and propose mitigating actions to address them, to be approved by the Audit Committee.
Outcome: Corporate Governance risks have been reviewed and appropriate action taken. Issue closed. Balance to *** has been provided at board level and will continue to be monitored during C&C meetings.
2. Risk Management
There was a risk that both day to day and big picture issues were not being identified and mitigated due to a lack of resource and weaknesses in terms of regular assessment/rigorous challenge. *** has subsequently reported to us on its planned improvements to the risk assessment process, detailing improvements in the robustness of the risk assessment process going forward, the allocation of resource and an explanation of why that is deemed sufficient. Copies of correspondence have been received which evidence challenge to the risk assessments made.
Outcome: an improved risk management process with regular assessment and challenge. Issue closed.
3. IT Systems and controls
A number of IT processes had not been working effectively which implied weakness in risk assessment, operational control and monitoring. *** has made a number of improvements to its IT systems and a copy of the IT review conducted by *** has been provided to the FSA. Internal Audit have reviewed the controls within IT and provided the FSA with copies of its reports.
Outcome: Improvements have been made to their IT systems and controls, reducing the operational risk within the business. Issue closed.
4. Underwriting Risk
*** was experiencing unexpectedly high claims which were attributed to insuring younger drivers. Senior management were required to conduct a root cause analysis review of the claims and in April 2007, *** was merged into ***. The more risky drivers will no longer be underwritten by ***.
Outcome: *** risk profile has decreased. Issue closed.
61 Email from Lord Stevenson to the Chairman of the FSA on 13 November 2007 on “Getting Back”
Callum,
I hope by the time you see this you have had a good time in the Gulf at least psychologically miles away from rumour and counter rumour about the financial system!
In the nature of these things I found our discussion very helpful the other day not least in clarifying my own mind on a number of things. And I thought it might be worth getting back to you on three issues.
First, on HBOS you asked how HBOS felt on the “ladder of vulnerability”. Answer: without wishing to be complacent or hubristic, management has done a superb job—a job that started five years ago and not in August; most recently Andy Hornby has led his top managers into making some very tough decisions to ration assets growth next year. Good always comes out of difficult times; and a great positive for us is to have discovered the strength the HBOS brand has in financial markets. Given our 20% exposure to housing finance we would expect the CDS spreads to be where they are—actually rather worse. But the overall terms on which we have been able to borrow, the almost instant bounce back from rumours in the market place and the repositioning of Grampian all speak for themselves.
Turning it on its head and looking to lose sleep, what does one worry about? Of course it may be the world is going to pot in a basket. I do not think it is—although we have always realised the USA had further to go. If markets were to disappear completely and not come back for six months then of course we would have a problem but we and you would know it and most of the rest of the world will have a problem too. As I said to you, the one thing that I do worry about are off left field events probably caused by criminal attempts which have the potential to create some kind of an “HBOS incident”... but I think that is relatively unlikely, of course could happen to anyone and is difficult to plan for. It is, however, a worry which can only be mitigated in the long run by a completely different attitude to serious white collar crime ... in which connection you must not hesitate to let me know if 1 can help.
That is my best attempt to be paranoid. Can I, however, go into reverse mode and have a minor push back?! 1 and we sense a continual paranoia within the FSA about the “ladder of vulnerability” and HBOS. To be sure, it is only right and responsible to be vigilant in these markets in both managing and supervising a company which has considerable wholesale financing. Without wishing to be the slightest bit cavalier, however, 1 do believe that our management has done enough—as said above—not just over the last three months but the last five years—to demonstrate its sense of responsibility and competence and that there could be some release of the FSA paranoia button! One can never tell from the outside but it does look very much to us as though the regulatory concerns are rather greater about us than at ieast two of our competitors (one of whom we discussed) where I frankly think there is scope for rather greater worry, concentration and paranoia. Enough said.
Second, I would like to underline to you particularly in advance of ARROW my concern lest too knee jerk, even superficial a view is taken of the correct agenda for the FSA to impose on HBOS. Human nature being what it is, it would be surprising if in current circumstances there was not a tendency to play safe on all fronts. What 1 urge is that the FSA does not misread what I believe to be our unusual frankness and transparency which comes out of a culture set at the top by myself, James Crosby and Andy Hornby. To take the example of IT, I have been told several times the FSA is concerned about our “IT resilience”. So much so that I have recently had a very good look at it. Having gone into it I am very clear that you do not need to be concerned. We compare very well to most if not all of our competitors.
Why is there an FSA concern? Answer: 1 have a very shrewd suspicion that it is for the very simple reason that we are scrupulously transparent in registering anything that has gone wrong! In practice, the “outages” that might have acted to the detriment of consumers have been minuscule. As I explained to you I have a much, much greater concern about IT—one that certainly applies to us but I believe applies to most large banks in the world ... mainly security against hostile attack. That, I suggest, is what we should all be concentrating on led by the FSA rather than anecdotally derived and spurious worries about resilience.
Thirds I was glad to hear you say that the tripartite arrangements would need to be reviewed. And it was typically honest of you to say that legitimate questions couid be asked about the FSA’s supervision of NR. Without wishing to make you feel better about it for its own sake, on the latter I only express a personal view—and a personal view obviously enough not based on complete knowledge of the facts. Clearly the management and Board of NR can be said to have been a little unwise when faced with such a huge increase in business. And it may be the case that you will find your colleagues did not focus on it enough. However, I wonder even if they had what they would have seen fit to do since absent a once in a hundred year event, I doubt whether there would have been disastrous consequences. Just a thought which of course hits at the heart of the philosophy of risk based regulation!
Needless-to-say happy to discuss any of this with you and/or colleagues. I am copying this to Andy and also to Hector because with ARROW coming up I am very keen to communicate very directly my concern about HBOS suffering as a result of its own meticulous transparency in a way that would ultimate damage the overall cause that we are all engaged in.
62 Letter from the FSA to Andy Hornby dated 21 December 2007 regarding PILLAR 2 Supervisory Review and Evaluation Process –HBOS
As you are aware, we conducted our Pillar 2 supervisory review and evaluation process (SREP) of HBOS during June-October 2007. In this letter we summarise our findings and give individual guidance on the amount and quality of financial resources we consider appropriate for your business. We did not conduct an ARROW assessment at the same time, but where we identified actions that we expect you to take (other than holding capital) we have added these to the most recent risk mitigation programme (RMP) issued to you and attach an updated copy at Appendix 2.
For an explanation of individual guidance please see Appendix 1. This appendix also includes our detailed comments, including those areas where we have taken a different view to your internal capital adequacy assessment process (ICAAP) in giving Individual Capital Guidance (ICG). Given we will be carrying out in the ARROW assessment between November 2007-February 2008, we will assess the qualitative scalar at that time. You should be aware that tins may result in a significant add-on depending on our assessment of your controls.
The guidance in this letter replaces that set out in our letter dated December 2004 and confirms the draft ICG sent on 29 November 2007. Thank you for the Board’s confirmation of the draft ICG and RMP. The final ICG has not changed and there are some minor amendments to the RMP.
Overall Summary
The ICAAP is of adequate quality for your first submission, we accept that all significant risks have been assessed and a governance framework has been adhered to. As you used n “Pillar I plus” approach our SREP focused on the specific Pillar 2 risks such as concentration risk, capital planning, liquidity risk and stress testing. We expect improvements in specific areas including further analysis on concentration risk, liquidity, stress testing, funding ....[end of sentence is illegible].
Key Issues
These are the key issues that arose from our SREP. We have sot them out according to our view of the risk they pose.
Liquidity and Funding Risk
We are aware that you argue that capital is not the best risk mitigant against liquidity risk, which we accept based on the analysis you have carried out on notch downgrades. We expect HBOS to stress test the inability to access wholesale funding markets and for this exercise to be completed by January 2008. Due to the recent market conditions, and your reliance on wholesale funding, we have increased our liquidity monitoring, which we will continue for the foreseeable future. We also expect HBOS to carry out analyses of funding maturities and funding diversification- wholesale and deposits, to ascertain key dependencies. Due to the importance of this work, we expect this completed by the year end and continued market uncertainty.
Stress Testing and Capital Planning
We generally accept your capital planning analysis and notwithstanding the lack of severity of the stress scenario discussed below, we agree that no capital shortfall arises during the forecasted period. We have relied on your own assessment of mitigating actions and will be reviewing these actions in more detail next year. In forming our conclusion, we have relied upon the amount of capital buffers over and above the current level of regulatory capital requirement and we would not expect those buffers to be altered prior to discussion with us.
We have however concerns surrounding the severity of the “1 in 25” scenario. We believe that this scenario represents an inflation spike rather than a situation where higher inflation is a persistent problem in the economy. We propose to add on £500m. due to the weaker scenario. In addition to increasing the severity of the stagflation scenario, we also want HBOS to demonstrate that the “recession scenario” has a lesser impact on capital than the stagflation scenario. Following this exercise we may review the ICG. For future developments we would want to see commercial property and buy-to-let more prominent in your stress test modelling.
Concentration Risk
We do not accept that concentration risk is included in the stress testing results. We do not consider that HBOS is a fully diversified, internationally active bank. Therefore we have assessed the concentrations within your business. Our conclusion is that these concentrations in particular commercial property, and residential property UK southeast geographic concentrations and the lack of international diversification may impose significant risks to your business. To reflect this we have added on a capital charge. We also want concentration risk to be quantified and singled out in the next iteration of the ICAAP.
Securitisation Risk
Market conditions also predicated that we should postpone the securitisation risk visit. Securitisations have been a significant part of your funding strategy and we still need to understand the underlying risk to HBOS. [Next sentence is illegible].
Pension Risk
We accept the 1CAAP analysis on pension risk. However we are concerned by the firm’s lack of understanding of how the Watson Wyatt model generally works and more particularly how it is calibrated. We would therefore want to see evidence in our next review that you have challenged the model assumptions and are comfortable that it is fit for purpose. We also want you to re-consider the use of correlations under stressed conditions as correlations are known to vary in stressed conditions compared to normal conditions.
Further, because your calculation is based on a monthly revaluation of the assets and liabilities of the scheme, the pension risk capital will be subject to the volatility of the markets. Therefore, we would like you to notify us each month that the pension risk capital exceeds £1.5bn.
Mobility of Capital
We are relying on your own assurance regarding the mobility of capital within the HBOS Group. You ascertain that there are no calls on capital from the insurance entities and the Group policy is for capital to be held at the Group level, except for regulatory or tax purposes. Please can you confirm that our assumptions are correct.
Interest Rate Risk in the Banking Book
We accept your assessment of IRRBB, as your analysis of 12 month NII sensitivity to a +/- 200bpt parallel shock of yield curve is currently positive. We will rely on your NII sensitivity measure to set the ICG. During the next SREP we may review the behavioural assumptions underpinning the NII approach and the current assessment is based on your assertions.
Risk Mitigation Programme
The risk mitigation programme, which sets out what steps you need to take, is subject to review if there is any significant change or potential change to your business or control structure, or the nature of the issues identified. In line with your general obligations under the FSA Handbook, you should notify us of any such changes.
Individual Capital Guidance
We have reviewed the level of capital that you should hold and have concluded that your group should hold an additional amount of capital above the pillar I minimum. The detailed ICG for your group is set out in Appendix I, but in summary is to hold:
Consolidated capital of at least 103.6% of your Pillar I requirement plus £742 million (pension risk) and £500 million capital planning/stress testing.
As the overseas Regulators in Australia and Ireland have not yet agreed ICAAP for your local subsidiaries, we have been unable to assess any possible impact that would arise should either of them set their bespoke capital requirements for those local subsidiaries at levels in excess of current estimates held by the Group. [Next sentence is illegible].
Individual Guidance on Liquidity
We have also reviewed the level of liquidity that you should have as part of this assessment.
We confirm our consent for you to use the Sterling Stock Liquidity approach set out in IPRU (BANK) Chapter I.S. Our guidance is that your Group should maintain a stock of sterling liquid assets of at least £6 billion. Our guidance is based upon your internal net wholesale limit of £12 billion. To ensure our guidance remains appropriate please inform us if you adjust this limit.
Period to the next Risk Assessment
As you are aware we are carrying out the ARROW assessment during 4Q07 and 1Q08. We also plan to carry out and communicate the next SREP towards the end of next year. It is important to note that we may undertake further work at any time, or expect HBOS to undertake additional work if, for example, additional risks are identified or crystallise. In such cases, we will communicate any significant changes to our risk assessment of HBOS to you as they arise.
Confidentiality and Response to this Letter
This letter has been prepared for regulatory purposes only and its contents should be treated as confidential. You should copy this letter to your auditors but please discuss with us if you wish to disclose it to any other third party, as you will need our prior consent for such disclosure. This is because its contents could be misunderstood or misinterpreted if disclosed in another context. We will send a copy of this letter to the Australian Prudential Regulatory Authority (“APRA”) and the Irish Financial Regulator.
Please confirm to me by 1st February 2008 that the Board of HBOS has considered this letter and has agreed to implement the sections of the risk mitigation programme in Appendix 2 which require action by you.
APPENDIX 1
INDIVIDUAL GUIDANCE—GENERAL
The FSA’s SREP is not an examination or audit and may not identify all of the risks associated with your current and proposed activities; but is designed to enable us to supervise firms appropriately and provide Individual Capital Guidance (“ICG”) and individual guidance on liquidity. The ultimate responsibility for identifying and assessing risks remains with the Board of Directors.
ICG and individual guidance on liquidity reflect the minimum amount and quality of financial resources that we consider is needed for your firm and group to meet GENPRU 1.2.26R (adequate financial resources). The individual guidance takes into account the nature and the inherent risks of the business, and is underpinned by your own assessment of the capital you require (your ICAAP); but the giving of individual guidance is also one of the tools at the FSA’s disposal to address specific concerns arising out of our risk assessment where we believe that there is the potential for an issue to have a material financial impact.
The FSA’s issuance of the individual guidance should not be seen as an alternative to the responsibility of a firm’s management to monitor and assess the level of financial resources appropriate to its needs. Moreover, firms should be aware that GENPRU 1.2.42R and SYSC 11.1.24E impose obligations on firms to carry out appropriate stress and scenario testing, including stress testing their liquidity and capital needs.
You can rely on the comments we have made in this letter when you are dealing with the FSA. In making these comments we have relied on you giving us complete and accurate information, and have taken into account the environment in which your organisation operates. Please be alert to any changes, including to our rules that might affect your position. Our views cannot affect the rights of third parties such as those of your clients.
Individual Capital Guidance
The individual capital guidance for the consolidation group headed by HBOS plc is to hold:
total consolidated capital resources of at least 103.6% of the consolidated capital resources requirement plus £742 million (pension risk) and £500 million (capital planning).
We would expect you to inform us as soon as your capital falls, or is expected to fall, below the level set by the ICG with the reasons why and your proposed response.
Adjustments to the ICAAP in Arriving at ICG
In forming our view of the appropriate ICG and individual guidance on liquidity to give, we have taken into account your ICAAP, and set out below those matters where we have formed a different view, along with our reasons.
63 Letter from Lord Stevenson to the Chairman of the FSA on 18 March 2008
You kindly rang yesterday morning to ask “how was I feeling?”... making it plain you were asking corporately not personally!
Having reflected on our conversation—and nervous as I am of some of the Chinese whispers caused over the last six months by poor communication -1 thought it might be helpful if I set out my answer to your question clearly in writing.
The straight answer to your question is that I and we are feeling about as robust as it is possible to feel in a worrying environment which we would rather did not exist! As I said to you we have faced into the need to be boringly boring for the next year or two and we are setting out our stall to do that (see below).
To be more specific about our position:
This notwithstanding, we adopted late 2007 a substantially pared down business plan for 2008 which sees us growing assets far slower than liabilities. We said then that if we did not see markets turning by the end of February 2008 we would ratchet it down again. And we have. We have just taken the decision to reduce our asset growth plans by a further £6 billion and increase our deposit plans by a further £13 billion. The net net is that during 2008 we will grow our assets by just 4% and increase our deposits by 12%,
For a business which is not having to digest the results of bad credit decisions and whose executives feel—rightly—that they have managed the credit cycle well in recent years, this is a hard pill to swallow. Andy Hornby in his tenure as a new CEO is doing a superb job worthy of a man many years older than him in managing the distribution of pain equally among his colleagues!
You asked both what were my worries and also that if I saw any worries I should be swift to share them with you. On the latter you may be quite sure that I will. On the former...
My soberly considered view is that given the extraordinary external environment, HBOS in an admittedly uncertain and worrying world is in as secure a position as it could be. Happy to be crossed questioned on this but I hope you know me well enough to know this is neither a bravura nor an ill considered statement.
What keeps me awake at night?
First and foremost as I mentioned to you many months ago is the new 24/7 problem of rumour feeding upon rumour and creating a wholly irrational “hit” or “run” on an institution—probably but not necessarily generated with criminal intent—that creates self fulfilling prophecies that are difficult to stem. That is my number one worry. That tells you, by the way, that I am not aware of any lurking horrors in our business or our balance sheet. Quite the reverse. While it is difficult to believe that we will not see some deterioration in our underlying businesses, we do not see any significant issues currently.
How would we fare if liquidity completely dried up, you asked? Does that keep me awake at night? Well yes of course one worries about everything, but the answer is no! First, our close monitoring of those who supply the lines of credit leads us to the view that the circumstances in which ours would be withdrawn would either be the “freak” circumstances outlined above (but even that is judged to be unlikely) or where the world has collapsed to an extent that all bets of all kinds are off. The commonsense of the situation is that we are dealing with lenders looking to lend money to a highly conservative institution.
Incidentally, this may be the context to make the point that the time may have been reached where it will be a sensible precaution for the BoE to find a way of making it plain that it will accept the high quality assets we are talking about as collateral. In the same spirit—and I suspect there are other voices on this subject—I do think it would be helpful if the BoE made it clear that the three month repo facility will be provided for as long as is necessary and will be unlimited as to amount.
This takes me a little way away from your question as to how I am feeling! Thank you, by the way, for asking it even if it was only meant in a corporate sense! To repeat, the bottom line is that without wishing to be the slightest bit complacent, we feel that HBOS in this particular storm and given its business characteristics is in as safe a harbour as is possible while at the same time feeling commercially rather frustrated!
64 Draft letter from the FSA to Andy Hornby dated March 2008 regarding HBOS Group ARROW Risk Assessment
As you are aware, we conducted our risk assessment of HBOS Group during November and December 2007. In this letter we summarise our findings and advise you of the actions we expect you to take.
We assessed HBOS Group (“the Group”) by applying our risk assessment framework- ARROW. For an explanation of this please see Appendix 1. Since the last full ARROW assessment was carried out in 2004, the FS A has changed its risk methodology to be more granular, whereby we score each risk element in the framework individually. As a result the output will look different and will give a clearer indication of where we think the regulatory risks are within your business (see Appendix 2). Please bear in mind that the scores attached to our assessment also reflect an upward shift in the risks inherent in the financial services sector: with a greater risk of market turbulence; a weaker credit environment; and higher costs of funding. Appendix 3 contains a new risk mitigation programme (RMP) for each material business unit (MBU) and the Group. Appendix 4 shows the revised close and continuous schedule.
Overall Assessment
Since the last full and interim ARROW assessments, the Group has made progress in developing risk management processes, as evidenced through the granting of the AMA operational risk and IRB credit risk waivers. However, significant control risks remain. On a positive note, you have already identified key IT and operating systems and controls weaknesses, which should be rectified through several major programmes such as the Financial Capability Programme (“FCP”), HBOS Service Excellence (“HSE”), Developing Operational Management Excellence (“DOME”) and the mainframe resilience project. However, until these programmes are delivered, control risks persist alongside significant delivery risks and senior management should ensure their IT and control framework strategy is also forward looking. It is imperative that these programmes remain on track, and persistent delays in implementation may lead to significantly more intrusive regulatory tools being used. Treating customers fairly (TCF) remains a key FSA priority and there is a significant risk that you will not achieve the necessary outcomes by the year-end. We recognise that senior management are committed to your “customer contract” and we believe this message is largely filtering down through the organisation with some exceptions, eg PPI sales. However, there are systems and process weaknesses that are impeding the delivery of TCF outcomes across the Group.
The FSA’s recent Financial Risk Outlook publication highlighted key risks within the financial services sector where HBOS is heavily exposed, namely commercial property; residential property; funding costs; the risk of further contagion from the US; and weaker investment market conditions. These environmental factors increase your inherent prudential risks and put pressure on capital, funding and liquidity. Balance sheet management and credit risk remain key priorities for the FSA and we expect to continue to heavily monitor your balance sheet and capital requirements.
We recognise and welcome the open dialogue that exists within the Group and with the FSA. Despite 2007 being a difficult year for the banking sector as a whole and for the HBOS Basel 2 implementation programme, we aim to continue the open and honest relationship in order to maintain any regulatory dividend. We also aim to rely on the senior management to achieve the RMP outcomes, with the FSA carrying out focused reviews where appropriate.
65 Letter from the FSA to Andy Hornby dated 22 April 2008
We conducted our risk assessment of HBOS Group (“the Group) during November and December 2007. In this letter we summarise our findings and advise you of the actions we expect you to take.
We assessed HBOS Group by applying our risk assessment framework—ARROW. For an explanation of this see Appendix 1. Since the last full ARROW assessment was carried out the FSA has changed its risk methodology to be more granular, whereby we score each risk element in the framework individually. As a result the output looks different and gives a clearer indication of where we think the risks are within your business (see Appendix 2). Please bear in mind that the scores attached to our assessment also reflect an upward shift in the environmental risks across the financial services sector, Appendix 3 contains a risk mitigation programme (RMP for each material business unit (MBU) and the Group. Appendix 4 shows the revised close and continuous schedule.
Overall Assessment
Our overall assessment is that the regulatory risk profile of the Group has increased since our last ARROW review from an overall rating of Medium High to High. This increase has been driven by an overall increase in environmental risks which impact balance sheet management and credit risk and weaknesses in HBOS operating controls which will also impact your ability to deliver “treating customers fairly” (TCF).
The FSA’s recent Financial Risk Outlook publication highlighted key risks within the financial services sector to which HBOS is heavily exposed—namely funding costs: the risk of further contagion from the US: commercial property: residential property: and weaker investment market conditions. These factors will drive our focus on credit quality. The environmental factors, and the increased funding pressures on UK mortgage banks, significantly increase the inherent prudential risks in your balance sheet and put pressure on capital, funding and liquidity. Senior management must ensure decisive actions are taken to address these risks in a timely and effective manner.
TCF is also a central FSA priority and for the reasons we outline below, there is a significant risk that you will not achieve the necessary outcomes by the year-end. We recognise that senior management is committed to the “customer contract” and we believe this message is filtering down through the organisation. However, there are systems and process weaknesses that are impeding the delivery of outcomes across the Group—for example around complaints handling. These issues are a significant risk to the successful embedding of your customer contract, and hence TCF, across the business by the end of the year.
Since the last ARROW assessment, the Group has made progress in developing its risk management processes—as evidenced through the FSA granting the AMA operational risk and 1RB credit risk waivers. However, you have identified significant residual process and control risks and haw put in place major programmes to remedy them.1 Until these programmes are delivered the control risks will persist alongside significant programme delivery risks. It is therefore imperative that these programmes remain on track. If our review work indicates a deteriorating position, this will substantial!) change our assessment and the regulatory tools employed.
We recognise and welcome the open dialogue that exists within the Group and with the I’SA and aim to continue the open and constructive relationship we have with you. We also aim to rely on your senior management to achieve the RMP outcomes with the FSA carrying out focussed reviews where appropriate.
Key Issues
We set out below the detailed issues that arose from our risk assessment.
Balance Sheet Management—Capital, Funding and Liquidity
Our major supervisory focus for the coming year will be on requiring firms to demonstrate that they have adequate financial resources and liquidity. We have identified two significant areas of risk. Firstly, you are one of the UK retail banks most reliant on the wholesale funding markets and it is imperative that the Group manages the balance sheet effectively so as to reduce this reliance. Secondly. Group capital is increasingly under pressure as a direct consequence of the market turbulence and the impact on asset prices, a possible economic down turn and a number of specific industry threats. Accordingly, we will be maintaining close monitoring of your funding and capital plans and the implications for your business model.
We have been engaged in liquidity management discussions for some months and whilst adverse market conditions continue, we will remain focussed on ensuring your funding assumptions remain realistic and that you are taking all the necessary actions to rigorously control asset growth, meet or exceed deposit plans: diversify and lengthen the liability profile and contingency arrangements are implemented where appropriate. As part of this we will also be monitoring closely the Group’s plans for overseas expansion given the additional funding pressures this might bring. Our overall outcome is that you achieve resilient liquidity and funding through a reduction in the proportion of the balance sheet funded by wholesale debt that is appropriate to changing market conditions.
There are significant risks to growth aspirations and the business model if funding plans cannot be realised. The implications of reduced growth and increased funding costs will directly impact profitability in turn putting pressure on capital through reduced retained earnings and the ability to invest in improving systems and controls. Additional pressure could arise from the industry-wide reviews on unauthorised overdraft charges. PPI and revaluations of your £81 billion debt securities portfolio. We note the risk that the announcement of any one of these potentially adverse impacts on earnings and capital could coincide with heavy refinancing requirements in the wholesale markets as term liabilities mature. We therefore expect you conduct detailed analysis of scenarios and stresses such as these and, at the earliest juncture, establish the appropriate decisive management actions that need to be taken. Further senior management will need to assure themselves that they have fully understood and challenged the underlying assumptions in the business plans and stress tests.
Balance sheet management was assessed during the Pillar 2 review in 2007 and relevant actions have been added to the Group RMP. In addition, given the materiality of the debt securities portfolio and underwriting positions on syndicated and leveraged loans you should expect further detailed discussions of your valuation methods and credit risk for these portfolios, and the impact this may have on your capital position.
Credit Risk
Credit Risk Outlook
We did not explicitly review credit risk management during the ARROW process (except for retail unsecured credit provisioning), but relied on our recent IRB waiver review work. Although you have not to date had any major credit losses from the recent market turbulence, in the context of the UK banking sector the Group is one of the most exposed to the risks of a UK downturn. Residential mortgages, self-certificate mortgages, buy-to-let loans and commercial property account for 72% of total assets. Whilst the average LTV in the residential mortgage book is relatively low, in absolute terms some £22 billion of the book has a LT V of over 85%. Given the significant credit risk posed within the Group we will be heavily monitoring credit risk and provisioning across all of HBOS, and key areas will be looked at in depth on a thematic basis during 2008. If our review work indicates inadequate credit risk management, including inadequate provisioning: this will substantially change our assessment and the regulatory tools employed.
Basel
Basel IRB model development and roll out will continue to be a focus during 2008. More specifically we expect to see significant enhancements across all Corporate models, as well as the continuation of an appropriate governance structure, oversight and monitoring of the Basel 2 programme during the roll-out period and for business as usual purposes. The FSA will be monitoring and reviewing the models through the supervisory process. We will he liaising with relevant overseas regulators to monitor the roll-out plan across the international businesses.
Treating Customers Fairly (“TCF”)
The fair treatment of customers is a key objective for the FSA. It is particularly important for firms such as HBOS that offer a wide range of products and services to an extensive retail base through various distribution channels. By the end of March 2008 HBOS is expected to (as a minimum) have appropriate management information (“Ml”) in place to monitor delivery against the six TCF consumer outcomes, and by doing so be in a position to provide evidence that it is treating its customers fairly. By the end of December 2008 HBOS should be able to demonstrate to itself and to the FSA that it is consistently treating customers fairly.
During our ARROW discovery work, and in particular from discussions with senior management- we were able to lake comfort that HBOS is committed to ensuring TCF is culturally embedded in all parts of the organisation. We are of course already aware of the work undertaken within the Group in rolling out the “Customer Contract”. Equally, and as a result of the more granular work we undertook within the claims and complaints functions, we were able to obtain a sense that there was a genuine desire amongst front line staff to achieve fair outcomes for customers despite on occasion, a lack of understanding of how the “Customer Contract” directly impacted on individual roles.
However, we do have concerns that in certain areas the desire to embed TCF at the customer interface is being undermined by a lack of sufficiently robust processes and systems. These concerns were particularly apparent during our reviews of PPI and the complaints handling process within the Retail Division. We evidenced internal delays in dealing with customer complaints and an apparent inability to meet FOS timescales for providing documentation in cases that had been referred for adjudication. Whilst we are aware that our concerns around complaints are shared by senior management within HBOS and that plans are in place to initiate improvements you must be able to demonstrate the success of remedial measures by the end of 2008.
In addition to the process barriers we also have concerns around HBOS’ ability to meet the 31 March 2008 deadline to have suitable TCF Ml in place—particularly vis-à -vis the challenge of articulating MI in terms of TCF outcomes. Whilst we are aware that HBOS has developed a suite of Ml we are not convinced that this is currently sufficiently refined as to allow senior management to gauge whether their actions are actually driving the fair treatment of customers. An example of this was seen during our complaints work where we evidenced that there was a lack of adequate root-cause analysis for certain categories of complaint. Again, we know that senior managers are aware of the limitations imposed by the current Ml suite and are looking to implement appropriate refinements—but the risk remains to be adequately mitigated.
Overall, we think there is a significant risk that HBOS will not meet the deadlines set for embedding the TCF outcomes, and whilst our more granular ARROW discovery work was focussed on specific areas of operations, we consider that the potential for customer detriment should TCF not be fully embedded to be high. From our PPI review, the three areas we regarded as medium-high risk were sales processes, disclosure and systems and controls. Similarly to complaints handling, it is systems and controls that are impeding desired PPI outcomes. The detailed feedback from the PPI thematic review has been sent separately.
An integral element to meeting the March and December TCF outcomes will be a complaints handling process that is fit for purpose and evidence that systems and controls facilitate the fair treatment of customers. It is also vital that TCF considerations are embedded at the product design stage—an area that will form a focus for our work during 2008. We will continue to gather evidence on how HBOS is meeting the FSA milestones through a combination of further thematic work and our close and continuous programme.
Operational Controls and IT Systems
During the ARROW assessment we reviewed core operating and IT systems, processes and controls. We recognise that HBOS has taken a number of significant actions in response to recent and historical operational and IT weaknesses—in terms of appointments, organisational changes and a new IT strategy. You have also initiated a number of programmes such as DOME, FCP, Project Revolver and HSE. These changes and initiatives are a positive move forward and should help to reduce operational failures, improve IT resilience and ensure minimum service standards are fit for purpose. However, they are still work-in-progress and were predominantly set up in reaction to past problems. These programmes appear to address the right issues and the governance appears appropriate, but there is a need to ensure that these programmes address future requirements as well as crystallised risks. Similarly, improvements in Internal Audit may facilitate a more front- footed approach.
The Group’s IT and operating systems and controls are undergoing considerable change. Our understanding of operational and IT weaknesses and the risks they pose to our objectives have led us to consider it critical that HBOS successfully delivers key programmes in order to ensure that processes and systems are able to keep pace with customer demands and the scale of change inherent in the financial services sector. The business plan’s focus on “Getting it right first time” is paramount to this and will also assist in achieving the TCF outcomes. The outcome of the changes already made and those initiatives that are work-in-progress should deliver a more robust operating and control environment—but much work remains to be done before the “end state” is achieved, and delivery risk is significant.
There are several factors, some particular to HBOS that may prevent full delivery, such as maintaining senior management focus, further cost constraints in an organisation with an existing low cost-income ratio and worsening economic conditions. We will be looking for validation that these key programmes have been delivered in a timely fashion and result in a robust and resilient control environment across HBOS, rather than just fixing historic issues.
The control self assessment t (“CSA”) process is key to your control framework and we will want assurance that this is effective and embedded across the Group. Beyond the programmes and initiatives that are already in progress we will want to see that the new IT strategy looks far enough forward to ensure that future operational and resilience failures are kept in a minimum.
Internal Audit and Corporate Governance
We looked carefully at Group Internal Audit and we heard the consistent message that the function provides core assurance across the Group. Outside of the core audit activities we consider that there is more scope for improvements to be made -for example in providing more co-ordinated assurance in association with Group risk, and aiming to be more demand- led. The Group should also be mindful of the potential impact of staff rotation and business skills, and look to give more senior staff exposure to internal audit given its position as a vital part of assurance within the Group.
We believe that the Group’s corporate governance has strong aspects, and in this respect we note in particular the participation of Non-Executive Directors at the Divisional Risk Control Committees. However, there is a constant need to be proactive in identifying and implementing improvements. We look forward to the work in taking forward the lessons learnt following the Reading BOS Corporate banking incident.
Financial Crime
This area of work was specifically excluded from our ARROW discovery plans but is a topic to which we will turn our attention during 2008. We will initially take this forward on a close and continuous basis and will be requesting regular updates on current and emerging risks.
We will also endeavour to strengthen the links between HBOS’ Financial Crime Prevention Team and the FSA’s Financial Crime and Intelligence Division in order to facilitate a more robust and mutually rewarding vehicle for the sharing of information.
Risk mitigation programme
The risk mitigation programme, which sets out what steps you need to take, is subject to review if there is any significant change or potential change to the Group’s business or control structure, or the nature of the issues identified. In line with your general obligations under the FSA Handbook you should notify us of any such changes.
Individual Capital Guidance
We have already reviewed the level of capital you should hold and the formal ICG was sent to you in December 2007. The ICG will not change due to the ARROW risk assessment. The insurance entities ICA reviews will be carried out this year and may result in revised ICG for these entities.
Period to the next Risk Assessment
On the basis of our current assessment we plan to carry out and communicate the next full risk assessment in 21 months. It is important to note that we may undertake further work at any time, or expect HBOS plc to undertake additional work if, for example, additional risks are identified or crystallise. In such cases, we will communicate any significant changes to our risk assessment of HBOS plc to you as they arise.
Confidentiality and Response to this Letter
This letter has been prepared for regulatory purposes only and its contents should be treated as confidential. You should copy this letter to your auditors but please discuss with us if you intend to disclose it to any other third party. This is because its contents could be misunderstood or misinterpreted if disclosed in another context.
Please confirm to me by 22nd May that the Board of HBOS plc has considered this letter and has agreed to implement the sections of the risk mitigation programme in Appendix 3 which require action by you.
APPENDIX 2
SCOPE OF ASSESSMENT
The scope of .the risk assessment includes:
|
Firm Name |
|
HBOS plc |
|
Bank of Scotland plc |
|
*** |
|
*** |
|
*** |
|
Bank of Scotland (Ireland) Limited |
|
*** |
|
*** |
|
*** |
|
*** |
|
*** |
|
*** |
|
*** |
|
*** |
|
*** |
|
*** |
|
IWeb (UK) Limited |
|
Halifax Independent Financial Advisers Limited |
|
Bank of Scotland Independent Financial Advisers Limited |
|
Halifax Share Dealing Limited |
|
The Mortgage Business Plc |
Overall Assessment
The information below shows our assessment of the risks posed by HBOS Group to our statutory objectives.
Impact Assessment
|
Impact |
H |
Impact is designed to capture the size of the firm or group, the potential harm it could do to our statutory objectives, it is measured for each firm attached to the risk assessment based on quantitative information supplied by your firm as part of its regulatory reporting which varies depending on the sector in which the firm operates. Impact scores for each firm are combined to produce a total impact score for the risk assessment.
Probability Assessment
The probability table reflects our assessment of the likelihood that HBOS Group will pose a risk to our statutory objectives. The rating of probability associated with a risk assessment uses a model based on three overall ratings:
business risk—the risks inherent in the firm’s business model and the environment in which it operates;
controls—the controls the firm has in place to mitigate the business risk; and
oversight and governance - the high-level controls and arrangements the firm has in place to oversee the effectiveness of its business and to mitigate its risks.
The ten risk groups model the way the various business risks and control risks interact in the contest of a firm. The probability scores recorded for these ten risk groups are aggregated in the matrix below in two dimensions:
across each of the three rows, to produce a net risk after the application of controls and other mitigants to the inherent business risks: and
down each of the three columns, to produce average scores for business risk, direct controls, and oversight and governance,
We have also provided, for each risk group and the aggregate scores, a summary of how HBOS Group’s probability assessment compares to that of your peers. The peer group is comprised of 12 members with a broadly similar business mix to HBOS Group. Peer group selection has been informed by but may not fully reflect the peers suggested by your firm; for confidentiality reasons we cannot disclose the names of firms included in the comparison. You should be aware that,, while the FSA endeavours to keep all assessments materially up to date, some of the data may not fully reflect the current risk profile of all firms within the peer group.
Please note that a highly-scored business risk will not automatically lead to a material risk to our statutory objectives. We assess the associated control risks and oversight and governance to establish whether there is a material net risk. If controls and oversight and governance are also highly scored, this may result in an issue in the risk mitigation plan with associated mitigating action.
APPENDIX 3
RISK MITIGATION PROGRAMME
ASSESSMENT NAME: HBOS GROUP
|
Nature of issue |
Firms to which issues relates |
Intended outcome |
Action |
Action by |
|
Funding & Liquidity Risk The recent market conditions have led to a deterioration in HBOS’s wholesale funding duration and diversity. There is a significant risk that this will lead to liquidity problems and asset growth constraints in the future. |
All |
HBOS has a realistic funding plan that reflects its business plan and appropriate stress testing. |
Action type: Assessment HBOS to submit its revised Q1F business plan to the FSA. Where there are material changes quarterly re-forecasts will be copied to the FSA too. |
30/04/2008 |
|
Action type: Assessment HBOS to submit its revised Q1F funding plan and an analysis of its duration and diversity for 2008. This should include the reliance on wholesale funding and any proposals to increase customer deposits. In addition, the funding plan should include appropriate stress testing. HBOS should work, to improve its stress testing framework by considering its scenarios over a longer timescale and by defining new market wide scenarios. Scenarios should include HBOS being unable to access wholesale funding either as market- wide scenario or specific HBOS event. HBOS to identify and/or take appropriate mitigating actions to respond to the stress test results. |
30/04/2008 |
|||
|
HBOS to continue to inform the FSA regarding updates to its funding plans and stresses. |
||||
|
Action type: Assessment HBOS to submit their liquidity contingency plans as and when it is materially up-dated |
31/12/2008 |
|||
|
Action type: Assessment HBOS continue with weekly and as required, more frequent liquidity reporting. The frequency will vary with market conditions and the adequacy of HBOS’ plans. |
31/01/2009 |
|||
|
Action type: Assessment Due to the recent market conditions, currently, securitisation is not an option for new funding. FSA’s Securitisation Team to carry out an assessment of securitisation policies and practices within HBOS to understand its securitisation risk (such a review may conclude a capital add-on is appropriate.) |
30/09/2008 |
|||
|
Capital Management Capital management conditions have been very difficult and the openness of markets has been materially affected. There is the risk that HBOS may experience difficulties raising capital either with respect to quantity, quality or timing. |
All |
HBOS has a realistic capital plan that reflects its business plan, credible mitigating actions and appropriate stress testing. |
Action type: Assessment HBOS to submit its capital plan to the FSA on a quarterly basis, including stress test results. HBOS regularly informs the FSA of updates to the plan, stress testing and details how HBOS will strengthen its capital position. |
31/03/2009 |
|
Action type: Assessment The “1 in 25” year stress test scenario in the 2009 ICAAP is not severe enough. There is a risk that HBOS does not have enough capital for a downturn.HBOS to demonstrate that its ‘recession scenario’ has a lesser impact on capital than the stagflation scenario and amend the ICAAP stress testing results to a more conservative outcome. |
30/06/2009 |
|||
|
Action type: AssessmentHBOS has several Group and Divisional mitigating actions in their ICAAP, which has been used to offset their stress testing capital requirement. There is the risk that they may no longer be realistic. FSA to carry out a detailed review of the divisional mitigating actions. |
30/09/2009 |
|||
|
Capital Management Capital management conditions have been very difficult and the openness of markets has been materially affected. There is the risk that HBOS may experience difficulties raising capital either with respect to quantity, quality or timing. |
All |
HBOS has a realistic capital plan that reflects its business plan, credible mitigating actions and appropriate stress testing. |
Action type: Assessment HBOS to submit its capital plan to the FSA on a quarterly basis, including stress test results. HBOS regularly informs the FSA of updates to the plan, stress testing and details how HBOS will strengthen its capital position. |
31/03/2009 |
|
Action type: Assessment The “1 in 25” year stress test scenario in the 2009 ICAAP is not severe enough. There is a risk that HBOS does not have enough capital for a downturn. HBOS to demonstrate that its ‘recession scenario’ has a lesser impact on capital than the stagflation scenario and amend the ICAAP stress testing results to a more conservative outcome. |
30/06/2009 |
|||
|
Action type: Assessment HBOS has several Group and Divisional mitigating actions in their ICAAP, which has been used to offset their stress testing capital requirement. There is the risk that they may no longer be realistic. FSA to carry out a detailed review of the divisional mitigating actions. |
30/09/2009 |
|||
|
Action type: Assessment HBOS to submit univariate and ‘first cut’ 1 in 25 year capital stress testing results, following completion of the Q1F planning process. |
30/05/2008 |
|||
|
Credit Risk Environment The external environment has worsened and may lead to an increase in HBOS’s credit risk. HBOS’s large exposure (72%) of total assets) to residential and commercial property increases the impact of any property downturn in the UK. This, in turn, would create pressure on regulatory capital. |
All |
HBOS manage their credit risk exposure prudently. |
Action type: Assessment HBOS to send in regular credit portfolio reports on their key portfolios. This, along with the relevant Basel 2 model performance indicators will be discussed at targeted C&C meetings. |
01/11/2009 |
|
Credit Risk Modelling The Basel II regime for Regulatory Capital is complex, and demanding. HBOS have made considerable progress, but there are certain areas where we are aware of weaknesses, and its own Group Internal Audit have highlighted others. The roll out and model development programme is significant. The potential impact of a serious failure in the calculation of Regulatory Capital is severe. This is a fundamental tool of banking supervision, and incorrect outputs could seriously undermine our ability to monitor prudential risks. It is therefore imperative that HBOS maintains all aspects of its Regulatory Capital calculations systems in a condition that is fully compliant with the requirements of the CRD and the FSA, and also “fit for purpose” for its own internal risk management. |
All |
Firm’s Basel systems, including models, data feeds, M1 and Risk Management infrastructure remain fully compliant with the requirements of CRD, and meet the FSA’s requirements for prudential assurance and the firm’s own needs, and internal standards, for on-going Risk Management. Governance round all these processes remains robust. |
Action type: Mitigation HBOS Group Internal Audit to review regulatory capital calculations and reporting process for governance, accuracy and stability, and to report findings to FSA. |
30/09/2008 |
|
Action type: Mitigation FSA to carry out a complete model review of the General Corporate Model. |
29/08/2008 |
|||
|
Action type: Assessment FSA to review performance monitoring, enhancement and re-development of Basel II models, for both governance framework, including Governance and standards, across Group including role of Group Risk in developing models and/or providing independent validation. |
02/11/2009 |
|||
|
Action type: Assessment HBOS to submit regular MI on status of roll-out programme for Basel Advanced IRB models. FSA to monitor progress of Roll-out plan. |
01/12/2009 |
|||
|
Action type: Assessment FSA to follow up on Group Internal Audit work on regulatory Capital calculation and reporting, to ensure that all aspects of and the processes to support them are maintained as Basel compliant, and are subject to continuous improvement. |
03/11/2008 |
|||
|
Treating Customers Fairly HBOS is a significant provider of financial services across a number of different channels and represents a risk to the FSA’s objectives should it fail to treat its customers fairly e.g. by not adequately embedding the Customer Contract across all divisions. Further work is required by HBOS to ensure that delivery is achieved. It is essential that HBOS focuses on ensuring that its TCF MI has relevant metrics, qualitative information and is sufficiently refined to allow it to evidence progress against the six TCF outcomes in time for the FSA deadline of 31 March 2008. HBOS should also be in a position to demonstrate that there is a consistent delivery of the six consumer outcomes by 31 December 2008. |
All |
HBOS has successfully embedded TCF within all relevant areas of its business and is consistently delivering against the six TCF consumer outcomes. |
Action type: Assessment HBOS senior management to meet with FSA in order to provide an update on progress in refining its suite of TCF MI. |
31/03/2008 |
|
Action type: Assessment HBOS senior management to provide a quarterly update to the FSA on its progress in meeting the 31 December 2008 deadline. |
31/12/2008 |
|||
|
Operating Controls HBOS has several key programmes to improve its operating control environment across the Group. These programmes include DOME, FCP and Project Revolver. There is a significant risk that these programmes fail to deliver their outcomes and until delivery the control risk remains. |
All |
HBOS control programmes deliver on their outcomes in the timescales set out. |
Action type: Mitigation HBOS to report quarterly that control programme benefits are being realised comprehensively, in the timescales set out and that there is adequate budget/resource to ensure that this will continue to be the case. |
30/09/2008 |
|
Action type: Mitigation The Divisional CEOs to conform (with approval from the Group Board) by end-2008 in respect of Corporate Controls ‘Project Revolver’ and Retail Controls ‘Phase 2 of DOME’, and by September 2008 for Insurance Controls ‘FCP’, that the key programmes have delivered appropriate operating controls. The relevant measures of success should include the reductions of fraud exposures, customer detriment exposures, credit and operational risk exposures. |
30/09/2008 |
|||
|
Action type: Mitigation HBOS to provide feedback on the scope for the Corporate controls review. The Terms of reference should be agreed with the FSA. |
30/05/2008 |
|||
|
Action type: Assessment HBOS to submit their revised Control Self-Assessment framework for operational risks. |
31/05/2008 |
|||
|
Action type: Assessment FSA to carry out a review of the Control Self-Assessment frame work in Retail, corporate and I&I: focussing on the effectiveness and how embedded the process is. |
31/10/2008 |
|||
|
Internal Audit HBOS has several key programmes to improve its operating control environment across the group. Internal Audit therefore has a key role to play in providing assurance that these programmes deliver the expected outcomes and to prevent future issues emerging. A recent review of the Group Internal Audit function at HBOS conducted by PWC, identified a number of areas whereby the assurance work carried out across the group could be more effective. The two key areas arising are: 1. Integrated assurance – a paper is to be prepared for ExCo confirming: a) that there are no gaps between operational, credit, market and insurance risk and the third line of defence and b) that assurance standards are consistent across the group. 2. Talent management and rotation – to ensure that the internal auditor team has the relevant business skills to identify and escalate operational risk exposures. |
All |
The HBOS Group Internal Audit function provides core assurance to management and provides effective assurance work across the business. |
Action type: Assessment A copy of the ExCo paper to be provided to FSA on the review of integrated assurance which will propose how the firm might strengthen the three lines of defence model, review whether there are any gaps in the model and confirm that Group Internal Audit plans are demand led. |
31/12/2008 |
|
Action type: Assessment Following the Reading incident, where issues had previously been raised by Internal Audit, the Group FD to provide FSA with a plan to take forward lessons learnt, particularly in respect of the Audit Committee’s governance. |
31/07/2008 |
|||
|
Action type: Assessment The Group FD to provide the FSA with a paper outlining the firm’s plans for internal audit’s talent management, rotation and testing to ensure that business skills are adequate. |
30/11/2008 |
|||
|
IT strategy and Budget HBOS has appointed a COO and Head of IT. These roles should give the appropriate focus and priority for IT. The FSA requires assurance that the focus remains and the IT strategy is appropriate for a large complex group. HBOS has several key IT programmes to improve their IT environment across the Group. These programmes include Service Excellence, Mainframe Resilience and Data centre review. There is a significant risk that these programmes fail to deliver their outcomes and until delivery the IT risk remains. |
All |
HBOS to have a clear forward-looking IT strategy and deliver key IT programmes, which reduce operational risks, increases resilience to failures and is appropriate for the business. |
Action type: Assessment The Group COO to confirm that the strategy supports delivery of the programmes identified as ‘key’ in providing a robust IT systems & controls environment and that IT investment budgets have been re-aligned with the Group IT Strategy. |
|
|
Action type: Mitigation The Group COO (with approval from the Group Board) to conform HBOS’s commitment to delivery of the following IT projects/ initiatives to timeframe and with sufficient resource and budget being allocated to deliver an appropriate IT operating environment: Service excellence Mainframe resilience |
||||
|
Action type: Mitigation HBOS to submit HBOS IT strategy paper agreed by the HBOS Board. |
||||
|
Action type: Mitigation HBOS to submit on a quarterly basis for the key IT programmes an assessment/progress in terms of budget resource, ability to deliver to timescales and realisation of benefits, including Service excellence and mainframe resilience. To update verbally progress on the following workstreams: data centre strategy review and access control. |
||||
|
Business interface between divisions Key interfaces exist between Corporate and Treasury, retail and Insurance and Retail and Corporate and senior management need to ensure that systems and processes are consistent across the divisions Weaknesses such as some of those seen between Corporate and Treasury (reconciliations) or those addresses by Project Resolve can/have result in operational failures and deterioration in customer confidence. |
All |
All interdependent businesses are managed cohesively with clear accountability and responsibility. Changes to interconnecting systems are tested comprehensively prior to implementation. |
Action type: Assessment Group Internal Audit to conduct a review of the processes and standards used for products and systems, which have cross divisional dependencies; including appropriate design and application tasting. This is assurance cross-divisional projects/ systems are being managed cohesively with clear accountability and responsibility. |
28/11/2008 |
APPENDIX 3
RISK MITIGATION PROGRAMME
ASSESSMENT NAME: HBOS – CORPORATE BANKING
REGULATORY PERIOD/END DATE:21 MONTHS/31-DEC-2009
|
Nature of issue |
Firms to which issues relates |
Intended outcome |
Action |
Action by |
|
Credit Controls During 2007 a significant control breach was identified whereby a member of staff had, over period of years, extended unauthorised credit to impaired clients. Where credit controls are not sufficiently robust, barriers to unauthorised actions may be weak and breaches may not be promptly identified. Weaknesses in credit controls produce the risk of heightened exposure to impaired assets: reduce control over asset growth: and increase the scope for fraud. In this case inadequacies in preventative controls gave staff unimpeded access to change credit limits. Detective controls were in some cases not applied and in others ineffective. |
All |
Credit controls are sufficiently comprehensive and robust, both in preventing unauthorised activity and identifying such actions in a timely manner. |
Action type: Remediation BOS Corporate to complete implementation of access controls in the Core Banking System (CBS), along with other preventative measures identified in GIA report as required following the Reading breach, and to confirm this in writing to the FSA. |
27/06/2008 |
|
Action type: Mitigation Following completion of remedial work, internal audit to give assurance to the FSA that credit controls within corporate division are comprehensive, robust and fit for purpose. |
30/09/2008 |
|||
|
Action type: Assessment FSA to conduct a review of credit controls, including production and use of MI for portfolio management, transactional sanctioning and oversight of credit monitoring. Review to focus on commercial lending. |
31/12/2008 |
|||
|
Syndicated loans: Reconciliations and back-office processing. A rise in the volume of syndicated loan transactions has increased pressure on the back office to meet demands for reconciliations. Backlogs occurred during 2007 and initial remedial work failed. Where support functions are not equipped to service reconciliation needs errors, omissions or mismatches may go unidentified. Failure to promptly reconcile transactions produces increased risks of financial loss, increases reputational risk, and erodes the integrity of financial MI. In this case a resources shortage and pattern of incomplete reporting by counterparts led to backlogs. Development of a strategic solution is now underway. |
All |
Loans management support is able to complete reconciliations for syndicated loan business in a timely and accurate manner. Support functions are adequately and proactively resourced to account for planned growth in business volumes and complexity. |
Action type: Remediation BOS Corporate to complete planned recruitment and training programme and give assurances that the loans management support function is appropriately resources to meet current and expected future demand. |
30/04/2008 |
|
Action type: Remediation BOS Corporate to demonstrate to the FSA that any backlog in reconciliation entries has been dealt with appropriately. |
30/04/2008 |
|||
|
Action type: Remediation BOS Corporate to report to FSA on outcome of review of processes, systems and controls around reconciliations and to demonstrate that the measures taken support intended outcomes. |
30/06/2008 |
|||
|
Equity stakes. Governance and conflicts of interest. The firm takes equity stakes in joint ventures, sometimes supplying both debt and equity investment to a partner. Equity stakes are held within the Uberior family of companies but are managed locally by teams who also structure and administer lending. Where a comprehensive governance framework is not in place around equity ownership, a firm may be exposed to conflicts of interest, and heightened legal and reputational risk. In this case there is a recognition that, as equity investment increases, an overarching governance structure and strategy is required – especially if plans to manage third-party capital reach fruition. A particular area of risk may be where the firm’s rights in one area produce conflicts given other roles. For instance, where information is privileged to equity investors there may be a tension with duties towards debt syndicate members. Whilst the conflicts policy notes this possibility and recognises potential triggers (e.g. impairment), it is unclear how risks would be managed. |
All |
Appropriate strategy, monitoring and controls are in place around the firm’s acquisition and holding of equity stakes in joint ventures. |
Action type: Assessment Firm to produce an equity risk capital statement, outlining the risk appetite, breadth of involvement in equity, and key controls. |
30/06/2008 |
|
Action type: Assessment Firm to review governance arrangements around equity holdings including the approach to managing conflicts of interest, and give assurance to the FSA that the approach is appropriate and robust. |
31/07/2008 |
|||
|
Action type: Mitigation Internal audit to review controls around equity holdings, with a focus on the management of conflicts of interest, and report on findings. |
31/08/2008 |
|||
|
Leveraged loans HBOS Corporate has significant exposures to the leveraged and syndicated loans market on its balance sheet – including an overhang amounting to over £8bn resulting from market conditions since July 2007. Given market illiquidity there is a need to adopt an appropriate and robust approach to valuing leveraged loans held on the balance sheet. Where valuation methods are not appropriate there is a risk that the value of assets is not fairly assessed as required by accounting standards – potentially giving rise to concerns around market transparency and the capital position of the group. |
All |
Leveraged and syndicated loan exposures are fairly valued using appropriate and robust methods. |
Action type: Assessment FSA risk review specialists will include HBOS in their review of the leveraged loan market. This work is part of an ongoing programme of work to look at valuation and risk issues, and will focus on the methods employed for valuing leveraged loans. |
15/05/2008 |
|
Remuneration: Conflicts of interest Plans are in place to supplement remuneration for certain high-value staff with carried interests in joint ventures; or co-investment in a leveraged fund. Where controls around non-traditional remuneration are not robust, a divergence of interests between staff and other stakeholders may produce conflicts. Inadequate mitigation of conflicts produces the risk that transactions are not managed in the best interests of shareholders, with associated legal and reputational risks, and erosion of the corporate culture. In this case the firm are conducting an exercise to map potential conflicts. It is important that actions are comprehensive, and that changes are only introduced when the board is comfortable that risks are addressed. |
All |
The firm has in place appropriate and comprehensive measures to consider and manage conflicts of interest that may arise in carried-interest and co-investment remuneration schemes. |
Action type: Assessment Firm to supply the FSA with a copy of their review of conflicts of interest within ISAF remuneration plans, and demonstrate how conflicts are being managed such that risks are mitigated. |
30/05/2008 |
|
Basel II roll-out and monitoring The group continues to develop and roll-out its Basel II programme, both in terms of new models (such as the Property Investment Model) and through enhancements to existing models (such as General Corporate Model). Where the development and review process is not well managed and implemented, there is the risk that models fail to meet the required standards and are not credible. A lack of proper maintenance and refinement may mean models cannot be relied upon going forwards. In this case new models will be scrutinised and compliance with CRD assessed. Existing models will be subject to ongoing monitoring. |
All |
The firm’s models meet, and continue to meet, Basel requirements. Governance around the development and refinement programme remains strong and model roll-out is soundly managed so as to maintain credibility. |
Action type: Assessment FSA risk review department to assess whether the firm’s Property Investment Model (PIM) is Basel compliant. |
30/06/2008 |
|
Action type: Assessment FSA risk review department to undertake a full model review of the firm’s General Corporate Model (GCM). |
29/08/2008 |
|||
|
Action type: Assessment Firm to submit monthly MI on Portfolio and Model performance to the FSA. |
31/12/2009 |
|||
|
Credit Outlook The nature of the division’s business means there is a significant exposure to credit risk, particularly in the commercial real estate sector. Where policies and procedures around credit risk are not sufficiently comprehensive or robust there is the risk that the firm is unable to properly understand and control exposures: it further impacts the ability of the firm to monitor risk appetite, portfolio composition, provisioning and credit quality In this case we are aware that corporate division are moving towards larger transactions, which coupled with the increased and acute pressures of the current credit climate (e.g. calls on committed facilities, availability of securitisation, or changes in lending parameters) means it is imperative that the framework around credit risk is strong. |
All |
The division fully understands exposures to credit risk, particularly in the commercial property sphere, and is able to monitor and adapt risk appetite both with respect to micro-level factors and in the context of changing market dynamics. |
Action type: Assessment FSA to conduct a review of the HBOS Commercial Real Estate portfolio, processes and policies as part of a thematic review of the sector. |
|
|
Action type: Assessment Firm to supply the FSA with credit risk MI, ensuring that information is sufficient to allow an assessment of the risk profile, changes in appetite, and other trends that may occur. FSA to review this information and raise issues as appropriate in addition to ongoing reviews of the business plan. |
APPENDIX 3
RISK MITIGATION PROGRAMME
ASSESSMENT NAME: HBOS – TREASURY
REGULATORY PERIOD/END DATE: 21 MONTHS/31-DEC-2009
|
Nature of issue |
Firms to which issues relates |
Intended outcome |
Action |
Action by |
|
Valuation of debt securities During the second half of 2007 turbulence in financial markets meant the flow of trade in debt securities was significantly reduced – in many classes drying up completely. This rendered traditional “mark to market” valuation methodologies impossible to employ. Where FRN and ABS valuations are not accurate, fair and consistent, financial MI and controls may be weakened and issues may not be identified in a timely manner. Erosion of accurate and complete financial information produces the risk that the firm is less able to accurately monitor gains or losses, and is unable to apply stop-loss protocols. In this case the form have taken a pragmatic approach of marking values to proxy classes, related assets, or subjective modelling. We require assurance that these methodologies are coherent, appropriately applied and produce fair results. |
All |
The firm employs appropriate and fair valuation methodologies for debt securities until such a time as traditional approaches are available. |
Action type: Assessment Firm to demonstrate to the FSA that method adopted for the valuation of debt securities during periods of market turbulence have been fair, transparent and consistent. |
30/04/2008 |
|
Action type: Assessment FSA to discuss the firm’s approach to valuing debt securities with KPMG, in order to gain assurance that methodology and applications are appropriate. |
31/05/2008 |
|||
|
Action type: Assessment FSA to conduct a specialist team visit. |
30/05/2008 |
|||
|
Control and monitoring of branches Bank of Scotland Treasury operates branches conducting various lines of business in several locations across the globe. Monitoring and control arrangements must exist to address the need to ensure branches operate within the firm’s policies and procedures, and consider risks stemming from the geographically disparate nature of such offices. Inadequate monitoring and control of branches produces the risk that activities do not meet the same standards of compliance and risk-management as applied at the centre. The transaction of business that is not properly overseen locally and by the head office may mean that the firm is unable to accurately assess and manage its exposures, and makes breach identification more difficult. In this case the firm identified an attempt by a Sydney-based trader to conceal losses through misrepresentation of trades and the deliberate |
All |
The firm is able to exercise adequate control over the activities of remote branches. |
Action type: Assessment Firm to complete independent (London led) review of the Sydney incident, and report to the FSA. Report to contain a detailed assessment of the strength of controls applied to branches, and outline recommendations for improvements where necessary. |
31/03/2008 |
|
Action type: Assessment Internal audit to review provisions for fully integrating remote branches into central operations, including policies and procedures, risk management, information management and oversight of activities. FSA to be supplied with conclusions and recommendations for improvements where necessary. |
31/05/2008 |
66 Letter from Andy Hornby dated 1 August 2008
I apologise that I was unable to meet with you on Monday but as you know we announced the take up of our Rights Issue that morning. Given the level of media interest I concluded that I had to spend the afternoon presenting the outcome to the media to ensure that the coverage was as balanced as possible.
I am pleased that we are now meeting on 27th August as it is very important to me that we maintain a strong and constructive relationship with the FSA. Of particular resonance after our Rights Issue is having an effective and balanced engagement on capital.
As you may be aware, during our Basel 2 application process there were a number of instances when we considered that unduly conservative approaches were taken by the FSA. Late last year, our concern became so intense that we wrote to *** expressing our view that undue conservatism by the FSA in the application of Basel 2 would undermine confidence in the UK banking system at a critical time. We were pleased with the constructive response from the senior management of the FSA and the support from the lineside team to mitigate this damage.
More recently my team have been engaging with the FSA on model roll outs and calibrations, and have escalated concerns to me once more about the approach adopted by the risk and policy teams. Once again we feel we are experiencing an approach to individual models that, in our view, looks to add conservatism whenever possible. Excessive conservatism is neither in the interests of HBOS shareholders nor indeed does it help regulatory stability. It is vital that we take a prudent but more pragmatic approach to the model roll outs.
In addition, at a more strategic level, the current economic climate has brought into stark relief the issue of pro-cyclicality inherent in Basel 2. We, like many banks, are concerned about the extent to which our risk weighted assets could increase in a downturn at a time when profits and public confidence in the banking systems will be under pressure. Almost as importantly, in good times (when they eventually return), ratios may appear unduly strong, creating inappropriate pressure from the markets for capital releases. I believe it is in both the industry and the FSA’s interest to move towards greater stability and I would like to discuss how we achieve the appropriate engagement between the FSA and ourselves to push forward at pace on these more strategic issues.
Let me stress that we are not writing this letter from a position of capital weakness; quite the reverse. As the Rights Issue demonstrates, we are committed to maintaining a strong capital position. My wish to improve our Basel 2 engagement is not because we would want to release capital, rather it reflects the importance of our public ratios fairly reflecting that financial strength and resilience through all economic cycles.
We do of course discuss the detail of these issues with our lineside team but I would welcome the opportunity at our meeting on 27tn August to discuss how our organisations can work better together in these and other critical areas.
67 Letter to Peter Cummings dated 17 October 2008 regarding HBOS Corporate Risk
In our Arrow letter to Andy Hornby, dated 22 April 2008, we indicated we would be carrying out in depth monitoring of credit risk and provisioning across the HBOS group. For HBOS Corporate Division this detailed examination comprised our Credit Risk visit in June 2008 and the Close & Continuous (C&C) meetings we have had with you and your colleagues during 2008. The key findings, which and discussed with you on 1 August 2008 are summarised below, together with the actions we expect you to take. These are set out in a revised Corporate Division Risk Mitigation Plan (‘RMP’).
This revised Divisional RMP, attached as Appendix 1, supersedes and replaces the Divisional RMP issued with the April 2008 Arrow letter.
The announcement of Lloyds TSB’s offer to buy HBOS plc whilst significant, does not change the risks we have identified below, or the actions we expect you to take—the RMP.
Overall Assessment
Our overall assessment is that the regulatory risk profile of Corporate Division is High. This view is driven by the high environmental risks, which impact funding, and credit risk, and weaknesses in your operating controls which put pressure on your ability to manage operational and credit risk effectively. To the extent that these risks are not managed as well as they could be, adds vulnerability to the Group’s capital position.
From our various meetings with you we can see that both Corporate and Group senior management are aware of many of the issues that you face and have commenced a programme to address them.2 We also recognise that the introduction of the CORE programme and the part the Risk Assurance function will play to address concerns. However, there are areas where we do not consider the timeline appropriate for the increasing risks of the worsening credit outlook and we would expect you to accelerate the items raised in the RMP. Some of the longer term projects may lead to enhanced risk management in the future, and progress on these programmes is encouraged by the FSA, but it is important that management attention is focused on the immediate high risks as currently identified and implement tactical solutions where appropriate.
We understand that delivery of programmes will prove challenging in a deteriorating credit environment with reduced profitability and the additional demands of realigning the Corporate balance sheet as set out in the Group’s most recent Strategy Review. Communication will therefore be very important if we are to understand how you balance competing priorities. We aim to continue the open and constructive relationship we have with you and to rely on you and your senior management to achieve the RMP outcomes, with the FSA carrying out focused reviews where appropriate.
Our current view of the high risk areas are:
Governance
You have established a multiplicity of committees to manage specific risks. You need to ensure that these committees do not act as a substitute for oversight of risks across the piece. Moreover, in line with Hector Sants ‘Dear CEO’ letter of 4 August 2008, on “Valuation and Product Control”, we recommend that you consider carefully any reductions in the risk functions at this sensitive time.
Credit risk Management and Processes
In the context of the UK banking sector HBOS is one of the most exposed to the risks of a UK downturn. Our recent review of the commercial property book and other asset classes has identified several shortcomings in the sphere of credit risk management and processes. For example; challenge in credit decisions is not always evident; management information, while developing, has a considerable way to go before it can be relied on for managing the book; the quality and timeliness of data used for risk management needs improving; portfolio management is in its infancy; procedures and processes for syndications/sell-downs need strengthening. These shortcomings contribute to our conclusion that the Division has a considerable way to go to bring it to best practice.
You will understand the importance we attach to these issues and the need to address them in a timely manner given the current market environment. Without clear sight of the risks in your book there will be uncertainty about whether the group holds the level of capital appropriate for stresses and managing market expectations.
Basel 2: Basel Internal Rating Based model development and roll out continues to be a focus during 2008. We expected to see significant enhancements across all Corporate models, as well as the continuation of an appropriate governance structure, oversight and monitoring of the Basel 2 programme during the roll-out period and for business as usual purposes. The Corporate division has fallen short of expectations in this area. More specifically PIM failed to move forward to a FSA Decision Making Committee, and GCM, which we understood to be ready for review in June, has just been submitted for consideration. HBOS need to take a more considered approach to its Basel 2 work and deliver a realistic plan for work going forward to ensure that they have models that work and that can be relied on for risk assessment and the calculation of capital. Many of the high-level Basel 2 requirements, if properly implemented, would have addressed the issues highlighted earlier under Credit Risk Management and Processes eg management information, rating reviews and data. Recent discussions, at both Divisional and Group level have been positive and should help this process.
Operating Controls and IT systems
While we appreciate that considerable effort has been expended in this area it is clear that there is still significant further work to do. The LMS reconciliation project remains under pressure and we have concerns that failure to meet 31 October 2008 deadline may have broader implication for proposed asset sales. Further, reconciliation issues have been identified on the Fixed Term Credit system. You are aware that we do not consider the complexity of products as a rationale for deficiencies in the reconciliations which are basically a process, resource and system issue—complexity, in our view, simply makes it more difficult.
We also expect to see ongoing improvements in limit controls to address the issues that have emerged as a result of 3D Golf, Reading and the controls around the perfecting of security. Our Financial Risk Outlook publication highlighted the increased risk of financial crime through a downturn and we note a trend of issues beginning to emerge in Corporate Division.
Period to the Next Risk Assessment
It is important to note that we may undertake further work at any time, or expect you to undertake additional work if, for example, additional risks are identified or crystallise. In such cases, we will communicate any significant changes to our risk assessment of Corporate Division to you as they arise.
Confidentiality and Response to this Letter
This letter has been prepared for regulatory purposes only and its contents should be treated as confidential. You should copy this letter to your auditors but please discuss with us if you intend to disclose it to any other third party. This is because its contents could be misunderstood or misinterpreted if disclosed in another context.
Please confirm to me by 30 November 2008 that the Board of HBOS plc has considered this letter and has agreed to implement the sections of the risk mitigation programme in Appendix 1 which require action by you.
FSA’S RISK MITIGATION PROGRAMME H2 2008
|
Nature of issue |
Intended outcome |
Action |
Action by |
||
|
Credit Risk Management |
Action Type: Assessment |
With immediate effect |
|||
|
The nature of the Division’s business means there is a significant exposure to credit risk, particularly in the commercial real estate sector and integrated finance. Where policies and procedures around credit risk are not sufficiently comprehensive or robust there is the risk that the firm is unable to properly understand and control exposures. It further impacts the ability of the firm to monitor risk appetite, portfolio composition, provisioning, and credit quality. |
The division fully understands exposures to credit risk, particularly in the commercial property sphere, and is able to monitor and adapt risk appetite both with respect to micro-level factors and in the context of changing market dynamics. |
1) |
HBOS to ensure that there are appropriate levels of challenge at all stages of the credit approval process. |
||
|
|
|||||
|
Action Type: Assessment |
31/12/2008 |
||||
|
2) |
HBOS to review the process for escalating deals to Group (or other divisions) for challenge and sign-off. This is particularly important for large exposures which may impact Group capital but which at present are only escalated if the deal exceeds £250m. |
||||
|
|
|||||
|
Action Type: Remediation |
31/03/2009 |
||||
|
3) |
Property valuations need to be performed on a timely and regular basis, as a minimum annually and more regularly if counterparty or market events necessitate—results need to be evaluated and assessed within the credit risk process. |
||||
|
|
|||||
|
Action Type: Remediation |
With immediate effect |
||||
|
4) |
Our reviews found that ratings for several key counterparties, such as *** and ***, were out of date or out of line with market developments. Ratings need to be brought up to date as a matter of urgency and going forward should be reviewed on a timely and regular basis, as a minimum annually and more regularly if counterparty or market events necessitate. |
||||
|
|
|||||
|
Action Type: Remediation |
31/03/2009 |
||||
|
5) |
Data used in the credit process, such as property valuations and ratings should be up to date. Where gaps or lags occur appropriate conservatism should be applied in the use of the data. |
||||
|
|
|||||
|
Action Type: Remediation |
28/02/2009 |
||||
|
6) |
Management Information: HBOS Corporate to develop comprehensive and granular MI to enable it to understand the risks inherent in its book. Particular aspects for improvement include: |
||||
|
|
— |
MI to enable identification of exposures by product type and geography eg MI on property exposures by major cities with breakdown of prime or secondary locations. |
|||
|
|
— |
The monthly Impaired Asset Report to include an executive summary/commentary. |
|||
|
|
— |
The Impaired Asset Team should document the rationale behind cases where a review has taken place but the rating remains unchanged, as well as where it changes. |
|||
|
|
— |
MI on refinance risk. |
|||
|
|
— |
MI on the current market values of property held as collateral should form part of the Corporate Credit Risk Committee information pack as well as reports to the Board. |
|||
|
|
|||||
|
Action Type: Remediation |
31/01/2009 |
||||
|
7) |
HBOS Corporate to enhance its processes for on-going sector risk management based on its output analysis of high risk sectors, (such as the high risk sectors flagged in H1 2008 which included hotels, pubs and healthcare) including the establishment of granular sub-sector risk appetites. |
||||
|
|
|||||
|
Action Type: Assessment |
31/12/2008 |
||||
|
8) |
HBOS Corporate to review how its limit structure (as agreed by Group) filters within Corporate to individual asset classes to ensure the sector risks within Corporate are effectively managed. |
||||
|
|
|||||
|
Action Type: Remediation |
31/12/2008 |
||||
|
9) |
HBOS Corporate to enhance its early warning indicator framework—by using, for example, data on 30 days past due as a risk metric and develop roll rate tables for migration from ‘High Risk’ to 30 days past due, impaired and loss. |
||||
|
|
|||||
|
Portfolio Risk |
Action Type: Assessment |
30/11/2008 |
|||
|
High levels of concentration in the book could leave the firm over exposed to market fluctuations. Corporate Division have both single name as well as sector concentrations. |
HBOS is adequately capitalised to account for the concentration in its book. |
1) |
HBOS Corporate to provide an assessment of concentration risk capital to Group to allow HBOS to review the appropriateness of concentration risk capital in its ICAAP and forward results to the FSA. |
||
|
Single name concentration risk: The top 44 exposures with drawn balances over £100m represent 30% of drawn RE balances (£9.6bn) with the top 10 representing 13% (£4.2bn) as at February 2008. When viewed against the large failed distribution ‘holds’ Corporate are exposed to significant ‘fat tail risk’. |
|
||||
|
Action Type: Remediation |
31/12/2008 |
||||
|
2) |
HBOS to update the FSA on a quarterly basis on the progress to implement, by 31/12/2009, a fully functioning Advisory Portfolio Management (APM) process. |
||||
|
|
|||||
|
Action Type: Remediation |
31/03/2009 |
||||
|
3) |
HBOS Corporate to investigate and implement interim measures to manage and control the concentrations in the portfolio pending the implementation of Active Portfolio Management. |
||||
|
Sector concentration risk: HBOS have a high level of exposure to real estate which makes it vulnerable to a downturn in this market. It is unclear the extent to which this concentration risk has been assessed for example, across the asset classes. |
|
||||
|
Action Type: Remediation |
31/03/2009 |
||||
|
4) |
Sub-limits to be set through the Portfolio Management function and allocated to particular asset classes. |
||||
|
Whilst such concentrations may be a consequence of the chosen RE strategy it is not evident that such concentration limits have been robustly challenged both within the Division and by Group. |
|||||
|
|
|||||
|
Equity holdings—methodologies |
Equity and equity equivalent holdings are fairly valued using appropriate and robust methods |
Action Type: Assessment |
31/03/2009 |
||
|
HBOS Corporate has significant equity and/or equity equivalent participations on its balance sheet across several asset classes. Given market illiquidity and volatility there is a need to adopt an appropriate and robust approach to valuing equity held on the balance sheet. Where valuation methods are not appropriate there is a risk that the value of assets is not fairly assessed as required by accounting standards—potentially giving rise to concerns around market transparency and the capital position of the group. |
1) |
FSA to undertake a review of HBOS valuation methodologies. |
|||
|
|
|||||
|
Credit Controls |
|||||
|
During 2007 a significant control breach was identified whereby a member of staff had, over a period of years, extended unauthorised credit to impaired clients. Where credit controls are not sufficiently robust, barriers to unauthorised actions may be weak and breaches may not be promptly identified. Weaknesses in credit controls produce the risk of heightened exposure to impaired assets; reduce control over asset growth; and increase the scope for fraud. |
Credit controls are sufficiently comprehensive and robust, both in preventing unauthorised activity and identifying such actions in a timely manner. |
Action type: Mitigation |
31/10/2008 |
||
|
1) |
Following completion of remedial work, internal audit to give assurance to the FSA that credit controls within corporate division are comprehensive, robust and fit for purpose. (HBOS asked for an extension to the initial ‘action by’ deadline of 30/09/2008 in order to conduct a comprehensive review—extension agreed by the FSA in August 2008.) |
||||
|
|
|||||
|
Action type: Assessment |
31/03/2009 |
||||
|
2) |
FSA to review access controls around the setting and changing of limits (including the Core Banking System—CBS), along with other preventative measures identified by GIA. |
||||
|
|
|||||
|
In this case inadequacies in preventative controls gave staff unimpeded access to change credit limits. Detective controls were in some cases not applied and in others ineffective. Additionally the Joint Ventures asset class has experienced a rise in impairments that have highlighted potential control failings. It is necessary for HBOS Corporate to ascertain the suitability of their control framework in managing risk capital (equity) within the JV asset class. |
HBOS Corporate to have appropriate risk capital controls within the JV asset class |
Action type: Mitigation |
31/12/2008 |
||
|
3) |
HBOS Corporate to assess whether any of the material control issues from the Risk Assurance JV review are applicable to the other asset classes. HBOS to advise the FSA of the outcome of this assessment and any timelines for any remedial action. |
||||
|
|
|||||
|
Acton type: Mitigation |
31/12/2008 |
||||
|
4) |
HBOS Corporate to carry out a review of the risk capital controls within the JV asset class and report findings to the FSA. |
||||
|
|
|||||
|
Operational Risk |
|||||
|
The introduction of the CORE programme and the Risk Assurance function will lead to enhanced risk management in the future, and progress on this programme is encouraged by the FSA. Given the uncertainty surrounding current market events HBOS may need to take additional steps to ensure its personnel remain engaged. |
There is a discipline around addressing the high risk issues identified by Project CORE |
Action Type: Remediation |
30/11/2008 |
||
|
1) |
HBOS Corporate to ensure it has appropriate timelines in place and engaged personnel for delivery of key CORE milestones. |
||||
|
|
|||||
|
Operations: FTC loans system |
|||||
|
The FTC loans system which is used by both the Corporate and Retail divisions has inadequate controls. The system which is c40 years old has resulted in incorrect final settlements and customer detriment. This potentially affects 750,000 corporate loans. |
Loans system is able to support corporate loan business in a timely and accurate manner. Support functions are adequately and proactively resourced. |
Action: Assessment |
10/11/2008 |
||
|
1) |
HBOS Corporate to assess and advise the FSA on the materiality of the issue with respect to Corporate division. |
||||
|
|
|||||
|
Action: Remediation |
31/12/2008 |
||||
|
2) |
HBOS to put in place a plan, with timelines to address the issue. Plan and timelines to be agreed with the FSA. |
||||
|
|
|||||
|
Operations: Syndicated loans—reconciliations and back office processing |
|||||
|
A rise in the volume of syndicated loan transactions has increased pressure on the back office to process reconciliations. Backlogs occurred during 2007 and initial remedial work failed. Where support functions are not equipped to service reconciliation needs, errors, omissions or mismatches may go unidentified. This could result in increased risk of financial loss, financial crime, a delay in identifying credit risk, increases reputational risk, and erodes the integrity of financial MI. In this case a resource shortage and pattern of incomplete reporting by counterparties led to backlogs (6,234 items in July 2007 peaking at a backlog of over 14,000 in May 2008). Development of a strategic solution was only presented to the FSA in July 2008. |
Loans management support is able to complete reconciliations for syndicated loan business in a timely and accurate manner. Support functions are adequately and proactively resourced to account for planned growth in business volumes and complexity. |
Action type: Remediation |
31/10/2008 |
||
|
1) |
HBOS Corporate to complete planned recruitment and training programme and give assurances that the loans management support function is appropriately resourced to meet current and expected future demand. |
||||
|
|
|||||
|
Action type: Remediation |
31/10/2008 |
||||
|
2) |
HBOS Corporate to demonstrate to the FSA that any backlog in reconciliation entries has been dealt with appropriately and in line with HBOS targets reported to the FSA. |
||||
|
|
|||||
|
Action Type: Remediation |
31/12/2008 |
||||
|
3) |
Internal Audit to assess management oversight of reconciliation procedures, processes and systems and report findings to the FSA. |
||||
|
|
|||||
|
Action Type: Assessment |
31/10/2008 |
||||
|
4) |
HBOS Corporate to assess broader implications of LMS issues, including the constraints it may place on sell down of loans, and report findings to the FSA. |
||||
|
|
|||||
|
Perfecting security |
|||||
|
Conditions in respect of security for loans, for example property held as collateral, must be executed thoroughly and completely. There have been several instances where HBOS’s charge over property has not been registered by the acting solicitors and the loan therefore is not in compliance. Lack of due diligence in this area may result in financial loss to the firm. |
Firm to ensure that it has appropriate checks in place to safeguard its interests |
Action Type: Assessment |
31/12/2008 |
||
|
1) |
HBOS Corporate to undertake an assessment of the impact and scale of the issue and the reasons underlying the issue. |
||||
|
|
|||||
|
Action Type; Remediation |
31/03/2009 |
||||
|
2) |
HBOS Corporate to implement any tactical process enhancements identified pending implementation of a longer term strategic solution. |
||||
|
|
|||||
|
Action type: Remediation |
31/3/2009 |
||||
|
3) |
HBOS Corporate to agree the plan dates for the proposed phases of the strategic solution with the FSA to ensure property held as collateral is registered in the interest of the firm where appropriate. |
||||
|
|
|||||
|
Governance |
|||||
|
There is a multiplicity of Committees to manage specific aspects of risk at the expense of integration across the piece. |
There is adequate management oversight of HBOS credit risk |
Action Type: Assessment |
|||
|
1) |
HBOS to review and streamline risk governance structure. |
30/03/2009 |
|||
|
|
|||||
|
Governance and conflicts of interest:—Equity stakes. |
|||||
|
The firm takes equity stakes in joint ventures, sometimes supplying both junior and senior debt as well as equity investment to a partner. Equity stakes are held within the Uberior family of companies but are managed locally by teams who also structure and administer lending. Where a comprehensive governance framework is not in place around equity ownership, firms may be exposed to conflicts of interest, and heightened legal and reputational risk. HBOS recognises that, as equity investment increases, an overarching governance structure and strategy is required—especially if plans to manage third-party capital reach fruition. A particular area of risk may be where the firm’s rights in one area produce conflicts given other roles. For instance, where information is privileged to equity investors there may be a tension with duties towards debt syndicate members especially where HBOS may also be acting as Agent. Whilst the conflicts policy notes this possibility and recognises potential triggers (eg impairment), it is unclear how these risks are being managed. |
Appropriate strategy, monitoring and controls are in place around the firm’s acquisition and holding of equity stakes in joint ventures |
Action Type: Assessment |
31/12/2008 |
||
|
1) |
FSA to undertake review of both the appropriateness and effectiveness of the firm’s Conflicts of Interest policy. |
||||
|
|
|||||
|
Governance and Conflicts of interest:—Remuneration. |
|||||
|
Plans are in place to supplement remuneration for certain high-value staff with a carried interests plan currently in ISAF (implementation in JVs is not currently being considered and the coinvestment plan has been abandoned). Where controls around non-traditional remuneration are not robust, a divergence of interests between staff and other stakeholders may produce conflicts. Inadequate mitigation of conflicts produces the risk that transactions are not managed in the best interests of shareholders, with associated legal and reputational risks, and erosion of the corporate culture. In this case the firm are conducting an exercise to map potential conflicts. It is important that actions are comprehensive, and that changes are only introduced when the board is comfortable that risks are addressed. |
The firm has in place appropriate and comprehensive measures to consider and manage conflicts of interest that may arise in carried- interest and coinvestment remuneration schemes. |
Action Type: Assessment |
31/12/2008 |
||
|
1) |
FSA to review Conflicts of Interest paper and assess appropriateness. |
||||
|
|
|||||
|
Basel II roll-out and monitoring |
|||||
|
In the April 2008 RMP the FSA noted that the group continues to develop and roll-out its Basel II programme, both in terms of new models (such as the Property Investment Model) and through enhancements to existing models (such as the General Corporate Model). Where the development and review process is not well managed and implemented, there is the risk that models fail to meet the required standards and are not credible. A lack of proper maintenance and refinement may mean models cannot be relied upon going forwards. In this case new models will be scrutinised and compliance with CRD assessed. Existing models will be subject to ongoing monitoring. The firm has demonstrated that it has someway to go to meet ongoing requirements. Reviews of PIM in January and June 2008 showed the model to be non- compliant while the GCM review has been subjected to several delays generated in part by the absence of documentation and adequate performance of the model to support the review. |
The firm’s models meet, and continue to meet, Basel requirements. Governance around the development and refinement programme remains strong and model roll-out is soundly managed so as to maintain credibility. |
Action type: Assessment |
Ongoing |
||
|
1) |
HBOS to submit monthly MI on the performance of Models and Portfolios to the FSA. |
||||
|
|
|||||
|
Action Type: Assessment |
30/11/2008 |
||||
|
2) |
HBOS to update its roll-out plans to take account of delays in readiness of models for approval and review and advise, and agree, timelines with the FSA accordingly. |
||||
|
|
|||||
|
Action type: Assessment |
TBA following completion of action 2) on roll-out plan. |
||||
|
3) |
FSA Prudential Risk Division to assess whether the firm’s Property Investment Model (PIM) is Basel compliant |
||||
|
|
|||||
|
Action type: Assessment |
TBA following completion of action 2) on roll-out plan. |
||||
|
4) |
FSA Prudential Risk Division to undertake a full model review of the firm’s General Corporate Model (GCM). |
||||
|
|
|||||
|
Action Type: Assessment |
|||||
|
5) |
Firm to assess the impact of not achieving approval for new and enhanced models as outlined in current roll-out plan ie its impact on business. |
31/03/2009 |
|||
|
|
|||||
|
Data quality and timeliness |
|||||
|
Issues with the quality and timeliness of data, such as out of date ratings and out of date property valuations, undermine the usefulness of MI and risk systems. |
The firm has good quality and relevant data to make informed decisions. |
Action Type: Assessment |
31/03/2009 |
||
|
1) |
GIA to assess the adequacy and quality of the corporate data in the risk systems, including static data input. |
||||
68 Peter Cummings, CEO Corporate, HBOS, 2006-2008 representations to the Regulatory Decisions Committee
A: Introduction
1. These are the representations of Peter Cummings in response to the Warning Notice (“WN”) dated 3 June 2011, issued by the Regulatory Decisions Committee (“RDC”).
2. References to page numbers below are references to pages in the accompanying bundle of documents (see summary below). References to paragraph numbers are, unless otherwise stated, references to paragraphs of the WN.
3. Mr. Cummings’ representations are structured in the following manner:
|
Section |
Theme |
|
B |
Summary |
|
C |
The Legal Test |
|
D |
Alleged Failings in the Period |
|
January 2006–March 2008 (WN, paras 4.85–4.99) |
|
|
E |
Alleged Failings in the Period |
|
April 2008–December 2008 (WN, paras 4.120–4.125) |
|
|
F |
Project Revolver |
|
Corporate Operational Risk Excellence (“CORE”) Case Study |
|
|
G |
Conclusion |
|
Annexure 1 |
Response to discrete points in the WN |
|
Annexure 2 |
Specific Transaction Analysis: ***3 |
4. The supporting documents to Mr. Cummings’ representations are arranged in the following manner:
B: Summary
5. Mr. Cummings discharged his regulatory responsibilities properly and conscientiously throughout the relevant period between January 2006 and December 2008. During that period, Mr. Cummings was Chief Executive of HBOS’ Corporate Division. As such, he was a member of HBOS’ Group Board and attended the meetings of that board, and the sub-committee comprised of executive members of that committee (“EXCO”), which were responsible for formulating the business planning and strategy of HBOS. In reaching their collective decisions as to those matters, the members of the Group Board were advised by senior specialists in finance, risk and economics. Within the Corporate Division itself, Mr. Cummings was, again, part of a Board which contained a substantial number of individuals with wide-ranging expertise, including in finance, risk and economics.
6. Despite these matters, the WN is replete with references to Mr. Cummings having “directed” the Corporate Division, to, for example, “pursue an aggressive growth strategy”. This approach is entirely at odds with all the available evidence. The strategy adopted by HBOS was agreed and implemented collectively at both Group and Divisional level. Mr. Cummings’ participation was as a member of a management team. He did not personally direct the strategy and decision-making in HBOS’ Corporate Division.
7. Further, Enforcement’s case is predicated on the proposition that in “directing” such an “aggressive growth strategy”, Mr. Cummings ignored “known weaknesses in the control framework, which meant that it failed to provide robust oversight and challenge to the business.” This is again an allegation with no proper evidential basis.
In particular, it ignores two important matters.
8. First, Mr. Cummings was entitled to and did rely upon the advice of risk specialists, both within the Corporate Division and at Group level, who at all material times advised that the control framework operating within HBOS’ Corporate Division was fit for purpose and functioning properly. These observations were reinforced by the views of Group Internal Audit, who provided a series of positive reports on the performance of the risk framework, and indeed the FSA’s Supervision department itself. As the FSA Supervisors concluded in a report of 14 June 2007, “HBOS has a robust governance structure and programme management framework in place....HBOS has a robust framework for setting risk appetite.”
9. Second, and this is of particular relevance in assessing Mr. Cummings’ “personal culpability” and the extent to which his actions are consistent with a failure to “assess, manage or mitigate risks” Mr. Cummings took a pro-active and personal involvement throughout the Relevant Period in the development of the Corporate Division’s risk management framework. For much of the Relevant Period, HBOS was preparing for and moving towards the implementation of a new risk framework adopting the recommendations and requirements of Basel II. Again, the FSA Supervisors’ observations on 14 June 2007 are pertinent, “There has been a noticeable improvement in the level of senior management engagement and commitment within the division, following the appointment of a new CEO, Peter Cummings. Peter, with support from the HBOS Board, has been actively involved in the Basel implementation and has strongly advocated the use of advanced modelling techniques for risk management within the business. There has been a big step-up in the involvement of the business....”4 , 5
10. Against this background, there is no basis for the portrayal of Mr. Cummings set out in the WN as a manager who ignored the risks inherent in the strategy which he was seeking to implement in the Corporate Division on behalf of the Group Board. In particular, there is no logical basis for the manner in which the WN seeks to use Mr. Cummings’ sustained involvement in developing the prospective Basel II risk framework as an indication that Mr. Cummings was aware that the risk framework currently in operation was not fit for purpose and that, effectively, he should have recommended to the Group Board that business in the Corporate Division be stopped or substantially slowed. Basel II, with its suite of Advanced Portfolio Management tools, represented the next generation of risk management frameworks. On any possible view of the evidence before the RDC, Mr. Cummings was taking all reasonable steps to ensure that HBOS was able to meet this future challenge and achieved considerable success in this area. The fact that a new generation of risk management tools were in the process of being deployed, as a result of a world-wide initiative, cannot mean that Mr. Cummings could not, in the light of the positive advice which he received, rely on the current risk framework which he inherited as fit for present purposes, including responsible and controlled business growth.
11. Moreover, as appears from a proper consideration of the evidence, Mr. Cummings not only concentrated upon the future benefits of the risk framework to be implemented under Basel II but introduced substantial and successful projects throughout the Relevant Period to bring immediate and meaningful enhancements to the HBOS Corporate Division’s risk framework. It is wrong to equate Mr. Cummings’ energetic search for improvements to HBOS’ risk management system with a recognition that the current system “failed to provide robust oversight and challenge to the business.”
12. Mr. Cummings contends that the reality of the situation is that HBOS, along with many other financial institutions, was a victim of unprecedented and unforeseeable macro-economic circumstances resulting in a sudden and severe liquidity crisis in the summer of 2007 and developing into a full-blown global financial crisis by the autumn of 2008. HBOS, along with many other institutions, was particularly impacted by these seismic events as a result of its relatively high dependency upon wholesale funding and its long-standing and widely-understood exposure to the UK property industry. HBOS’ business planning and model were at all times well-known to each of HBOS’ Group and Divisional directors and risk specialists and the FSA. None of those individuals or institutions predicted the “melt-down” of the financial system which occurred. Whilst the impact of that “melt-down” was particularly severe in relation to HBOS’ Corporate Division, that was not as a result of the personal culpability of Mr. Cummings, but as a result of the effect of a liquidity crunch, which in turn gave rise to a unique macro-economic environment, upon a particular business model of long-standing which had been properly and responsibly managed and “stress tested” in relation to all realistically foreseeable circumstances.
13. As the impact of the financial crisis became clear, Mr. Cummings, along with many other colleagues at HBOS, worked exceptionally hard to both manage HBOS’ Corporate Division and engage with the FSA and other third parties to ensure, amongst other things, a proper and accurate flow of information to the market concerning HBOS’ situation. There is no evidential basis for the allegation that Mr. Cummings acted improperly in his dealings with either internal colleagues or external auditors.
14. In addition to the above matters, the RDC will be aware that Mr. Cummings is the only individual director or employee of HBOS who is facing disciplinary proceedings as a result of the 2008 global financial crisis, and indeed appears to be the only individual at any institution involved in that global banking crisis who is facing such action. It is, to say the least, surprising that Enforcement should have concluded that, in relation to those events, only one individual is so personally culpable that he merits disciplinary sanction. So it is necessary to scrutinise with some care the case advanced by Enforcement which seeks, on it is submitted no proper evidential basis, to impute personal responsibility for all of the difficulties which the events in 2008 caused HBOS, upon one individual. There are obvious dangers of unfairness when, whether as a result of resource constraints or otherwise, one individual alone is investigated and charged in relation to events in which, on any possible view, many other individuals were as intimately involved and, on any sensible analysis, for which they must have been at least equally responsible.
15. In circumstances where the investigation report relied upon by Enforcement runs to some 700 pages, Mr. Cummings does not, in this response, seek to address every detail relied upon by Enforcement. Rather, having addressed the legal issues which arise in Section C below, Mr. Cummings has sought, in Sections D and E below, to demonstrate, through a proper analysis of the contemporary material, that the basic thrust of Enforcement’s case to the effect that he personally directed an aggressive growth strategy whilst ignoring risk management issues and in full awareness that the risk management system in HBOS’ Corporate Division was not fit for purpose is a travesty of the actual position. In Section F, Mr. Cummings provides an in-depth analysis of Projects Revolver and CORE which he personally instigated to develop the risk management framework within HBOS’ Corporate Division. In Annexure One to these representations, Mr. Cummings addresses specific allegations and inaccuracies in the WN. In Annexure Two to these representations, and in response to the focus contained in the Investigation Report, but not the WN, upon identified individual transactions, Mr. Cummings provides a full analysis of one of the principal transactions relied upon in the Investigation Report, namely ***.
C: The Legal Test
(1) Statement of Principle 6
16. Principle 6 of the FSA’s Statements of Principle for Approved Persons provides:
“An approved person performing a significant influence function must exercise due skill, care and diligence in managing the business for which he is responsible in his controlled function.”
17. It is instructive in this context to note the relevant standard of care and skill employed in professional negligence cases—“that degree of skill and care which is ordinarily exercised by reasonably competent members of the profession, who have the same rank and profess the same specialisation (if any) as the defendant.”6 In considering the personal conduct of Mr. Cummings, it is important to note that a number of other financial institutions, in addition to HBOS, faced severe difficulties as a result of the 2008 financial crisis, yet the significant influence function holders of those institutions (like the many other significant influence function holders at HBOS at the relevant time) are not facing regulatory action. Enforcement must demonstrate why Mr. Cummings’ conduct fell below the degree of care and skill exercised by those other significant influence holders, whom Enforcement has presumably concluded acted throughout with the “degree of skill and care ordinarily exercised by [significant influence function holders at large banks]” such as to render Mr. Cummings, and Mr. Cummings alone, personally culpable for his actions.
18. The relevant significant influence function held by Mr. Cummings was CF1—the Director function. As APER 4.6.11 recognises, the director of a large and complex institution is not and cannot be responsible for every day-to-day decision taken within the business:
“An approved person performing a significant influence function will not always manage the business on a day-to-day basis himself. The extent to which he does so will depend on a number of factors, including the nature, scale and complexity of the business and his position within it. The larger and more complex the business, the greater the need for clear and effective delegation and reporting lines. The FSA will look to the approved person performing a significant influence function to take reasonable steps to ensure that systems are in place which result in issues being addressed at the appropriate level. When issues come to his attention, he should deal with them in an appropriate way.”
19. Further, the FSA’s Consultation Paper 26 which introduced the Controlled Function and Approved Persons regime made clear that personal culpability must be established for a breach of the Principles:
“The FSA does not consider that it would be appropriate to discipline senior managers, approved for the purpose of Clause 56(5), simply because a breach of the regulatory requirements has occurred in an area for which they are responsible. There will only be a breach of a Statement of Principle where there is personal culpability. This arises in two circumstances. Firstly, where a breach is deliberate and secondly where the standard of behaviour of the individual is below that which the FSA could reasonably expect from an individual managing a particular business or part of the business, taking account of the size and complexity of that business. Principles 5,6 and 7 place obligations on a senior manager and where he failed to organise, control or manage the business in accordance with these Principles, then disciplinary action may be appropriate.”
20. So the starting point is that it is impermissible to treat the individual as a substitute for the firm. The focus is solely directed to whether the individual personally was at fault, in the light of the facts known to him at the time.
21. There is no suggestion in this case of deliberate breach. Nor on the evidence as a whole is there any basis for suggesting that Mr. Cummings did not conscientiously seek to fulfil his regulatory responsibilities.
22. The issue must be approached without the benefit of hindsight. The issue is whether Mr. Cummings failed to exercise due skill, care and diligence in carrying out his controlled function.
23. The fact that faults emerge in the business does not establish that the holder of the CF1 function is culpable. His responsibility is to take reasonable steps to ensure that systems are in place which result in issues being addressed at the appropriate level. When failings emerge he must deal with them in an appropriate way, which may include appropriate delegation, to ensure that failings are addressed. Throughout he may properly rely upon the competence of those with expertise in finance, economics and risk.
24. On any view, both HBOS, and HBOS’ Corporate Division, were large and complex businesses. In considering Mr. Cummings’ personal culpability it is necessary to recognise the considerable reliance he placed and was entitled to place upon the Finance Directors of both HBOS and the HBOS Corporate Division, the Group Risk and Group Internal Audit functions and the economists responsible for advising HBOS as to the overall macroeconomic position. Mr. Cummings was both a member of the Group Board and responsible in that capacity for contributing to overall Group policy, and, as Divisional Chief Executive of the Corporate Division, responsible for implementing the policy decided upon by the Group Board within the Corporate Division. In these circumstances, it is plain that any consideration of Mr. Cummings’ personal culpability must necessarily involve detailed consideration of these complex corporate relationships. Mr. Cummings cannot fairly be treated as a substitute for the HBOS Corporate Division, and yet this is precisely the approach which the WN and the PIR adopt throughout.
25. Moreover, as Divisional Chief Executive of HBOS’ Corporate Division, Mr. Cummings cannot fairly be held personally culpable for asserted failings in individual transactions which Enforcement now allege, with hindsight, represent errors of judgment. Mr. Cummings’ responsibility was to ensure that the systems for considering individual transactions involved decisions being taken by sufficiently experienced colleagues who had access to all relevant sources of information and viewpoint. The process which pertained in the Corporate Division throughout Mr. Cummings’ tenure as Chief Executive was fully compliant with those requirements.
(2) Knowing Concern
26. Principle 3 of the FSA’s Principles for Business provides that “A firm must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems.”
27. Enforcement alleges that Mr. Cummings was “knowingly concerned” in HBOS’ breach of this principle (contrary to section 66(2)(b) of the Financial Services and Markets Act 2000 (“FSMA”)). The allegation arises in extremely unusual circumstances in which no comprehensive investigation has apparently been carried out into HBOS and the allegation had been introduced at a very late stage of the proceedings.
28. The fact that Enforcement has considered it necessary to introduce this charge undoubtedly reflects the fact that the entire nature of the investigation and the WN was, in truth, focused not upon an analysis of Mr. Cummings’ personal conduct but a limited analysis of HBOS’ Group Functions and its Corporate Division. Enforcement then sought to substitute Mr. Cummings, as an individual, for the firm in seeking to draw conclusions as to Mr. Cummings’ personal culpability. As set out above, this is an impermissible approach.
29. Moreover, whether or not there are grounds for the charge of a breach of Principle 3 against HBOS as a whole, there is no basis for an allegation that Mr. Cummings was “knowingly concerned” in such a breach. Such an allegation goes beyond allegations of negligence, such as form the basis for a claim that an individual has breached Principle 6, and requires actual knowledge by Mr. Cummings of that which is alleged to render him guilty of the offence.
30. The phrase “knowingly concerned” in section 91(2) of FSMA appears elsewhere in FSMA at sections 66(2), 97, 131G(6), 380(2), 382(1) and 384(4). No precise definition of the phrase appears in any of those sections. However, in SIB v Pantell SA (No. 2) [1993] Ch 256 (CA), the Court of Appeal shed some light on the phrase “knowingly concerned” as it appeared in sections 6(2) and 61(1) of the Financial Services Act 1986, the predecessor of FSMA from which the phrase was transplanted. At 283 Steyn LJ held that:
“‘Knowingly concerned’ is not defined. In my judgment it is clear that proof of actual knowledge is essential but not enough. Mere passive knowledge will not be sufficient: actual involvement in the contravention must be established.”
31. As regards the requirement of actual knowledge, further guidance came in SIB v Scandex Management A/S [1998] 1 WLR 712. In that case, which again concerned sections 6(2) and 61(1) of the Financial Services Act 1986, the Court of Appeal affirmed that the requisite knowledge required had to be of each ingredient of the relevant contravention (see Millett LJ at 717).
32. Whether knowledge of the relevant facts by themselves will suffice is less clear. In Scandex the Court of Appeal had regard (at 720) to the decision of Neville J in Burton v Bevan [1908] 2 Ch 240, in order to hold that knowledge of the law, or knowledge that the facts amounted to a contravention of statute, was unnecessary. Ignorance of the law was no excuse (nor, in that case, was ignorance of foreign law).
33. In FSA v Fradley & Woodward [2005] 1 BCLC 479, the first instance Judge7 took the rejection in Scandex of a defence of ignorance in the law, and that court’s citation of Burton v Bevan for those purposes, as authority for the additional proposition that no unconscionability or dishonesty was necessary to show “knowing concern” (see Martin QC at paragraph 39). Knowledge of the facts of the contravention was enough.
34. However, this did not have proper regard to the decisions of the Privy Council in Royal Brunei Airlines Sdn Bhd v Tan [1995] 2 AC 378 and the House of Lords in Twinsectra v Yardley [2002] 2 All ER 377, which addressed the principles of accessory liability in the context of a breach of trust. In particular, the requirement of a special form of dishonesty laid down in those cases does not amount to providing offenders with a defence of “ignorance of the law”. It is instead concerned simply with locating an appropriate level of culpability prior to imposing accessory liability, in circumstances where knowledge of the facts of a contravention will not in themselves guarantee such culpability.
35. In Royal Brunei Airlines, the Privy Council considered a range of different tests for finding third parties liable for assisting breaches of trust, and in particular weighed a test of dishonesty against a test of constructive knowledge and/or negligence (see pages 387 to 391). Their Lordships concluded unanimously at 392 that:
“Drawing the threads together, their Lordships’ overall conclusion is that dishonesty is a necessary ingredient of accessory liability. It is also a sufficient ingredient... ‘Knowingly’ is better avoided as a defining ingredient of the principle, and in the context of this principle the Baden [1993] 1 W.L.R. 509 scale of knowledge is best forgotten.”
36. That principle was endorsed and applied in Twinsectra. In that case Lord Hoffmann held at 170 that for accessory liability to be imposed over breaches of trust, the principles set out in Royal Brunei Airlines required more than knowledge of the facts which made the conduct wrongful. They required a “dishonest state of mind, that is to say, consciousness that one is transgressing ordinary standards of honest behaviour.” In other words, subjective knowledge is required of a transgression of objective standards of honest behaviour. Lord Hutton, approving along with Lords Slynn and Steyn, termed this the “combined test” of dishonesty.
37. Crucially, Lord Hoffman noted that such a requirement did not allow offenders to escape culpability on the basis of ignorance of the law. At 171 he confirmed that:
“I do not suggest that one cannot be dishonest without a full appreciation of the legal analysis of the transaction. A person may dishonestly assist in the commission of a breach of trust without any idea of what a trust means. The necessary dishonest state of mind may be found to exist simply on the fact that he knew perfectly well that he was helping to pay away money to which the recipient was not entitled.”
38. Accordingly, the rejection by the first instance Court in Fradley of the analogy between cases of “knowing contravention” and the principles of accessory liability set out in Royal Brunei Airlines and Twinsectra in the context of breach of trust should be distinguished for the following reasons:
38.1
38.2
38.3
39. There is in truth no reason for distinguishing on the grounds of culpability or seriousness between accessory liability for the breach of a trust and knowing contravention under FSMA. The comments of the Law Lords in Royal Brunei Airlines and Twinsectra apply with equal force in this context. Holding that “knowing contravention” under FSMA requires Twinsectra dishonesty is a natural reading of the statute which guarantees an appropriate level of culpability prior to finding persons guilty of the offence and imposing the consequent penalties.
40. In the circumstances of this case, Enforcement must establish Mr. Cummings’ awareness of HBOS’ breaches of the Principles and a conscious decision actively to involve himself in them. Enforcement must establish Mr. Cummings’ consciousness that HBOS was transgressing proper standards of regulatory behaviour.
41. As regards the requirement for “active involvement”, the FSMT in FSA v Martin [2005] 1 BCLC 95 recognised at paragraph 33 that there was no explicit guidance on that requirement within FSMA or in the cases. In that case, however, the FSMT took care to explain (at paragraph 34) that the individual accused was actively involved in the scheme in ways which were “not peripheral but key elements”.
D: Alleged Failings in the Period January 2006–March 2008 (WN: paras 4.85–4.99)
(1) Summary
42. Enforcement’s case against Mr. Cummings, as summarised at WN paragraph 4.85, is predicated upon the propositions that:
42.1
42.2
43. Neither of these propositions is fair or borne out by the evidence. In overview:
43.1
43.2
43.3
(2) 2006
44. Enforcement’s case against Mr. Cummings starts (WN para 4.86) with the false assertion that, at the time of his appointment in 2006, “Mr. Cummings understood [HBOS] had recognised that...the economic cycle was at or reaching its peak.”
45. In reality, whilst, prior to the start of Mr. Cummings’ tenure, HBOS’ central macro-economic outlook was less optimistic than it was to become during the course of 2006, the expert macro-economic view which was provided to Mr. Cummings and the HBOS Group Board throughout 2006 reflected a change of view and was very different.
45.1
45.2
45.3
45.4
46. The Corporate Division Business Plan for 2007–11, dated 22 November 2006, made the position clear, “At this time last year, we tempered our appetite for asset growth on the back of pessimistic forecasts of economic prospects in the UK. However, as 2006 has unfolded, commentators are now predicting a soft landing for the UK economy and a return to trend growth in the medium term. In light of this, the present plan has been prepared on the assumption that the positive environment will persist The Corporate Plan is based on the central economic scenario, as described in the Group instructions.14 This scenario assumes that the economy is likely to grow at a below trend level of 2.3% in 2006, increasing to the trend level of 2.7% in 2008 The outlook for the corporate sector looks reasonably benign despite a planned increase in Corporate insolvencies. Sustained economic growth and low interest rates provide a favourable background for corporate lending. In summary, the central scenario is relatively favourable for UK plc.”15
47. The significance of Enforcement’s mis-statement of the contemporaneous macro-economic view within HBOS (as opposed to that which might be formed with the benefit of hindsight) is of particular significance as it is this supposed acknowledgment of the point which had been reached in the economic cycle, which informs Enforcement’s criticisms at paragraphs 4.87–4.90 in relation to Mr. Cummings’ attitude towards the risk framework within HBOS during 2006 (see in particular the first sentence of paragraph 4.87).
48. Even without this mis-statement, however, the allegations at paragraph 4.87 that “Mr. Cummings was aware that none of [the matters listed in paragraph 4.86] were in place [in 2006]” including “an effective control framework for the sanctioning and monitoring of individual transactions” are plainly inconsistent with the evidence available to Enforcement.
49. Similarly, the allegation at paragraphs 4.90 and 4.91 that Mr. Cummings “failed to take...immediate steps to improve the credit quality of the portfolio” is unsupportable in the light of the immediate and pro-active steps which Mr. Cummings took specifically in relation to credit risk management from the outset of his tenure as Chief Executive of HBOS’ Corporate Division.
50. A fair starting point for considering Mr. Cummings’ attitude to the risk framework and the immediacy of the steps which he took is to consider the priorities and objectives which he personally set the division as soon as he was appointed to the Chief Executive’s role in 2006.
51. At the outset of the first meeting of the Corporate Board which Mr. Cummings chaired, on 5 January 2006, “[Mr. Cummings] explained that he’d called the meeting to set out and get Board buy-in to what he saw as the key strategic challenges for the Division in 2006...”.16
52. The first of those key strategic challenges was the implementation of Basel II—“Implementing our 100 day recovery plan was the immediate imperative. Thereafter, embedding Basel II into our business processes using the relevant tools for assisting our risk and capital management was the priority for all of us during 2006.” It is impossible to reconcile the characterisation of Mr. Cummings set out in the WN with the reality of a Chief Executive whose first message to his new Board upon his appointment, and the key strategic challenge he identified for the year, was not revenue growth or profitability, but risk and capital management.
53. Moreover, in addition to this management emphasis upon the importance of credit risk management, Mr. Cummings (contrary to that which is asserted in the WN) took “immediate steps to improve the credit quality of the portfolio” by re-structuring the entire corporate business to move from a relationship model (whereby transactions were largely considered on an individual basis and managed by relationship managers) to an asset class model (whereby transactions were managed by individuals within a team which specialised in investments in that type of asset).
54. As reported at the Corporate Division’s Credit Risk Committee meeting of 31 January 2006, the first which took place during Mr. Cummings’ tenure as Divisional Chief Executive and which Mr. Cummings personally chaired, HBOS’ Group Risk Report opined that “the move towards asset class management disciplines creates the platform for a stronger risk management environment.”17
55. It is difficult to conceive of how Mr. Cummings could have taken more immediate action than these significant initiatives within the first month of undertaking his new role. Mr. Cummings had for some time prior to his appointment as Divisional Chief Executive considered the move to asset class management to be a strategic imperative for the Corporate Division and essential to give far greater transparency and construct to risk management, risk appetite and capital allocation. It was a structure which was consistent with the principles of Basel II, and would provide a structure upon which the Basel II framework could be overlaid, thereby (as proved to be the case) considerably facilitating its implementation. Mr. Cummings’ predecessor as Chief Executive of the Corporate Division, Mr. Mitchell, had resisted these enhancements as unnecessary and disruptive. Mr. Cummings personally ensured that they were implemented and prioritised within the Corporate Division from Day One of his tenure.
56. Mr. Cummings maintained this focus on risk management throughout the year. At the Corporate Board Meeting of 25 May 2006, Mr. Cummings again made the risk management improvements required by the implementation of Basel II the primary item for the Board to consider. The Board considered the need to “demonstrate genuine change in the management of risk within the business”18—again demonstrating Mr. Cummings’ focus upon immediate practical progress, not just “management messages”.
57. Mr. Cummings provided further resources towards ensuring that the improvements to the Division’s risk management processes which he had sought to introduce were producing results by engaging PWC “to undertake a review to ensure that our approach to risk was appropriately aligned to the new asset class management philosophy” (as reported to the Corporate Board on 24 August 2006).19 This became known as Project Gold, and was part of the ongoing continuum of projects and processes which Mr. Cummings coordinated as part of his overriding focus on improving the Corporate Division’s risk management framework. As reported to the Corporate Risk Control Committee on 26 September 2006, “The purpose of the project was to review the risk environment within Corporate following the changes in emphasis to the asset class models and was being undertaken with assistance from PWC.”20
58. A presentation in relation to Project Gold was made to the Corporate Board on 14 December 2006. At the personal instigation of Mr. Cummings, the project ultimately recommended the creation of two new senior positions, a Chief Risk Officer and a Chief Information Officer. As at the end of 2006, therefore, within his first year as Chief Executive of HBOS’ Corporate Division, Mr. Cummings had begun the restructuring of the entire division to an asset class basis in order to improve the risk management capabilities of the Division, had fully engaged with and driven forward the risk management aspects of the Basel II programme and had instigated a specific project, Project Gold, to consider that which had been achieved and further improvements that could be made. These actions were all part of a coordinated and consistent plan on Mr Cummings’ part to prioritise the development of the Division’s risk management framework. As explained below, throughout 2007, Mr. Cummings continued to focus intensively on risk management issues, appointing individuals to both the new Chief Information Officer and Chief Risk Officer roles.
59. However, rather than give credit for Mr. Cummings’ personal and proactive engagement with risk management, Enforcement seeks to suggest that this merely demonstrates that Mr. Cummings knew there were significant weaknesses in HBOS’ risk management framework but failed to take sufficient steps to address these. As explained above, it is a logical fallacy to suggest that Mr. Cummings’ focus upon and desire to implement the risk management improvements contained within Basel II implies a recognition that the present control framework was not fit for purpose. Once again, the contemporaneous advice which Mr. Cummings received from those responsible within HBOS for providing such advice, was to the opposite effect. For example:
59.1
59.2
59.3
59.4
59.5 By June 2006, when a number of the immediate improvements which Mr. Cummings had instigated at the outset of his tenure had come into effect, Group Internal Audit concluded in its report that “The internal control and risk management systems surrounding the proposed Basel II Pillar III Regulatory Reporting, for Corporate Division, are adequate and effective.”25
59.6 These positive endorsements were (rightly) confirmed by the FSA’s Supervision team in its “Interim Risk Assessment Report” to Mr. Hornby of 29 June 2006. In that report, the FSA stated that “Corporate has made good progress in developing credit grading systems and enhancing its credit decisioning process and as such we no longer consider specific actions on these points are required in the [Risk Mitigation Programme]”.26 It is, in this regard, extremely surprising, that the WN should allege that Mr. Cummings failed to take “immediate steps to improve the credit quality of the portfolio” (para 4.90) when the contemporaneous view of the FSA was that the actions which Mr. Cummings took in the first six months of his tenure were not only “good progress” but warranted removing credit control within the Corporate Division as an item in HBOS’ Risk Mitigation Programme.
59.7 In its report of 7 August 2006, Group Internal Audit confirmed the progress which had been made reporting, on this occasion, that “Adequate and effective internal control and risk management systems have been established throughout the [Credit Risk Management Unit].”27
60. In these circumstances, the allegations at WN para 4.90 and 4.91 as to both Mr. Cummings’ alleged (1) failure to take immediate steps to improve the credit quality of the portfolio; and (2) knowledge that there was no effective control framework in place in the Corporate Division in 2006 are insupportable.
61. Moreover, once the position in relation to Mr. Cummings’ attitude to and knowledge about risk management within the Corporate Division is properly analysed, it can be seen that his attitude towards the Corporate Division’s proposed strategy—which he did not “direct” but which was collectively discussed and agreed by the Group Board—can be seen to be both responsible and justified. Mr. Cummings reasonably believed that the Corporate Division had a risk management framework which was fit for the purpose of continued controlled growth, and was, on any view, personally ensuring that further improvement to that risk management framework was the top priority for the Corporate Division.
62. Far from “directing an aggressive growth strategy” Mr. Cummings’ approach to the management of HBOS’ Corporate Division was measured and responsible. As Mr. Cummings reported to the Group Board on 28 March 2006 “Private equity remained buoyant, with no apparent limit to deal size. This gave rise to additional pressures for the Group, as it was key to avoid over-exuberance. The Group aimed to concentrate asset growth in areas where sustainable returns were most likely.”28
63. In establishing the budgetary plans for the Corporate Division, the members of EXCO carefully considered these matters, in particular at its Away Day of 6 June 2006. The question which Mr. Hornby posed, for each of the members of EXCO to consider at that Away Day, was
“What is the right level of growth that HBOS should target in the core UK businesses?”
64. This issue was collectively addressed by each of the members of EXCO. In relation to the Corporate Division, Mr. Cummings reported that “The core issue for Corporate during the 2007–11 Planning period...related to the preferred speed of growth.” Mr. Cummings specifically noted that, to achieve higher rates of growth, “more risk would be taken in some asset-backed environments.” The decision that “the Corporate Plan should focus on high single digit UPBT growth” was one which was taken collectively by the members of EXCO and subsequently approved by the Group Board.29 It was not directed or dictated by Mr. Cummings and Mr. Cummings ensured that all relevant issues were raised and debated before the level of growth to be targeted was agreed.
65. When the matter was further reviewed at the next EXCO Away Day on 31 October 2006, Mr. Cummings made it clear that, for the Corporate Division, “The main criterion would be risk management, rather than aiming for any particular profile in terms of Asset growth”.30 Again, the final decision as to the level of growth to be targeted in the HBOS Business Plan was reached collectively by the members of EXCO, and subsequently the Group Board.
66. In these circumstances, it is unfair and wrong for Enforcement to allege, as it does at WN paras 4.91 and 4.92, that Mr. Cummings “directed the Corporate Division to pursue an aggressive growth strategy” or that he failed to “clearly articulate...to Group the risks associated with the growth targets and the impact on the stated risk appetite.”
(3) January–July 2007
67. The case advanced in the WN in respect of the January–June 2007 period mirrors that advanced in relation to 2006. It starts with the proposition (WN para 4.93) that Mr. Cummings “understood that there were further indications that the economic cycle had reached its peak.” However, as set out above, the advice which the Board of HBOS’ Corporate Division actually received from the economist appointed by Mr. Cummings to advise it on 23 February 2007 was to the opposite effect, “*** advised that the data confirmed two things as certain, a positive growth outlook for the next 2 years and a consequent increase in UK interest rates.” This was one of a number of sources of specialist advice upon which the Board of HBOS’ Corporate Division, including Mr. Cummings, was reasonably entitled to rely, and it was in the light of this advice that the Board collectively concluded that “the [business] plan remained challenging but achievable.”31 Indeed, Mr. Cummings had personally instituted the procedure by which HBOS’ Corporate Division received advice on the macro-economic landscape from a specialist economist specifically to ensure that appropriately expert advice was available to the Board when it made its decisions.
68. Moreover, the FSA’s own view, as recorded in its Assessment of 1 November 2007, was that it was only at this stage that “After 2–3 years of exceptionally benign credit conditions, there is now some evidence that the credit cycle is beginning to turn.”32
69. Contrary to the case advanced at WN para 4.94, Mr. Cummings continued to maintain a direct and intensive focus on risk management issues and continued to take “immediate steps to improve the credit quality of the portfolio.” In particular, the conclusions of Project Gold were reported to EXCO on 20 March 2007. As Mr. Cummings reported at that meeting the purpose of Project Gold was “to support Corporate’s growth with ‘world class’ risk management disciplines.”
70. It is apparent that Project Gold resulted in immediate and practical steps to improve the Corporate Division’s risk management processes and that it was specifically undertaken to provide an appropriate platform for the Corporate Division’s planned growth—the specific issue which the WN falsely accuses Mr. Cummings of ignoring. As set out in the EXCO minutes:33
“Key components of [Project Gold] were:
the development of an integrated risk function (covering all risk types-credit; business; market and liquidity) providing a coordinated view and the ability to manage and consider multiple risks. A Chief Risk Officer (CRO) would be appointed to lead the holistic approach; and
the enhancement of Business Intelligence capability, to provide a forward looking view of data integrity and business information to enable strategic planning and decision making within each Asset Class, and across the Division. Delivery would be led by a Chief Information Officer (CIO).
The single risk function, led by the CRO, would provide consistent, complete and robust information on risk exposures, and would ensure quality and consistency of risk monitoring, measuring methods, standard and procedures. The role of the CRO would be focused on strategic issues concerning management of the portfolio, rather than sanctioning individual credits (which was a role that would be retained by *** at least for an interim period).”
71. These conclusions were promptly acted upon and *** and *** were appointed as Chief Risk Officer and Chief Information Officer shortly afterwards. Their appointments were announced to the Corporate Board on 31 May 2007.34
72. In the light of the case advanced in the WN, it is important to note that the evidence before the RDC not only establishes that these matters were implemented but that they were personally and intensively sponsored by Mr. Cummings.
73. In particular, ***, who was appointed to the newly created position of Chief Risk Officer, made it clear that it was Mr. Cummings who drove Project Gold and that Mr. Cummings was “passionate about the CRO role, absolutely passionate:
........ [Project Gold] was always presented to me very much as Peter [Cummings’] initiative and that Peter took this to Group, to say this is what he was going to do to build this capability.”35
74. ***, the Head of Portfolio Management and Securitisation within the Corporate Division, was equally clear that the Advanced Portfolio Management project, which *** was appointed to drive forward, was “in [Mr. Cummings’] top three priorities.” Managing Directors who were initially cynical about the project “were brought back into line by Peter [Cummings].”36
75. As set out above, the fact that Mr. Cummings was intensively seeking to improve the risk management processes within the Corporate Division cannot fairly be said to indicate that he was aware that the current processes were not fit for purpose. There is in fact no evidence to support the allegations in the WN that Mr. Cummings was aware that the risk management processes in the Corporate Division were not fit for purpose and that he ignored this. There is a vast difference between (1) an appreciation, as Mr. Cummings had, that there were many improvements which could and should be (and Mr. Cummings ensured were in fact) made to the risk management processes within the Corporate Division; and (2) a belief that there were serious flaws in controls which ought to have caused the Corporate Division to scale back its business activities.
76. For example, on 23 March 2007, Group Internal Audit reported on the implementation of the Basel II programme in the following terms “Our review concluded that the controls surrounding programme governance and management of material gaps for Basel II Implementation Planning are adequate and the framework is working effectively.”37
77. Further, at the Group Board meeting on 22 May 2007, the Group Risk Director, Mr. Watkins, reported to the Group Board that in the context of a review of “Group Credit Risk Capability”, “There was no doubt that the Group’s [Credit Risk Management] process remained effective and fit for purpose. The Group had some real strengths—in Treasury, Corporate,38 Retail and Australia in particular.”39
78. The views of Group Internal Audit and the Group Risk Division were expert views upon which Mr. Cummings was reasonably entitled to rely. It is particularly significant in this regard that:
78.1
78.2
78.3
79. The views of Group Internal Audit and Group Risk were also fully endorsed by the FSA. In its review of the HBOS Corporate Division, on 14 June 2007, the FSA noted that “HBOS has a robust governance structure and programme management framework in place, which has consistently delivered against plan....HBOS has explicitly said that the main reason for first use [of the Basel II processes] is to improve risk management practices, and their actions demonstrate their commitment to this belief.”45
80. Of particular note, in the context of the allegations contained in the WN, are the FSA’s views of Mr. Cummings’ personal commitment to these improvements in risk management processes. The FSA noted that “There has been a noticeable improvement in the level of senior management engagement and commitment within the division, following the appointment of a new Corporate CEO, Peter Cummings in January 2006. Peter, with support from the HBOS Board, has been actively involved in the Basel implementation and has strongly advocated the use of advanced modelling techniques for risk management within the business....Corporate division have demonstrated real commitment to developing robust models, and have made very substantial progress over the last 18 months.”46
81. The FSA’s subsequent review on 25 June 2007 reached the same conclusions, “There are clear areas where HBOS are using all of their IRB models to inform business decisions. In Corporate one of the biggest changes deriving from Basel implementation was the change from a relationship management approach to asset class approach in the entire business. This was instigated in 2006 by Peter Cummings, the new Corporate CEO, to enable Corporate to use the IRB model data and the management information to drive their business practices and their understanding of risk/cost of capital... Since January 2006, there was a major step change in the level of senior management engagement and resource commitment within Corporate.”47
82. In these circumstances, the allegations as to Mr. Cummings’ knowledge and failure to act as set out at WN paras. 4.93 and 4.94 are plainly unsustainable and it is in this context that Mr. Cummings’ actions in, as the WN phrases it, “agreeing to” the business plan for the Corporate Division set by EXCO and the Group Board during the first half of 2007 (WN para 4.95) need to be considered.
83. Once again, the WN alleges that Mr. Cummings failed to “clearly articulate to Group the risks associated with the growth targets” and that his overall approach during the January–July 2007 period was imprudent. This is again at odds with the available evidence.
84. As Mr. Cummings reported to EXCO on 20 March 2007, “The market generally was producing aggressive structures that were beyond the Group’s appetite in terms of lack of controllability, lack of covenants, and overly tight pricing.”48 Mr. Cummings reiterated this message to the Group Board on 27 March 2007, stating that “the market was producing aggressive structures that were beyond the Group’s appetite, in terms of lack of controllability, lack of covenants (the so-called practice of ‘covenant lite’) and overly tight pricing”.49 It is clear from these matters that Mr. Cummings was aware of the importance of avoiding “over-exuberance” and of controlling the growth of the Corporate Division by reference to appropriate risk management principles. He clearly articulated these matters to both EXCO and the Group Board.
85. As Divisional Chief Executive of the Corporate Division, however, Mr. Cummings was not in a position to dictate or direct the growth strategy which the Group Board directed the Corporate Division to pursue. The precise growth strategy which was set was discussed and agreed collectively, but it is apparent that the pace by which the Corporate Division was required to grow was driven, in particular, by the HBOS Chief Executive, Mr. Hornby, and the Group Finance Director, Mr. Hodgkinson (neither of whom are facing disciplinary action by the FSA).
85.1
“to deliver the Plan, other parts of the Group would need to pull together to make up the likely shortfall in Retail through outperformance elsewhere.”50
85.2
86. As Mr. Cummings reported to the Corporate Board on 28 June 2007, the targets set by Mr. Hornby and Mr. Hodgkinson were “recognised as hugely challenging but necessary if the Group were to achieve its year-end targets.”52
87. Mr. Hornby defended his position in interview with the FSA by pointing out that the UPBT target for 2007 in the Corporate Division was less than the profit growth targeted in other divisions and that, in his view, “the Corporate [target] was very much a continuation of the trend of the previous years.”53
88. Whether or not HBOS’ strategy can, with hindsight, be subject to criticism in this regard, it is clearly wrong to portray Mr. Cummings as having recklessly directed an aggressive growth strategy whilst being aware that the risk management processes in the Corporate Division were not fit for purpose. Mr. Cummings’ approach to and knowledge of those risk management processes and his reporting to his colleagues on the EXCO and Group Board are set out above. Moreover, it is apparent that the increased growth targets for the Corporate Division were centrally directed by the Group Board, in particular Mr. Hornby and Mr. Hodgkinson, and that it is wholly unfair to consider Mr. Cummings, and Mr. Cummings alone, to have been personally culpable in relation to this group decision making process.
(4) August 2007–March 2008
89. As set out above, the WN is wrong to contend that throughout 2006 and 2007, Mr. Cummings was aware that the market was at the “top of the cycle”. It was not until 22 May 2007 that those responsible for monitoring the macro-economic environment reported to the Group Board that there were “early indications that the Corporate credit cycle was about to turn.”54
90. As the WN recognises, however, very shortly afterwards an unprecedented liquidity “crunch” effectively closed the syndication markets “overnight” and HBOS was faced with a macro-economic landscape which was caused by an unprecedented liquidity crunch that it could not reasonably have foreseen.
91. Even in these circumstances, however, HBOS’ Corporate Loans Distribution team concluded, in a report dated 16 July 2007, entitled:
“Correction not Catastrophe” that “despite these developments it is clear that this correction is not related to any deterioration in credit fundamentals or negative macro-economic sentiment.”55
92. On 19 September 2007, the HBOS Group Credit Risk Committee, and subsequently EXCO, was informed that “Divisional credit risk teams continue to assess high impact areas where contagion from market risk is most likely to permeate into credit risk. To date no worrying trends are evident” and, with specific reference to the Corporate Division, that “A counterparty by counterparty assessment of the underlying book and WIP pipeline, at the most senior level, has provided comfort that there are no material latent credit issues. Credit quality is holding up with no significant signs of stress at present, however, growth may be become increasingly challenging for several business areas.”56
93. As appears from HBOS’ Corporate Division’s Business Plan for 2008–12, dated September 2007, “the central economic scenario, as described in the Group instructions” was that “the outlook for the corporate sector remains reasonably benign albeit the belief is that the economic cycle has turned and that there will be a slowdown in the economy that will increase the quantum of provisions/impaired assets.”57 It was upon this Group instruction that “the central scenario is relatively favourable for UK plc but there are sufficient threats for us to proceed with some caution” that “the 2008 Business Plan was constructed.”58
94. This view was emphasised by the Economic Analysis presented to the Corporate Credit Risk Committee in October 2007, which stated, “The Northern Rock share price may still be in the doldrums and credit markets still close to paralysis, but the most recent economic indicators provide grounds for a cautious, if qualified, optimism.”59
95. The Group Risk Report presented to the Corporate Risk Control Committee on 27 November 2007, concluded that “The current market issues have not, as yet, had any material adverse effect on portfolio quality.”60
96. In considering the HBOS Corporate Division’s Business Plan in preparation for a meeting with Mr. Cummings on 5 December 2007, the FSA Supervision team concluded that “Economic indicator assumptions underlying the plan appear to be broadly reasonable...”61
97. The Group Risk Report presented to the Corporate Risk Control Committee on 20 February 2008 reported that “Portfolio credit quality and credit risk management remain sound with no material adverse portfolio trends emerging from the liquidity crunch as yet.”62
98. Further, much of the information available to Mr. Cummings indicated that the improvements which he had instigated to the Corporate Division’s risk management processes were succeeding in improving the effectiveness of the Division’s control framework.
98.1
98.2
98.3
98.4
99. One feature of the change to asset class management and the emphasis placed upon risk management was the discovery of the Reading Incident in the summer of 2007. Whilst this clearly raised a number of legacy issues in relation to the management within the Reading branch and the processes that had been employed prior to Mr. Cummings’ appointment as Divisional Chief Executive of the Corporate Division, it also showed the practical results which the changes instigated by Mr. Cummings were achieving in unearthing issues in the Corporate Division which had previously been hidden. As the Chairman of the Audit Committee, Mr. Hobson, put it during the course of an interview with the FSA, the Reading incident was caused by failures “under a different regime. Peter Cummings is a better leader and more open to ideas.”66
100. Mr. Cummings continued throughout the period from July 2007–March 2008 intensively to focus on the Corporate Division’s risk management processes.
100.1
100.2
100.3
101. In any event, and contrary to the impression created by the WN, Mr. Cummings reacted promptly and prudently to the changed economic landscape.
102. On 24 July 2007, Mr. Cummings reported to EXCO on the changed financial situation. He properly noted that “risk awareness and vigilance needed to be particularly careful at this stage.”68
103. At the Group Board meeting of 25 September 2007, Mr. Cummings reported that “a measured and prudent approach was required in the short term.” Consistently with that approach, it was noted that “a number of large, one-off, Corporate transactions had been deferred. Corporate lending would be prioritized in favour of existing customers and higher value—added business whilst also pursuing sell down.”69
104. This approach was continued at the EXCO Away Day of 25 October 2007, where Mr. Cummings reported that “Business was already being turned down.”70
105. As Mr. Cummings fairly summarised the position at the EXCO meeting of 20 November 2007, “Other than potential refinancing, fewer transactions were now taking place” and “The business was still aiming to deliver Q3F, but this was not without risk.”71
106. Mr. Cummings informed the Group Board on 27 November 2007, that “The Division would be very selective about the business that would be written in future.”72
107. It would therefore be wrong to suggest that Mr. Cummings was not fully alive to the need to take a prudent approach to the development of the Corporate Division in the light of the severe and unprecedented “credit crunch”.
108. The case advanced against Mr. Cummings in the WN is that the rate of transactions in the Corporate Division should have been far more dramatically reduced, and possibly brought to an immediate standstill upon the occurrence of the “credit crunch”. Not only, however, does this approach seek to hold Mr. Cummings personally responsible for the collective decisions of the HBOS Group and Corporate Division Boards, but it is a view which is informed entirely by hindsight.
109. At the time, and on the basis of the information upon which Mr. Cummings was reasonably entitled to rely, there were a number of competing factors which required to be taken into account in determining the revised development targets for the Corporate Division. In particular:
109.1
109.2
109.3
110. In the circumstances, there were reasonable and proper grounds for Mr. Cummings to consider that, whilst there was clearly a severe “credit crunch” and “syndication markets were virtually closed”,77 the fundamental credit environment in the United Kingdom remained sound and there were potential dangers in taking the extreme decision to effectively “close the business”. With the benefit of hindsight, it can be seen that the global financial system deteriorated to an unprecedented extent, but that was not something which could have been foreseen by Mr. Cummings, and his colleagues at HBOS, in the autumn of 2007. A “measured and prudent approach” which nonetheless sought to keep business going and, to a reasonable extent, to “lend through the cycle” was a reasonable exercise of management judgment in the light of circumstances as they were known in the autumn of 2007. On any view, it was not a decision directed or dictated by Mr. Cummings but one arrived at collectively by the HBOS Group Board.
111. In all the circumstances, it is apparent that throughout 2007, far from ignoring the changed situation created by the “credit crunch”, Mr. Cummings was part of a management team which carefully considered the position, made fundamental alterations to the strategy which HBOS had intended to pursue, and sought to implement the new strategy in a responsible and effective manner.
112. During late 2007, the economic situation continued to deteriorate with the result that the strategy adopted by the Group Board required further alteration.
113. Mr. Cummings recognised and responded to the altered environment. Mr. Livingston informed Enforcement’s investigation team that in the first quarter of 2008 he had numerous conversations with Mr. Cummings “about the real need to restrict the balance sheet growth, of which he was always supportive and was of the view that that was absolutely what we needed to do.”78
114. It is noted that the WN makes no allegations against Mr. Cummings in relation to an alleged over-aggressive growth strategy in respect of the period after March 2008, and it is submitted that there is, in reality, no proper case that can be brought in respect of Mr. Cummings’ personal culpability in relation to the strategic decisions taken by HBOS between the onset of the credit crunch in the summer of 2007 and March 2008.
E: Alleged Failings in the Period April 2008–December 2008
115. Paragraph 4.121 of the WN alleges that Mr. Cummings was aware that “transactions were consistently moved too late to the High Risk area of the Corporate Division” and that (WN, para 4.122) he failed to take “proactive steps to ensure that high value transactions on the Corporate book were assessed in detail for signs of stress and appropriately classified.”
116. This allegation is inconsistent with the evidence obtained by Enforcement in the course of its investigation.
116.1
116.2
116.3
117. Moreover, there is simply no evidence whatsoever for the somewhat opaque allegation at WN paragraph 1.123 that Mr. Cummings permitted “the culture of optimism to impede the effective management of transactions as they became stressed.”
118. Indeed, in his interview with the Enforcement investigators, ***, the relevant KPMG auditor in 2008, highlighted a Board Paper which Mr. Cummings had prepared which was “pretty bleak, to be fair”.83 He then referred to a “pivotal meeting” on 28 October 2008. “What had become clear though was, because of Peter’s board paper etc, and at Corporate Risk Committee, which was basically timing very similar to that week, is that, you know, he’d [ie Mr Cummings had] got it, you know, in terms of the state of the economy and some of their work-out plans weren’t going to work and all that sort of stuff. So he did present this very bleak picture.”84
119. The final allegation contained in the WN, at para 4.124, is that “Provisions were consistently made at the optimistic rather than the prudent range at the behest of Mr. Cummings, despite repeated warnings from the divisional Risk function and the Firm’s auditors.”
120. It is important at the outset to note that it is not alleged that any provision was, or that Mr. Cummings suggested any provision should be, taken which was outside the range of reasonable provisions suggested by the auditors or risk division of HBOS.
121. Further, the allegation that the provision which was adopted was in fact imprudent is predicated on the basis that the substantial extra provisions which were taken by Lloyds TSB once it had completed its take-over of HBOS can be regarded as the provisions which “should” have been taken by HBOS at an earlier time. First, this is a judgment reached with hindsight. Second, there were obvious commercial reasons why Lloyds TSB might seek to ensure that the starting point for its new business was as low as possible, given its continuing negotiations with the Government over the Government’s future role in the business and the circumstances of Lloyds TSB’s acquisition of HBOS. Enforcement cannot properly rely as a matter justifying criticism of Mr. Cummings upon the fact that the new owners of HBOS’ Corporate Division elected to take a different approach to levels of provisioning. Many of the transactions which were written down by Lloyds TSB have subsequently been highly profitable suggesting that HBOS’ original provisioning may in fact have been both prudent and accurate.
122. In any event, however, there is no factual basis for alleging that any provisions were taken “at the behest of Mr. Cummings” or that Mr. Cummings proceeded in the teeth of “repeated warnings from the divisional Risk function and the Firm’s auditors.”
123. The basis for this assertion appears to be the suggestion made by *** that, (1) at a meeting on 10 October 2008, the Impaired Asset team received “robust challenge” to their recommendations for provisioning figures from, amongst others, Mr Cummings, but also the Group Risk Director, Mr. Hickman;85 and (2) at a further meeting in early December 2008, the Impaired Asset team received further “robust challenge” to their recommendations from, amongst others, Mr. Cummings, but also the Group Chief Executive, Mr. Hornby.86
124. In relation to these allegations, it is important to note it is neither improper nor wrong for senior management, including the Group Risk Director and the Group Chief Executive, to provide “robust challenge” to reports which they receive in order to satisfy themselves that the information and recommendations which they adopt are accurate and appropriate. Indeed, this is a principal responsibility of senior management. None of the allegations relate to conduct alleged to have been carried out individually by Mr. Cummings. The relevant meetings were attended by a number of relevant senior HBOS Managers, including the Group Risk Director and/or the Group Chief Executive.
125. Further, Mr. Cummings does not accept the characterisation of the relevant meetings provided by Mr. Livingston who, as Chief Risk Officer of HBOS’ Corporate Division at the relevant time, has every reason to seek to defend his own personal position in his interviews with the Enforcement investigators. It is noteworthy that there is no contemporaneous document from *** setting out his concerns as to the attitude adopted by any of his colleagues at the meetings in question.
126. Moreover, and fundamentally, it is apparent from a proper consideration of Mr. Livingston’s evidence that the individual who he considered had provided inappropriate challenge was not Mr. Cummings, but Mr. Hornby.
126.1
126.2
126.3
127. It is plainly wrong for Enforcement to characterise this evidence as behaviour that demonstrates a personal culpability on the part of Mr. Cummings. Even taking *** evidence entirely at face value, it is apparent that Mr. Cummings was seeking to provide a proper and responsible level of challenge, as was entirely appropriate for a Chief Executive and that it was Mr. Hornby whose behaviour was, in *** view, aggressive and potentially improper. Enforcement has taken no action against Mr. Hornby.
128. Indeed, when it was specifically put to *** by the Enforcement investigation team that “in 2008 the position of the Bank was to minimise provisions as far as possible”, *** responded, “To be honest, I didn’t get that sense. I didn’t get that sense at the time...”92
F: Project Revolver/Corporate Operational Risk Excellence (“CORE”)
Background
129. During his tenure as Divisional Chief Executive of the Corporate Division, Mr. Cummings initiated and drove numerous change programmes and projects. These projects, while tackling diverse parts of the Corporate Division’s business such as asset class management, operational risk and advanced portfolio management, were all inextricably linked to the implementation of Basel II and the move toward Advanced Bank status.
130. They were also collectively part of the Corporate Division’s journey towards advanced risk management, a journey in which Mr. Cummings took an active and decisive role (it is important to note that this journey did not mean that Corporate’s existing risk management framework was ineffective or unfit for purpose. In this respect it is important to remember that improvement is not a badge of failure).
131. The two-phase operational risk change programme, comprising Project Revolver and CORE respectively, was paradigmatic of the positive steps which Mr. Cummings took to ensure that the risk environment he inherited from his predecessor George Mitchell evolved to keep in step with the business’ aspirations.
Project Revolver
132. Prior to assuming the role of Divisional Chief Executive of the Corporate Division, Mr. Cummings was acutely aware of the need to develop and maintain a genuinely “world class” risk environment. High on Mr. Cummings’ agenda was the area of operational risk—a concern rightly held, particularly in the light of what came to be called the “Reading Incident”.
***
139. Operational risk control recommendations were therefore sought from Group Risk, which presented a number of findings to the Corporate Risk Control Committee on 26 July 2007.93 Chief among the recommendations were:
Substantial changes to the CBS system to improve access controls;
A significant programme of Training and Development across HR;
A major review and enhancement of processes and procedures across HR; and
Significant changes in processes and systems across the rest of the Corporate Division.94
140. Building on Group Risk’s recommendations, and furthering his long-held intention to embed a genuinely “world class” risk environment within Corporate, Mr. Cummings initiated Project Revolver in January 2008.
Phase 1 of the project entailed the review of the risk control framework in the Commercial and Real Estate asset classes. These asset classes were selected as they accounted for the greatest volume of transactions originated in the Corporate Division.
141. In addition to individuals from the selected asset classes, Mr. Cummings sought the input and support from Group Risk and wider business partnering areas.
142. ***, Corporate Head of Risk, presented the key findings from Project Revolver to the Corporate Board on 24 April 2008. These findings were set out in greater detail in a document dated 23 May 2008 entitled Terms of Reference for Revolver Phase 2: Corporate Operational Risk Excellence (CORE) Programme.95 This document specified that:
No new major issues have emerged, with a number of projects in course already to address known issues;
The overall Risk Control Framework is amber with some elements within it giving more concern than others;
The framework has not been viewed holistically, nor have controls kept pace with the growth in the business;
There is scope for a more effective mix of controls, reducing the reliance primarily on directive controls;
Additional, co-ordinated end to end process mapping is required to allow more attention to be paid to risks and controls within the business and to provide the basis for greater uniformity of approach on an ongoing basis;
Relevant Information is not sufficiently accessible to colleagues: an issue which the Chief Information Officer is committed to addressing;
Ongoing review and control of compliance to process needs to be more embedded in day to day roles, supported by more visible process ownership;
There is potential for change to be managed more effectively at a macro level so that dependencies and cross-impacts are better understood: an issue that the Chief Information Officer has recognised and is dealing with.
CORE
143. Following publication of Project Revolver’s key findings, the operational risk change programme was widened to include every part of the Corporate Division (CORE). Before chronicling CORE’s progress, it is important to consider further aspects of the programme’s immediate context.
144. FSA Supervision conducted an ARROW visit at HBOS between November 2007 and January 2008. Following the ARROW visit, FSA Supervision communicated a Risk Mitigation Programme (“RMP”) to HBOS, which provided action points for HBOS to pursue in mitigating certain identified risks. The RMP highlighted numerous topics, including credit controls, Basel II rollout and monitoring, and operating controls. In respect of operating controls, the Corporate Board minutes for 24 April 2008 stated that the RMP required Corporate Division to agree Phase 2 of Project Revolver’s (CORE) terms of reference with FSA Supervision; and to provide progress reports to FSA Supervision, confirming delivery of robust operating controls by the end of 2008.
145. The Corporate Board signed CORE off at the board meeting on 24 April 2008 and, shortly thereafter, agreed the programme’s terms of reference with FSA Supervision. The terms of reference document, published under the auspices of Tanya Castell (the individual in charge of the RMP for Corporate Division) on 30 May 2008, summarised CORE’s purpose and objectives. Specifically, CORE was designed “to embed an enhanced and sustainable risk management and control framework throughout Corporate to support the delivery of business objectives.”96
146. Building on the foundation laid by Phase 1 of Project Revolver, CORE was a comprehensive change programme which Mr. Cummings and the rest of the Corporate Board intended would overhaul the operational risk framework within the Corporate Division. In so doing, the Division would achieve another strategic step in the ongoing journey of Basel II implementation.
Strategy and Benefits
147. Focusing on four principal areas: processes and controls; risk issue management; policy framework review; and communication and embedding, the terms of reference anticipated CORE’s primary benefits as comprising:
Greater anticipation and reduced frequency and severity of operational risk losses (in the longer term);
A framework to enable delivery of an improved control environment over time with an appropriate mix of controls in place;
Efficiency, clarity and consistency of processes;
Sustainable positive cultural change achieved;
Defined ownership and accountability around processes and controls; and
Greater flexibility of resourcing, including aligning colleagues with tasks and reducing key person dependencies.
Cultural Change
148. In achieving these improved processes and frameworks, the document acknowledged that a “material cultural change” was required. In response to this challenge, the CORE programme team dedicated a significant amount of time to talking with people in the Corporate Division, explaining what CORE was designed to achieve and why it was important for the business.
149. This focus on educating staff at “ground level” was a fundamental part of Mr. Cummings’ vision for the Corporate Division. In 2008 the three main areas of strategic focus for Corporate were People, Risk and Information Technology. Mr. Cummings was absolutely clear on the need for everybody in the Division to take ownership of change programmes such as Revolver and CORE, to take the tools provided and improve their individual areas—in essence, to become risk managers.
150. In accordance with this strategic focus, Mr. Cummings supplemented the CORE programme team’s consultations through his CEO Bulletin publications. Released on a monthly basis, the CEO Bulletin communicated business developments to the Corporate Division, summarising key messages and promoting advanced bank behaviours. The CEO Bulletin for August 2008 dealt specifically with CORE and included the following personal message from Mr. Cummings:
I have made it very clear over the past year or so that the way Corporate manages Risk is of crucial importance to the success of our business. I am therefore delighted to launch the Corporate Operational Risk Excellence Programme, CORE, which will involve all colleagues in reviewing and improving our policies, processes and controls.97
151. Such was the influence which Mr. Cummings exercised in the promotion and outworking of the CORE programme, a Group Internal Audit report dated 25 September 2008 stated: “Crucially, there is considerable commitment and support from the divisional leadership, specifically the CEO, which has given the programme the attention and visibility it needs to secure stakeholder buy-in.”98 Mr. Cummings, therefore, played a decisive role in CORE’s success, personally sponsoring the programme99 and lending credibility through his support.
Knowledge of FSA Supervision
152. The RMP also required the Corporate Division to provide quarterly updates on CORE’s progress to FSA Supervision. Corporate sent the first update to FSA Supervision at the end of September 2008 confirming that significant progress had been made in the development of Corporate’s control environment.
153. In addition to the quarterly updates, the RMP also required Mr. Cummings to sign off on the Corporate Division’s control environment. Mr. Cummings wrote to *** of the FSA’s Major Retail Group Division on 14 January 2009, providing an overview of the improvements which had been made; the benefits delivered under the projects completed; the budget adequacy for running CORE; and the major milestones completed and due.100
154. Mr. Cummings confirmed that “Notwithstanding our agreed reporting with the FSA, the CORE Programme and other control improvement initiatives are a fundamental aspect of Corporate’s 2008 strategic focus of People, Risk and IT...” The initiation of Project Revolver and CORE was not a reaction to prompts by FSA Supervision. The projects were certainly part of a suite of risk mitigating steps undertaken in the wake of the ARROW and subsequent RMP, but they were not essentially reactive to FSA Supervision’s directions. They were, rather, a pro-active outworking of the risk-focused ethos which Mr. Cummings sought to instil within Corporate.
155. Mr. Cummings also stated, “There has been significant transformation activity in 2008 and substantial improvements have been made to Corporate’s control environment during 2008...the enhanced framework will deliver more robust controls on an ongoing basis. The improvements have been delivered with executive support and significant investment of resource and capital. Consistent with our September report to the FSA, we are confident that as a result of this investment, in the year to 31 December 2008:
(i)
(ii)
(iii)
Throughout 2008 Group Internal Audit (GIA) has rated the control environment in Corporate Division Amber, adequate with reservations. To support the business in its initiative to improve the control environment GIA provided the Corporate Board with a summary of the key issues driving this rating and an opinion on how their resolution could help to improve the control environment. It was noted that the business already had plans to resolve many of these issues by the end of the year and some were scheduled for early 2009...GIA confirm that appropriate commitment, resource and focus are being provided by the Division to the key control issues. From the documentation reviewed to date the GIA opinion is that once all planned control improvements are fully implemented and embedded, this will result in a significantly enhanced control environment.”101
156. The correspondence between the Corporate Division and FSA Supervision which the RMP required was supplemented by a number of more informal presentations and meetings. For example, CORE updates were provided as part of FSA Supervision’s visit to HBOS on 19 June 2008.102 FSA Supervision was, therefore, fully informed of the progress of CORE.
157. The CORE programme did not come to a conclusion until after the Relevant Period and Mr. Cummings’ resignation from HBOS. It should be noted, however, that the development and refinement of risk tools and frameworks did not finish when CORE officially concluded. Mr. Cummings was clear that these steps were part of an on-going journey towards risk excellence.
158. Mr. Cummings’ efforts to drive CORE through the Corporate Division left Lloyds Banking Group with an operational risk framework far stronger than that which Mr. Cummings inherited on 1 January 2006. Without his direction, drive, encouragement and public endorsement, CORE would not have accomplished what it did.
159. Considering Project Revolver and CORE alongside other risk programmes, including Asset Class Management, Project Gold, Project Podium and Active Portfolio Management, Mr. Cummings clearly had an exceptionally positive impact on the entire Corporate Division risk environment. It is also important to note the many more non-project steps which Mr. Cummings took during the Relevant Period to raise standards and promote risk excellence. His monthly communications through the CEO Bulletin publications and Corporate Times and his input to various risk committees are also noteworthy.
160. The WN, however, fails to consider any of these positive steps by Mr. Cummings. The WN confines its treatment of the numerous projects which Mr. Cummings initiated to the following, found at paragraph 6.14(2):
Mr Cummings initiated a number of projects which were designed to improve the control framework and the approach to risk management and implemented a number of improvements during the Relevant Period.103
161. The WN simply glosses over these steps and fails to give Mr. Cummings any credit for developing the risk environment which he inherited. This approach is grossly unfair. The impact of Project Revolver, CORE and other change programmes should not be understated or simply ignored.
G: Conclusion
162. In the circumstances set out above, there is no basis for the allegation that Mr. Cummings was “personally culpable” in respect of any of the matters alleged against him. He did not “direct the Corporate Division…to pursue an aggressive growth strategy” and Enforcement’s allegations as to Mr. Cummings’ knowledge of (1) the weaknesses of HBOS’ Corporate Division’s control environment; and (2) the macro-economic outlook are inconsistent with the available evidence.
163. Mr. Cummings’ participation in the management of HBOS was as a member of a management team. He did not personally direct the strategy and decision-making in HBOS’ Corporate Division. He personally instigated and implemented a number of important risk management projects which, as the FSA Supervisors fully recognised, resulted in a “noticeable improvement in the level of senior management engagement and commitment within the Corporate Division” to risk management issues. Mr. Cummings had no reason to believe, in the light of the specialist advice which he received, that there were serious flaws in controls which ought to have caused HBOS’ Corporate Division to scale back its business activities.
164. As the impact of the financial crisis became clear, Mr. Cummings, along with many other colleagues at HBOS, worked exceptionally hard to both manage HBOS’ Corporate Division and engage with the FSA and other third parties to ensure, amongst other things, a proper and accurate flow of information to the market concerning HBOS’ situation. There is no evidential basis for the allegation that Mr. Cummings acted improperly in his dealings with either internal colleagues or external auditors.
165. As to the allegations of “knowing concern” if (and this is not accepted) it were the case that HBOS was in breach of Principle 3, through a “failure to take reasonable care to organise and control its affairs responsibly and effectively with adequate risk management systems” there is no basis for suggesting that Mr. Cummings was “knowingly concerned” in any such breach. Mr. Cummings’ personal involvement in developing the risk management systems within HBOS’ Corporate Division throughout the Relevant Period was intense and productive. There was no reason, on the basis of the information which Mr. Cummings received from numerous risk specialists and other expert colleagues, and upon which he was entitled to rely, for him to conclude that HBOS’ risk management systems were such as to constitute a breach of Principle 3.
166. In the circumstances, the charges set out in the Warning Notice are unsustainable and the RDC is invited to direct that Enforcement discontinue this action.
Charles Flint Q.C.
Andrew George 7
November 2011
Annexure One
In this Annexure One, Mr. Cummings responds to specific points contained in the WN which are material but are not dealt with in the main body of his submissions. It is noted that Section 2 of the WN comprises a summary of Enforcement’s case and, to avoid duplication, that section is not specifically considered in the table below.
|
Warning |
Comment |
|
Paragraph 4.17 |
The business model and strategy of the Corporate Division was well known both within HBOS and externally. HBOS specifically and publicly adopted a strategy of specialisation within the UK property industry, a market in which it had substantial and long-standing expertise. This was likely to lower risk, not raise it. |
|
In this context, it is particularly misleading to claim that “the credit quality of the portfolio was low in that around 75% of it was sub-investment grade.” HBOS, unlike many major banks, had separate Treasury and Corporate Divisions throughout the Relevant Period. In these circumstances, “investment grade” transactions were inevitably largely the preserve of the Treasury Division. The business model of the Corporate Division was not directed towards and did not seek substantial numbers of “investment grade” transactions. As set out in the “Strategic Review of Corporate Division” prepared for EXCO on 17 October 2006, “Our core expertise and focus remains the sub investment grade corporate businesses in the UK”.104 This does not mean, however, that the “credit quality of the portfolio was low.” |
|
|
Further, whilst the Corporate Division, in line with the strategy approved and adopted by the Group Board, entered into leveraged transactions, this area was carefully controlled. References to, for example, “a substantial exposure to equity” must be viewed in the context of HBOS’ overall asset base of £591.029bn in 2006 and £666.947bn in 2007. |
|
|
|
|
|
Paragraph 4.18 |
As set out above, in describing the business of the Corporate Division, it is important to note that the HBOS strategy specifically envisaged specialisation in the UK property industry. This was “raised, discussed, discussed again and raised again by members of the Board” (Lord Stevenson105). “The Corporate risk profile in terms of its weighting towards commercial property was well understood, extremely apparent to the Board, extremely apparent to all of us.” (Mr. Hornby106). |
|
Similarly, it was well-known to all involved in HBOS that, with its substantial heritage as a “relationship bank”, the Corporate Division had a large number of high value clients (ie large single name borrowers). This position was accordingly carefully monitored at, for example, the Corporate Risk Control Committee (eg meeting of 22 May 2007107) and Corporate Credit Risk Committee (eg report as at end March 2006;108 as at end June 2006;109 as at end September 2006110 and as at end December 2006111). As set out, for example, in the Risk Appetite and Risk Profile report of 12 May 2008, “[HBOS Corporate Division’s] focus on entrepreneurs means a high proportion of our profits come from a relatively small number of connections.” These matters were properly highlighted and it was noted that “Over the past two years we have experienced zero losses on any of these larger connections (versus significantly higher levels for smaller connections). Specifically, the experience of these entrepreneurs plus the high level of cross-collaterisation of our security mean that these businesses should perform more strongly. By focusing on these entrepreneurs we can also stay closer to their activities, maintain detailed information flows and when necessary influence their actions. This comes about through day-today relationship management as well as semi-annual High Value Reviews and monthly Real Estate Board discussions.” This was a perfectly permissible strategy for HBOS to adopt and one which was disclosed to, and debated and approved by HBOS’ senior management.112 |
|
|
|
|
|
Paragraph 4.21 |
The comments set out in relation to paragraph 4.17 above concerning the alleged “low” credit quality of the credit portfolio and focus on “sub-investment grade” lending above are repeated. |
|
The comment that “Corporate Division had a...target portfolio rating of 5.2 (BB)” is misleading and wrong. No such target was set and any such portfolio target would have been likely to prove impracticable in a Division which sought to specialise in the UK property industry. The concept of a portfolio rating of 5.2 arose in the context of the work which Mr. Cummings led in the context of the proposed implementation of Basel II and the development of accurate models for the prediction of Probable Default (PD) and Expected Loss (EL). As *** explained to the investigation team, “notional targets were put in for PD and EL numbers and...the actual PD and EL numbers at the time were recorded against those notional targets.”113 Even at this stage, “notional targets” were purely “indicative”, “soft, not binding.”114 It is unfair to seek to hold Mr. Cummings to a supposed “target” which did not in fact represent Corporate Division policy at the material time. |
|
|
|
|
|
Paragraph 4.22 |
As set out in Mr. Cummings’ submissions above, Mr. Cummings personally took steps to ensure that HBOS did not enter into transactions which were beyond the Corporate Division’s risk appetite, even though, as set out in the WN, many other banks were entering into more aggressive deals. As Mr. Cummings explained to EXCO, on 20 March 2007 “The market generally was producing aggressive structures that were beyond the Group’s appetite in terms of lack of controllability, lack of covenants and overly tight pricing...”115 Mr. Cummings reiterated this message to the Group Board on 27 March 2007, “Credit quality was good and improving, although the market was producing structures that were beyond the Group’s appetite in terms of lack of controllability, lack of covenants (the so-called practice of ‘covenant-lite’) and overly tight pricing. Peter noted his concern with respect to certain competitors’ practices in this market.”116 |
|
|
|
|
Paragraph 4.24(2) |
The WN’s repeated misrepresentation of HBOS’ understanding of the point which had been reached in the economic cycle is dealt with in the main body of Mr Cummings’ submissions at paragraphs 43–46, 66–67 and 88. |
|
|
|
|
Paragraph 4.26 |
The statement “as Mr Cummings was aware, none of these was in place during the Relevant Period” is unsupportable. Mr. Cummings relied upon and was regularly advised throughout the Relevant Period by a large number of specialist risk professionals, including from both Group Internal Audit and Group Risk. The precise nature of the advice which he received is summarised in the main body of his submissions and is entirely inconsistent with the assertion at paragraph 4.26. |
|
|
|
|
Paragraph 4.28 |
The statement “Mr Cummings relied on the effectiveness of the credit sanctioning process to mitigate the high risk profile of the portfolio” ignores the clear focus and leadership provided by Mr. Cummings in developing the “next generation” of modelling techniques which were to be implemented as part of the Basel II framework. Throughout the Relevant Period, Mr. Cummings implemented improvements and increased the sophistication of the risk management processes within the Corporate Division. This was specifically recognised by the FSA, “There has been a noticeable improvement in the level of senior management engagement and commitment within the division, following the appointment of a new CEO, Peter Cummings. Peter, with support from the HBOS Board, has been actively involved in the Basel implementation and has strongly advocated the use of advanced modelling techniques for risk management within the business. There has been a big step-up in the involvement of the business.” (14 June 2007117). |
|
Mr. Cummings personally ensured throughout the Relevant Period that HBOS was at the forefront of the move to Advanced Modelling Techniques, and HBOS was granted Advanced Bank status during his tenure. During the Relevant Period, no bank had moved to full implementation of the Advanced Modelling Techniques to be used under the Basel II framework. |
|
|
The thrust of much of Enforcement’s case is to seek to hold Mr. Cummings personally culpable because he did not implement risk modelling processes which were neither in use nor available in the industry at the relevant time. Moreover, this allegation is made in circumstances where Mr Cummings could not have done more to expedite and advance the implementation of these new processes within HBOS’ Corporate Division. Enforcement’s case in this regard is misconceived and unfair. |
|
|
|
|
|
Paragraphs 4.30 and 4.31 |
Whilst Mr. Cummings was, from time to time, made aware of and addressed specific issues, the picture presented in these paragraphs of the advice which Mr. Cummings received from the specialist professionals in, amongst other teams, Group Risk and Group Internal Audit is inaccurate. The correct position is set out in the main body of Mr. Cummings’ submissions. |
|
|
|
|
Paragraph 4.32 |
The generalised allegations in this paragraph are particularly insupportable. Mr. Cummings personally ensured that a risk management culture was embedded in the Corporate Division. In Mr. Cummings’ first board meeting as CEO of the Corporate Division, on 5 January 2006, his first management message was that “embedding Basel II into our business processes using the relevant tools for assisting our risk and capital management was the priority for all of us during 2006.”118 |
|
Mr. Cummings personally instigated projects such as Gold and Revolver and the appointment of a Chief Risk Officer. |
|
|
There is no evidence that there was an inappropriate “culture of optimism” in the Corporate Division during the Relevant Period. |
|
|
|
|
|
Paragraph 4.33 |
This is a paradigm example of Enforcement criticising Mr. Cummings for not yet having implemented the entire Basel II framework at a time when no bank had or realistically could have done so. |
|
Mr. Cummings personally instigated the creation of the Chief Information Officer role. |
|
|
|
|
|
Paragraph 4.38 |
As appears from a fair review of the relevant chronology, HBOS’ Loans Distribution Division was successful in “selling down” transactions throughout the Relevant Period until the sudden “credit crunch” in the summer of 2007 effectively brought the markets to a close “overnight”. That “credit crunch” was both unprecedented and unforeseeable in its scale. |
|
|
|
|
Paragraph 4.44 |
There is no basis for the implicit suggestion that Mr. Cummings misled people when stating that “[HBOS] was adopting a selective and cautious approach to lending.” This is demonstrated by, for example, HBOS’ refusal to participate in covenant-lite transactions and other aggressive structures of the type referred to in Mr. Cummings’ statements to EXCO and the Group Board in March 2007. |
|
|
|
|
Paragraph 4.45 |
The comments concerning Mr. Cummings’ remuneration are unwarranted. Mr. Cummings spent the entirety of his career at HBOS and its predecessor organisations and could have commanded significantly higher remuneration elsewhere. As Mr. Hornby explained in interview, “Peter [Cummings’] pay [was, even after application of the 2007 incentive scheme] still going to be a lot lower than people at peer banks.” As Mr. Hornby explained, Mr. Cummings’ remuneration incentive was specifically designed so that it “maxed at 105%” of Plan and Mr. Cummings was not incentivised to increase profit beyond that level. This was specifically devised to “not encourage short termism [and] to encourage a long term approach.”119 These matters are ignored in the WN. |
|
|
|
|
Paragraph 4.46(1) |
As set out in the main body of Mr. Cummings’ submissions, the allegations surrounding Mr. Cummings’ and HBOS’ understanding of the point which had been reached in the credit cycle are inaccurate. The document referred to at PIR, Part 9, Section A, paragraph 9.2 was written before the start of the Relevant Period. The first Corporate Business Plan that was prepared during the Relevant Period (dated 22 November 2006) explained the change which had occurred in HBOS’ analysis during 2006, as follows “At this time last year we tempered our appetite for asset growth on the back of pessimistic forecasts of economic prospects in the UK. However, as 2006 has unfolded, commentators are now predicting a soft landing for the UK economy and a return to trend growth in the medium term. In the light of this, the present plan has been prepared on the assumption that this positive environment will persist.”120 (See also paragraphs 43–46, 66–67 and 88 of the main body of Mr. Cummings’ submissions). These matters are ignored in the WN. |
|
|
|
|
Paragraph 4.46(2) |
See comments above concerning paragraph 4.22 in relation to Mr. Cummings’ approach, consistent with that set out at PIR, Part 9, Section A, paragraph 9.3, of refusing to invest in the particularly aggressive structures which began to be seen in the market at this time. |
|
|
|
|
Paragraph 4.46(3) |
It is, of course, accepted that Mr. Cummings sought to identify areas where the control framework in the Corporate Division could be improved and instigated projects to remedy those controls. The fallacy in Enforcement’s approach to the case is, as appears in paragraph 4.26, to “leap” from this proposition to a bald assertion that the control framework in the Corporate Division at the material time was not fit for purpose. |
|
|
|
|
Paragraph 4.46(4) |
PIR, Part 9, Section A, paragraphs 8.13–8.15 relate specifically to Mr. Cummings’ concerns about the implementation of Basel II and, as set out in the main body of Mr. Cummings’ submissions, Mr. Cummings personally made these matters the top priority for the Corporate Division at the outset of his tenure such that as at 14 June 2007, the FSA recorded “There has been a noticeable improvement in the level of senior management and commitment within the division, following the appointment of a new CEO, Peter Cummings. Peter, with support from the HBOS Board, has been actively involved in the Basel implementation and has strongly advocated the use of advanced modelling techniques for risk management within the business. There has been a big step-up in the involvement of the business.” (14 June 2007121); and as from 1 January 2008, HBOS obtained Advanced Bank status. |
|
|
|
|
Paragraph 4.46(5) |
See comments in relation to paragraph 4.38 above. |
|
|
|
|
Paragraph 4.46(6) |
See paragraphs 114–127 of the main body of Mr. Cummings’ submissions. |
|
|
|
|
Paragraphs 4.52–4.54 |
In considering the figures for UPBT growth, it is important to note that increases in profitability are related to realisations of transactions which had been entered into in previous years. There is no basis for suggesting that taking such realisations (and thereby inevitably creating substantially increased profits) was in any way imprudent or contrary to risk management principles. Indeed, it would have been imprudent not to have “banked” such profits at the appropriate time. |
|
There is no basis for the suggestion that the statements in the Business Plan were inconsistent with the way in which the Corporate Business was actually managed during 2006. |
|
|
|
|
|
Paragraph 4.55 |
The extract set out at PIR part 9 Section B paragraph 9.108 is not representative of the contemporaneous view actually presented within HBOS, and is an example of the partial and cherry-picking approach adopted throughout the PIR. |
|
As to the other matters set out in paragraph 4.55, see the relevant sections in Mr. Cummings’ submissions. |
|
|
|
|
|
Paragraph 4.73 |
Each of the allegations contained in this paragraph is predicated upon erroneous conclusions set out in earlier parts of the WN, which are dealt with above. |
|
|
|
|
Paragraph 4.109 |
There is no basis for the assertion that stressed transactions could only be managed more effectively by the High Risk team once they were formally transferred to that team. As *** observed in relation to the period prior to the referral of the *** transaction to the High Risk team, “It couldn’t have had any more attention if it had been in High Risk.”122 |
WARNING NOTICE—PETER CUMMINGS
FURTHER REPRESENTATIONS TO THE RDC
PERSONAL CULPABILITY AND REGULATORY SANCTION
1. Since the Warning Notice was issued the FSA has published, in December 2011, its report into the failure of the Royal Bank of Scotland (the “RBS Report”). That report clearly articulates the principles which the FSA applies in considering enforcement action against the senior management of banks and building societies which failed in the financial crisis.
2. It was pointed out in the Representations for Peter Cummings [para 17] that only he—and no other significant influence function holder at HBOS or any of the other institutions which failed—is facing regulatory action on the basis of responsibility for the failure. That point is not disputed by Enforcement.123
3. Consistency of approach, and proper adherence to statements of policy, are essential duties of a public body.124 The point is not that it must be assumed that all other senior managers acted in full compliance with their regulatory duties, but that it would be unfair and unlawful for the FSA to apply different standards to the case of Peter Cummings to those standards which it has applied in considering whether to take regulatory action against others subject to the same duties.
4. The point made by Enforcement at paragraph 17.1 (2) of its response that it would be impractical and overwhelmingly expensive to investigate and make comparisons with the conduct of other holders of SIF misses the point and rings rather hollow. The FSA has actually conducted a very intensive investigation into RBS125—and other institutions—to see whether there are grounds for enforcement action against senior management, and has concluded that there are not. The question is how, applying any consistency and fairness of approach, Enforcement has managed to persuade itself that there are grounds for finding that Mr. Cummings was personally culpable when others in comparable circumstances were not.
The RBS Report
5. The RDC is asked to read the marked passages in the electronic version of the RBS Report sent with these submissions. The key passages are cited below (underlining added).
6. The policy applied by the FSA in deciding whether there are grounds to determine whether an individual is personally culpable in respect of failings in the bank was set out clearly by the Chairman of the FSA at page 9:
“Why has the FSA not taken enforcement action?
Many people will find this conclusion difficult to accept. If harm has been imposed on society, surely someone can and should be held responsible? Part 3 of this Report, ‘FSA Enforcement’, therefore seeks to explain the legal reasoning which led to Enforcement Division’s conclusions. The crucial points of principle are that:
There is neither in the relevant law nor FSA rules a concept of ‘strict liability’: the fact that a bank failed does not make its management or Board automatically liable to sanctions. A successful case needs clear evidence of actions by particular people that were incompetent, dishonest or demonstrated a lack of integrity.
Errors of commercial judgement are not in themselves sanctionable unless either the processes and controls which governed how these judgements were reached were clearly deficient, or the judgements were clearly outside the bounds of what might be considered reasonable. The reasonableness of judgements, moreover, has to be assessed within the context of the information available at the time, and not with the benefit of hindsight.
The implication of these points is that an investigation can identify evidence of numerous poor decisions and imperfect processes, without that establishing a case for enforcement action which has reasonable prospects of success in Tribunal or court proceedings.”
7. In part 3 of the report there is a more detailed discussion of whether there were grounds for enforcement action. At page 351 para 12 the general principles are re-stated:
“The legislative requirements include assessing the likelihood of Enforcement Division being able to establish conclusive evidence to prove any case. This is particularly relevant in cases against individuals, which require a high standard of evidence and very strong evidence of an individual’s personal culpability.”
at page 353:
“21. For example, in cases where there is no indication of a lack of integrity on the part of a senior manager under investigation, the issue may be whether he or she has acted without due skill, care and diligence in carrying out the approved role, or whether he or she is competent to carry out the role. In such a case Enforcement Division would have to show that the actions or decisions of that senior manager fell below those which could be considered reasonable taking into account all the relevant circumstances at the time.
22. Enforcement Division does not have the power to take action simply because a failure occurs in an area for which an individual is responsible (ie there is no requirement of strict liability). It cannot, therefore, take action against the CEO of a firm simply on the grounds that there were a number of failures at the firm, even though the CEO is ultimately responsible for the actions of the firm. As explained above, to take enforcement action Enforcement Division needs to have clear evidence of personal culpability. Nor can it take action just because a decision is made which subsequently proves to be a wrong decision. In order to succeed in enforcement action, it needs to prove that the individual’s action or decision, when viewed without the benefit of hindsight, was below reasonable standards at the time it was taken.”
8. Other passages in the RBS Report make an interesting contrast with the approach adopted by Enforcement in this case:
at page 356:
“Some of the opinions and questions raised in Parts 1 and 2 of the Report are with the benefit of hindsight and, as such, could not be used as evidence to prove a regulatory breach. The Report’s conclusions regarding the overall systemic crisis in which banks in worse relative positions were extremely vulnerable to failure provides one such example. This highlights RBS’s particular vulnerability to the various events that transpired (which resulted from its overall strategy). However, on the information available at the time (and noting again that RBS was not outside minimum legal requirements for capital, liquidity and asset quality), it was not unreasonable for RBS (and many other banks) to fail to anticipate the severity of the external market conditions that contributed to the firm’s failure.”
at page 359:
“37. Enforcement Division also concluded that while there was a bias towards optimism in GBM’s valuation of its CDO positions, which gave it concern and might not reflect well on the judgements of various individuals within senior management, RBS’s auditors and its Group Audit Committee, it did not identify clear evidence that these decisions were outside the bounds of plausible judgement at the time. There was therefore no reasonable basis for enforcement action.”
at page 399:
“164. The reasons why Enforcement Division decided not to proceed with enforcement action in relation to the growth of GBM are set out in paragraphs 165 to 189 and can be summarised as follows:
Viewed without the benefit of hindsight, the strategy of growth adopted by GBM was not beyond the bounds of reasonableness because it was an extension of existing businesses in which it was a market leader and, at the time, a sharp and prolonged fall in the markets was not widely anticipated.”
Responsibility and Controlled Functions
9. Mr. Cummings held the Controlled Function of CF1 (Director). He did not hold the functions of CF14 (subsequently CF28) which were held by those in charge of Group Risk, and Corporate Division Risk. The CF14 (Risk Assessment Function) was defined as:
“The risk assessment function is the function of acting in the capacity of a senior manager with responsibility for reporting to the governing body of a firm in relation to setting and controlling its risk exposure.”
CF28 (Systems and Controls Function) is defined as:
“The systems and controls function is the function of acting in the capacity of an employee of the firm with responsibility for reporting to the governing body of a firm, or the audit committee (or its equivalent) in relation to:
(1)
(2)
(3)
10. The Enforcement Response document places considerable reliance on the assertion that the control framework and risk management were “the direct and personal responsibility of Mr. Cummings”.126 Even on the case advanced in the Preliminary Investigation Report (the “PIR”) that is an assertion that requires considerable qualification. As chief executive of Corporate Mr. Cummings was one element of the first line of defence of the Corporate Division,127 he was not responsible for the second and third lines of defence, and risk appetite was to be set by the Group Board.128
11. The Group Chief Executive, Andy Hornby, as CF1, CF3 (Chief Executive) and CF8 (Apportionment and Oversight) was responsible for the overall system of control operated within the Group, although he delegated responsibility for risk management to the Group Risk Director (CF14/CF28). It is Enforcement’s case that risk appetite was not properly set within the group and that the credit risk framework was not sound.129 Yet there has been no investigation at all into the responsibility of the CEO or Finance Director or holders of the risk assessment functions within the bank, despite the allegations that these functions failed.
12. Not only was there no investigation into those directly responsible for risk control within the bank, there is no explanation as to how the case put against Mr. Cummings is consistent with the principle set out in the RBS report (page 353 para 22):
“Enforcement Division does not have the power to take action simply because a failure occurs in an area for which an individual is responsible (ie there is no requirement of strict liability). It cannot, therefore, take action against the CEO of a firm simply on the grounds that there were a number of failures at the firm, even though the CEO is ultimately responsible for the actions of the firm.”
13. Instead in the Enforcement Response there is the bald assertion that careful consideration has been given as to whether failings can “be characterised as failings by him personally to discharge his regulatory responsibilities” and then reliance is placed on his general and overall responsibility for risk management and the control framework.130
14. Enforcement purports to accept the point that Mr. Cummings cannot be held liable for the corporate failings of the bank (see Enforcement response at para 17.2) but the effect of the case is indeed to seek to hold him personally liable for corporate failings. That is because:
(a)
(b)
15. There is a contrived attempt to get round this inconvenient principle by characterising his role as one of “directing” strategy—as if the making of strategy was his responsibility alone rather than that of the Executive Committee and the Board led by the CEO—and then by making the point that Mr. Cummings was “uniquely placed ... to advise Group of the consequences of the growth strategy”131—ignoring the role of Group Risk and Corporate Risk.
16. As the Chairman’s foreword to the RBS Report makes clear it is not permissible to hold a senior manager personally culpable even though he is ultimately responsible for the failings in the business under his control, and even if there were “numerous poor decisions and imperfect processes” in the division for which Mr. Cummings was responsible.
17. As will be developed in the oral representations the Enforcement case seeks to hold Mr. Cummings strictly liable for failings within the Corporate Division, and indeed for failings outside his responsibility within the Group, and is fundamentally inconsistent with the policy set out by the Chairman of the FSA in the passage noted above.
Culpability and Business Judgement
18. It is not correct, as asserted by Enforcement at paragraph 17.1 of its Response, to “consider the extent to which (Mr. Cummings’) conduct can be characterised as sound and prudent”. That very broad and unqualified assertion does not meet the requirements of the policy reflected in APER 4.6.11 and the RBS Report.
19. In the case against Mr. Cummings there is no proper suggestion of any dishonesty or lack of integrity. Nor could there be any suggestion that Mr. Cummings acted in disregard of his regulatory responsibilities. The evidence is clear that he was from his appointment actually making considerable efforts to improve the risk management systems of the Corporate Division.
20. The case is about business judgement in pursuing an “aggressive growth strategy” which is alleged to have been unsound in the economic and financial conditions obtaining between 2006 and 2008, given the asserted deficiencies in the risk management and control functions within the bank.
21. In the absence of any suggestion of wilful or reckless disregard of proper standards there has to be strong evidence that the decisions taken by Mr. Cummings personally in the management of the bank’s affairs were truly “outside the bounds of plausible judgement”.
22. To prove that case would require compelling, indeed “conclusive evidence”. The case would thus require cogent expert evidence which would need to explain why decisions which did not appear to the Executive Committee and the Board at the time to be flawed, were actually and obviously irrational.
Knowingly Concerned
23. On the charge under section 66 (2) (b) of being knowingly concerned in a breach of Principle 3 by the bank it must be demonstrated that Mr. Cummings was knowingly—that is wilfully—concerned in the alleged contravention by the bank of Principle 3. As was set out in Mr. Cummings’ representations at paragraphs 27 and following it must be shown that the person concerned had knowledge of, and involvement in, the contravention. Enforcement disputes that this requires that dishonesty be established, but cannot dispute the point that the person must know of each element of the contravention, even if it is not necessary to establish knowledge of the legal consequences.132
24. That means that on the alleged breaches of Principle 3 it must be established that Mr. Cummings knew that:
(1)
(2)
25. So unless it could be proved that Mr. Cummings deliberately embarked on a course of conduct, knowing that the bank had not taken reasonable care to control its affairs responsibly and effectively, with adequate risk management systems, then there is no basis for alleging a breach of section 66 (2) (b). It would not be sufficient to prove that Mr. Cummings ought reasonably to have appreciated that risk management systems were inadequate, or was over optimistic as to the robustness of the strategy.
The Charges Made
26. The case as now put against Mr. Cummings consists of two “core allegations”:134
(1)
(2)
27. The first allegation asserts that Mr. Cummings bears personal responsibility for the growth strategy adopted by the Corporate Division between January 2006 and March 2008. The decision impugned is the adoption of the strategy. It cannot be suggested that the adoption of this strategy did not follow proper corporate processes of decision making within HBOS. The Enforcement case has to be that the adoption of the strategy was clearly beyond the bounds of any reasonable commercial judgement. The basis on which it is suggested that Mr. Cummings alone, and not the other members of the board, should take sole personal responsibility for this strategy is that he “directed the Corporate Division to pursue an aggressive growth strategy”.135 But logically the allegation has to be that the CEO and all the members of the main board who considered and set the growth targets to be pursued by the Corporate Division must have taken leave of any reasonable commercial judgement in irresponsibly assuming risks which the bank could not effectively manage.
28. Enforcement justifies the singling out of Mr. Cummings alone as the target of personal criticism on essentially two grounds:136
(1)
(2)
29. As to (1) this is inconsistent with the principle that an individual is not strictly liable for errors and omissions occurring within the area for which he is ultimately responsible. In any event this assertion overlooks the role and responsibilities of those responsible for Group Risk and Corporate Risk (see para 9 above).
30. As to (2) this is not a plausible argument where the suggested inherent flaws in the strategy—as articulated by Mr. Scanlon—are based on such general factors applying to a bank which is heavily exposed to the property market, which factors would be well understood by the CEO and Board of the bank. At paragraph 42 Mr. Scanlon states:
“Essentially the concentration risks posed by Corporate’s focus on UK commercial property have to be viewed by the highly correlated risk of Retail’s exposure to UK property, and in particular buy-to-let.”
That makes the point that the business judgement underlying the strategy could only be formed—by the board—in considering the bank’s overall exposure to property.
31. The second allegation is a failure to take reasonable steps to ensure that high value transactions showing signs of stress were properly managed. It is not sufficient to establish that there were failures within the Corporate Division in respect of the migration of stressed transactions, and that Mr. Cummings was ultimately responsible for the business of that division. It would have to be proved that Mr. Cummings had direct responsibility for this aspect of the business controls, and that he was in dereliction of his duty in failing to take specific steps which were clearly required.
32. However the Warning Notice137 does not allege that Mr. Cummings had direct responsibility for the processes under which stressed transactions were migrated, still less for individual decisions taken in respect of particular transactions. He was responsible for the “overall control framework within the Division”.138 The failings alleged in this respect139 are of the most generalised and vague nature—eg that he should have “clearly articulated to management the need to prioritise effective oversight”—thus revealing that it is impossible to define a precise breach of a duty imposed on Mr. Cummings. This part of the case is plainly an attempt to hold a chief executive personally responsible for failings within the business for which he has overall responsibility, contrary to the FSA’s policy stated in the RBS Report.
Hindsight
33. It is clear that the judgement on an individual’s regulatory responsibility must be made on the basis of what was known to him at the time, and not with the benefit of hindsight. This appears to be particularly difficult in considering the effect of the economic and financial crisis which developed in 2007 and 2008, given the natural assumption that it is inconceivable that the factors which caused such disruption to the financial markets should not have been apparent to the banking industry before the crisis occurred.
34. The point made in the RBS Report applies equally to the circumstances of Bank of Scotland:
“it was not unreasonable for RBS (and many other banks) to fail to anticipate the severity of the external market conditions that contributed to the firm’s failure”.
35. Mr. Cummings was not “uniquely placed to appreciate ... the consequences of the growth strategy” in the circumstances of the financial crisis which developed in 2008. The bank and its Board did not predict the severity of the financial crisis which developed, despite taking regular advice from economists throughout this period.
36. This problem of implicit hindsight in judging events needs to be borne in mind in considering the views expressed by Mr. Scanlon in his report. He criticises the strategy, approved by the board, of “lending through the cycle”—at least after August 2007—but that business judgement was made by the bank on the basis of what it considered to be the likely effect of the downturn, based on proper modelling of its risk.
37. Mr. Scanlon’s view is dependent on the assertion that from the start of 2006 it was apparent (to him) that the economic cycle was reaching its peak and that a 1 in 7 year downturn in asset prices was foreseeable.140 That is a judgement he is able to reach because he apparently regards economic forecasts of limited value,141 which is presumably why he does not answer the points made in the Deloitte report in the Macro Economic Environment section, including the point that the Bank of England did not forecast a recession until Q2 2008, only as a worst case scenario and as minor and short.
38. But the judgements made as to strategy must be judged on the basis of the information and advice available to the Board, including Mr. Cummings, at the time when the relevant decisions were taken. The strategy of lending through the cycle was influenced by the bank’s view of that cycle and the likely severity of any downturn, in the light of the economic advice which it received.
39. The bank’s view of the cycle and its severity was not out of line with the general contemporaneous view of the economic situation -see the report of Deloitte in the section on Macro Economic Environment at paras 3.8–3.17.
Expert Evidence
40. Complaint has already been made about the decision of Enforcement to withhold the production of any expert evidence until the reply stage. That course impairs the statutory right of a firm or individual to have a fair opportunity to know and respond to the full case made by Enforcement.
41. Enforcement informed the RDC at the time of presenting the draft warning notice that Ernst & Young would be producing a paper in support of the allegations made in the draft Warning Notice.142 It was then said that the paper could not be produced for lack of time. Since then there has been plenty of time for Ernst & Young to produce a report, if the firm was prepared to put its professional name to the allegations being made against Mr. Cummings. It has not been prepared to do so, although it is obvious that the firm has been heavily involved in preparing the Enforcement case.
42. So there is no expert evidence at all analysing the controls in place at HBOS . Enforcement maintains the case that controls were not effective, but has been unable to produce any evidence from Ernst & Young, or any other firm, responding to the report of Caroline Britton of Deloitte. In particular there is no answer to the points made in that report:
the control framework was designed to ensure that credit sanctioning took place at an appropriate level of seniority and based on adequate information (para 3.37);
the control framework was designed to ensure that loans were regularly monitored and information properly escalated (para 3.39); and the auditors KPMG tested the design and operational effectiveness of key controls (para 3.40) and reported no matters of significance (other than the Reading issue around limit approvals) (para 3.42–3.44).
43. The only expert evidence on which Enforcement relies is that from Bob Scanlon. His extremely limited (and undated) terms of reference at appendix 2 to his report should be noted. He deals—in the most general terms only—with risk profile of the loan book, the growth strategy and migration to high risk. What he does not deal with is the effectiveness of controls or the alleged responsibility, failings and culpability of Mr. Cummings.
44. The points made by Mr. Scanlon will be addressed in oral representations but these points on his general conclusion should be noted:
(1)
(2)
(3)
(4)
The Overall View
45. The generality of the charges made requires that an overall view be taken of whether Mr. Cummings acted in breach of his regulatory duties. In relation to the charge against the bank under Principle 3 it is accepted by Enforcement that “the RDC should adopt a holistic approach”,143 but the same must be true in respect of the allegations against Mr. Cummings.
46. The complaint is about a course of conduct, in conducting a strategy or failing to implement a practice. It is not a charge that in relation to particular transactions Mr. Cummings behaved irresponsibly, but that overall during the relevant periods his conduct was such as to constitute a regulatory breach. It is for that reason that it is not good enough to ignore the proper steps that were taken by Mr. Cummings to improve the control environment after he was appointed as chief executive of the Corporate Division in January 2006.
47. Enforcement states in its Response that its case is not that Mr. Cummings lacked diligence in implementing improvements to the control environment.144 In grudging terms it is accepted that Mr. Cummings “was involved in promoting projects which sought to improve the control framework”.145 A fairer statement would be along the lines of the views formed by the FSA in 2007 when it was reported that:
“there had been a noticeable improvement in the level of senior management engagement following the appointment of [Peter Cummings] ... Peter with support from the HBOS board has been actively involved in the Basel implementation and has strongly advocated the use of advanced modelling techniques for risk management within the business”.146
There is no case put that Mr. Cummings failed to take reasonable steps to maintain and improve the control environment, and it should be accepted that he did actively promote the improvement of the division’s risk management.
48. The second general reason why it is essential to have regard to the significant steps which Mr. Cummings advocated to improve risk management within the Corporate Division is that the theme underlying the whole Enforcement case is that Mr. Cummings was imprudent in prioritising revenue and profits, over proper risk management. This interpretation of the facts was most starkly put in the Enforcement Submissions Document given to the RDC in April 2011 (the “ESD”) in which, in relation to the “Aggressive Growth Strategy Issue”, it was asserted in sweeping terms that there was a focus on profit rather than risk, an attitude of optimism rather than prudence and, most remarkably, that risk management was regarded as “a constraint on the business, rather than integral to it.”147 That is a travesty of the true position and wholly inconsistent with the steps taken by Mr. Cummings from his appointment on 1 January 2006 to create a strategy for the division which contained as a core aim the “best in class approach to risk management”. This was fundamental to the approach of changing to an asset class management approach, and embedding Basel II into the business processes as “the number one priority for all of us”.148 The steps taken by Mr. Cummings to improve risk management in the Corporate Division clearly contradict the central thesis underlying the “Aggressive Growth Strategy Issue”.
49. The third general reason why the positive steps taken by Mr. Cummings to improve risk management are not just background, or serve to mitigate his alleged failings, is that the Basel II approach to risk management is central to the way in which risk was supposed to be managed. It was through asset class management and the various projects designed to implement that approach that risk was to be assessed and quantified. It is impossible to form a balanced view on whether Corporate’s strategy was unduly risky without understanding how the risks of the Corporate Division were being assessed and monitored. That is why the FSA’s approval of the bank for its use of the Internal Ratings Based (IRB) approach under Basel II in 2008 is so important.
50. There are two points arising out of the Basel II approach to risk management. The first is that risk is to be assessed overall on a portfolio basis. That is why it is wrong for Enforcement to focus on some individual high profile lending decisions. The risk of a multi billion pound portfolio of assets is to be assessed overall, not by reference to a very small proportion of the lending decisions taken between 2006 and 2008. And the method by which risks were to be assessed did not depend on subjective views as to whether a strategy was “aggressive”, but by reference to the risk models being used by the risk specialists within the bank.
51. The second general point is that it is not difficult—in an organisation as complex as the bank—to select some passages from the huge volume of reporting as indicating some failures and imperfections in controls, particularly when those responsible for introducing a new approach to risk management were advocating the need for change. But the effect and seriousness of the deficiencies is a matter of degree and judgement.
The fact that some controls needed to be improved does not establish that the whole system was broken, or that the bank could not prudently continue to conduct its business. Proper steps were being taken to improve risk management throughout the period, and the FSA would not have granted AIRB status if it had considered that there were serious failings which had a major potential impact on the business.
6 March 2012
FINAL DRAFT: 7 MARCH 2012
Privileged and Confidential: Peter Cummings
SPEAKING NOTE FOR RDC
Introduction
I am grateful to this Committee for allowing me to speak to it.
This is the first time, since I was placed under investigation that I have been able to speak, and to give at least part of my own story, in my own way and in my own time, and not in reply to the questions and agendas of others, or through lawyers.
It is right first to set on record that few could be sorrier than me at the demise of the Bank which I loyally and proudly served for more than 30 years, which gave me a good life (and I do not mean that solely in relation to remuneration) and many fine colleagues, and the success of which I played a large part in achieving.
The last three years
Before I make any comments about the warning notice, I would like you to know something about how the last three years of my life have been.
I was placed under investigation in March 2009. I cannot describe to you, in terms which even begin to convey with accuracy, the stress that the situation in which I have found myself and this process have caused to, and the toll that it has taken on, my family and myself. There have been times when I have thought that even the worst of criminals would have been better treated. Though some parts of the media would brand me as a criminal, I am not; I come before this Committee as a man of unsullied character who has acted throughout honestly, diligently, and in what I believed to in the best interests of the Bank and its customers.
I have been vilified in the media as the man who brought HBOS to its knees. I have been caricatured as the archetypal greedy banker, and as a kind of “Bond” villain, fly with other people’s money and casting risk concerns to the wind. I was and am none of these things. To fulfil the caricature further, my assets have been grossly exaggerated: I am told I have a villa in Spain which is valued at £4.5 to £6 million (depending on which newspaper you read). Just to be clear: I do not own, or have any interest whatsoever in a villa in Spain or anywhere else; I live in the same semi-detached house in Dumbarton which my wife and I bought in 1986. That is one fact which the pressmen who have stood outside my front door time after time have neglected to mention. I have never courted the press or authorised others to do so in order to defend myself from the slurs and misinformation that have been published.
The “Bond” villain caricature emerged again, not in the gutter press this time, but in the FSA’s presentation to the RDC on 12 April 2011: someone thought it would be useful to the Committee to paste photographs of myself set against four irrelevant, banal quotations from eight days of interview. Quite what: “I live a very modest life and I live in a very modest house and I don’t flash around”1, especially when juxtaposed with statements about my income, brought to the Committee’s proceedings (other than prejudice and insinuation about my veracity). I still do not understand.
I have had serious and justified concerns over the health of my wife and our personal security. We have thought it will be only a matter of time before those who had thrown stones through the windows of Mr Fred Goodwin would turn their attention to the fewer windows of Mr and Mrs Cummings.
My Background
In order to correct any of the misconceptions which may have found its way into your minds resulting from the continuum of inaccurate and personally damaging publicity, I should tell you something about my background. My father worked as an engineer in the Glasgow shipyards and I joined the Bank of Scotland in 1973 at the age of eighteen when I left school. I took my banking exams and by 1978 was looking towards a career in banking. I moved around the branch network until I secured a head office role in the 1980s. I was sponsored by the Bank to take an MBA at Strathclyde University on a full time basis in 1987/88.
My motives for working at the Bank have never been greed-driven. My wife was a primary school teacher and subsequently an assistant head teacher and head teacher, and since my retirement, has resumed teaching on a supply basis. I have given all to my career at the Bank. I was asked to assume the CEO of the Corporate Division role at a time of great change including the integration of Halifax and Basel 2, and I agreed to do so. It had not been Checked—from 30 April 2009 interview, lines 428–429, PIR Bundle 1, tab 1 part of the life plan. The role was demanding and my wife agreed to give up her teaching career to support me.
The Investigation
When I first came into this building, I had thought that I would be the subject of a fair, expert, and expeditious inquiry. I was puzzled, and remain so, that I am the only person from the Bank, or from the other Banks which feature in this sad history, to face investigation and your proceedings.
I have behaved throughout this investigation with the utmost courtesy to all members of the FSA with whom I have come into contact in the context of this matter. I have attended all interviews exactly as requested, and have never sought a deferment, because I regarded it as my duty to attend when asked. I have answered questions to the best of my ability in an open and honest way.
I have undergone over seven full days of interview largely based on certain transactions. There were excessive gaps between the interviews. Notice of the interviews was short. Not once have I been interviewed by an experienced banker or an expert or a senior member of the FSA, notwithstanding the involvement from the outset of Ernst & Young and the retention from a sufficiently early stage of Mr Scanlon, and the obvious complexity of the matter.
I received voluminous quantities of documents for each interview, which were provided only shortly in advance, and many were not referred to. Those which were referred to were selective in their citation and had not been identified in advance. I was only allowed the most cursory of indications as to the areas upon which I was to be questioned. The impediment to my preparation, particularly in the context of having to travel from Scotland for consultations with my lawyers, was significant.
It was to my utmost dismay when one of my interviewers nodded off one afternoon, and there were occasions when he doodled whilst I was answering questions. . I cannot pay tribute to the quality of the interviewing; on one occasion, the questioning was barely articulate—the transcripts will bear me out. I understand the individual responsible on that occasion has since parted company with the FSA. It is difficult to overstate the disheartening effect of such conduct; and, specifically, the Investigators’ failure to have any interest or understanding in what I had said.
Once the investigation had concluded, I was presented with a preliminary investigation report comprising 668 pages, and 48 files of supporting documents, most of which I had not seen before. I was provided with a limited time to add comment and, even though extended a little, I was in no position to craft a response of any value. I have to say that, when I read that report, and when I read the draft warning notice which accompanied it, I did not recognise the man who was being portrayed there. In the report, and in the draft warning notice, there were allegations which had never been put to me in interview; the report included transactions about which I had never been questioned. These proceedings require me, in substance, to answer all of the failings of the Bank, a task which any individual could never hope to do.
I knew when the Warning Notice was served that there was expert banking evidence available; it had been referred to in an FSA internal report, which had indicated that it would be available for the RDC meeting. Prior to the issue of the Warning Notice, my lawyers sought it on several occasions; it was held back. What it meant was that, when it was served, as it inevitably would be, both we—and I believe the Bank also—have not had a fair opportunity to consider it and, if appropriate, respond to it.
I have also been troubled at the list of people whom the FSA has not interviewed. These include:
Alistair Webster, Corporate Division Finance Director;
Dorothy Lowry, Corporate Division Head of HR;
Sir Ron Garrick, Non-Executive Deputy Chairman and Chairman of the
Corporate Division’s Regulatory Risk Committee; and
Mike Ellis, Group Finance Director and his immediate deputies.
I have been troubled, too, because no account has been taken of the many good things that have been said about me.
How I saw my role
Mr Flint has addressed you in relation to the proposed action. I am told that, even at this stage—three years from the start of the investigation—this is not a judicial process, and that the extent to which this Committee will hear my side of the story is limited. Mr Flint will also address you in relation to the report of Mr Scanlon.
I do not want to re-iterate what he has said, but there are some general points which I would like to make about my role and the way in which I worked.
The warning notice makes great play that I “directed” certain things to happen. It reads as though I ran my own fiefdom, ruled by diktat or subterfuge, and paid no or scant regard to the views of others. That is a travesty of the way I worked or the way I treated colleagues. I had experienced colleagues and highly professional advisers. We acted collegiately, and—though there is always room for differences of view in any large organisation—not one single decision was taken which did not have the agreement of my corporate board or committee members. We acted within the remit of the responsibilities and targets given to us and signed off by the Executive Committee and Group Board.
I never went out on a limb, and the decisions we reached were reached after much discussion and careful consideration.
In this regard especially, it is suggested that I was less than open with our auditors in relation to provisioning. At no stage has this allegation been put to me. I deny that accusation. Auditors were provided with all the information they required by professional functions within the Bank, of which I was but a part. The suggestion that there could have been an institutional misleading of the auditors, let alone simply by me, is absurd, and flies in the face of the fundamental basis of my consistent strategy to improve controls and management information. To make this suggestion in the absence of an opportunity for me to rebut it face-to-face is, frankly, wicked.
I believe that, when I took over the CEO role at HBOS, I inherited an institution and a structure which I could, and, in the event, did, amend and improve. I set upon a path of change and improvement, from many different angles of the business. This task was in parallel with the expectations of me as leader of an important profit centre for the business. Those expectations were not set ultimately by me: in fact, I sought to temper them.
The Corporate bank within Bank of Scotland at the time of the merger with Halifax effectively had three lines of business:
1.
2.
3.
The business defined itself as a relationship bank and, following the merger, it was the intention to widen our franchise in all areas of the United Kingdom, Europe and North America.
The SME environment would be transferred to a business banking division which would utilise the English branch network of Halifax to grow the SME franchise in England and Wales. Operationally, this strategy was unsuccessful and the business banking division was merged with Corporate Division during 2004/2005. In the period 2001–2005 I led the bank’s transaction teams, particularly in the leveraged finance and private equity arenas. During that period I sought to influence the Corporate Board to define its business mission more clearly. I also articulated my preference to run the business on an asset class management basis. I raised debate on the question “what is a relationship?” and sought clarity around its definition: are we a relationship bank that delivers on transactions or are we a transaction bank that has relationships?
I was unsuccessful in convincing my then superiors that the asset class strategy was appropriate and it was not until my appointment as CEO that I was able to move the business to an asset class background. This feat was assisted and facilitated by the difficulties the Division was facing in its formation and implementation of the Basel 2 programme.
The move to asset class management brought clarity to how we defined Corporate’s business. Moving away from “relationship” language, I drove the definition that Corporate was a people business, that was in the risk business, and that had a high dependency on management information. The long-term vision was that we would ultimately be a people business that was in the risk business and was knowledgeable.
These strategic moves required the re-energising of functions in the Bank which I believed had become stale and that still thought of themselves in a “small Bank” way. I endeavoured to raise the bar intellectually and I personally took an active role in a number of initiatives, including graduate recruitment and leading the HBOS University, the Group’s virtual training facility; incorporating corporate and social responsibility programmes; and embedding a leadership programme and culture. This also included the recruitment of external senior people and the building of a talent management programme. One of the most significant appointments in this respect was ***, whom I installed as Corporate’s Chief Information Officer in 2007. I placed *** on the Corporate Board, thus elevating the visibility and importance of MI, which I saw as a vital part of Corporate’s risk function.
I placed risk at the centre of our agenda. My essential message was that “we are all risk managers”; risk was not simply confined to a department. As Basel 2 was being developed, I realised I needed a more “rounded” individual to head the function. I moved *** onto Basel 2 full time and I appointed *** as Chief Risk Officer in July 2007. Risk and HR were to be board level appointments.
I set about the initiation of various projects: Project One—to restructure business lines; Project Gold—to introduce “best in class” risk practices; Project Core—to deal with corporate operational risk excellence.
I was, of course, involved in lending decisions. As I have said, in not one instance were these decisions taken other than collegiately after careful consideration. Divisional boards became full-day events—a considerable change from previous meetings which would conclude mid-morning.
It has been puzzling to me, from the outset of this process, that others within HBOS have not been investigated, and that I am the only one to face enforcement action. I make that point not out of a sense of spite—I would not wish to put them through what I have been put through. But, given the collegiate fashion in which I worked, I have to ask myself the question: were we all wrong?
I hope the foregoing provides you with at least a glimpse of how I was spending my time whilst in the CEO role before the onset of the banking crisis. It was a time of frenetic activity.
It was against this background that the banking crisis hit. Again the Warning Notice pays only lip-service to the severity of the crisis and my role in trying to manage both divisional and Group-wide affairs in the centre of it. It suggests that we should have been aware that the
Bank was particularly vulnerable to a turndown in the property market. Of course we were aware of the cyclical nature of the property business. But no one could have foreseen the speed and violence of the crisis, of an economic downturn worse than living memory. My record in trying to enhance the risk perception in the organisation is entirely at odds with the notion that I neglected to foresee or respond to the risks. If you had asked me whether sub-prime lending on the US market would affect us in the way it did, I would have confidently said “no”, as I believe others in the banking community would. If you had stipulated that I had to take steps to forestall the onslaught of a crisis stemming from this source, I do not believe I realistically and reasonably could have done anything different. Never once were we advised of the potential of damage from such a source. Like many others, we were the victim of an unprecedented and unforeseeable crisis, which caused a sudden and severe liquidity crisis in the summer of 2007 and developed into a full blown crisis by autumn 2008.
Remuneration
In a world of greedy bankers and telephone number remuneration packages, I can only reflect on my own behaviour and what I and my wife know. Was I well paid? Yes I was but only for the final 2/3 years of my career. I was approached by head hunters and other banks on a number of occasions from 2001 with offers that were eye-watering, but I was never driven by money. I never sought these approaches out as I never wanted to work for another bank—any bank. Bonus payments paid to me were reinvested in shares and my personal wealth was dominated by concentration of HBOS shares which at their highest price were worth some £2.5 million. Today, my holding in Lloyds Banking Group is worth less than £100,000. The remuneration package implemented during my tenure as CEO was partially deferred and structured for retention -though I never made any threats to leave to my superiors.
On retiring from the organisation in January 2009 I gave up my deferred bonus of £1.3 million, not because of any pressure on me by others, but because I believed that many colleagues in the times ahead would lose their jobs as a consequence of the takeover by Lloyds TSB and it would be inappropriate for me to walk away with that pay out.
Conclusion
It is important that this Committee understands that the events of late 2007 and into 2008 were cataclysmic and unforeseeable, and that the matters with which I had to deal and for which I had to take responsibility, ranged beyond those which these proceedings disclose. Each of the matters about which criticism is now made were carefully thought through, advised upon and decided collectively. Each decision was made in good faith and for the interests we perceived to be good for the Bank and its customers.
Thank you for your time and consideration.
1 Sentence illegible.
2 Such as LMS and Vista.
3 Annexure 2 has not been included in this printed version, but is available on request.
4 Volume 6: Part B—Disclosure List Tabs 4 and 5
5 Volume 6: Part B—Disclo sure List Tab 4
6 Jackson and Powell on Professional Negligence , 6th ed, 2–123
7 The point was not expressly considered in the course of Mr. Fradley’s subsequent successful appeal—[2006] 2 BCLC 616
8 Volume 1: EBM Tab 1
9 Emphasis added
10 Volume 1: GBM Tab 3
11 Volume 1: CRCBM Tab 1
12 Volume 1: EBM Tab 2
13 Volume 1: CBM Tab 4
14 Emphasis added
15 Volume 6: Business Plans Tab 1 Pages 3, 7–8
16 Volume 1: CBM Tab 1
17 Volume 1: CCRBM Tab 1
18 Volume 1: CBM Tab 2
19 Volume 1: CBM Tab 3
20 Volume 1: CRCBM Tab 1
21 Volume 1: CCRBM Tab 1
22 Volume 6: Part A(ii)—Disclosure List Tab 7
23 Volume 6: Part A(ii)—Disclosure List Tab 1
24 Volume 1: GBM Tab 2
25 Volume 6: Part B—Disclosure List Tab 1
26 Volume 6: Part A(ii)—Disclosure List Tab 3
27 Volume 6: Part B—Disclosure List Tab 2
28 Volume 1: GBM Tab 1
29 Volume 1: EBM Tab 1
30 Volume 1: EBM Tab 2
31 Volume 1: CBM Tab 4
32 Volume 6: Part A(ii) Disclosure List Tab 4
33 Volume 1: EBM Tab 3
34 Volume 1: CBM Tab 5
35 Volume 2: Tab 4, Line s 648–671
36 Volume 3: Tab 5, Line s 559–592
37 Volume 6: Part B Disclosure List Tab 3
38 Emphasis added
39 Volume 1: GBM Tab 6
40 Volume 3: Tab 8 Pt.1, Lines 770–832
41 Volume 3: Tab 10 Pt. 1, Lines 707–727
42 Volume 3: Tab 10 Pt. 2, Lines 1267–1270
43 Volume 3: Tab 10 Pt. 4, Lines 72–78
44 Volume 3: Tab 9 Pt. 1, Lines 230–246
45 Volume 6: Part B—Disclosure List Tab 4
46 Ibid
47 Volume 6: Part B—Disclosure List Tab 6
48 Volume 1: EBM Tab 3
49 Volume 1: GBM Tab 5
50 Volume 1: GBM Tab 4
51 Volume 1: GBM Tab 7
52 Volume 1: CBM Tab 6
53 Volume 3: Tab 7 Pt. 2, Lines 292–309
54 Volume 1: GBM Tab 6
55 Volume 6: Additional PIR Documents Tab 7
56 Volume 6: Additional PIR Documents Tab 8
57 Emphasis added
58 Volume 6: Business Plans Tab 2, Pages 5, 6 and 47
59 Volume 6: Additional PIR Documents Tab 9
60 Volume 6: Additional PIR Documents Tab 10
61 Volume 6: Part A(ii)—Disclosure List Tab 5
62 Volume 6: Additional PIR Documents Tab 11
63 Volume 6: Additional PIR Documents Tab 6
64 Volume 6: Part B—Disclosure List Tab 7
65 Volume 6: Part B—Disclosure List Tab 8
66 Volume 6: Part A(ii)—Disclosure List Tab 4
67 Volume 1: CBM Tab 7
68 Volume 1: EBM Tab 4
69 Volume 1: GBM Tab 8
70 Volume 1: EBM Tab 6
71 Volume 1: EBM Tab 7
72 Volume 1: GBM Tab 10
73 Volume 6: Business Plans Tab 2, Pages 5, 6 and 47.
74 Emphasis added
75 Volume 1: EBM Tab 5
76 Volume 1: GBM Tab 9
77 Ibid
78 Volume 2 Tab 4, Lines 1279–1282
79 Volume 2: Tab 2 Pt. 3, Lines 549–551
80 Volume 2: Tab 3, Lines 5265–5270
81 Volume 2: Tab 4, Lines 3335–3353
82 Volume 2: Tab 4, Lines 3360–3374
83 Volume 3: Tab 11 Pt. 4, Lines 805–808
84 Volume 3: Tab 11 Pt. 4, Lines 1001–1009
85 PIR, paragraph 9.542
86 PIR, paragraph 9.559
87 Volume 2: Tab 4, Lines 4409–4439
88 Volume 2: Tab 4, Lines 4475–4476
89 Emphasis added
90 Emphasis added
91 Volume 2: Tab 4, Lines 4478–4483
92 Volume 3: Tab 11 Pt. 2, Line 306
93 Volume 1: CRCBM Tab 3
94 Volume 6: Part A(ii)—Disclosure List Tab 4
95 Volume 4: Tab 1
96 Ibid
97 Volume 4: Tab 3
98 Volume 4: Tab 4, Page 2
99 Volume 4: Tab 1, Para. 5
100 Volume 4: Tab 5
101 Volume 4: Tab 5, Pages 2–3
102 Volume 4: Tab 2
103 Para. 6.14(2) WN.
104 Volume 6: Additional PIR Documents Tab 4
105 Volume 3: Tab 6 Pt.1, Lines 461–473
106 Volume 3: Tab 7 Pt. 1, Lines 324–326
107 Volume 1: CRCBM Tab 2
108 Volume 6: Additional PIR Documents Tab 1
109 Volume 6: Additional PIR Documents Tab 2
110 Volume 6: Additional PIR Documents Tab 3
111 Volume 6: Additional PIR Documents Tab 5
112 Volume 6: Part A(ii)—Disclosure List Tab 7
113 Volume 3: Tab 5 Pt. 2, Lines 494–498
114 Volume 3: Tab 5 Pt. 2, Lines 526–541
115 Volume 1: EBM Tab 3
116 Volume 1: GBM Tab 5
117 Volume 6: Part B—Disclosure List Tab 4
118 Volume 1: CBM Tab 1
119 Volume 3: Tab 7 Pt. 2, Lines 796–870
120 Volume 6: Business Plans Tab 1, Page 3
121 Volume 6: Part B—Disclosure List Tab 4
122 Volume 2: Tab 3, Lines 6715–6721
123 The point is made in the ESD at para 7.14 “There are no directly comparative cases to that of Mr. Cummings”; that is because only Mr. Cummings has faced “the largest investigation that the FSA has to date conducted in respect of the failings of an individual” (ESD para 1.5)
124 See Fordham—Judicial Review Handbook [5th Ed.] at section P55
125 See the FSA Chairman’s foreword at page 7
126 Enforcement Response para 3.5
127 PIR para 4.10
128 PIR para 4.10; Enforcement Response para 8.1
129 Enforcement Response para 8.1
130 Enforcement Response para 3.12 & 3.4; PIR para 5.16
131 Enforcement Response para 3.8
132 See SIB v Scandex at pages 717 & 720
133 Warning Notice para 5.5
134 Enforcement Response para 1.1
135 Warning Notice para 4.85
136 Enforcement Response paras 3.2–3.8
137 WN para 4.12
138 WN para 4.12
139 WN para 4.122
140 Scanlon para 70
141 Scanlon para 72
142 ESD para 6.39
143 See Enforcement response at para 17.5
144 Enforcement Response para 1.2
145 Enforcement Response para 5.15
146 PIR File 51 tab 12 page 2–14 June 2007
147 ESD para 3.7
148 Strategic Review of Corporate Division—17 Oct 2006—RDC Core File 4 tab 87