CORRECTED TRANSCRIPT OF ORAL EVIDENCE To be published as HC 706-iii

HOUSE OF COMMONS

ORAL EVIDENCE

TAKEN BEFORE THE

PARLIAMENTARY COMMISSION ON BANKING STANDARDS

(SUB-COMMITTEE D)

PANEL ON CORPORATE GOVERNANCE: BELOW BOARD LEVEL

MONDAY 19 NOVEMBER 2012

STANDARD CHARTERED: ANDY CHARLTON, TRACY CLARKE, RICHARD GOULDING, MIKE REES and JULIAN WYNTER

CITIGROUP: EDDIE AHMED, COLIN CHURCH, DARREN JARVIS, MICHAEL LAVELLE and CHARLES ROSS-STEWART

USE OF THE TRANSCRIPT

Oral Evidence

Taken before the Parliamentary Commission on Banking Standards

Sub-Committee D- Panel on Corporate Governance: Below Board Level

on Monday 19 November 2012

Members present:

Mark Garnier (Chair)

Baroness Garnier

Examination of Witnesses

Witnesses: Andy Charlton, Group Head, Compliance, Standard Chartered, Tracy Clarke, Group Head of HR and Communications, Richard Goulding, Group Chief Risk Office, Mike Rees, Group Executive Director and CEO Wholesale Banking, and Julian Wynter, Group Head, Internal Audit, gave evidence.

Q123 Chair: Thank you very much for coming along to this meeting. This is panel D of the Parliamentary Commission on Banking Standards, and we are looking specifically at the role of bottom-up governance.

My first question is to all of you. If there is a risk management failure within your organisation, which one of you would the chief executive officer hold responsible?

Don’t all rush at once.

Richard Goulding: It would be any of us who are either in the first or second line of defence, according to our model. Both the individual who initiated or incurred the risk and the member of our organisation-up to and including me-who is the second line of defence, would be held jointly accountable.

Q124 Chair: When you say the individual who initiated the problem, do you mean the actual grunt on the desk or the head of that department?

Richard Goulding: Typically, if you are talking about a material credit risk, it would not be a grunt on the desk, but quite a senior originator-

Q125 Chair: But the individual-

Richard Goulding: But you would also look at the chain of command and whether they had culpability, either for acts of commission or omission in their supervision, to determine the degree of accountability and responsibility.

Q126 Chair: I am still not entirely clear. If something goes wrong, who is the first person you pick up the telephone to?

Richard Goulding: If it is a material, the chief executive would pick up the telephone to me if it was a credit market operational risk, but not a specialised operational risk like compliance-then my colleague would be the person he would call.

Q127 Chair: Okay. Maybe we will get a bit more clarity as we delve into this.

Mike Rees, you are head of wholesale markets and also a main board director. How do your colleagues hold you to account if you are a director?

Mike Rees: We go back to basics and fundamentals. We start with a business strategy. In Standard Chartered, going back to 2003, we had a very clear strategic intent. That starts with what is on strategy and what is off strategy. From that, the business strategies and business objectives emanate. Clearly, we operate in a risk business, so the first question is, "What was the context of the risk we were taking, relative to the strategy and the boundaries of the strategy?" Secondly, there is the risk appetite statement, which goes around the strategy, the question being, "Is the context of whatever happened in the context of the risk appetite and the strategy?" There are a series of sets of questions.

At the end of the day, risk is a judgment call. You are taking judgment within the context of a broader strategy and a broader risk appetite statement. We are accountable for the performance of the business, within the strategy and within the risk appetite.

Q128 Chair: But my question is more to do with the hierarchy of the internal organisation. If Andy Charlton, as head of compliance, had an issue that he was pretty angry about with some of the functions of your department, and he got in touch with you, where would you meet?

Mike Rees: The reality is that we run-I think Peter Sands alluded to this last week-a matrix organisation. It is a matrix of geography, control functions and businesses. Our processes are set up so that they meet those.

Q129 Chair: I am trying to get more to the hierarchy of your internal organisation. At the end of the day, the problem is that if you are a main board director and Andy Charlton is not, you are higher up the scheme of things, yet Andy Charlton has an incredibly important job, which is ensuring that your department is compliant with the rules and regulations. My question is to do with how Andy Charlton comes round and grabs you by the lapels and says you have done something wrong, without risking his job. Perhaps you would like to answer that, Andy Charlton.

Andy Charlton: There are both informal and formal mechanisms. For example, I meet with Mike specifically very frequently. We meet every couple of weeks to discuss risks and issues.

Q130 Chair: Whose office do you go to?

Andy Charlton: Typically Mike’s office, but it could be elsewhere. I am also a member of the group operational risk committee and I am a standing invitee to the group risk committee, which is the most senior executive risk committee. I am a standing invitee to the board audit committee, all of which I present to very frequently. Opportunities to raise issues, risks and concerns occur both formally and informally through those different forums.

Q131 Chair: Mike Rees, what keeps you awake at night?

Mike Rees: Probably the complexity of the world.

Q132 Chair: Is that your world, or the world in general?

Mike Rees: No, the world we operate in. I should not be presumptuous and assume that what is right for Standard Chartered is right for anyone else, but going back to 2003, we learned the lessons, in a small way, of a product-related organisation structure. When we put in place the group strategic intent, it gave us a sense of identity and purpose and a sense of definition. Through the last 10 years we have delivered within the framework of that strategic intent, but we operate in a world that is getting increasingly complex and interrelated and it is very important we understand the interrelationship between the changing risks in the world and our strategy. If you read our strategic intent, it would say that we are leading the way in Asia, Africa and the middle east, but the events in Europe clearly have an implication on what we are doing. Understanding the context and the inter-complexities of the world we operate in and how they relate to us are some of the challenges we have.

Q133 Chair: What personal responsibility do you take for conduct risk?

Mike Rees: Very high. Again, we have matrix organisation, but conduct is an important part of the group’s branding of "Here for good".

Q134 Chair: How do you organise that through the part of the organisation that you are personally responsible for?

Mike Rees: Within the wholesale bank we have the group code of conduct, which sets the parameters for how everyone operates, and within that, at a lower level, we have the code of conduct for our traders. We have mechanisms working with Richard and Andy that monitor those on a regular basis. That is the legalistic definition of conduct. There is the broader definition of conduct, which is about suitability and appropriateness. Again, we have processes to monitor what we are doing, who we are selling what to and what type of transactions we are doing within the context of the branding of the group as "Here for good".

Q135 Chair: What role does the head of desks play in maintaining standards and conduct?

Mike Rees: The head of desk in the trading room?

Chair: Yes, or the head of each department.

Mike Rees: It comes back to the fundamentals, which are about what the strategy is and setting out what is expected of them. One of the things that we have is our group strategic intent, which sets out our strategy and below that we have our wholesale bank strategy, which is to be very client-orientated. If you are sitting on a trading desk, the most important thing some of our traders have to do is service our clients well. It is more important for them to price the client deal properly than it is for them to make money off the back of that deal through market making.

Q136 Chair: The trouble is that you are talking about matrices and all sorts of lovely words of intent and mission statements and all that kind of stuff, but I am getting no sense of how you are doing it on a day-by-day basis, of how it works between an individual who is out winning business, his line manager and all the way up to you as a main board director and head of the wholesale market division.

Mike Rees: Sorry, I am going to go back to the same thing: it is clarity about what we expect of them and the behaviour we expect of them.

Q137 Chair: How do you ensure that they are delivering that?

Mike Rees: Well, we set personal objectives, so we have business objectives, we have personal objectives set every year, and we have mechanisms to monitor those-

Q138 Chair: Give me an example of those mechanisms.

Mike Rees: I was just giving you an example. If you were the head of a foreign exchange desk, it is more important that we win the client business than it is to make market-making revenue off its back. The predominant objective of the trader will be total product revenue rather than trading revenue, so we will set their objectives based on what we believe the right strategic behaviours are and then, at the end of the year, we measure and monitor them against those objectives from both a performance and values point of view. Tracy, you might want to add a point about how we appraise people-head of desks.

Tracy Clarke: Everybody in the bank is appraised on not just the what, but the how. There is a set of outcomes that Mike describes in terms of personal objectives; there is also a set of values and behaviours against which every individual is assessed.

Q139 Chair: Who does the assessment?

Tracy Clarke: It starts with the individual who does their own self-assessment. There is then a conversation with the line manager, so it is between the line manager and the individual. Then, across teams, because we operate as a matrix, there will be quite a lot of input from other managers, say other desk heads, in a 360 feedback-type driven way that provides input to the ultimate values rating. And that bites with remuneration-

Mike Rees: And there is also input from the control functions, compliance and risk.

Richard Goulding: Perhaps I can also add to this. The risk function is very directly involved in all individual compensation awards, so for example I have, for my full six years as chief risk officer, chaired our global markets bonus plan allocation committee. We formally have all risk and control internal order reports submitted to that committee so that we can ensure that accountability is taken of that in people’s performance ratings and then the decisions that are taken on awards off the back of that. We have an automated system where the people in the risk and control and compliance functions are invited to comment on the behaviour of individual people in the front office which is then is also brought out of that committee and used to inform decisions.

Q140 Chair: Is that a confidential meeting?

Richard Goulding: It is confidential to the people at that committee but then the decisions we take are reviewed, ultimately, by a two-person committee, which is Tracy and I. We review all of this across the whole bank because I am not personally able to chair every committee; I chair those that have the highest compensation, and then what Tracy and I do is ultimately overseen by the board remuneration committee.

Q141 Chair: Mike Rees, going back to you. How do you recruit staff? Obviously, I appreciate that this may be an HR thing, and we will come to what your role in that is a bit later, but I will concentrate on you for the moment. How do you go about taking on staff-how many people do you, for example, bring in on a graduate training scheme, or how many people do you take on because you are trying to nick business from someone else and have a quick fix?

Mike Rees: To give some sort of perspective, the wholesale bank in 2002 was about 5,000 people worldwide and it is now about 18,000 people, so it is a very relevant issue for us. The most important thing we look for is probably their values and their fit. We do a lot of tests around their technical competency, but probably the thing we spend the most time on in recruiting is looking for their values and their fit into the organisation, so when recruiting people we spend a lot of time talking about the strategy and priorities of the group, and the philosophy of the group in terms of "Here for good". We do that because we are not convinced that many organisations operate to the same sort of discipline that we do, so a lot of the time we spend is, actually, looking at their fit in terms of what we are trying to do. We are a very collaborative organisation, so, as Tracy said, we do not want people who are going to come in who will be a one on financial performance and an E on ratings, for example. We just don’t want those sort of people because, as Peter Sands said last week, we are very much a network business; we are a collaborative business and we are very much one bank. So, as we hire people, we are looking for those traits as a predominant. Not everybody gets it. They hear the words, but when they find the reality of it we often find that within a year they either find that they fit or that they do not fit. If they do not fit, they tend to leave. Although about 40% of our staff in the wholesale bank have been here for more than three years, we lose 7% or 8% within the first year where they just find that they have ignored the words we said on recruitment and they do not fit the way we do business.

Q142 Chair: Sorry, was that 7% you lose in the first year?

Mike Rees: Yes, 7%.

Q143 Chair: And you have gone from-what was it?

Mike Rees: About 5,000 people to about 18,000 people in 10 years. Graduate recruitment is very important as well. We have run an international graduate recruitment programme for more than a decade, and we bring about 200 international graduates in every year. In addition to that, we have an MBA programme where we are hiring at that level. So we are bringing talent in at all levels of the organisation.

Q144 Chair: Do your line managers tend to be promoted from the bottom level, or are you bringing people in with specific line management skills and experience?

Mike Rees: It varies depending on what we are looking for. Our bias is always to recruit from within. If you look across this room, we have all had cross-functional, cross-geography experience. We would prefer to promote from within but if we are looking for specialist skills that we have not got or traditionally have not developed, we need to hire in.

Q145 Chair: If you are hiring in a manager, you are hiring in a different culture, potentially. How do you check that?

Mike Rees: Tracy, do you want to go through our hiring process?

Q146 Chair: I tell you what, why don’t we come to that later? We are going to be picking on you specifically at the end. One last question, Mr Rees-whistleblowing. Can you talk about your whistleblowing policies and anonymity for whistleblowers?

Mike Rees: That is a very important part of business today, particularly given the complexity in the international network, so we run a very clear policy on whistleblowing. Andy, do you want to pick up on some of the details of the structure and the independence of that?

Andy Charlton: The first thing to say is that we have had what we call our speaking-up policy in place for well over a decade, so it is not new, although we constantly look to make enhancements to it. The first thing we try to do, of course, is to encourage people to speak up to their line managers if they have any concerns at all about any aspect of the control environment, or indeed about individuals’ behaviours. However, the speaking-up programme exists as an independent relief valve for any circumstances in which people for whatever reason do not feel comfortable speaking up to their line management chain or, for example, to a country chief executive or a head of business.

As well as offering internal channels, which would be to come through to compliance through a variety of means, we also have a programme administered by a third party to provide that degree of independence, which is available via dedicated telephone lines, internet portals and so on, and is available in 14 languages. That third party undertakes any translations required and feeds them through to the compliance function. We then determine in two broad categories what type of issue it is. Some of them are management-related grievances-HR matters, if you like-which we share with Tracy’s team to investigate. Others that relate to controls or other aspects of behaviour, the compliance investigations team review.

Q147 Chair: Can you give us an example of a successful piece of whistleblowing?

Andy Charlton: We do receive a number of whistleblowing-speaking-up-observations during the course of the year and we investigate them, as I said. Most of them that we find that are substantiated-clearly not all of them are, by any means-relate to systems and controls issues, perhaps something to do with receipts of gifts and entertainments that have not been properly declared, and that sort of thing. They are relatively minor systems and controls issues.

Chair: Okay.

Q148 Baroness Kramer: Mr Goulding, could you help set the scene for me a little bit? What would be your three top objectives as the CRO?

Richard Goulding: First and foremost, having had a risk appetite approved by the board, it is to never lose sight of the fact that the role of my function is to ensure that we remain within that-so all the activities we then undertake are designed to achieve that purpose-or, if we can envisage a scenario where, if that occurred, we might not be able to remain within risk appetite, to ensure that that is elevated to the board risk committee, so that they are aware of it. The second level is to ensure that, all in support of that, we maintain discipline around the various risk-control levers that we use-setting of limits, underwriting standards and so on, which are the levers that are used throughout the organisation, down to country level, to ensure that we remain within risk appetite. In a large organisation, it is always important to maintain a high level of discipline about that. The third most important objective for me personally is always to be worrying about what may be coming in future that you do not obviously see. It is much easier to analyse and deal with a known risk, but a crucial part of the job is trying to anticipate the future and what may be implied if certain scenarios were to occur.

Q149 Baroness Kramer: The unknown unknowns. Where in your role does the culture of the organisation impact? Everything you have described to me is quite quantitative and procedural, or to the extent that it is qualitative, it is in anticipating externalised risk. How does the culture side work from your perspective?

Richard Goulding: I refer back to what I touched on earlier. The risk function plays a really critical role in enforcing risk and control behaviours throughout the organisation. To expand on my earlier answer, it is all overseen by, first of all, the group reward plan committee, which recommends to the board risk committee-so it is a purely executive committee and consists of the chief executive, the chief financial officer, Tracy Clarke and myself. A sub-committee of that comprises Tracy and myself and oversees the whole systematic approach to ensuring that risk and control behaviours are enforced in ratings decisions and crucially, in compensation decisions. Below us there is a variety of allocation committees. In fact, I chair the two that have the highest-paid people. People working for me chair some others, and Tracy sits on the consumer banking one as the independent voice and final check, because we also have to hold people in my function accountable for enforcing controls and values and behaviours, including their own. Tracy is an independent member of the committee for risk people, so that they are also held to the same standard, and that is a very powerful factor in enforcing the bank’s values.

Q150 Baroness Kramer: So an awful lot hangs on a couple of individuals; you and Ms Clarke, as near as I can understand. You have a rather curious upward reporting channel, do you not? Am I correct that you report to the chief financial officer?

Richard Goulding: That is correct.

Q151 Baroness Kramer: You will be well aware that others regard that almost as a warning sign, with perhaps a risk of getting distorted values. I think it was Sir David Walker who said in his testimony: "I do not think that I ever recommended that the chief risk officer should have a reporting line to the chief financial officer." He then went on to talk about particular disasters. How do you manage and deal with that as a consequence? What happens if, from a risk perspective, you find yourself in a position that differs from that being taken by the chief financial officer?

Richard Goulding: Well, I sit on the group management committee-so, alongside him on the top executive body-and my voice is therefore very much heard. I meet once a month with the group chief executive on my own, as does every other member of the group management committee, and obviously, there is my direct involvement with the chairman and members of the board risk committee as director and on my own. One thing is that the original Walker report did allow the reporting line to be either to the CEO or the CFO. I remember that being covered when this reporting line was set up. He may have changed his views since then.

Q152 Baroness Kramer: I think Sir David has had some rethink around those issues, having looked at the experience that we have all gone through in the last few years.

Richard Goulding: But certainly from our point of view, the only question I have to ask myself and do-and have emphatically answered-is whether this reporting line in any way impairs my ability to do the job, and it does not. I have, indeed, been asked that by the chairman of the bank personally as well, and I have given him that reassurance.

Q153 Baroness Kramer: You talked about the meetings that you and Miss Clarke have to look at the risk profile of the organisation. How do you then hold the business to account if you have a concern?

Richard Goulding: Obviously, it is a matter of judgment as to what the proportionality of the action is. I stress that this approach is strongly supported by Mike Rees in the wholesale bank. Ultimately, we take supervisory responsibility very seriously. An internal audit failure in a critical area of business is taken very seriously, and-to use Mr Garnier’s previous expression-we do not simply take it out on the grunt on the desk. Crucially, what we ask ourselves is exactly that: what were the supervisory failures, what were the acts of omission, how could the environment have allowed controls not to operate effectively, and why were the more senior line managers not aware of it?

What are the consequences of that? Certainly, bonuses year on year have been reduced by 50% for a mere-not "mere", but it shows how seriously we take it-act of supervisory omission, where the individual did not do anything. That is a powerful consequence for an individual.

Q154 Baroness Kramer: I think I am not being perhaps as clear as I should. One of the concerns that has been expressed to us by quite a number of people in various different ways is that the risk system, and therefore the role of the CRO, is very quantitative in the way that it is driven. For example, certainly its using quantitative mechanisms can in a narrow sense identify credit risk, where that has stepped out of boundaries or whatever else. However, most companies seem to have set aside the qualitative risk issue, which is partly why many of the banks missed many of the crises of the past decade or so.

I am trying to work out what triggers your attention and what you do. Is it very quantitative in the way that it works? What you described to me sounded like that.

Richard Goulding: No. Quantitative tools, which have very much come to the fore in the past decade, I regard as absolutely essential tools to have to do the job properly, but in Standard Chartered we have never allowed them to be put ahead of experienced individual risk officers proving individual transactions on the base of non-quantitative techniques. Those are the people who are there. We have representatives on all trading floors, and it is important that they are there on the floor, so that they are monitoring, influencing and observing culture.

Those are the people who we actually go to and require to comment-positively or negatively, because we wish to reinforce positive behaviour-simply on whether or not people in the front line are acting out behaviours that reinforce the group’s values. One thing I constantly emphasise is how much it is an obligation to make those comments, positively or negatively, precisely in order to reinforce the culture of the bank. There is nothing quantitative in that aspect at all.

Q155 Baroness Kramer: So what would the status be of your folk down on the floor level versus the revenue generators? How would they perceive themselves in relation to the revenue generators?

Richard Goulding: I frequently receive complaints that the people in risk are actually too powerful in the organisation, which is probably the right sort of complaint to be getting.

Q156 Baroness Kramer: I think Mr Rees is going to burst into laughter on this one.

Mike Rees: No, it is the right balance. It is the right perspective.

Q157 Baroness Kramer: Okay.

May I take you back to the whole issue of risk appetite? Behind that lies a much bigger question of risk capacity, and that does not seem ever to get mentioned. Is there clarity about the risk capacity versus the appetite?

Richard Goulding: Yes. We define risk capacity as what regulation allows you to do. Risk capacity is what our regulatory capital would allow us to do. Risk appetite is narrower, and we have a lower risk appetite than our risk capacity would allow us, so we seek to run the bank more conservatively than the risk capacity would allow.

Q158 Baroness Kramer: I am going to flip back to my previous question, because I did not really follow through on it. We were talking about the relative status of those involved in various areas of compliance versus those involved in revenue generation. How does compensation or remuneration compare between the two groups? To what extent is remuneration for risk control based on revenue generation?

Richard Goulding: It is not directly based on revenue generation at all, and, indeed, it is not based on the results of any division, business or country. The bonus pool that is ultimately approved by the board remuneration committee for risk, and for compliance, is a global bonus pool, which is then allocated within risk and within compliance, led by those functions. It is clearly influenced by group profits, but only group profits. In fact, one should make the point generally that we do not allow any bonus pools, including for the front office, to be revenue based; they all use the risk-adjusted profit base as the primary measure. Going back to risk, there is a completely separate bonus pool influenced only by group profitability.

Q159 Baroness Kramer: If you are a high-flyer, which is the more rewarding financially, going into risk management and compliance or-?

Richard Goulding: Clearly in areas such as market risk, you get better paid if you go into a trading or potential sales job than if you remain within the market risk function. That is not to say that jobs in the market risk control function are not well paid; they are, but they are not as well paid as the front office.

Q160 Baroness Kramer: How do you look at the impact of that on the culture of the organisation?

Richard Goulding: It is very interesting. I think the influence that has is in a way positive, because the people who choose to work within the risk functions choose it because they are more comfortable, from a personality point of view, with being in a control role than with being under the pressure to produce revenues you are under if you are in an origination role. Interestingly enough, it leads to more of a natural fit-that is my observation.

Q161 Baroness Kramer: Just one last question-this might involve Tracy-you talked about the importance for performance evaluation leading to remuneration spreading across and not only up the hierarchy. Do your front-line staff have input in to the appraisal of your risk control individuals?

Richard Goulding: No.

Q162 Baroness Kramer: Does it work in the opposite direction?

Richard Goulding: Yes.

Baroness Kramer: Okay, so it only goes the one way.

Q163 Chair: One question following on from that: who is the more valuable member of staff, the one who generates £10 million in revenue or the one who saves £10 million through avoiding a stupid mistake?

Richard Goulding: Clearly, theoretically, either, but the one is more obviously measurable that the other. In fairness, I always say to people in the risk function that, because we very emphatically run a first-line-of-defence model, I think it is appropriate that people in the front office get more, because they take exactly the same responsibility for risk as people in my function, but they also have responsibility for delivering a P&L, so in that sense they have a bigger role. They will not be able to hide behind my risk function. If a credit goes wrong and it turned out to be due to negligence, they will be held just as accountable for that as the credit officer who signed off on it.

Q164 Chair: Okay, thank you. Mr Charlton, over to you. How would you describe your role in the business?

Andy Charlton: Sorry, the role in business?

Chair: How would you describe your role in Standard Chartered?

Andy Charlton: I am responsible globally for the compliance function. Compliance is organised as an independent function. That means independent of sales, trading and relationship management. The role of compliance is a fairly classic role, which involves a combination of providing expert advice and conducting independent monitoring.

Q165 Chair: Just that?

Andy Charlton: It has other activities as well in relation to regulatory relationship management, but the two core aspects are to act as a partner with the business in providing advice to ensure that the business that we undertake is compliant with regulation and, secondly, to undertake monitoring and surveillance to ensure that the business as conducted was indeed compliant with regulation.

Q166 Chair: It is a very unfair way of describing things, but people do describe it as such: do you see your job simply as box-ticking?

Andy Charlton: No, not at all. The most sustainable way to ensure compliance, and therefore the long-term success and profitability of the firm, is to ensure that we get it right first time as far as possible. That involves providing advice, which can be specific bespoke advice on a transaction, defining appropriate policies, procedures and controls and providing other guidance, all aimed at ensuring that what we do is indeed in compliance-in my case, with laws and regulations, given that I have risk control responsibility for regulatory risk.

Q167 Chair: Who do you report to?

Andy Charlton: I report to a member of the group management committee, who similarly does not have responsibility for revenue generation. He reports directly to the chief executive.

Q168 Chair: Can you give me an example of an internal standard which is not driven by regulation that you are responsible for?

Andy Charlton: Yes. There are regulations in many areas that effectively define the boundary conditions, but we adopt policies internally that are significantly inside those boundary conditions, in terms of how we want to approach things. Perhaps one of the best examples I can give you is that several years ago, the FSA introduced some guiding principles around treating customers fairly. While the FSA is our global home regulator, it does not have direct retail conduct jurisdiction over our activities everywhere else in the world; that is the responsibility of the local host regulator. In some countries in which we operate, regulations on treating customers fairly either do not exist or are not at the level of sophistication of the FSA regulations. Through our consumer banking business, we have decided to adopt and adapt the FSA’s TCF guiding principles and deploy them everywhere, as part of what we would describe as a customer charter, so that we are adopting similar standards even in countries that would not have that type of regulation.

Q169 Chair: So, effectively, you are selecting what you consider to be the best standards in the world and then adopting them across?

Andy Charlton: Yes, with the proviso that we always need to ensure that we comply with relevant regulations, whether they are international regulations with transnational application or local regulations.

Q170 Chair: You are setting your internal boundaries within the boundaries set by the regulators. Are you doing that in order to have a buffer zone, so that if you slip over your own internal standards you will not be in breach of any law, or are you doing it because you do not consider the regulators to have the same standards that you have, and you are therefore trying to exemplify them? That was a shake of the head.

Andy Charlton: Our internal standards start from the comments made by Mike Rees earlier: what is our strategy; what type of business do we want to undertake; how do we wish to participate in markets, and with what types of client? That is really the starting point for strategy. The regulatory environment forms a set of boundary conditions in a different respect. We take all that into account to determine how we wish to set our own internal policies and procedures.

Q171 Chair: When I asked that question, you shook your head. Does that mean that you do not consider your standards to be better than those of the regulators?

Andy Charlton: Clearly, we seek to comply with regulations wherever we do business. The nature of regulations, even on similar topics, tends to differ quite significantly from country to country. What we are trying to do is ensure that we are compliant in all of those countries. Therefore, we set our own standards based on our strategy and with recognition of the regulatory environment in those countries.

Q172 Chair: What I am trying to extract from you is this. As a compliance officer, do you see your function, or part of your function, as being more than simply complying with regulation? Are you part of the team that is driving a higher standard, or do you simply see yourself as a functionary with a rule book in one hand and a set of guidelines in the other which you are handing out to your staff?

Andy Charlton: The compliance function is an integral part of the bank, and therefore part of the team that is seeking to drive sustainable, long-term success. It is not simply seeking to comply with regulation, but obviously from a regulatory risk perspective we are seeking to ensure that we comply with regulations wherever we do business, and then try to formulate policies and procedures, and provide advice in tune with driving that strategy and success.

Q173 Chair: To take a hypothetical situation, one of Mike Rees’s expert business generators has come up with a new product, and you are looking to approve that product. Presumably you will be part of that approval process of a new product.

Andy Charlton: Yes, compliance people-that may be me, or others in the compliance organisation-are involved in new product approval.

Q174 Chair: And how would you get involved?

Andy Charlton: We have specific new product approval processes, which include not just compliance people, but risk people and members of other control functions as well, to ensure that before they are launched, they satisfy all of our internal criteria, as well as, obviously, complying with regulation. For more bespoke structured transactions, we have in place specific approval groups that also bring together the control functions to work with the business to ensure that what we do satisfies our internal policies and procedures, and is therefore compliant with regulation.

Q175 Chair: I am still struggling to find evidence that you are setting a standard that is better than simply complying. One can come up with a product that is perfectly compliant but is a dodgy product. I am not suggesting for a moment that Standard Chartered is sitting there looking for opportunities, but how would you, as the compliance department, feed back and say, "This is compliant, but I just don’t think it’s the right thing to be doing in our culture"?

Richard Goulding: If you take suitability and appropriateness for clients, that is very much a joint effort between your team and ours, and our standards there are much higher than regulation in terms of what we allow people to sell in the way of derivative products, and have been for many years. I think that is a good example of where we don’t simply ask what the regulation says, and do anything up to that. We try to be thoughtful and consistent with our client-led strategy of always providing or selling a product that is genuinely appropriate for that client.

Mike Rees: I think Peter Sands has been very clear. When we launched "Here for good" as the branding of the group, we were lifting the standards on ourselves beyond and above the minimum requirement. The "Here for good" lens pervades everything we do, be it a transaction, a new product, or the way in which we conduct ourselves, and is our mental attitude in the organisation.

Q176 Chair: Okay. Do you want to add anything?

Andy Charlton: No, I think that covers it.

Q177 Chair: On a day-by-day basis, how do you ensure compliance is being undertaken, and that the front office staff are compliant?

Andy Charlton: As Richard said, we operate a three-lines-of-defence model, so the first responsibility is obviously the people who are undertaking activities in the first line, and their line management supervision. From a compliance perspective, we conduct a variety of compliance monitoring reviews and various forms of surveillance to ensure, on a risk-based and sample-based basis, that there is compliance across the organisation.

Q178 Chair: How does that work? Give me an example of how you make sure a trading desk is compliant.

Andy Charlton: Compliance officers will do desk reviews on certain topics. Often there will be a thematic same topic across a number of different desks and geographic locations. They will review transactions and trades, and refer to automated trade surveillance data to form conclusions on whether the desk was complying with all policies and procedures.

Q179 Chair: So you are effectively auditing the compliance function on a regular basis.

Andy Charlton: Auditing the compliance function?

Q180 Chair: I am sorry-auditing that the departments are compliant.

Andy Charlton: It is not an independent, third-line-of-defence auditing function, which Julian and his team undertake, but it is monitoring those regulatory risk policies and procedures-those areas of conduct in particular.

Q181 Chair: What changes do you think you can bring about in Standard Chartered to make your compliance function better?

Andy Charlton: What really matters is the organisational compliance of the firm, as opposed to the particular compliance function that I am responsible for. Nevertheless, the strength and effectiveness of the compliance function is a key influencer of the organisational compliance of the firm. We are, I believe, appropriately resourced; we have competent people-there is a constant effort to ensure that we have the right people in the right roles with the right skills. It is also important that, while maintaining that independence as a function, we act as an appropriate business adviser and business partner so that we understand sufficient about the business and can provide expert advice to ensure that what we do is, indeed, compliant first time. The final part is to ensure that we have robust monitoring and robust surveillance; again, that involves a process of continuous improvement to ensure that we are covering the right set of risks in the right way and that we are being sufficiently probing.

Q182 Chair: Can I just go back to product approval? Let us say, hypothetically, that a business creates a fairly complex product or bespoke product for a client, and you are asked to cast an eye over it to make sure it is compliant. Some of these things are pretty ferociously complex. How do you meet the intellectual standards of the product designer?

Andy Charlton: In the different parts of the compliance function, we have compliance specialists who are very familiar with the areas that they cover, whether that is private banking, wholesale banking, part of financial markets and so on. We have specialists and dedicated compliance officers who well understand the business and, therefore, the opportunities, products and offerings. They are the people we match off to assess new product ideas and approvals, either through new product governance committees or through things looking at more bespoke transactions.

Mike Rees: It is important to put this in context. You talk about complexity of product. The first lens we will look at any product through is, what client need does it satisfy and how does the client understand it? We are not at the nth degree of complexity, because our strategic intent says we will be client focused and relationship focused. The first question we ask is, what is the client need that the product is going to meet and how will the client understand it? That strategy piece and the strategic intent pervade what we are trying to do; we do not just launch products because we think they will make money. There is a strategic intent, which has to sit behind it before the process kicks in to approve it.

Q183 Chair: Do you think you are different from other banks in that approach?

Mike Rees: I think we have a different form of complexity. We run a very strong network business. I do not think we have the same product complexity other banks have, but we have complexity in terms of the number of countries we operate in and the matrix we operate.

Q184 Chair: I know this is fairly irrelevant for you, because you have a relatively small business in the UK, but we are seeing banks involved in PPI mis-selling scandals, so-called interest rate swap mis-selling scandals and on it goes ad nauseam. Presumably, you have not got that.

Mike Rees: But I think it goes back to the fundamental point that Peter Sands raised with you, which is that, back in 2001-02, we had similar, smaller issues from product silos and product organisation-

Q185 Chair: Can you give an example?

Mike Rees: We had issues in our merchant bank, as they were at the time, on yen derivatives; they were just trading in the market because they had a product-orientated strategy. We firmly believe that banking is a relationship business, and it is about the clients and customers. As Peter said to you, we absolutely believe that the relationship and the client need we are serving are the most important lens for us. When you get to a transactional strategy or a product-led strategy, there are inherent risks, in that the only thing you can do is keep adding complexity to products, sales targets and everything else. We look at it through a different lens.

Q186 Baroness Kramer: Mr Wynter, you have managed to keep your head below the parapet so far. Perhaps I can ask you a couple of questions. You will be aware that, in many of the banking institutions that got themselves into great difficulties, the internal audit function had difficulty communicating up to the appropriate decision-making level. I notice that you report to the audit committee, but also to the group’s CEO, and have a dotted line report-I have to admit, this sounds strange on the surface-to the director of property, research, assurance and Korea. How does this mesh, and what are the implications of this?

Julian Wynter: The key thing here is that the audit function is independent, so a reporting line in the first instance to the audit committee chairman is essential. I also report to Peter Sands, the CEO, and I think it is important to have a report to an executive, because that means that if you come across things that need to be addressed, they can be addressed quickly. Peter is running the bank, so from a practical point of view the organisational issues of the internal audit function can be dealt with outside that chain of command, but the overall structure ensures the independence of the function.

Q187 Baroness Kramer: Can I take you up on that? Perhaps you can help me understand that better, because it would seem that there is a direct report to the CEO, who presumably determines your career among other things. If he kind of says, "It’s not a risk, Julian. Put it aside", how do you retain independence under that circumstance?

Julian Wynter: I have a reporting line to the audit committee chairman, so if there is something that I do not think is being addressed, I am duty-bound to raise it with the audit committee chairman. I have regular contact with the chairman of the bank, so I see the chairman six or eight times a year. If there is an audit issue of significance, I am duty-bound to raise it with him directly.

Q188 Baroness Kramer: Obviously you will have had experience of this, but what actually happens when you report up to the audit committee? Is that a substantial part of their meeting agenda?

Julian Wynter: Yes, it is.

Q189 Baroness Kramer: Is there feedback? Is there a communication that happens through that process?

Julian Wynter: We produce an extensive report, which runs to 50 or 60 pages, which covers a number of things. It covers the issues that we are seeing arising in the organisation, how we are conforming to plan, management action steps-it is a very detailed report, and it gets a lot of scrutiny at the audit committee.

Q190 Baroness Kramer: Seriously, are you finding that people are reading 50 to 60 pages?

Julian Wynter: Yes.

Q191 Baroness Kramer: Okay, it is an unusual board. From your perspective, does that work as a reporting structure? I would say that many people would say that the experience is that if it gets past two pages, the chances of getting it read in detail are very close to zero. How does that mechanism work as a communication tool?

Julian Wynter: I agree that it is a lot, but they are very challenging, and it is clear from the kind of interaction that we have that they have studied it.

Mike Rees: To help Julian out a little bit, the audit committee focus on two things-first, clearly, things that have happened and come out of audit reports, but there is a separate discussion about thematic issues coming up. Where we see thematic issues coming up throughout the bank, there is a broader-range discussion. As Richard said, we try to be more forward-looking. Just reacting to the past is one thing, and you can go through all the consequence management, but the second challenge, which we try to do, is to identify some of the forward-looking things from the thematic issues and anticipate and deal with some of them. There is a balance of two things going on.

Q192 Baroness Kramer: So how broad would your scope be, Mr Wynter? Would it include product suitability, HR policies for recruitment, business strategy or perception? How wide-ranging is it?

Julian Wynter: It is everything, really. We have unrestricted access to all of the bank’s activities and all of the information.

Q193 Baroness Kramer: A number of people who have talked to us very specifically about the role of internal audit in general have basically been concerned that certainly down at the lower levels, where people might first identify problems, there is not a natural habit of either speaking to internal audit or going to them for advice. They are seen as people who come in from the outside at a specific point in time and ask questions, but the information does not, essentially, flow the other way. How does that work in your organisation?

Julian Wynter: It is very important that you do not run the audit function in such a way that there is a tendency for people to suppress information. That is a great fear, so we have to be sensitive to that. The overall culture of the bank is one of openness and collaboration. We have to strike that balance.

Q194 Baroness Kramer: How frequently would you find this? Is it an extraordinary event for somebody actually to contact and speak to internal audit, or does that happen on a reasonably comfortable basis?

Julian Wynter: It happens very regularly. One of the issues that I think people are concerned about is the authority and standing of the internal audit function, and it may be useful to comment on that. In the way we do things, there are three perspectives. The first is structural: every committee in the bank has, as an invitee, a member of the internal audit function; so, starting at the top, I attend the audit committee, the board risk committee, the group risk committee, the group operational risk committee and so on. All the way down the organisation, members of the internal audit function are invited into the respective committees, so there is that link all the way through. The second thing, which I think is important, is the reporting line, which gives a sort of structural independence, in my view.

The other critical dimension is the people in the function. In our audit function, we have a balance of business people and internal auditors. For example, we have the former head of our Hong Kong global markets activity running one of our audit teams; we have an individual who was the chief risk officer in Hong Kong; we have a CEO from the private bank. It is very difficult for people to say that we do not know what we are talking about when we have those sorts of people involved. I think that is a very important aspect of getting status-standing-in the function. Then of course you have to acknowledge-I have to acknowledge-that the individual running the internal audit function has to have institutional credibility. That is important.

Q195 Baroness Kramer: Are you saying there is a fairly fluid career movement between the audit function and, say, some of the operational sides of the business, or is that only at the most senior levels? It sounded as if you were pointing to people who had almost in effect retired from the front line and were now lending their skills to internal audit. Is it more fluid at the bottom?

Julian Wynter: It is more fluid all the way through the function. We run what I think is termed a pillar rotator system, so there is a core of internal auditors-probably 65% of the function-and then we have people who rotate through, who come in for career development, to see the organisation, to learn and to use that experience in the audit function to give their careers a slingshot effect.

Q196 Baroness Kramer: May I ask Ms Clarke about the HR side? At the beginning, Mr Rees said, "We are a collaborative business." It raises some issues about appraisal if everybody regards themselves as a colleague, doesn’t it? How do you manage to have an appraisal process that has some objectivity built into it, rather than colleague loyalty?

Tracy Clarke: We have a performance management process. We call it a signature process, which means it is the same for everybody. The process is the same, it happens at the same time and uses the same system, and the standards within that are very clear to everybody; but because of the nature of the organisation-because we are a matrix-and because collaboration is so highly valued, peer input is really important in the performance management process. The manager and the individual themselves are central to the process, and it is about "How did I do against my objectives?" The manager’s role is to ensure that the appropriate level of input is sought from those individuals who are key influences or key partners to that role. It could be risk input, it could be compliance input, or it could be from other product or business areas. It is a manager’s role to ensure that an appropriate level of all-round feedback is taken in order to come to an objective view of an individual’s performance.

Q197Baroness Kramer: So it is feeding to the manager? Are you saying that the peer reviews do not come to you, but go to the line manager, who then uses that material? Does it not take quite a lot of courage to make any kind of negative comment in that environment?

Tracy Clarke: People are actively encouraged to be open and honest in the process, and we treat all feedback as constructive. Because it goes to the manager, there can be an element of anonymity. We actually discourage that, in the interests of being open, but if individuals feel more comfortable giving anonymous feedback, they can do so, but we discourage it. As I say, we would rather have very open feedback.

Mike Rees: Can I just pick up on that point, where we may be slightly different. To us, it is strategy first; financial outcome is the outcome of strategy. A lot of our objectives are set in terms of what we are trying to do strategically with the business. Yes, there will be some quantitative element to that, but we do not drive the bank by purely quantitative outcomes. I think we are very lucky and fortunate in that we do not have the pressures of quarterly reporting, which I think serves to undermine and puts financial targets ahead of strategy. The process that Tracy is talking about very much links to the one that I was talking about, which is strategy, business objectives and personal objectives and appraisal in the context, and the financial outcome is the financial outcome; it is not the other way round.

Q198 Baroness Kramer: How are the culture and values you talk about embedded in staff? Could you tell me about some of the ongoing training process and how that works, and to what extent is it optional?

Tracy Clarke: It starts at the point of hiring, so we absolutely look for culture-fit when we hire. Once we have hired an individual, the induction is absolutely key. For all of our most senior managers, we run a programme called "Fast Start", which is very much about the way things work around here. We talk a lot about values and culture and what it takes to be successful in the Standard Chartered environment. That starts right at the very beginning. As I said earlier, values play an important part through the performance management process. The way an individual behaves in their role has an impact on their performance rating and on their remuneration. That is where it really bites.

Values play a role in almost all of our management and leadership development programmes. Our management programmes are central to getting this right, because at the end of the day, the tone from the top-from everyone in this room-can be right, but the performance of the bank is really in the hands of our managers, of whom we have many thousands. Management development is therefore really important, and values play an integral part in those development programmes.

Q199 Baroness Kramer: I still haven’t worked out whether there is a required training process that goes on. As you know, many banks have a list of opportunities they offer, and you find that most of senior management have never been to one of them, or they have just attended a two-day seminar or something. I am just trying to understand how that ongoing process works

Tracy Clarke: There are minimum standards for training, and some of those will relate to, for example, the code of conduct, operational risk, or anti-money laundering. Those are minimum standards, and every individual must complete that training, which is tracked. Depending on where you sit in the organisation, there are also additional standards of training that you need to complete. For example, an HR person will be subject to certain process and policy training requirements. Our management and leadership development programmes are more tailored to individuals-for example, those going through a career transition from being a manager of a few to a manager of many. Those are much more specific to individuals as they develop through their career.

Q200 Baroness Kramer: May I ask two slightly different questions? Picking up on whistleblowing, we had a discussion earlier on the routes that a whistleblower could take. Do you follow the careers of people who have been identified internally to you as a whistleblower? Do you track the impact on their career?

Tracy Clarke: I do not think I can suggest that I follow their careers, but we stress the integrity of the process and that individuals will be protected. That is a very important part of the process.

Q201 Baroness Kramer: How do you do that if you do not follow the individual and what happens to them?

Tracy Clarke: Should individuals feel a level of anxiety or uncertainty about that, then absolutely their HR relationship manager would follow up on that. If it were a very senior individual, they would feel very open to talking with me or my HR managers.

Q202 Baroness Kramer: But you are not going to recommend someone for promotion or identify a new opportunity for them, are you? You are talking about yourself as a place to go if one has a problem, but surely the whole problem for whistleblowers is that it is much more subtle than that.

Tracy Clarke: First, I would say that there is a level of anonymity in the speak-up, so I would not have access to the specific cases of individuals who have raised a speak-up. That information is confidentially held, unless they are comfortable about being known. From that perspective, we would not be tracking the careers in order to protect that anonymity, but I can think of at least one recent case where I have been involved with an individual who did speak up and I have been involved in helping that individual with their career.

Q203 Baroness Kramer: Because there was a problem, or just because they had been publicly identified?

Tracy Clarke: Because they felt a level of uncertainty around their own position.

Q204 Baroness Kramer: Going back to recruitment decisions, I understand that you are very involved at the first line of recruitment, but, again, as recruitment comes in at the higher level, there is this issue of bringing in the external. How are you engaged in that process? Is it just a facilitating role of bringing in these particular teams or entities, or do you actually have a more granular role than that?

Tracy Clarke: Me personally?

Q205 Baroness Kramer: And your department.

Tracy Clarke: I would personally be involved in the recruitment for our senior-most hires. That would probably be the top 70 or so leaders in the organisation. Myself or my head of leadership effectiveness would be involved in the interview process. This is where the culture-fit assessment comes in. If it were Mike who was hiring a very senior person into the wholesale banking team, we would ensure that Mike would be a critical interviewer, but so would I and so would at least two of our other most senior management in the group. We always ensure that there is a panel of interviewers that is outside of the direct business line into which the individual is being recruited.

Mike Rees: Quite often that would be a risk or compliance person, such as Richard.

Q206 Chair: You have just described the taking on of senior members of staff, but what about junior members of staff? How does that work?

Tracy Clarke: Similarly, at the front line, at branch level, for example, if they are doing a very simple job with one branch manager to report to, my talent acquisition team would be deeply involved in the recruitment. There would be an assessment test. We would look for values. Largely, however, that would be a simple recruitment that my HR talent acquisition team and the manager would be involved in. As one moves through the organisation, middle management is where the matrix would come to the fore, so a similar sort of process would happen at middle management.

Q207 Chair: What about on the wholesale banking side, which is obviously smaller than the retail banking side? How much do you get involved with the recruitment of staff at the junior and middle-ranking front-end?

Tracy Clarke: At middle-ranking levels in wholesale banking-

Chair: And junior.

Tracy Clarke: A similar process would occur. A relationship manager in a middle-market corporate team in Hong Kong, for example-there would be at least three interviewers for that particular role.

Mike Rees: Because we know they come into collaboration, they would not be allowed to be just interviewed within the individual desk or silo, so even at a junior level, an HR person would need to be involved, and a risk person would probably need to be involved. One of the prerequisites is, it is a broad range, because for that individual joining the organisation, it is a big decision as well. It is only fair that we bring them in and show that, even in the interview process, the collaboration works.

Q208 Chair: Ms Clarke, earlier on, when Mike Rees was answering my initial questions, we were talking about staff cultural fit and he deferred the question to you. Did that not ring for you, as it did for me, slight alarm bells-that he wasn’t entirely on top of the staff cultural fit brief?

Tracy Clarke: No, it didn’t, because I know Mike very well and we work together very closely. Of all the things that impact on culture and values, tone from the top is, to my mind, one of the most important. I know that Mike sets a great tone as head of wholesale banking. Culture and values matter, and I know that, for an individual in wholesale banking who may receive an E values rating, for example, which is our lowest of the five grades, they would receive no bonus. In fact, they would probably be leaving the bank.

Q209 Chair: Funnily enough, that relates to my next question. How many staff have you disciplined for poor but not illegal conduct in the last year?

Tracy Clarke: Several-it would be several.

Q210 Chair: Are we talking about 100, or 10?

Tracy Clarke: We have 88,000 people globally, so, lots-this is for the group. In terms of ensuring that the standards around the code of conduct and the policies of the group are upheld, consequence management is always taking place. The level of sanction could be very light, which is a warning-"We understand the context; you didn’t understand the policy, so ensure it doesn’t happen again"-all the way through to the other end of the spectrum, which could be, "You must leave the bank."

Q211 Chair: Can you give me an example of something that is a poor standard that you would discipline somebody for, but which isn’t an illegal infringement?

Tracy Clarke: That isn’t illegal?

Q212 Chair: Yes. What I’m trying to get at is the difference. Clearly, if you fall foul of the compliance rules, you have done something that is a very quantitative act: you have broken the rule. I’m trying to get to the bottom of the culture-how you drive a culture of excellence within Standard Chartered. What we are trying to get to the bottom of is this: give me an example of something that was a cultural thing, not a standard thing, that you felt you needed to discipline a member of staff over, that you can’t quantify as being an illegal act, but that you can, as a qualitative assessment, say, "This is not how we want you to behave as a member of Standard Chartered".

Tracy Clarke: Okay-not being fully transparent with the facts to a compliance partner or to a risk partner. It is not illegal, but on such issues of behaviour we would take a hard line.

Q213 Chair: Deliberately withholding important data is illegal, isn’t it?

Tracy Clarke: Yes, but there is a spectrum of openness. I’ll give you another example-

Q214 Chair: How often would something like that come up? How often would you have somebody who is being obstructive in terms of revealing information which is important to the running of the bank?

Tracy Clarke: It happens, and we would take a hard line when that happens, but the whole culture of the place, which is around openness, transparency and collaboration-I would say that it happens less often in Standard Chartered.

Q215 Chair: How often? In the London office, let’s say, in the last year, how often has somebody had to be spoken to by any of you over obstruction, in terms of revealing information which is relevant to the safe running of the organisation?

Tracy Clarke: In London I cannot think of one example. I should ask Richard.

Mike Rees: I am going to give a very specific example. I am going to go back to the "here for good" example and you want a non-compliance issue. We are a signatory to the equator principles, which are about project finance lending. There is a whole set of criteria around that in terms of disturbance, social impact and local community impact. We will apply the spirit of the equator principles to any transaction, irrespective of whether we are a lender or not. So we would expect the relationship manager and the product person working on that deal to highlight to the responsibility and reputation risk committee if there are issues within the letter of the equator principles. Because it is only lending, that may not be the case, but if you take the wider spirit, even where we are an adviser, those issues would arise. So our project finance team have to look wider than just the equator principles and apply the spirit of what we are doing. That requires them to engage with the risk people and the compliance people in order to get agreement on that.

Q216 Chair: How do you enforce that? This is the difficult one.

Mike Rees: They are questions of judgment. We have to set the tone from the top on where the line is and what we expect. I go back-sorry-to the same point: "here for good" is very important to us because we are continuing to learn as well and we are continuing to lift the standards for ourselves. Our expectation is that the tone from the top is always going up. You are right; it is a very difficult communication exercise.

Q217 Baroness Kramer: Can I ask one small question? Mr Rees, you used the word "reputational". I think that is the first time I have heard it in today’s testimony. You said "reputational committee"-

Mike Rees: Responsibility and reputation risk committee.

Q218 Baroness Kramer: There is another panel that is obviously looking at board level issues, so I am not trying to take to pieces your board structures, but could you tell me where that sits and how it works its way down?

Mike Rees: It starts with the brand and values committee at the board level. Tracy, I don’t know whether you want to comment on the brand and values committee, and then I’ll comment on how that translates down in the wholesale bank.

Tracy Clarke: This is a board committee. It is chaired by one of our non-execs, Paul Skinner, and the remit of the brand and values committee is to oversee the brand, the culture and the reputation of the group. So reputational risk processes, how reputational risks are identified and then managed and escalated, are part of the remit of that committee.

Q219 Baroness Kramer: And it is separate from your risk committee?

Tracy Clarke: It is separate from the risk committee, that’s exactly right. Specific reputational risks-because, of course, reputational risk arises from any type of risk that occurs-are looked at by either the audit committee or the risk committee, but the overall process of management of reputational risk identification and management of reputational risk, and how that works, is looked at by the brand and values committee. So there are subsidiary committees that sit underneath that. So wholesale banking, in particular, have a responsibility and reputational committee, as Mike referenced, who will be looking at the types of clients that we will and will not deal with, the specific transactions that we will take on or not, the specific projects we will finance or not. Of course, there are rarely black or white answers to that. We use our brand promise of being here for good as the lens through which we will determine whether to proceed with a client or a deal or not.

Mike Rees: One of the outputs of that is that on our website there are what we call sector position statements, which are statements of intent about how we will bank some of the most difficult sectors in the world such as palm oil and nuclear, statements of the standards we will hold ourselves to. On the wholesale bank responsibility and reputation risk committee, we get involved in policy issues within the broad remit of the group, but also transactions. The compliance function, the risk function, all sit on that in terms of having a view of individual deals. Are we taking the right responsibility in doing the deals? What are the things we need to think about? Quite often as a consequence of that we will write into term sheets specific requirements on deals for environmental consultants, environmental reports, directly as a result of the involvement of those committees.

Q220 Chair: This is the nub of what we are trying to get to. Thank you for the evidence you gave us earlier, but it has been very much about a quantitative approach. It is absolutely a qualitative approach. After an hour and 25 minutes we have finally got where we are trying to get to, which is how are you driving this down? Clearly, it is important for your organisation. You talk about the same sort of stuff, but you are not necessarily giving us a real sense of how your front-line staff are absolutely embedded in this. I have described that rather badly. It is a question of how you are taking this from a board level committee and driving it all the way down to the front line.

What are the processes you have in place? You have described some of them, but it is about how you are ensuring that that culture is getting across. The culture starts all the way up there and then goes through five or 10 different lines of management-through all departments, through all the different functions that you have-and finally gets down to a person sitting at a desk in Nairobi, New York or wherever it happens to be. What are doing to ensure that the wishes of the board are being delivered by every one of the 88,000 members of staff at the front end? That is what we are trying to get to.

Tracy Clarke: It is something we have to work very hard at because it is never done. There are multiple facets to it. We have talked a little bit about training and development, with culture and values being an integral part of that, the way we behave around here. Mike talked a lot about strategy.

Q221 Chair: Do you have a secret shopper, going into your branches and pretending to be a customer?

Tracy Clarke: When it comes to compliance and control, absolutely we do. We use mystery shopping. There is a very recent example which is a much more positive initiative: we have launched the Chairman’s award, which is not about the best deal or the highest revenue earner; it is about the stories, it is about those individuals who have gone beyond the day-to-day role and done something that is really good, that really resonates with the brand promise to be "here for good". That is not just about the social responsibility aspect of "here for good". It is very much about doing something good for the customer, or doing something good in identifying a compliance issue. That has just launched globally.

There are so many facets to this. Communication is one thing that we use as a means to get to this-that is, the stories. We use dilemmas in wholesale banking. Teams of people look at a transaction or a deal and say, "How would we behave in Standard Chartered if we were really living the values and the brand promise? What decision would we take?"

Q222 Chair: Is this part of the continuing professional development? You do have a CPD programme.

Tracy Clarke: Because we are in 70 markets, it can be different in different markets. There are core elements-whether in wholesale banking or consumer banking development programme-that are compulsory.

Q223 Chair: Give me an idea of how many hours would be compulsory per year, and how many hours would be voluntary in terms of CPD? Do you monitor it that way?

Tracy Clarke: We do monitor, not in hours, but in days. I would imagine that a couple of days would be compulsory.

Q224 Chair: A couple of days out of 250 working days. Do you want to add anything, Mr Rees?

Mike Rees: As I reflect, and as Tracy said, it is an ongoing challenge. We get things wrong. As an organisation, we grow when we get things wrong. The clarity of our strategy and the brand promise we have out there pervade everything. As you said, getting down to 88,000 people and lots of people coming in and out, is a constant challenge. As I said earlier, we operate in a complex world that is getting more complex. We learn all the time.

There are things within a wholesale bank, for example, that we learn through mistakes. It is important to recognise where we make mistakes and that we talk about them and learn from them. An example would be that where we sell a single product to a client, it is inextricably more risky than a broad-based, multi-product relationship. We learned that through losing some money.

Similarly, in bringing deals to market and the reputation risk associated with the client, how do you really ensure, other than just doing due diligence, that you really know that client? We have instituted a process whereby we have to have a commercial banking relationship with any client we are going to bring to a public market for at least two years. There are always exceptions. All of those things are insights that we learned and we reflect on them and say, "What does it teach us within the strategy and how do we continue to lift the bar and ourselves around here for good?"

As Tracy said, it is never-ending; it is a continuous journey. It is the process and the mental thought and you have to keep doing that. As I said earlier, things such as quarterly reporting, regulatory developments on CVA and DVA, which bring the financial aspect closer in compromise, undermine the ability to grow as an organisation.

Q225 Chair: Andy Charlton, do you want to describe your mystery shopper checks?

Andy Charlton: We do internal mystery shopping and we use third-party agencies in eight of our largest markets in terms of consumer banking, private banking, wealth management and sales. Whether internal or external, they go in and behave as a new customer and attempt to buy a variety of products and then report back to us.

Q226 Chair: Tracy Clarke, my final question. What encouragement do you give to your staff to get professional qualifications-for example, investment analyst exams, securities and investment institute exams, chartered banking exams. Do you encourage people to do that?

Tracy Clarke: We do. Of course we have people in so many different fields. I actively encourage my HR professionals in the UK to do the CIPD in wholesale banking, or the CFA. In the finance function, it would be the chartered accountants’ qualification. We actively encourage that.

Q227 Chair: Do you subsidise people’s training costs? Are you putting money into that and giving them all the time they need in order to be qualified?

Tracy Clarke: Yes.

Q228 Chair: Do you make it a requirement that your staff are members of professional bodies?

Tracy Clarke: Our challenge is that people work so internationally. An accreditation qualification that is recognised in one market might not be recognised in another. We do tend to focus on the national qualifications to begin with, but if a Singaporean comes to work in London with a relevant qualification from Singapore we would not ask them to-

Q229 Chair: None the less, you recognise the professional bodies as a standard of excellence over and above the minimum that is required to be able to function?

Tracy Clarke: Yes.

Chair: Thank you for coming in. We obviously managed to avoid mentioning any fines in New York, but that is sub judice. I am grateful for your time this morning. We will go into private session for 15 minutes and come back at 11 o’clock. I suspect all of Citigroup are sitting behind you, having made notes. See you at 11.

Examination of Witnesses

Witnesses: Eddie Ahmed, Head of Human Resources, EMEA, Citigroup, Colin Church, EMEA Chief Risk Officer, Darren Jarvis, Chief Auditor, Citi Markets, Michael Lavelle, Head of EMEA Capital Markets Origination, and Charles Ross-Stewart, Chief Compliance Officer, EMEA, gave evidence.

Q230 Chair: Thank you very much indeed for coming to this morning’s session. You have obviously had an hour and three quarters of watching how it goes, so you will be familiar with the procedure and how we operate and pose the questions. By way of introduction, we are a Sub-Committee of the Parliamentary Commission on Banking Standards. We are looking specifically at bottom-up corporate governance, so below board-level corporate governance. Mr Lavelle, can I start with you? Sorry, I will start with all of you, if I may. If there is a risk management failure within your business, which one of you would be responsible to the CEO? Who would the CEO come to?

Michael Lavelle: Shall I start?

Q231 Chair: Why not? If you are the man.

Michael Lavelle: Not necessarily. It depends on the business and the risk. I have a regional and a global report. I report in to the regional CEO, and globally I report in to the global head of capital markets. If the risk was in my business, the call would come in to me. Would it come in from the global CEO? It depends on the nature and the scale of the risk.

Q232 Chair: So you are saying that if there is a risk management failure, it is the business end, as opposed to the control functions, that take responsibility?

Michael Lavelle: In partnership. We would be aware of it together, we would be discussing it together and we would be managing it together.

Colin Church: I would say both. My boss-the firm’s CRO-would get a call immediately. I would get a call regionally if it related to this region.

Q233 Chair: Thank you. Mr Lavelle, I will concentrate on you for the next few minutes, if I may. What areas of your business are you most worried about?

Michael Lavelle: Worried about? The environment in which we operate. The macro risks globally and the macro risks we face in Europe are our biggest challenge.

Q234 Chair: So these are market risks?

Michael Lavelle: Market risks, our clients’ concerns, our clients’ risks, how we are serving our clients, the environment in which they are operating, the needs that they have and the risks they are asking us to take. Those are our greatest concerns.

Q235 Chair: Can you elaborate on that?

Michael Lavelle: Well, what do we do, first and foremost? What is the business that I am responsible for? Providing advice and, where necessary, capital to our global clients in Europe and our European clients globally. Within that context, the operating environment that they are in, particularly in this geography, is material to what they do and what they need. With the risks we are taking, we have to take a view about the markets day-to-day, but also the environments over a longer period of time, depending on the specific risks that we are being asked to take.

Q236 Chair: What I am trying to get from you is whether you are worried about commercial risk. It strikes me that there are, in very simplistic terms, three different levels. First, there is a risk that you cannot do any business because the markets are against you, so your equity sales force suddenly find themselves sitting around with their feet on their desks doing absolutely nothing at all because the markets are illiquid-that is the general market risk. Secondly, there is counterparty risk, where your customers fail and therefore cannot pay back the money they borrowed. But you have not spoken about the one we are really interested in, which is reputational risk. How do you quantify that?

Michael Lavelle: The last one is difficulty to quantify per se, but it is arguably the most significant risk we face every day, as individuals, as a collective unit and as a company. What we have all been through as an industry has made us focus on that reputational risk every single day. That is not to say that it was not an area of focus.

Q237 Chair: But which one is the most important? I am just trying to get a sense of whether you are worried about generating revenue for your shareholders over the next year, about losing money because your counterparty assessment has not been right, or whether you care most about your reputation.

Michael Lavelle: All of the above. I do not think they are mutually exclusive. We are focused on all of the above. The environment in which we are in obviously means that volumes are challenged. For example, we have goals to provide a return for our stakeholders, but our stakeholders are not just our shareholders. We are trying to ensure that what we do is for the common good.

Q238 Chair: How do you assess risk, going forward? It is very easy to look over your shoulder and see what was risky in the past, but how do you assess what is going to be next year’s risk?

Michael Lavelle: It is very challenging. You are right that a lot of what we do from a risk assessment perspective looks at what happened historically. We assess what happened over the most recent years of the crisis. That was not necessarily always the most appropriate way to assess what might happen going forward. So we work with our partners in risk and markets to ensure that we are fully pricing and understanding what risks might be out there.

Q239 Chair: In relation to reputational risk, how do you establish a high level of conduct among your front-line staff?

Michael Lavelle: I think this was touched on in a past submission1. It all depends on who you hire in the first place, how you train and develop those individuals, how they are rewarded, how they are compensated, how they are assessed, how they progress through an organisation, how they achieve their personal individual and collective goals, and how you protect yourself against those cultures not evolving in the path you want them to.

Q240 Chair: How do you go about recruiting staff?

Michael Lavelle: Well, it is bottom up and top down. We recruit at the graduate level; that is where you try to find individuals and train them through the organisation, but we also hire at every level from managing director on down. We might have specific gaps as our businesses evolve, so that as products evolve we might have to take guys from external sources as well.

Q241 Chair: So, for example, how many people in your Canary Wharf office on your wholesale banking side would you have recruited in because they already have market share and you are looking to seize market share?

Michael Lavelle: We are not hiring people, necessarily, because it is a market-driven goal. I do not have the numbers for the whole of the wholesale side of banking, but let us take the business that I am personally responsible for. What is the percentage of those people? It is different at different levels. At the analyst level, almost 100% are hired directly from school, university and business school.

Q242 Chair: It is all graduate trainees.

Michael Lavelle: All graduate trainees. At the managing director level, for example, about a third of those individuals over time have been hired externally, predominantly from competitor organisations.

Q243 Chair: It sounds as though you take in your graduate trainees and put them into the research department. Do they then go on to the front-line desks?

Michael Lavelle: Not into the research department, necessarily. It depends where those individuals have applied and what they want to do. There is a general training programme, so they are trained in our code of conduct and the values of the organisation. They may have specific training, depending on the part of the organisation they want to go into. We are a very global organisation and we have many businesses within that context. They may already have decided at the graduate stage which part of the business they want to operate in, either from a geographic perspective or a business perspective.

Q244 Chair: The point I am trying to get to is that certainly since big bang in the City we have seen very aggressive recruitment of staff-this seems to have been a cultural shift in terms of the way banks build up their staffing levels-by firms going out and finding qualified teams, who possibly have their own existing client list, which is a very quick and successful way of grabbing market share. According to the evidence that has been given to us, you also take on people who are more loyal to the team they work for than the institution they work for, and who merely see themselves as franchisees of a bigger organisation who are working at a bank such as Citigroup rather than for a bank. The two are very different. I am trying to get to how you differentiate between the types of staff. How are you making sure that the people who are working in your wholesale banking side, in particular, do not simply see themselves as franchise holders working for you until such time as a better offer comes along, at which point they can push off?

Michael Lavelle: Let me try to answer that, again, from the point of view of the business that I am responsible for. We have not hired teams at all, that I can recall, for a number of years.

Q245 Chair: Or indeed individuals?

Michael Lavelle: Of course, many individuals. There is a very significant difference between hiring an individual and integrating that individual into an organisation and our cultures and values, and hiring in a team that bring with them their relationship. We have not done that. I am not suggesting that that has not happened across the organisation, but it has not happened for a number of years in the business for which I am responsible.

Q246 Chair: Do you make a conscious decision not to hire teams for that reason?

Michael Lavelle: It is certainly a big consideration, for all the reasons that you have raised.

Q247 Chair: And it works by hiring individuals and assimilating within a team.

Michael Lavelle: We think that is much easier.

Q248 Chair: Let me turn to the roles of desk heads-the people who run the various parts of your organisation. To what extent are they responsible for the culture of Citigroup?

Michael Lavelle: Very significantly, but not necessarily any more so than the individuals who report to them. This has to be, ultimately, a collective responsibility from the board on down, and from executive management on down, to the desks and to the individuals.

Q249 Chair: Yes, but the important point is that if you are a junior on the front of a desk, you are looking to your boss for your culture.

Michael Lavelle: Absolutely. Every day.

Q250 Chair: So how do you make sure your desk heads have the culture that you require?

Michael Lavelle: One is the culture of the organisation. Is it coherent? Do we understand it? Is the firm, at the most senior level, trying to deliver a coherent culture? We think that they are. How do they project that down to the most senior level of the organisation? In our instance, let us call them our managing directors. We have all recently been part of our annual training in that regard, and it is our responsibility to come back and ensure that one consistent message is delivered to all our staff at every level. But there is communication, and there is practice. Ultimately, it is about doing the right thing every day.

Q251 Chair: Yes, but how do you make sure they do the right thing?

Michael Lavelle: First and foremost, you do the right thing personally. I think, ultimately, I agree that your staff will look to their own line leaders to ensure they are behaving in the appropriate way. What they do creates economic value. What they do makes sense for our sort of clients. From that perspective, they are going to take direction from that. So we have to do the right thing individually and collectively. As long as we are seen to do that in our business every single day-

Q252 Chair: So you only need to be seen to do it.

Michael Lavelle: Of course you do. You have to do it.

Q253 Chair: You do not have to embed it in your culture-

Michael Lavelle: It has to be both. One can have a code of conduct. If people do not operate that themselves, individually, every single day, ultimately they are words on a page.

Q254 Chair: What sort of mentoring process do you have for your staff?

Michael Lavelle: Very significant. Some formal, some informal. We informally mentor people within business, but also outside of business, too. Many individuals will like to have a mentor who is not directly responsible for them. They feel like they can have a more open discussion and communication, and that can be anything from long-term career planning to a specific individual issue.

Q255 Chair: And you will do that for managers as well as-

Michael Lavelle: Absolutely. At every level.

Q256 Chair: Your board has a fiduciary duty to your shareholders. Can you explain what that means, in the context of Citigroup?

Michael Lavelle: I am not sure I am best qualified to answer that specific question.

Q257 Chair: But how do you see it? You are running a division. How do you see that fiduciary duty?

Michael Lavelle: At global board level?

Q258 Chair: Yes. But also from your point of view.

Michael Lavelle: How do I personally interact with the global board?

Q259 Chair: No. How do you see your fiduciary duty to look after your shareholders? How would you interpret that, in terms of your role?

Michael Lavelle: Again, we talk about our stakeholders: we have our shareholders and other stakeholders. But, again, what is the common good? Ultimately, from the director of our board, on down, it is what you do every day. One, does it create economic value? Two, is it for the common good? And is it responsible? Ultimately, my individual fiduciary responsibility is to behave in that way every day, and to project that to my partners and my team and to behave in that way for our clients.

Q260 Chair: And how do you make sure they do that?

Michael Lavelle: Again, one can take individual responsibility and you can ensure that there are appropriate processes, such as training and development, for the sort of people that work with us.

Q261 Chair: We have heard from some witnesses that requiring banks to have a legal duty of care for their customers may help to drive up standards. What is your view on this?

Michael Lavelle: A legal duty of care? Ultimately, we are in the long-term client advisory business. There is significant competition in our industry. Our clients make their own selections as to who they want to do business with. I am talking here about the corporate level, rather than at the consumer level. From a corporate client’s perspective, if we do not behave in the right way, if we do not provide value-added advice and if we do not think about the long-term interests of our clients, as opposed to our short-term interests and revenue-generating transactions, they will not do business with us. Whether we have a legal duty of care in that regard, they would expect us to do the right thing.

Q262 Chair: So you are saying that competition is everything.

Michael Lavelle: No. Quite the reverse. I am saying that we are in competition, but ultimately we are in competition for our clients’ attention, and if we do not give them appropriate long-term attention, they will not ultimately want us to be a relationship adviser for the longer term. Again, if we were providing business that was short term and revenue generating, from our perspective, and that was seen to be as such and was not in their long-term interests, they will bring their business and ask for advice from others.

Q263 Chair: We heard from a witness last week that Goldman Sachs has some questionable reputation in terms of its aggressive behaviour and the way that it sometimes appears to have a conflict between the interests of its customers and the interests of the bank. But at the end of the day, Goldman Sachs will always manage to secure huge numbers of customers because they want to have the big bully bank on their side, rather than against them. Therefore it legitimises a deal. What would you say to that witness who made those comments?

Michael Lavelle: Well, I do not think I should really comment on a competitor and their practices. I can only focus on Citi and how we do business. We want to be-

Q264 Chair: Would you try and avoid doing business the way that witness described Goldman’s?

Michael Lavelle: We want to provide long-term advice to our clients.

Q265 Chair: I suspect Goldmans do. None the less it was suggested to us that they still have a colourful reputation.

Michael Lavelle: Again, I can only focus on Citi and what we do and who we work with, and what advice we provide.

Q266 Chair: In your written evidence, you talk about the five Cs: clients, capital, control, costs and culture. Why is culture last?

Eddie Ahmed: Maybe I can take that question. It is actually not last. It may appear that way in the submission, but it is not last. If you see some of the scorecards that we are coming up with in terms of how we are going to evaluate our senior people, and their direct reports, and then trickle those scorecards down, culture and control sit at the top of the scorecard. They almost sit by themselves before you get to the other three. In many cases, they are pass and fail, so you almost have to get that right before you start talking about the rest of the Cs. It may appear that way in the submission, but we do not do that in terms of how we evaluate somebody’s performance.

Q267 Chair: Okay. You guys have a two-day programme on the five Cs. What did you take away from that two-day programme? You have done it, I take it?

Michael Lavelle: I have, as has every managing director of the organisation, I should point out-we all have. The firm-it is a very large organisation-is trying to make it very clear to the managing directors of the organisation what values make sense for Citigroup today and for Citigroup for the future. They are asking us very clearly to ensure that we behave that way every single day and, importantly, that we communicate back to all our teams and businesses that they expect the entire organisation to behave that way today and going forward. That was my takeaway. We are trying to create a very clear common culture, which we accept is difficult in an organisation of our size.

Q268 Chair: With your staff who are business generators, what changes have you made to performance-related pay to take into account the five Cs?

Michael Lavelle: Well, there’s been a significant change in how people are compensated in the industry overall, both in quantum and structure, in part in reaction to regulation and in part in reaction to the business that is practised. Again, when our individuals are assessed, yes, they have individual goals, as individual goals may be revenue goals; those individual goals may be client goals.

Q269 Chair: Describe a client goal. Are you trying to win more clients?

Michael Lavelle: An individual might have a specific responsibility to cover a certain geography, a certain sector, or a certain client set. We might ask to ensure that there are certain clients within their remit where we have a relationship-an advisory relationship or a transactional relationship-or where we have market share goals within a certain product or a certain geography, for example. That would be part of their assessment. We look at that over the long term. If you are giving long-term advice, there will be periods in which there is little activity for a client and periods when there is significant activity, depending on their own needs in the capital markets.

Q270 Chair: And how does that fit in with the five Cs remuneration?

Michael Lavelle: Because, again, you are taking a long-term view of people’s career progression so, yes, there will be revenue goals, but there will also be some cultural goals.

Q271 Chair: But how do you quantify that? It is easy to say to someone, "We will pay you 20% of the non-risk business you generate," with a base salary.

Michael Lavelle: To be very clear, there is no direct correlation with compensation and revenues.

Q272 Chair: I appreciate that. I am using that as an example to try to get you to explain. Let us say, for example, that I was not a Member of Parliament-I was still back at Bear Stearns-and you were trying to recruit me to come to Citigroup because you think I am brilliant. What would you be saying to me today in terms of what I could expect to be paid by you?

Michael Lavelle: Well, I wouldn’t- Let me be clear: I have not had that specific conversation with people. That is the last point of the conversation. We are discussing role and culture. I have not had a single conversation with somebody I have interviewed to come to Citi in recent memory where I have said, "Here is what you will be paid."

Q273 Chair: Eventually, there will come a point where the individual will want to know-

Michael Lavelle: It is important to understand that it is the last part of the discussion, not the first part.

Q274 Chair: Sure. What I am trying to do is to get to the bottom of how you are balancing the remuneration.

Michael Lavelle: Understood. Let me try and go back to the individual and how they are individually assessed-who assesses them. Let us start with that. They will have a broad-based assessment from partners in the business, from partners outside the business, and from partners around the world. Again, this is not about one individual saying, "I have worked with individual X or Y. They have produced excellent-"

Q275 Chair: So you are looking at their market presence and their reputation.

Michael Lavelle: Their market presence and their reputation-and, by the way, their internal and external reputation, their long-term advisory relationships and the value of those relationships over time.

Q276 Chair: So how do you structure the remuneration package?

Michael Lavelle: It is multi-faceted. Again-

Chair: Share it with us.

Michael Lavelle: I can certainly go through the detail of that from a human resources perspective. There are very clear metrics in that regard. I can address the specific question about individuals within the business.

Q277 Chair: Can you go through the metrics?

Eddie Ahmed: May I comment on that?

Chair: Yes, please.

Eddie Ahmed: If you go back to the scorecard that I was talking about, many of our individuals, particularly at senior levels of the organisations-and also those we would define as material risk takers, who can actually impact the franchise quite significantly-would go through a calibration process involving human resources, with several people and their departments sitting around this table in terms of control functions. All that calibration would then lead to an assessment of whether we are paying an individual the right amount of money.

There are instances in which we would say, because of the process we have gone through, through the control functions-individuals around this table-or through human resources, that we don’t think the level of compensation being recommended is appropriate, and that compensation would come down. There is a structure for how we assess people that should then translate into individual remuneration.

Q278 Chair: So you go through all the trouble of interviewing somebody, and from that point you will evaluate what their base salary should be. Is that right?

Michael Lavelle: The base salary is part of their compensation package.

Q279 Chair: And the performance incentive is based on what?

Eddie Ahmed: This is what I was referring to. The process I referred to was on the variable side of the compensation, not just the base salary.

Q280 Chair: Yes. So how do you come to that? It must be somewhere in a contract that the guy has an expectation of what he is supposed to be doing.

Eddie Ahmed: Yes.

Chair: And please tell us what that is.

Eddie Ahmed: If we hire somebody, in their contract there will be a description of what their job is, and a base salary. There will be no suggestion of expectation of compensation in the contract. There separately-not in the contract-will be set a number of goals, and those goals will be set on individual performance, based on the divisional objectives, as well as the five Cs that we are trying to promote. We then assess that individual through the calibration process I have just described, at the middle and the end of the year, with HR, the business, and control functions around this table involved, to determine what the final compensation number should be.

Q281 Chair: But it could be a perfectly reasonable scenario where you have an extraordinarily high-performing individual in terms of generating revenue who just isn’t a particularly nice person. How does that fit with the culture?

Charles Ross-Stewart: If I can just jump in there, in terms of the contribution to the process that some of the risk functions play, there is, for example, the compliance function, which I head. We go through an exercise, both mid-year and at end of year, with the material risk takers that Mr Ahmed referred to-a list of 300-plus people within the region-where we, as compliance, discuss among ourselves whether we think any of them have displayed inappropriate behaviour in any way. That then goes into a process that is discussed at the remuneration committee, where the input from other risk functions-for example, risk-will also be taken on that individual, and if there is a feeling that any individual has not displayed the right behaviours, that will lead directly to a result on their compensation.

Q282 Chair: And how will that manifest itself? I am finding it incredibly difficult to scrape through the opacity of your responses. An individual going along to work at Citigroup will expect an amount of money-the base salary, and then a bonus. We keep reading about these colossal great bonuses. They must have a rough idea of what is expected of them in order to perform well. Is it to do with origination or with ongoing client servicing? Is it to do with just being a decent bloke at the awayday weekends? How are you getting to the bottom of this and deciding how much you are going to pay somebody?

Michael Lavelle: Perhaps I can make one observation. The very large, significant majority of people we pay every single year are not being hired from the outside, and nobody-

Q283 Chair: Sure, but you did say you hire a number of people.

Michael Lavelle: Occasionally-we said occasionally. And of course there is always a need to continue to grow as an organisation, and we can do that both internally and externally. But again, the large majority of people, as part of their ongoing annual assessments, are not external hires. So, how are they paid? Again, we have discussed this: it is all the above, on their individual goals, which, depending on the business they are in, may well be revenue generating or market share goals, or they may well be client relationship goals.

Q284 Chair: So if you’ve got somebody who doesn’t generate any commission, but is a decent person who is going out and saying to people, "Actually, this is a really bad deal. I have been told to sell this, but I think it’s rubbish," you will reward them for that.

Michael Lavelle: First and foremost, I hope we are not out there suggesting that they should be selling products that are rubbish. One would assume that we are out there giving good long-term advice. To answer your question differently, are there individuals, in the context of a long-term career in the relationship business, who will have years when they are not generating revenues but maintaining relationships, because it was the right thing to do, and will they get paid? The answer is yes. Absolutely they will.

Q285 Chair: Institutional equity salesmen at the moment-the ones I keep bumping into-are having a really rough time because they can’t generate any business. Someone was saying that equity revenues are down to about 10% of what they were a number of years ago. But you are still quite happy to pay them at the same level as you were five or six years ago, on the basis that they are maintaining a long-term relationship with those investment managers and at some point in the future the revenues will pick up again. Is that what you are saying?

Michael Lavelle: No.

Q286 Chair: Well could you please explain how it works? If revenues have dropped for non-risk equity agency brokerage, how are you incentivising your staff to stick around and carry on with Citigroup and develop these long-term relationships?

Michael Lavelle: Again, I might ask Eddie to help me with some of the specifics.

Q287 Chair: And how many equity salesmen have you sacked because of the drop-off in the business over the past couple of years?

Michael Lavelle: I am not responsible for the equity sales force directly, so to be clear, the answer is: it is a significantly smaller business than it was one, two, three or four years ago. So of course we react to external factors.

Q288 Chair: And presumably when your colleagues on the equity side of it have got rid of staff, they have been looking at their ability to generate commission first, haven’t they? They have to, because you have a fiduciary duty to your shareholders.

Michael Lavelle: It is a factor, of course it is.

Q289 Chair: But how big a factor? I am sorry to be really pressing this-I know I’ve been at it now for the best part of 20 minutes-but this is what people get very upset about. People are very worried that the culture of organisations such as yours is generated entirely on the basis of commission revenue or income revenue, and that therefore that is how they are going to get paid. You’re sitting there saying, "No, no, it’s nothing like that at all. It’s all about the five Cs." We are not getting any sense of how you’re evaluating it.

Eddie Ahmed: Maybe I could comment on that.

Chair: Please do.

Eddie Ahmed: In regards to the business you have mentioned, that is a much smaller business. It has been restructured significantly across the industry. When we look at revenues, profits, risk and how we determine the compensation pools, we start with risk-adjusted profits. We don’t start with revenues. We look at the market in terms of what market pay might be for a particular individual, but we then look also at what the affordability factor is within the firm. Then we also look at additional risk factors that go into the potential concentration of risks, or how a business might be using the capital of the firm. We take that into account and have a charge for that, which might diminish the amount of money available for the compensation pool.

Once we are done with all that, we make a judgment call as to whether the pool itself is the right amount of money. That pool gets signed off by the P and C-the personnel and compensation committee-of the board. So the board eventually signs off, saying "Yes, we believe the pool has been properly assessed in terms of market factors, risk-adjusted profitability and other risk-mitigating factors, and the pool is right." That is how we start off with the overall sum of money we might be able to pay out, and then we go into the individual assessment.

Q290 Chair: And how does the individual assessment work?

Eddie Ahmed: We start off with goals. The goals could be driven by the business. They could be goals driven by controls, or goals driven by risk, particularly at the senior levels of the organisation. The material risk takers, as I have mentioned, will have risk and control goals as well, in terms of their businesses. We have those goals. We assess-

Q291 Chair: Could you describe a risk and control goal?

Eddie Ahmed: Yes. We will have a scorecard for individuals-as you said, the five Cs. Those five Cs will have risk, the controls and culture at the very top of the scorecard. There will be several factors in terms of how we manage risk in the business, risk-weighted assets and the capital being used. If there are risk losses, we will be measuring those risk losses. Those would be on the scorecard, and each individual will be assessed on them.

Q292 Chair: So these are a quantitative type of assessment.

Eddie Ahmed: Yes. Those are the risk factors-the control factors-and the culture is more of a pass and fail. There are some aspects of risk that might be pass and fail as well, but there are many aspects of culture that are pass and fail.

Q293 Chair: So who decides whether that individual’s culture is worthy of remuneration?

Eddie Ahmed: There would be a calibration process at various levels of the organisation-HR is always involved.

Q294 Chair: Is it 200,000 members of staff?

Eddie Ahmed: With the calibration process for someone’s year-end performance and then the remuneration associated with that, HR would be involved across the entire board. But at the senior levels, again with the material risk takers that we are talking about, compliance would be involved, as would risk, and there would be an independent assessment of the compliance factors-risk factors-of that level of the organisation.

Q295 Chair: I am still not clear as to how you convert a nice culture into pay.

Eddie Ahmed: I think you have to start with the top-how you define the culture-

Q296 Chair: No, no. You have talked about that. I am trying to get down to the front line. So now you have got a desk manager with a team of-I don’t know-10 or 15 guys who are out there originating business and bringing in business. How does that team get paid a bonus? Assuming we have gone through all the remuneration panel, and all this kind of stuff, when it comes down with a bonus pool that has been allocated on a desk-by-desk basis, who is the individual who is sitting there looking around at the team in the room next to them deciding who is going to get what bonus? How does that work, and what are they basing it on?

Eddie Ahmed: Ultimately it will be the head of the business-so whatever business we are talking about-but there will also be HR involvement. There might be independent market consultants looking at market pay for a particular job.

Q297 Chair: So you are getting consultants at a desk level-at an individual level?

Eddie Ahmed: It depends on the seniority of the individual. It may not be at every desk level.

Q298 Chair: But we are still sticking with this specific element: you have a desk leader and a team of 15 guys. How are they being allocated? How is the junior guy on that desk getting a bonus?

Eddie Ahmed: It will be in the chain of command, and ultimately signed off by the business head, in conjunction with assessment by human resources and depending on the level-

Q299 Chair: And the desk head?

Eddie Ahmed: Yes, absolutely. HR would be involved at the desk head level as well. HR would be involved at all levels, and depending on the level of revenues or risk being taken by that desk, that particular individual might be defined as a material risk taker, and therefore compliance and risk would have an independent assessment.

Q300 Chair: And part of that debate will be-could be-"This guy has not performed very well this year, but he is the type of bloke we want to have in our organisation and he may be a good manager in the future." Could that be?

Eddie Ahmed: Yes.

Q301 Chair: And you would reward somebody to make sure they do not get poached.

Eddie Ahmed: We would reward somebody based on the factors you have indicated. There would be a discussion of whether we should reward somebody, but if they have had some risk issues, or they have had some behavioural issues, then absolutely compensation would be impacted negatively.

Q302 Chair: So if I was sitting having a drink in All Bar One in Canary Wharf later this evening and I bumped into one of your wholesale markets guys and said to him, "You know, I just had your boss in here today. He says your bonus is dependent entirely, or pretty much entirely"-notwithstanding all the other kind of stuff-"on whether you are decent bloke or not and you have high cultures," would he say, "Yes, he is absolutely right," or would he say, "Yeah, like hell"?

Eddie Ahmed: I hope he says that the culture is changing-that he has understood exactly what we are doing with the five Cs, and with our four key principles, responsible finance being one of them. I hope he would say that the managing director who runs the desk or the business came back from this managing director session, cascaded all the principles down to the desk level, and that then he was asked-that particular individual you were having a drink with-to cascade it further down to people who report to him. So I would hope he says that.

Q303 Chair: How do you make sure he says that?

Eddie Ahmed: Well, through the assessment process at the end of the day. Because we are involved throughout the assessment process at the mid-year and the year end, these factors should come out.

Q304 Baroness Kramer: I am just going to ask one question, before I go on, that is somewhat related to this. I was at Citibank for five years; I am not sure if that is a declaration of an interest. It was in Chicago in the late 1980s and early 1990s. I am not sure that is particularly relevant to this conversation, but I declare it. What I am struggling to understand is this. If you look back at Citibank over the last few years, the words "frying pan" and "fire" might come frequently to the tongue. There have been a lot of issues and a lot of problems. I think what we are trying to understand is: you seem to be proposing a change of culture. I am not sure I understand how you are driving change through to the individuals you originally recruited on a very different basis. Could you try and help me understand that?

Eddie Ahmed: Would you like me to take that?

Baroness Kramer: I don’t mind who the willing victim is.

Eddie Ahmed: Maybe I will start, and my colleagues can join in. Again, I think the important thing is that the culture is changing; that we have articulated a different series of principles that we feel should transcend all levels of the organisation.

We are starting with the top of the house, with the managing directors. We have taken everybody through those principles-and, by the way, these sessions are leader-led, so our chief executive is leading them, our chief risk officer is leading them, our head of human resources is leading them. We are not outsourcing them to a third party, to come in and talk to us about culture. We are asking this leadership level to cascade it further, throughout the organisation. Next year we have a formal cascading process-we are taking all of our next tier of managers through it. We have leadership programmes in the firm-we call them leadership 1, 2 and 3-for different levels of managers; 53% of all of those managers have now gone through these programmes across the world, and our objective by the end of next year is to have 100% of our managers go through these programmes. That is how you instil a different level of culture and cascade it throughout the organisation.

Q305 Baroness Kramer: But I think you would accept that, for people who go into an industry like banking, how you get paid is a hugely important element of your motivation, your loyalty, the way you function: your expectations, if you like, centre very much around, essentially, what that base or base-plus bonus will be. If you are driving this change of culture, how have you fundamentally changed the way in which you compensate people? I think we can all agree that historically, it would have been very much tied to revenue, possibly even 100% tied to revenue for variable pay. How are you changing that, and how does the guy down on the line understand that that has changed? Or has it?

Eddie Ahmed: Well, we are changing it, partly through the process I have just articulated-

Q306 Baroness Kramer: That was all very high level.

Eddie Ahmed: Well, it comes down to assessing individuals on that same process and then rewarding them and making sure that they understand, through cycles of compensation, that it is not just revenue driven; it is driven on profitability, and that is the risk-adjusted profitability, and there are other factors to it. The more we do this, and the more cycles we go through, the more it will transcend itself throughout the culture of the firm.

Charles Ross-Stewart: I think it might be relevant to add that, when we talk about the goal-setting process for individuals, it is not just individual goals, i.e. what they are expected to achieve: they also have goals about how to achieve those. It is not just what we do, it is how we achieve those, and those "how do we do it?" type of goals are very much around behaviour and individual behaviour. Those are specific goals that are set for individuals. That is how you drive it down to an individual level. They are assessed against those goals at the end of the year.

Q307 Baroness Kramer: Clearly, what is going to be very important in this process is the assessment of risk. Perhaps I could ask Mr Church a bit more about that. You sit there and presumably have to define the risk profile that your organisation has to live with. What would you say are the three most significant issues that you address?

Colin Church: This is in terms of the risk framework?

Baroness Kramer: Yes, the risk framework.

Colin Church: The first one is defining the risk appetite. Risk capacity is a long way away from our talents for risk appetite. Risk appetite comes from our perception of what the long-term sustainable net income in a particular business would be. From there, we gauge that relative to what we could see a one-in-10-year stress to be, or maybe something more dramatic than that-a 40-year or 50-year stress. We look from a variety of different angles. That decision is ultimately at the board, but we have a process of taking that down the various streams into the regions and into the legal vehicles, in fact.

Q308 Baroness Kramer: What role does reputational risk play in all of that?

Colin Church: It is an essential role, but that is a collaborative responsibility. Risk management, and anybody in the control process that is very much the first line of defence, is responsible for reputational risk. It is not lost on anybody that the biggest losses in the industry in the last few years have not necessarily been in market risk or traditional credit risk-it has been more around operational risk and reputational risk issues.

Q309 Baroness Kramer: I guess I am struggling with that slightly. It sounds as though you treat that as something completely separate from your core risk appetite analysis-reputational risk is something on the side.

Colin Church: It is a different process. It lends itself less to outright quantification. We have many processes to manage reputational risk and escalate those issues, formal and informal. It relates to the characteristic of the risk. For instance, we will have a commitment committee for underwriting risk. We will have a new product committee for new products, to make sure that all the control functions and businesses are appropriately involved. We will also have a retail distribution committee that will look at those types of issues. Each one of those will have a difference texture of risk and a different series of questions.

Underlying all that, if you go back to the cultural question, the first question that always gets asked is the substance question: "What does this transaction do for the client? Are there other constituents that would also have an interest or potentially be involved?" That is the first hurdle, and then how we influence culture is that every time somebody brings us a transaction or business proposition, that is the first question. The second, which is a little different in pockets of the business in the industry, is: "Is there return on that business? We are committing capital to this, so what do we think the long-term return is going to be?" It is not just a gross revenue number or a league table number; it is a question of how much capital we are committing and whether there is an appropriate balance of risk and reward.

Q310 Baroness Kramer: Perhaps you could also help me to understand how this moves upwards from you, because as I understand it, you report directly to the chief executive.

Colin Church: To the chief risk officer globally.

Baroness Kramer: To the chief risk officer who then reports up to the CEO.

Colin Church: That’s correct.

Q311 Baroness Kramer: The reason I ask is that you will be very much aware of the concerns raised by Sir David Walker, whom I think essentially took the view that to report up through the CEO or CFO is asking for trouble. The risk element of the organisation should get very direct access to the board without being mediated. Could you explain how what you come across gets to the board?

Colin Church: I can, and I can explain that it is probably more relevant at the global level and to my boss’s interactions. He’ll have direct interactions with the board. We have a board committee that focuses on risk in finance. He will have systematic interactions with that committee, they will seek him out individually, and there will be informal interactions. This is quite a personal view, but it is quite important that the CRO is perceived to have the direct backing of the CEO, and I think that is one of the most notable changes at Citigroup. My boss would be perceived as one of the most important people in the firm these days; that wasn’t always the case.

Q312 Baroness Kramer: Okay. I suppose it is a bit unfair to press you because you are removed from that level, but your route upwards would definitely be through the risk chain of command?

Colin Church: That’s correct.

Q313 Baroness Kramer: Not through anybody operational-not through Mr Lavelle or anybody else in your current organisation?

Colin Church: No.

Q314 Baroness Kramer: So, if you make an assessment that risk standards are not being met, how do you then hold the particular business to account? Do you have to go up? Do you go across? How does that work?

Colin Church: I would inform up, but the first one would be across to the regional head. Over the last few years here, in a rather lively environment, that has been a very productive process. The regional head has been very supportive and shares a common interest where we feel we need to intervene. It is not really so much on the standards; it is really on the risk appetite level that we have had most of the interactions. Things have been moving very fast and rapidly in the region in terms of the dimensions and complexities of risk, and we have had to adjust the portfolio pretty dramatically. That has been a painful process, but I have very much had management backing, both at the regional level and, frankly, at the global level as well, from the CEO.

Q315 Baroness Kramer: Obviously we have heard people talk about the difficulties in trying to anticipate the unknown unknowns, but how do you reduce that scope? You have discussed risk appetite, and we constantly go back to a very quantitative view, so by definition the framework is very narrowed once it is focused around risk appetite. How do you deal with what falls outside of that scope?

Colin Church: I very much share those concerns about being overly quantitative and about backward-looking measures. You confront that at a number of levels. One of the things we did was to bolster the senior management team to have multiple dimensions of risk, so we now have regional in addition to business oversight. We also have specific expertise in fundamental credit and real estate. So for any major decision we will have four to six pairs of eyes of experienced professionals-most of these people have actually worked in the business. Really, what I am describing is a judgmental process on top of all these tools. We are also very conscious of putting people in the line who are sensitive to the limitations of these tools.

Lastly, I would highlight that some of these tools can be very much forward looking. I described a risk appetite process, part of which is ex post or backward looking, and part of which is ex ante, where we will highlight new scenarios-Asian crisis, or a drop-off in Asian economic activity, is one that we are currently looking at-and then we will, judgmentally, calibrate around that and ask ourselves the question: what does that do for the portfolio?

Q316 Baroness Kramer: How is this different from what you have done in the past?

Colin Church: Well, a number of things are different. One is that risk has been dramatically empowered from where it was in the past-literally rearranging the board with expertise, a risk committee, the CRO being one of the most important people in the firm from a stature point of view, enhancing the leadership group materially with some very significant hires, and also investments in tools.

I would say that the most important tool is a risk capital model that allows us to implement and push down this risk appetite decision to the most granular of levels. We are in the process of iterating that, but again that is a fundamental change. Rather than the old question in many parts of the firm being a revenue question, it is now a risk-return question, which gives us the lever to have those conversations and to push it down so that the business has to compete for resources among itself, rather than always coming to risk for that decision.

Q317 Baroness Kramer: So as you look downwards through your chain, how do you see the relationship between those who report on up to you and the operational individuals who are on the front line at the coal face?

Colin Church: I see them as equals in terms of stature and authority. I see them as partners when it comes to getting a collective decision around any particular risk decision. One of the problems I felt in risk was that it had become too aloof and too non-engaged. You need that engagement, but you also concurrently need absolute accountability. When you break up from a decision-any decision that is made in risk-risk absolutely owns. It is not collaborative; it is a decision that you signed up for. One of the things that my boss made very clear to me was that any risk decision in this region, I modelled for, so that makes it very clear.

Q318 Baroness Kramer: I am really not quite understanding. It sounds like there is a tremendous blurring of the front line and the second line from what you are describing. It is a very collaborative effort, so if you are on the front line, perhaps you have been working closely with whoever is doing risk management within your area. Therefore, when it goes wrong, it is a fairly diffuse responsibility, isn’t it?

Colin Church: No, not at all. I think we look at this in very sharp lines. It is important we communicate with each other-that they know how we think, and that they know what would be approved and what would not be approved. Ultimately, as we have described, we have a completely independent line of responsibility and accountability. The answer is that, if we are uncomfortable with the transaction, we just say no; it is not a negotiation.

Michael Lavelle: Let me try to help with that particular perspective as well, if I may. Ultimately, there are continuous dialogues among the business and among risk and other control partners about the business we want to do and about individual transactions. There will be a point where there are multiple conversations, where risk will just say, "No, no and no," and it never gets beyond that point.

There might be a sort of continuum of work, where we say, "Actually, if we were to do this, this and this, that is something that we might want to consider"-in other words, that we might need to put additional risk architecture around a certain sort of process. That will then evolve up through the organisation. We might then get a collective recommendation from the business that this is what we would like to do, and it may or may not be approved by risk. There are many examples where the business wants to do something, and risk will say no.

Q319 Baroness Kramer: I am trying to get to this: back, as we could say, in the bad old days-I do not know how much they have gone-if you are on the front line, you are being remunerated essentially by how much revenue you bring in. What you obviously do is to gain the risk process, and I think one can say that many people did that extremely successfully. What is it now that makes it difficult or impossible to gain that process? What you describe does not seem to catch that particularly well, or am I not understanding it?

Michael Lavelle: Shall I try with that, Colin?

Colin Church: Go ahead.

Michael Lavelle: Again, first and foremost, each individual has limits and each business has its limits, so we are managing within that limits framework. I would argue that the architecture around that is now significantly more substantial. Let us assume that we do business that the firm wants to do, that risk is signed off on and that that is appropriate, there can be an economic loss attached. Even though it is something that we wanted to do and that we thought made sense for our clients, we lost money. Will there be a consequence to that? Yes, of course there will be; but, ultimately, it was still business that we wanted to do individually instead of collectively.

In the compensation process, there is a look forward and not a look back in the context of what business was done, whether it was profitable for the organisation or the stakeholders, and there is a clawback mechanism over time in the event that either an individual transaction or an individual business or collective unit of businesses was found to have lost money as a consequence of those decisions that were taken some time ago.

Q320 Baroness Kramer: Okay. I will ask one remuneration question and then let it go. People of equivalent level, in terms of hierarchy-that is on the risk side or on the operational side and looking at the transaction of the kind you have just described-are they equally compensated or differently compensated?

Colin Church: I would say differently compensated. I am not reviewing both people’s compensation one by one. Risk tends to be much more base-pay orientated and less incentive orientated. Also, in terms of the volatility of this over time, it tends to be linked to qualitative goals of a risk nature. The career path tends to be of a long-term nature. We have many people with very long tenure experience level in risk-intentionally-for that reason. So a lot less volatile and tied to different things-that is how I would answer that question.

Q321 Baroness Kramer: So the incentive is quite asymmetric in a sense.

Michael Lavelle: It can be for people in the business. There is no question that revenue generated-also revenue profitability achieved over time-is a factor in their compensation.

Q322 Baroness Kramer: And how would each feed into the other’s appraisal? Would your risk person have an impact on what the pay levels might be-

Michael Lavelle: In the assessment, absolutely.

Q323 Baroness Kramer: What about the other direction?

Michael Lavelle: If it was specifically requested, of course. We would expect our professionals to be assessed by risk. It is not absolutely necessary that risk professionals be assessed by people in the business. More often than not, they would ask for that to happen, of course. You can provide both formal feedback on individuals and informal feedback, depending on the role.

Baroness Kramer: Maybe later on we will explore more on that process.

Q324 Chair: Mr Church, may I follow up on something Baroness Kramer mentioned about the blurring of the line between the first and second lines of defence? Mr Ross-Stewart, you might want to leap into this one as well. In evidence last week, it was suggested to us by an anthropologist-as opposed to a technician when it comes to banking, but none the less a very interesting comment-that a trader could come up with a product which was absolutely fantastic, and the important point was that it would make money for the bank but stayed within all the rules. This anthropologist said of the trader: "He probably went to all his compliance people and ticked all the boxes. Most traders talk about compliance as box ticking, or hurdles. They have externalised ethics: once you have got past the priest, you are fine." What do you say to that, that the second line of defence is all about reinforcing the first line of defence-the ability to go off and do whatever they like once the ethics question has been taken over by either the risk department or the compliance department? Either of you can go first.

Colin Church: I think it is absolutely essential that the first line of defence knows that they are absolutely accountable. That is one of the things that we are extremely sensitive to in the risk decision making. If there is a problem, then we are both accountable in our own ways, but the primary responsibility has to be at the point of origin, at the coal face.

Charles Ross-Stewart: Yes, and in terms of the point about box ticking, I think that is a very historic view of compliance. The role of compliance functions has changed significantly, and we are now really embedded at all levels of the business so, from the top of the house right down to the day-to-day desk level, the compliance representatives are involved with all the business decision-making processes, whether just on the product approval or transaction approval committees that we have discussed, at the reputational or escalation committees that we touched on, or even at the operating committee for the region and then globally. So I think that the permeation of the compliance function throughout the business is changing that role completely.

Q325 Chair: Give me an example of how that works on a front line.

Charles Ross-Stewart: To take the example of a product that came to a new product approval process, this was a product that had been developed in conjunction with an institutional client and there was a discussion about whether that, or some variant of that, might be suitable for retail customers. Compliance, as well as other risk functions, were very firmly of the view that it was not suitable for retail customers just due to its complexity. And there comes a point where, however much disclosure or description of a product you create, you should not be selling something too complex to retail. The product was abandoned at that point.

Q326 Chair: How do you stop that-it is quite interesting that you talk about the cross-contamination of the culture as we are seeing a great deal of that with the so-called interest rate swap selling to SMEs. Are you involved in that at all?

Charles Ross-Stewart: No, we do not cover the SME market, so it is really not relevant.

Q327 Chair: In that case, I might stick with this example because it is useful and neutral. What has happened is that you have a situation where there is a perfectly acceptable product, designed for corporate treasurers at something like BP who are going to go and spend billions of pounds exploring in Alaska, let us say. What happens is that that very legitimate product gets morphed into something that is kind of okay for an SME-we all talk about fixed-rate mortgages, so we are all familiar with that, but this is slightly more complex-and eventually this crosses a divide.

Of course, the problem you now have is an incentivisation problem with the SME account handler who now feels he has a product he can sell. He can even link that product as a condition to a loan but, importantly for him, that individual has now found that the cornucopia of bonuses has opened to him, and he suddenly realises that he can start to do a little of what the guys in Canary Wharf do and he starts to go off and sell the product.

As I said, this is slightly hypothetical, as I appreciate you do not have that, but that illustration highlights the kind of cross-contamination you can get from one side of a business to another. How on earth do you avoid that type of cross-contamination where you are selling things to fundamentally the wrong clients?

Charles Ross-Stewart: It really boils down to the appropriateness of a class of products for a class of investor or end user, but also an individual assessment on a client-by-client basis of the suitability of that product for that client. Those are concepts that you will be very familiar with. We feel that there are certain products that are not appropriate for certain categories of clients, but we also do very extensive analysis of needs and appetites on an individual level, so it is both-

Q328 Chair: But you could hypothetically get the situation where-I am not going to go for the obvious question of a salesman being incentivised to sell a product-a salesman could be incentivised to develop a long-term relationship with a customer by demonstrating other products that your organisation sells. Therefore, it could be argued by that individual that they are merely extending the range to the customer, trying to develop a much more long-term relationship with them, but actually at the same time they are presenting a completely unsuitable product to that customer with a different incentive.

Charles Ross-Stewart: I am not really clear about the question you are asking me; I am sorry.

Q329 Chair: Okay. Were I a salesman at your organisation who was selling something as simple as straight equities to a customer that I knew understood straight equities, and I had been persuaded at great length by Mr Lavelle that, actually, the sale was very little to do with my ability to raise revenue but was actually more about my long-term relationship, I could turn round and say, "Here’s a fantastic product on interest rate derivatives which you really ought to be looking at in order to try and rev up your investment trust. Speak to us-it’s a great way to develop a long-term relationship with Citigroup." That, at the same time, would be a completely wrong thing for that individual to be engaging with.

Charles Ross-Stewart: I think the first responsibility of any person in a sales capacity is to know their customer, so it really depends on the customer and what the customer’s investment or liability management requirements are. If it is an investment customer-you mentioned earlier investment trust or mutual fund-and we are primarily selling them equity strategies, then it is the responsibility of the salesperson to understand what the limitations of that particular fund are in terms of what it can and cannot do.

Q330 Chair: Are you seriously telling me that all your account handlers know the detailed ins and outs of every single fund that they are advising on?

Charles Ross-Stewart: I would not claim that they know every detail of that, but they are absolutely required to know what the investment objectives and strategy are of the client.

Q331 Chair: And the gearing level, the exposure to derivatives, the stock borrowing options-that kind of stuff?

Charles Ross-Stewart: They would be required to know the fundamentals of the types of product that their clients can and cannot use.

Q332 Chair: How do you ensure that they know that?

Charles Ross-Stewart: It is, again, through the involvement of all the risk functions at all levels within the organisation. If we see a corporate customer attempting to or being suggested that they enter some sort of transaction that has more of a speculative element, that is immediately going to ring alarm bells at the approval process. Equally, when it comes to setting limits on an individual basis within the risk function, those limits would be set according to product. Customers will not have product limits set for products that have not been approved for that client base.

Q333 Chair: Do you have an example of when one of your account handlers has gone back to a customer and said, "No, I am terribly sorry; you can’t do that because you are not allowed to," under your own internal memo notes?

Charles Ross-Stewart: I cannot pick one right now.

Colin Church: I am sure we would. We have explicit derivative guidelines as relates to SME clients throughout the world. We do not bank SME clients in the UK, and I am sure that there will be many examples of that. I am not familiar with any specific ones.

Q334 Chair: In your written evidence, you say that significant focus has been placed on fostering a risk culture based on a policy of "taking intelligent risk with shared responsibility without forsaking individual accountability". How can an individual rationalise individual accountability with shared responsibility?

Colin Church: I think that the shared responsibility is to reference what you were talking to earlier-a potential lack of accountability in the first line of defence. That means shared responsibility when a decision is made, but the ultimate accountability is on the individuals and their chains. The front office will have that responsibility and be primarily accountable if there is a failure. Risk, as a control function, will also be directly accountable for that. The point is that that needs to be clear.

Q335 Chair: Is there shared accountability? Could you sack a group of people?

Colin Church: Shared responsibility, without forsaking individual accountability.

Q336 Chair: An individual is accountable, presumably, by ultimately losing their job.

Colin Church: Yes, absolutely.

Q337 Chair: But is a team responsible by ultimately losing their jobs?

Colin Church: If a team was remiss, they could be, absolutely.

Q338 Chair: So there is shared accountability as well as responsibility?

Colin Church: Yes, but that accountability would go up separate chains, so you would have a front office accountability, and you would also have a control accountability. So I would be judged by my management within the context of risk, not collectively with others.

Michael Lavelle: Depending on the scale of the individual transaction, there would be a chain of approvals, both on the business and non-business sides.

Q339 Chair: Back to compliance, do you have any enforceable internal standards that are not driven by rules?

Charles Ross-Stewart: Yes. We take high standards in certain areas. Just a couple of examples spring to mind. First, regarding the use of mobile phones, we have extended the requirement not to trade using mobile phones. We have made a blanket ban on the use of mobile phones on the trading floor or for taking any client orders. That is one example of where we are going a step further than regulatory requirement.

Q340 Chair: Presumably, you have done that so that you can have a record of that transaction?

Charles Ross-Stewart: We have imposed that in order to avoid people using mobile phones for business, because the technology for recording mobile phones is still fairly nascent.

Q341 Chair: Okay, but it is about recording the phone, rather than about anything else.

Charles Ross-Stewart: It is also to prevent people from taking business outside the workplace. We would prefer all the customer trading activity to take place within the trading floor.

Q342 Chair: Is recording telephone conversations a legal requirement?

Charles Ross-Stewart: In some areas, yes it is.

Q343 Chair: So in fact this is more about meeting a legal obligation than necessarily something you have imposed?

Charles Ross-Stewart: It is actually about trying to encourage the right culture, because it does go beyond the legal requirement; it has a basis in a regulatory requirement. Another area is in mandatory absence: again, it is encouraged but it is not a requirement in many jurisdictions that people take any contiguous period of leave, but we require that all our trading and front-office personnel take a two-week period of leave.

Q344 Chair: Why is that?

Charles Ross-Stewart: It is to prevent any suggestion of positions being hidden or people being able to withhold information from the control process.

Q345 Chair: So, in your opinion, the internal policing would throw up an anomaly within the two-week period.

Charles Ross-Stewart: The internal control process is exactly around operational controls and so on.

Q346 Chair: Who do you report to?

Charles Ross-Stewart: I report to the global head of compliance, who sits in New York; but I also have a regional reporting line to the chief administrative officer in the region here, who in turn directly reports to the chief executive officer of the region.

Q347 Chair: Do you make reports directly to the board?

Charles Ross-Stewart: I make reports directly to the boards of the UK legal vehicles and to the London branch of Citibank NA, which is our US bank, its London branch.

Q348 Chair: What would be the normal report? Would you just write to say everything is okay, or would you raise compliance issues with them as they come up?

Charles Ross-Stewart: No, our reporting is issue-driven, so we report significant issues of a compliance nature to those boards and we tag that reporting according to the relevant legal vehicle. It is also thematic, so we might, for example, have a periodic report on AML processes; we have a periodic report on our client assets and client money obligations. It is both issue-driven and thematic.

Q349 Chair: If you could have a wish list of compliance functions that could be changed within Citigroup or that you do not have at the moment, what would be on that list? What would you like to have changed?

Charles Ross-Stewart: The complexity of the organisation does provide us with a lot of challenge-it provides everybody with a lot of challenge-and the complexity and multiplicity of our technology systems mean that sometimes getting hold of information is burdensome and time-consuming. Having an organisation such as Citi, with 250,000 employees, which has built up over a period of organic growth and acquisition, inevitably leads to quite a complex set of technologies. That would be one thing-if we could make our information gathering simpler, it would be a lot easier.

Another thing is if more sophisticated technology were to be available to help us with our surveillance techniques. That is something we are constantly working on, but I think there is a common theme from the industry that for the sort of surveillance techniques that we have, the technology is not really keeping pace with demand.

Q350 Baroness Kramer: Mr Jarvis, you have been sitting quietly. Could you help me to understand how the role of internal audit has changed, following the various recent crises?

Darren Jarvis: Generally speaking, as a discipline, I guess.

Q351 Baroness Kramer: Within your organisation would be helpful.

Darren Jarvis: Sure. The role, generally speaking, has gone from one of a cyclical inspection-type audit department to one that is much more risk-focused, so a critical change is that we have a risk-based audit plan: every year we start with a blank sheet of paper and take a look at what we think should be audited.

Q352 Baroness Kramer: Who has input into that?

Darren Jarvis: It is derived by the internal audit department. We go through quite a lot of analysis of the risk profile of the organisation, and ultimately it is approved by the audit committee. It is reset every quarter-we try stay relevant, to keep on top of the risk and try to project forward as well, so on a quarterly basis we alter the plan. That is quite an important evolution in our approach. We have enhanced our methodology around how we do audits, to be more risk-focused. We have thought about sample selection methodologies and about how we interact with our business on an ongoing basis, to stay on top of risk. Quite a sizeable portion of our available human resource is now set aside; it is not dedicated to individual audits, but it is actually there so that we can continually engage with our stakeholders. And we have thought very carefully about how we communicate the results of our work, so we try to get the messaging to senior management as soon as possible to try and affect the positive change as quickly as possible.

Q353 Baroness Kramer: How does that work if you are reporting upwards? Am I correct that you are the regional chief auditor? Do I have the right role?

Darren Jarvis: No. My colleague, Fotoulla Charalambous, is the regional chief auditor. I am based in London and I oversee the internal audit coverage of Citi Markets, which is the wholesale banking division. So my reporting line and my colleagues go directly to the head of internal audit, who is based in New York, and he in turn reports to the chair of the audit committee.

Q354 Baroness Kramer: So you report directly to New York? You don’t report up through the chain here?

Darren Jarvis: We have a global, fully independent organisation structure. So I report directly to the chief auditor of the firm, who is based in New York.

Q355 Baroness Kramer: Who has-what?-something like 18 direct reports. Do I read your organisation chart correctly?

Darren Jarvis: I don’t know, for sure. That sounds about right.

Q356 Baroness Kramer: A lot.

Darren Jarvis: A lot. I mean, it’s a big old organisation and we are aligned to face off to the structure of the firm. What I will say is this: I report directly through the internal audit chain; we maintain strict independence in that respect. Clearly, there are a number of stakeholders who we engage with and interact with and who are very interested in our output; critically, the audit committee of the UK entities. We spend a lot of time with the non-executives on that committee, and with the chair of that committee, as well as with senior management within the business line and the independent control functions. There are a lot of levels of influence that we interact with to get the right control consciousness rolled out across the organisation and to get whatever changes are needed, but we report in a very segregated, independent manner up to the audit committee.

Q357 Baroness Kramer: You will know that historically there has been a perception-certainly, it was very often voiced by people within the internal audit chain-that it is hard to build an information flow between the front line and internal audit, and they are somewhat disadvantaged in that process. How does the relationship work now as you go down beneath you into the operational level?

Darren Jarvis: In a risk-based approach, as we have, the information flow is key. So, as I said, we set aside a very reasonable amount of resource to have that interaction. There are a number of ways in which we do it. We have a seat at the table of pretty much every management and governance and risk management forum, so there are a number of committees and various forums-the new product approval committee, for example, and there are a whole range of them-that we actually attend and are part of the flow.

Q358 Baroness Kramer: How do you prevent co-option happening if you are sitting on those committees?

Darren Jarvis: We are there to observe. If there is an empowered committee that, say, votes or takes a decision, we don’t participate in the voting, so we are not tainted; our independence is kind of2 maintained. But I think it’s good that we’re there, first, so that we hear what’s going on, and, secondly, so we can provide a control perspective to the discussion that is happening in the committee.

To answer your question, we source a considerable amount of information from the organisations that we are informed. We get a heck of a lot of management information, which we review, be it risk data, financial data or operational data. And, as I said, we continuously engage with the organisation, across the organisation, to be in the flow, to know where the risks are and to modify our audit plan accordingly. And we do-we have many examples of where we change our audit approach, so that we can stay on top of risk or try to get ahead of it, and to ensure that controls are in place in anticipation of a change in risk profile.

Q359 Baroness Kramer: How much of what you do is driven by the risk appetite, which we heard about earlier? Are you essentially sort of a monitoring arm for the risk appetite portion of the strategy?

Darren Jarvis: We audit it. I think we audit it in a couple of different ways: first, where risk appetite has been set, that it has been set by the appropriate authorities; secondly, we audit the mechanics of the disaggregation of the risk appetite. In so far as an overall risk tolerance has been set, and then that is disaggregated down to the organisation and then actual risk utilisations are measured against that, we audit that. We do a lot of work around the data that feed through into the reporting that goes to my colleagues in risk etc.

I suppose that the third thing is that we look at the completeness of it. As we are doing an audit, the question we are asking is, what are the risks being generated by the activity of the firm? We mean all the risks. In so far as there is a particular kind of risk for which a risk appetite has not been set, that would be an issue. We would escalate that. We would go to our colleagues in risk and in senior management, and look to achieve a setting of a risk appetite in relation to that.

Q360 Baroness Kramer: Would you comment for example on the remuneration incentives and the impact that those were having? Are there other ways in which you might engage with some of the more cultural issues?

Darren Jarvis: Sure. In so far as remuneration incentives drive behaviour and drive motivation, that drives a degree of risk, and we try to understand that. Clearly, one thing that is critical to me in my assessment of risk is to understand how remuneration works in our organisation. I spend a lot of time with my HR colleagues to get that. We interact in that process. In so far as there is an internal audit report which has found issues, I will spend time with the heads of the business and be part of the process that asks the question: what do those internal audits mean for the attitude, behaviour and integrity of those people within the business or controlled groups that you could hold as being responsible for the operation of the firm? I look at the remuneration structure, to form a view as to risk and hopefully feed back into the effective operation of that by giving insight into what we have found in our audits.

Q361 Baroness Kramer: So you would impact on what might be the remuneration framework, but not an individual appraisal.

Darren Jarvis: Certainly the framework, but also in the context of an individual. If we have found serious issues in an audit, I am going to be sitting with the business heads of the relevant area, as well as my colleagues in independent risk and HR, and having a conversation about what we have found, what that tells us about the people in the business and what it means about our assessment of their values and how they rate against the five Cs, and it will have a compensation impact.

Q362 Baroness Kramer: Is that different from the way things operated if we went back about five years, say, or is this-?

Darren Jarvis: I would say that the depth of consideration of control in the remuneration exercise and particularly the engagement of internal audit in that exercise has been substantially increased, and by the way, they know that in the business. When we do an audit, it matters to them personally now. This is a reinforcing thing.

Q363 Baroness Kramer: This will probably involve Mr Ahmed as well. I am very interested in the whole issue of whistleblowing. Will that ever come to your internal audit team or does it go elsewhere? How does it work within the organisation?

Darren Jarvis: Just in so far as it comes to internal audit, clearly I am engaging with my compliance partners and my HR partners. I am aware of what is happening in terms of whistleblowing. If there is something out there that speaks to control and I want to dig into it deeper, I will do so.

Charles Ross-Stewart: The whistleblowing process that we have is in many themes similar to the previous submission, but it is run by the compliance function. Our ethics hotline is in our ethics office, which is internal within the compliance function of Citi. The ethics office’s first responsibility is to determine whether a particular issue is an HR manager type event, in which case we will engage directly with our HR colleagues, or something that may be more a regulatory consideration etc. We have split it at that point. It is primarily run by the compliance function. If something warrants further investigation and it is an HR issue, it will be investigated by HR, and if it is the other type of issue, it will be investigated by compliance and we will bring in colleagues from the legal department and our internal security services, if that is appropriate.

Q364 Baroness Kramer: Perhaps I should ask a couple of questions on HR and I shall just carry on with the whistleblowing issue. It would seem that there is no incentive at all to be a whistleblower within the organisation. You put your career at risk and I cannot spot any upside at all. Is that correct?

Eddie Ahmed: There is no explicit incentive plan for whistleblowers. As Mr Ross-Stewart said, it is part of our code of conduct. We try to ingrain it in the DNA of the individuals. Obviously, much of it is anonymous. It is fully investigated, but we often do not know who it is coming from. You are right, however, that there is no particular incentive plan to reward whistleblowers.

Q365 Baroness Kramer: So how do you stop it being a career destroyer? I do not necessarily mean that someone loses their job, but if there are opportunities with various groups, the rest of the group suddenly do not particularly want that person to come on board. You know how it works. It is really quite subtle, and most people are incredibly conscious of the fact that someone is not really identified as a team player. Let us not pretend; most people know what has happened whether it is anonymous or not officially.

Eddie Ahmed: If we do know about it, we advise the individual that there are many avenues in case something does come up which is a bit of retaliation against them and their employment. We explicitly prohibit that. It would be raised as another ethic issue, for example, if it does come up and if we do not catch it first in the HR calibration process though performance evaluations or through compensation. If we are aware of an individual who has raised an issue, we would be sitting at the table doing performance evaluations when that individual’s name comes up. We would be able to address any factors related to retaliation.

Q366 Baroness Kramer: Can I ask you more about the role of HR in culture and standards? I know that you have picked up on much of this, but as you bring people into the organisation, how do you try to assess whether they have the values that you are seeking? You say that you basically have a different approach now, so how has the process changed? Who do you not take now?

Eddie Ahmed: HR would be involved at every hiring level from junior hires all the way up to senior hires, and we would assess-either through a separate assessment process or through our judgment as part of the interview process-whether there is a cultural fit for the individual coming into the organisation. At senior levels, when a business person comes in, for example, they might very well meet several of the control functions as well-compliance, risk, etc. A judgment call would be made on their value or culture fit, and we would make an assessment based on that. HR is involved at all levels, and at various levels of the organisation we would ask our colleagues in the control function areas to be involved as well.

Q367 Baroness Kramer: Is that any different from what you have done historically? It sounds very similar to something I remember from-God knows-30 years ago.

Eddie Ahmed: The criteria, the culture, the importance of one of our key principles of responsible finance, and the 5 Cs that we keep talking about are now all part of the standards by which we evaluate people, including through the recruitment process. The process itself may not be that different, but how we execute that process is different.

Q368 Chair: What mandate do you have from the board of Citigroup in terms of your department upholding standards and maintaining the desired culture within the bank?

Eddie Ahmed: We are part of the scorecard setting process, so we would certainly be part of the setting process of all the scorecards for senior individuals in the firm. The global head of human resources is very engaged with the chief executive officer and the operating committee of the firm in terms of how we cascade the leadership principles that I mentioned earlier throughout the organisation. That becomes our mandate and that becomes my mandate, so, in the regional team, I would be responsible for being part of that scorecard setting process and then for ensuring that, when the scorecards come in, the assessment is cross-divisional.

Q369 Chair: Do these scorecards literally have scores? One to 10?

Eddie Ahmed: Yes. They have qualitative and quantitative scores.

Q370 Chair: Give me an example of a qualitative one.

Eddie Ahmed: It could be to do with how the person behaves responsibly or irresponsibly in terms of acting like an owner. It could be a partnership-

Q371 Chair: Who judges that?

Eddie Ahmed: The first line of judgment will be by the business, but, as I said, HR is then a calibration process that cuts across various levels of the organisation. At senior levels, we would ask the control functions-head of risk, head of compliance and head of audit-to be part of that as well.

Q372 Chair: What system of continuing professional development do you employ?

Eddie Ahmed: We have various levels of professional development, whether it be technical training or, as I have mentioned on several occasions, the cultural side of the organisation. We encourage everybody to go through those programmes.

Q373 Chair: Is it mandatory?

Eddie Ahmed: Some are mandated, absolutely. Some technical training programmes, such as compliance, are mandated. Our new leadership programme is mandated. Every single managing director has to go through that.

Q374 Chair: How long is that?

Eddie Ahmed: It is a two-day session and there is then a cascading mandate on the MDs who go through it. We are now taking it through the next layer of the organisation as well.

Q375 Chair: When you say every new MD, is that someone who has been promoted or someone who has been brought in?

Eddie Ahmed: We have two programmes. One is for every single managing director in the firm-it does not matter if you are new or not new-and there is a separate programme for new managing directors. As managing directors, we go through programmes every single year. It is not based on whether you are new, but whether you happen to have that title in the firm.

Q376 Chair: So there are an awful lot of resources spent on development.

Eddie Ahmed: Yes.

Q377 Chair: Where do you stand on staff being members of professional organisations, such as the Chartered Institute for Securities and Investment or an organisation for investment analysts? Do you have any thoughts on that?

Eddie Ahmed: We do encourage it on several fronts. My colleagues here can comment on their particular areas, but we do encourage it. We also subsidise fees for those memberships.

Q378 Chair: And you give them time off to study?

Eddie Ahmed: Yes.

Q379 Chair: In a typical year, where there are 250 working days, of which you probably give 30 days’ holiday, how many days would you give somebody off for training and CPD?

Eddie Ahmed: In terms of the overall training hours, it is somewhere between three to five days. That may include a particular day off or we may give a separate day off because they need to take an examination or something, and that might be dealt with separately.

Q380 Chair: You give them five days in one form or another.

Eddie Ahmed: Correct.

Chair: Is there anything anybody would like to add that we have not covered? I am sure that there are lots of questions that we have not asked.

Thank you very much for coming in. That brings an end to the session. We will see you again, maybe.