Professional Documents
Culture Documents
PAGE DOC
Un i t 1
Understanding G overnance,
R isk and Compliance
Unit 1 Understanding Governance, Risk
and Compliance
Learning Objectives
Introduction
Before we examine the regulatory environment in which the financial services industry
operates, it is important for us to understand the diversity of the industry which has
regulation imposed on it. It operates on many different levels, each of which may be
further subdivided many times. Different countries maintain their own financial services
industries. These serve different market sectors and provide various forms of service to
different consumers in relation to different products.
Although economic liberalisation during the 20th century led to the development of
an unprecedented level of cohesion among national financial systems – to the extent
that there now exists a single global financial marketplace – that marketplace remains
diverse. The specific manner in which an international, regional, national or market
sector regulatory authority operates will depend on a variety of factors. These factors
will be influenced by the extent of the impact of the global financial crisis, the effects
of which started to emerge in 2007–8, and the different rates at which the national and
international markets have recovered from it.
This unit first explores why there is a need for regulation and then goes on to examine
some of the commonly accepted objectives of, and motivations for, regulation. The role of
regulators, their powers and how different regulators operate are explored in later units.
The starting point for understanding the regulatory environment is to understand why
we actually need regulation in the first place. This requires a brief history lesson on the
development of financial services, focusing upon the issues that led to the requirement for
regulation. For the purpose of this course we use the term ‘regulation’ to capture all types
of requirement, such as legislation, rules set by regulators, rules set by industry bodies,
recommendations from global bodies and codes of practice.
2
Unit 1 Understanding Governance, Risk and Compliance
1. Historical issues
We will look in detail at the regulatory timeline in Unit 3, section 1.1, but to
understand the need for regulation we must first understand what kinds of event
have led to regulatory change.
1.1 Scandals
Scandals come in a variety of different forms and have occurred quite frequently.
Some of the more widely publicised scandals that have led to new regulation
include those listed below.
The Barings Bank scandal in the UK in 1995 was the result of unauthorised
derivatives trading by one of the London bank’s traders, Nick Leeson, in
its Singapore offices. His activities led to losses of over £800m, causing the
collapse of the bank.
The UK pensions mis-selling crisis began in 1994 when it emerged that
many consumers, acting on flawed advice from salespeople, had swapped
their occupational schemes for private policies, leaving many of them
financially worse off at retirement.
In the UK, Equitable Life – the world’s oldest life assurer – almost
collapsed in 2000 following a failed attempt to reduce bonuses payable to
policyholders. The Equitable Life scandal spawned an investigation into the
supervisory role of the UK regulator at the time, the FSA, and a claim against
the former auditors of the assurer, Ernst & Young.
In the late 1990s, the collapse of a number of split capital investment trusts
caused 50,000 investors to lose money. Some of the products sold had been
misleadingly marketed as ‘low-risk’ investments.
False accounting, fraud and an absence of corporate governance
contributed to the downfall of Enron, the USA’s seventh-largest company, in
2001. Similar issues also led to the virtual collapse of Worldcom in 2002.
The US Securities and Exchange Commission (SEC) made allegations in
2003 against 12 leading banks, suggesting that they had compromised the
quality of their stock research in order to win lucrative investment banking
business. An investigation into the US investment fund industry was
launched in 2003 by the New York Attorney General, Eliot Spitzer, for alleged
after-hours trading and market timing activities.
In 2007–8, global financial markets were destabilised following rising
defaults on subprime mortgages in the US. These mortgage assets had been
packaged and sold as securitised products on international markets, often
marked as ‘low risk’. Some of the world’s leading investment banks collapsed
as a result. The US, UK, European and other governments have been
forced to undertake a massive bailout of the global banking sector, among
many other interventions. This ‘credit crisis’ (the so-called ‘credit crunch’) is
examined in greater detail in section 1.2 below.
In June 2012 the FSA fined Barclays Bank Plc £59.5m for misconduct relating
to the London Interbank Offered Rate (LIBOR) and the Euro Interbank
Offered Rate (EURIBOR).
In December 2012 the FSA fined UBS AG £160m (the largest fine imposed by
a UK regulator up to that time) for misconduct over the LIBOR rate.
3
Unit 1 Understanding Governance, Risk and Compliance
In December 2012 HSBC was fined $1.9bn in the US for money laundering
and sanctions breaches, and entered into a deferred prosecution agreement
(DPA) with the US government.
In a further LIBOR fixing case in February 2013 RBS was fined £87.5m. This
was in addition to fines of approximately $300m imposed by US regulators.
In July 2014 BNP Paribas was fined a then record $8.9bn by US regulators
for processing billions of dollars of transactions for groups in Sudan, Iran
and Cuba between 2002 and 2012. The bank was given a one-year ban on
clearing certain kinds of dollar transaction.
The largest ever US fine of $16.65bn was levied on Bank of America in
August 2014 to settle charges that it sold flawed mortgage securities in the
years preceding the financial crisis. This case refers to the selling on of loan
packages known as residential backed mortgage securities (RMBS) that
the Bank knew failed to meet underwriting guidelines, or did not comply
with laws, or were inadequately collateralised. None of this information was
made available to investors in these RMBS.
Some of these scandals are examined in more detail in subsequent units and are
also discussed as part of the workshops. Additional information on these cases can
be also found in the suggested further readings.
Each scandal further dents consumer confidence. A 2004 combined report on the
dot.com bubble produced by KPMG (the global accountancy practice) and the
think-tank Create stated:
Never have so many lost so much in such a short time. The breadth and depth of the
resulting disillusionment among investors has no precedents in the post-war period. It
was the crushing end of a dream for a generation that had been enticed to believe that
stock markets had magical powers.
And this quote pre-dates the financial crisis! Each time a scandal occurs,
governments and/or regulators feel compelled to react. Sometimes this involves
imposing new or enhanced regulation.
The popular term ‘credit crunch’ or ‘credit crisis’ is a little misleading as that was
really a consequence of the financial crisis, rather than an alternative name for the
crisis itself. The causes of the financial crisis, which came to a head in 2007, can
be traced back to a failure on the part of the authorities to recognise, or act upon,
4
Unit 1 Understanding Governance, Risk and Compliance
various warning signs that should have been apparent to them much earlier in the
decade. Indeed, it is possible to make a case for the causes of the crisis to be traced
even further back to the repeal of the Glass–Steagall Act of 1933 in the US in late
1999 (see Unit 3 section 1.2).
Although it was the increasing default rate on sub-prime mortgage lending that
brought the crisis to a head, there were many warning signs in the years leading
up to the crisis, signs that to a large extent were ignored by the lenders themselves
and by the various regulatory bodies across the world.
As early as 2003 concerns were being expressed not only by officials from
the central banks but also by senior officials from the Bank of International
Settlements (BIS) based in Basel. It was perhaps unfortunate that these concerns
were expressed mainly in private and, as a consequence, no action was taken to
ensure that banks increased their capital reserves. On the contrary, regulatory
rules in place at the time actually permitted banks to reduce reserves.
The US Federal Reserve held the view that the financial system was indeed
much stronger as a result of the innovative processes that had developed since
the start of the millennium. This was a view shared by many investors, financial
institutions and arguably by some regulators. The financial world had changed,
and changed for the better, or so they thought. This belief was underpinned by
the following assumptions.
The third of these was one of a number of forms of financial innovation that had
taken place in banking in the Western world since the year 2000, whereby a lender
could ‘slice and dice’ loans and then turn them into transferable securities capable
of being sold on the market. The capital this freed up was then available for further
lending. It was believed that this securitisation would permit banks to manage risk
more effectively, and to reduce costs. Furthermore, it assumed that this would also
be an aid to financial stability as less concentration of risk suggested there would
be reduced risk of market failure.
The combined effect of these assumptions was that banks watered down the
criteria against which they were prepared to lend, investors were willing to
purchase financial products about which they had little or no understanding and
policymakers (including regulators) took a relaxed position in the belief that any
potential credit default would have no serious impact on a particular lender as the
5
Unit 1 Understanding Governance, Risk and Compliance
risk was dispersed among many individual investors. Regarding the latter point, it
was believed that if a default issue arose this would have only a modest impact on
the bank concerned. In other words, the system would act as a shock absorber.
This line of thinking was reinforced throughout the early years of the new
millennium. Even when it became apparent that, globally, the issuance of credit
instruments was accelerating at a rapid rate (more than tenfold in the period 2000
to 2006) investors showed few, if any, signs of concern and continued their pursuit
of ways to enhance returns following a period of low interest rates. The authorities,
including regulators, gave the impression that they were similarly relaxed about
the situation.
When, in late 2006, default levels on sub-prime debt started to rise quite rapidly,
there was initially little cause for concern. Even when, also in late 2006, sub-prime
default rates started to escalate, investors remained confident that the financial
systems were sufficiently robust to deal with the losses. It was not long, however,
before the mood changed, and optimism gave way to doubts about the ability of
institutions to survive and the credibility of the regulatory environment in which
they operated.
The turning point was the implosion of a German lender, IKB, in the early summer
of 2007.
It was around that time that Hiroshi Nakaso, a senior official at the Bank of Japan,
came to the opinion that the global financial system was not going to be as
resilient as had been thought, especially by many policymakers in the US. ‘I see
striking similarities in what I see today with the early stages of our own financial
crisis more than a decade ago’, he privately warned international contacts shortly
after IKB imploded.
Not long after, in early August, the European Central Bank (ECB) injected €95bn into
the money markets in an attempt to prevent an escalation in borrowing costs –
a course of action the US Federal Reserve was to mirror shortly afterwards. While
these steps were promoted by both bodies as being pre-emptive actions designed
to calm market fears, the perception was quite the opposite: global markets
interpreted these policy decisions as a clear signal that all was not well. Serious
concerns started to emerge and it was not long before these started to gain
momentum and develop into panic.
Markets that had become so vital to lenders for raising funds started to dry up and
within a relatively short time contagion set in as the price of debt securities started
to slide. The knock-on effect was that banks in both the UK, the US and Europe
suffered liquidity crises: crises that posed a real threat to their solvency and ability
to survive.
This was a question even the Bank for International Settlements (BIS) was
struggling to answer. In its annual report for 20081 it asked: ‘How could problems
with sub-prime mortgages, being such a small sector of global financial markets,
provoke such dislocation?’
1. http://www.bis.org/publ/arpdf/ar2008e.htm
6
Unit 1 Understanding Governance, Risk and Compliance
It also made the point that the duration of the turmoil, as well as its scope and
the growing evidence of effects on the real economy, had surprised most
financial commentators.
The same could be said for policymakers and the banking community in the West.
In fact, as mentioned above, Hiroshi Nakaso had seen it all before. For in Japan the
late 1980s saw the advent of booming asset markets on the back of easy access
to capital, which, in turn, was based on confidence provided by an expectation of
continuing property price increases. The authorities either failed to see the danger
signals or, if they did, were reluctant to take corrective action.
When, eventually, the Japanese government did react, the policy it adopted (a
more than doubling of interest rates over an 18-month period and an instruction
to the banks to curb lending to the real estate sector) led to a sharp decline in asset
values. Somewhat belatedly it was acknowledged that the pendulum had swung
too far the other way, so interest rates were lowered and liquidity was injected into
the markets. Unfortunately, the damage had been done and could not be easily,
or quickly, repaired. This led to a near-systemic collapse of the Japanese financial
system in 1997.
The Japanese experience is interesting in that the root causes of the crisis there
were very similar to the contributory factors to the crisis in the West, principally:
It is probably fair to say, however, that there were additional factors that
contributed to the ‘Western’ crisis. These include:
While it has to be accepted that in any form of business operation there will always
be an element of risk, it is apparent from the above contributory factors that steps
could have been taken to minimise the risk that a crisis of this type and magnitude
would materialise.
7
Unit 1 Understanding Governance, Risk and Compliance
There is a general consensus that more attention should have been given to issues
such as the control of asset prices (possibly by including these in central bank
targets), the application of tighter rules on both capital adequacy and liquidity, the
separation of retail and investment banking operations, the retention of financial
responsibility on the part of originators of debt under any form of ‘slice and dice’
arrangement, and better training of senior executives and boards of directors.
In addition, the crisis highlighted the need for much stronger prudential
supervision of the financial services sector and more cooperation and coordination
between governments, central bankers and other regulatory bodies internationally.
Moving away from prudent lending, based on proven ability to repay, to what is
sometimes referred to as ‘pawn-broking’ (that is, lending against the value of an
asset, typically real estate) is not a recent phenomenon. The secondary banking
crisis of 1973 was caused in part by property bubbles, coupled with a lack of
regulation as restrictions on banking competition were lifted. Similarly, the boom
period in the late 1980s saw banks adopt a philosophy of ‘If we don’t lend someone
else will, so we might as well have the business’, only for problems caused by such
poorly considered lending to appear as the country went into recession in the
early 1990s.
Concerns about missing out in times of growing demand for loans recur time after
time. Retaining, or gaining, market share seems to take precedence over the quality,
and ultimate profitability, of the transaction, regardless of the risk implications.
On the question of reliance on risk models, two years or so before the crisis came
to a head, the president of the New York Federal Reserve flagged up the need for
8
Unit 1 Understanding Governance, Risk and Compliance
banks to prepare for extremely negative events. These are events that he termed
‘fat tails’ and that are likely to occur more frequently than indicated by the risk
models traditionally used in banking. Whether such advice was heeded it is difficult
to say with certainty as by that time the fundamental causes of the crisis had
already taken root.
By the summer of 2007 credit agencies had started to downgrade what had
previously been considered to be safe debt, causing prices to crash. Faith in the
agencies consequently fell away as investors believed that ratings could no longer
be relied upon, particularly where complex debt instruments were concerned. The
safe option was not to purchase these securities at all. This had serious implications:
it resulted in an almost immediate funding crisis because many of the investment
vehicles had obtained funding by issuing notes in the asset-backed commercial
paper markets.
A chain reaction ensued, with banks unable to convert mortgages into bonds that
could then be sold on. The belief that capital markets would always remain liquid
was found to be unjustified, as was the idea that dispersion of risk by using ‘slice
and dice’ methods would afford protection in the event of a financial crisis. In short,
all three of the assumptions against which the stability of the financial system was
assessed were disproved when the crunch came.
There were, however, a number of other contributory factors to the crisis. Some
commentators argue that it was the direct result of changes in the Basel capital
requirement rules from 2000 onwards, which allowed banks to operate with lower
levels of capital, that encouraged greater access to mortgages by borrowers with
less complete credit histories or irregular income sources (the sub-prime market).
Others attach blame to policymakers who, for political considerations, refused to
act to prevent the development of asset-price bubbles, a lesson not heeded from
past financial crises.
Brian Quinn, who was once head of supervision at the Bank of England,
expressed the view that ‘the mixture of deregulation and structural change,
together with inappropriate fiscal, monetary and exchange rate policies, seemed
especially malign’.
It is perhaps for these reasons that regulators were reluctant to apply stronger
measures when it became apparent that action was urgently needed.
There is also an argument that this crisis differed from earlier ones in the post-war
era in that, for example, in the US the authorities were faced with the ‘triple-
challenges’ of the over-leverage of financial institutions, excessive consumer
9
Unit 1 Understanding Governance, Risk and Compliance
debt and a deep economic recession. Any controls imposed to address the first
two would have been likely to have deepened the recession further or to have
prolonged it.
Although the BIS Basel Accords initially acknowledged that capital adequacy
and liquidity formed two underpinning pillars of the financial system, some
commentators believe that there was too much emphasis on the former and not
enough on the latter. Certainly, the 8% capital requirement imposed by Basel was
found to be inadequate when the causes of the crisis were analysed. Overreliance
on the capital requirement may possibly have arisen in part because it is easier
to measure than liquidity, partly because the latter is more directly influenced by
macroeconomic factors.
In the UK, the near-demise of retail mortgage lender, Northern Rock, was the
result of its dependence on the wholesale capital markets to bridge the gap
between what it was lending and the funds available from its retail operations.
In effect, it was lending long term and borrowing short term. When the capital
markets dried up the bank was not in a position to renew or replace its short-term
funding and consequently could not maintain its liquidity. It was only when the
bank got into difficulties that questions were asked about the sustainability of this
business model.
Not only did Northern Rock’s senior management fail to assess properly the
potential risk that funding might not be available from the capital markets, but
there was also a lack of action by those responsible for prudential supervision
of the bank. It is all very well claiming that ‘over reliance on credit markets is
dangerous‘, a conclusion reached after the event, when there was an almost
universal failure to recognise the risks involved when the bank was supposedly
achieving outstanding growth in its mortgage lending.
It is worth noting that Northern Rock was, on the basis of Basel II criteria, a
well-capitalised financial institution; so much so that the UK regulator, the FSA,
was willing to sanction a 30% increase in its dividend regardless of the fact that it
lacked the cash needed to make the payments. Mervyn King, then Governor of the
Bank of England, drew an interesting comparison that in the 1960s banks retained
30% of their assets in a readily liquefiable form, mainly Treasury bills or gilt-edged
securities. By 1997 this had fallen below 5% and remained at or below that figure
for the next decade.
In the immediate aftermath of the crisis there was much written about the need
for more regulation to ensure that banks and other financial institutions would be
strong enough to weather any future crisis that might arise. In fact, when this point
of view is compared with the results of the Banking Banana Skins Report 20062, a
survey published by the Centre for Study of Financial Innovation (CSFi) that placed
excessive regulation at the top of the list of financial risks, it can be seen that the
matter is not quite as simple as it first seems.
2. http://static1.squarespace.com/static/54d620fce4b049bf4cd5be9b/t/5536a03ce4b0b9ccfef0
fb72/1429643324396/Banana+Skins+2006+UK.pdf
10
Unit 1 Understanding Governance, Risk and Compliance
Concerns expressed by respondents to the CSFi survey included the constant flow
of new regulations, their anti-competitive nature and the cost involved in their
implementation. One principal area for concern was that introducing what was
seen as too high a level of regulation in the UK would lead to the loss of business to
overseas jurisdictions with ‘lighter’ regulatory regimes. It is also interesting to note
that the Insurance Banana Skins Report of the following year (2007) also identified
excessive regulation as the number one risk.
Even back in 2002, the President of the British Bankers Association (BBA – a UK
trade association) was unconvinced about the level of supervision facing UK banks.
At that organisation’s Supervision Conference he made the following points.
We live in an increasingly complex and volatile world – one that is difficult to predict,
control or regulate. The financial services industry is concerned that regulators are too
concerned with consistency and not enough with flexibility. Moving too much towards
rules and too much away from principles.
Prudential regulation designed to underpin the soundness of the financial system is one
thing, intrusive intervention into the commercial activity of businesses operating in a
competitive marketplace is quite another.
There are a number of completely unregulated businesses that compete directly with
banks. I know Sir Howard [Davies – Chairman of the FSA] and his colleagues have
looked at how hedge funds operate. However, I would encourage him and his fellow
regulators to think about how the activities of firms that participate in the price-
formation process in the wholesale markets could impact on systemic stability or
distort competition.
Regulators around the world must recognise that ‘unusual’ behaviour is not
necessarily increasing risk. In fact, systemic risk is more often the result of
behaviours that just follow the accepted ones without questioning them.
Both the Bank of England and the UK Financial Services Authority (FSA)
expressed concern about the level of lending being undertaken by the banks,
and the associated risks, on a number of occasions but did little about it. A
report produced by the House of Commons Treasury Select Committee severely
criticised both bodies for their failure to ensure that financial institutions were
fully prepared for the worldwide reduction in credit availability, almost to
the closure of the financial markets. Its chairman, John McFall, said ‘It is clear
that many market participants failed to heed the warnings about a serious
underpricing of risk and the potential for impaired liquidity in financial markets in
the mistaken belief that the good times would go on and on’.
11
Unit 1 Understanding Governance, Risk and Compliance
The committee recommended that in future, where there were grounds for
concern about a particular bank, the FSA and the Bank of England should write
a letter to its directors highlighting two or three of the key risks. In response, the
bank would be expected to confirm that the risks had been considered, following
which a commentary on the response would be published.
The Bank of England and the FSA had been two of three parties to a memorandum
of understanding signed in October 1997, a few months after the Labour
administration took office, the Treasury being the third party. This became known
as the Tripartite Arrangement (or Tripartite Agreement) and set out the respective
roles of each of the parties in supervising and regulating the financial system in the
UK. Each was supposed to have equal authority.
This point of view was, however, challenged by the European Commission, which
insisted that the Directive contained sufficient flexibility, therefore allowing the
rescue of the bank to remain secret until the danger of any run on it had passed.
Despite this insistence, the Bank of England maintained its position that it could
not have intervened.
There is also a debate over whether regulation of the banking sector should have
been in the hands of the same body responsible for supervising the stock market
and the selling of insurance products and unit trusts, an opinion echoed by Charles
Goodhart of the London School of Economics, a former adviser to the Bank of
England. In a report published by the CSFi in 2007, he commented ‘There is some
fear that a unified regulator will come to be dominated by the legalistic culture this
tends to engender‘.
In an article in the Financial Times in 2008, Goodhart, along with Avinash Persaud of
Gresham College, also expressed reservations about the effectiveness of the Basel II
Accord, claiming that it was ‘pro-cyclical’ in nature. By this he meant that it provided
too much encouragement for banks to accumulate assets on an economic upswing
and not sufficient emphasis on the need to manage their capital when a downturn
occurs. One of the reasons for this is that Basel II uses a risk-measuring formula
based on market prices. So, when the outlook is positive, banks are able to lend
more, but there is no mechanism for reversing the trend when the climate changes.
Another factor that some believe may have contributed to the crisis, and that
relates to the dual role of those banks involved in both retail banking and
investment banking, is that while investment banking has the potential to produce
excellent returns for shareholders and investors, the risks are considerably greater
12
Unit 1 Understanding Governance, Risk and Compliance
than those of retail banking. The extent to which this dual role contributed to the
banking crisis in the UK sector is still unclear and has been the subject of much
political debate.
And then there was Basel II. Although it did not actually contribute to the crisis,
some believe that it proved totally ineffective in avoiding its occurrence. One of
the issues was that it had taken a long time for all parts of it to be implemented.
There are grounds for thinking that had it been fully in place before the crisis
came to a head in 2007 then the rules on securitisation might have avoided the
consequences of ‘slice and dice’ as participating banks would have required higher
levels of capital to meet the capital adequacy requirements.
Basel II also seemed to provide little help to the regulators in restraining ever-
escalating debt levels, despite the fact that the risks were being highlighted. The
fear is that, in the event of a future crisis, Basel III will not be able to prevent serious
problems (see Unit 5, sections 6.2.3–6.2.5). Only time will tell.
The immediate need, and one on which there does appear to be a general
consensus, was for an increase in the level of capital that banks are required to
hold. Basel III and the CRD4 are examples of international regulatory measures that
can bring this about (see Unit 5, sections 6.2.3–6.2.5).
In the longer term, decisions still have to be made about issues such as the
separation of retail banking and investment banking roles, and in many
jurisdictions the restructuring of the regulatory system is complete, through the
implementation of proposals to separate the prudential and conduct of business
regulation responsibilities.
It is true that the impact of the scandals mentioned in this unit, and particularly
of the credit crisis, could have been reduced if better controls had been in place
and had been implemented more effectively. However, we must remember that
the impact could also have been much worse if the existing controls had not
13
Unit 1 Understanding Governance, Risk and Compliance
been there, and indeed other scandals could have arisen that the existing controls
did prevent. Therefore it is more constructive to analyse what happened in all
these cases, to identify the mistakes made so that lessons can be learned and
improvements made.
There is no single agreed theory behind financial services regulation. Its objectives
have been debated for many years. More recently, in the wake of the recent global
financial crisis, there has been significant criticism of the regulatory regimes in
many jurisdictions and the effectiveness of regulation itself in failing to prevent
high-profile banking failures. More recently still, the emergence of additional
financial scandals has further undermined public perception of the effectiveness
of regulation.
It is, however, generally agreed that the broad objectives of financial services
regulation are commendable. This is despite extensive debate on whether the
methodology employed by regulators is correct and occasional strong industry
protests against additional regulatory requirements which are perceived to
increase bureaucracy.
14
Unit 1 Understanding Governance, Risk and Compliance
This is the objective that links investor protection with the prevention of activities
that can be considered to be improper. Regulation should aim to give consumers
access to markets and relevant information, and should also promote practices that
ensure fair treatment.
Although it is not the role of regulators or legislators to prevent the failure of firms
in normal market conditions, they do have a role in ensuring that any failures do
not affect other market participants – something also known as the contagion
effect. As some banks, insurers and other financial firms have become more
and more global in their operations, a greater risk of systemic failure has also
developed. This remains a key issue in the regulatory agenda despite the efforts
completed since the financial crisis, where the systemic risks of contagion became
real issues.
It must be remembered that regulation should not limit legitimate risk taking, as
this is essential to an active financial services marketplace. Instead, the regulation
should promote effective risk management and make sure that risk taking is
supported by sufficient capital and liquidity, so that any losses can be absorbed.
Financial crime damages the financial services industry because it reduces market
and consumer confidence, and the fairness and transparency of the markets.
Regulators must aim to protect consumers and prevent firms from being used as
a channel for financial crime. Regulators need to take actions to ensure firms have
systems and controls in place to mitigate financial crime risk, and must also ensure
that their own activities are such that the action they take as supervisors of the
industry will also reduce the risks posed by financial crimes.
15
Unit 1 Understanding Governance, Risk and Compliance
To combat this risk, many jurisdictions create a separate independent body to avoid
any potential conflict of interest.
3. https://www.iosco.org/library/pubdocs/pdf/IOSCOPD154.pdf.
4. https://www.iosco.org/library/pubdocs/pdf/IOSCOPD323.pdf.
16
Unit 1 Understanding Governance, Risk and Compliance
Until April 2013 the Financial Services Authority (FSA) was the UK’s single
regulator of financial services. The FSA’s statutory objectives were first defined
in the Financial Services & Markets Act 2000 (FSMA). The FSA’s original statutory
objectives under FSMA were to:
The PRA is a division of the Bank of England, and is responsible for ‘prudential’
regulation; promoting the stable and prudent operation of the financial system
through regulation of all deposit-taking institutions, insurers and investment banks.
In April 2012, before the transfer to the new regulatory regime, the FSA had
implemented a new internal structure that mirrored as closely as possible the
supervisory responsibilities of the PRA and FCA. This was to facilitate a smooth
transition to the new regime and to give the financial services industry an
indication of how the new regulatory landscape would operate before it actually
came into force.
The PRA, being a division of the Bank of England, enjoys close working
relationships with other parts of the bank, including the Financial Policy Committee
and the Special Resolutions Unit. It is responsible for the prudential regulation
and supervision of banks, building societies, credit unions, insurers and major
investment banks. Its role is divided according to three statutory objectives:
17
Unit 1 Understanding Governance, Risk and Compliance
The PRA advances these objectives through regulation, by setting standards and
policies that it expects firms to follow and, through supervision, by assessing the
risks firms pose and taking action to reduce them. It also makes an important
contribution to the Bank’s core purpose of protecting and enhancing the stability
of the UK financial system.
Significantly, there is no ‘zero-failure’ regime in place. The PRA would seek to ensure
that any financial firm that fails does so in a way that would avoid significant
disruption to the supply of critical financial services.
So, there is an overlap between the FCA and the PRA in their objectives of
protecting and enhancing the financial system.
18
Unit 1 Understanding Governance, Risk and Compliance
The FCA aims to fulfil this remit by regulating firms, protecting and championing
consumers, and enforcing where needed. It will intervene when it believes that
firms are treating customers unfairly or behaving in ways that risk the integrity of
the market, and will supervise firms differently depending on their size and the
nature of their business. In addition, the FCA works with firms to fight financial
crime, works to ensure that customers get a fair deal, and aims to maintain a
credible deterrence through its enforcement approach.
One of the principles of regulation applicable to both the PRA and the FCA is
that they should ensure that regulation is proportionate. In setting regulations,
they are therefore required to strike an appropriate balance between protecting
the market from collapse and permitting legitimate and considered risk taking.
Risk is essential for an active financial marketplace. Regulators cannot prevent
financial services businesses from failing, but they aim to inhibit this by imposing
capital adequacy and internal control requirements. These requirements are
designed to ensure that there is sufficient liquidity for financial institutions to
meet their obligations, making them less vulnerable to hasty withdrawals by
depositors or investors, and other market shocks.
Two agencies oversee the markets for financial contracts (securities and derivatives):
19
Unit 1 Understanding Governance, Risk and Compliance
Prudential bank regulators and the FHFA monitor and limit the risks in which
their chartered firms engage. Securities and derivatives regulators monitor the
exchanges where financial contracts are traded, oversee the firms’ disclosure, and
enforce the rules against deceptive or manipulative trading practices.
The US has historically provided one or more regulators for each category of
financial regulation, rather than a single agency with authority for all financial
markets, activities and institutions.
There has been debate over bringing all these into a single agency – in the debate
over the Dodd–Frank Act (see Unit 4, section 4.3.1) there were proposals to create
a single financial institution regulatory authority but, when passed, it created two
new agencies and merged the Office of Thrift Supervision with the OCC.
The US view is that there are four ways to regulate financial firms and services:
20
Unit 1 Understanding Governance, Risk and Compliance
21
Unit 1 Understanding Governance, Risk and Compliance
22
Unit 1 Understanding Governance, Risk and Compliance
The Hong Kong Monetary Authority was established in 1993 to ensure that the
central banking functions of maintaining banking and monetary stability can be
exercised in a way that commands the confidence of domestic and international
consumers. It also exists to maintain currency stability, and to promote the
efficiency and development of the financial system.
The ultimate objective of the Monetary Authority of Singapore (MAS) is ‘to promote
sustained and non-inflationary economic growth, and a sound and progressive
financial services sector’. This mission is supported by six clear desired outcomes:
To achieve its objectives the MAS performs six distinct oversight functions:
regulation, authorisation, supervision, surveillance, enforcement and resolution. In
addition, it undertakes to facilitate sound corporate governance, effective market
discipline, a high level of consumer education and a basic consumer safety net.
The Dubai Financial Services Authority (DFSA) is the independent regulator of all
financial and ancillary services conducted through the Dubai International Financial
Centre (DIFC), a purpose-built financial free-zone in Dubai.
23
Unit 1 Understanding Governance, Risk and Compliance
The DFSA’s regulatory mandate covers asset management, banking and credit
services, securities, collective investment funds, custody and trust services,
commodities futures trading, Islamic finance, insurance, an international equities
exchange and an international commodities derivatives exchange.
The DFSA is also responsible for the regulation and supervision of persons in the
DIFC in relation to anti money laundering, counter terrorist financing and sanctions
compliance. The DFSA’s stated approach is: ‘To be a risk-based regulator and to
avoid unnecessary regulatory burden’ – believing regulation should be directed at
the mitigation of risks that would otherwise be unacceptable. It also believes that
compliance obligations should be proportionate to the mitigation of those risks
within a framework that enables regulated entities to effectively and efficiently
meet their compliance obligations.
4. Effective GRC
Governance, risk and compliance (GRC) forms an evolving field of focus for firms
today. In the past few years, GRC has grown in both criticality and value to firms
needing to deal with shifting business environments. The definition of GRC has
matured in response to changing regulatory and corporate governance needs. GRC
initiatives can affect the entire firm and have been a conduit for pulling together
functions within a business that rarely collaborated in the past.
GRC is an umbrella term which covers a firm’s approach to the three distinct
disciplines of governance, risk management and compliance. These are very closely
related: the activities involved in each need to be carried out alongside those
of the other two in order to avoid conflicts, overlaps and omissions. In the vast
majority of financial services firms, GRC will comprise corporate governance, risk
management and compliance with the laws, regulations, and standards that apply
to the industry.
24
Unit 1 Understanding Governance, Risk and Compliance
4.1 Governance
The term ‘governance’ is derived from a Greek verb meaning ‘to steer’. In theory it is
a general concept, which leads to a narrower practical definition when applied to a
specific activity or industry. So, in relation to financial services companies, we refer
to corporate governance. This consists of the processes, policies, laws and accepted
ways of doing business, and how these affect the way a firm is controlled. It must
also include the relationship between a company’s stakeholders and the business
goals the company seeks to achieve.
Later in the course, we will look at corporate governance and how to define the
subject, and explore the interrelationships between compliance, risk and corporate
governance in greater detail.
4.2 Risk
As emphasised by the Institute of Risk Management (IRM),5 there is a need for firms
to understand the risks they take in the course of working towards meeting their
objectives. In the case of financial services firms, the senior management and board
of directors must understand the levels of risk that are inherent in their activities
and in the processes that are followed within these activities. So, it is extremely
important for firms to recognise the most significant risks, and to prioritise
their actions to reflect these. This is achieved through robust and cohesive risk-
management activity, and we will concentrate on this subject in Unit 6.
Risk can affect a firm in the short, medium and long term, and these timeframes
can link risks to operational activities (short-term risks), business tactics (medium-
term risks) and overall company strategic decision making (long-term risks). Senior
management and the board therefore need to have a full understanding of the
different risk severity levels, and the timescales over which they may affect the
business, in order to manage the firm effectively.
4.3 Compliance
25
Unit 1 Understanding Governance, Risk and Compliance
Internationally, there has been much work on addressing the need for stronger
regulation and compliance standards. For example, in the US, the Sarbanes–
Oxley Act of 2002 set out strict requirements on the personal responsibility and
accountability of senior management for compliance with regulatory requirements.
Considered individually, governance, risk and compliance are essential tools for
the proper functioning of a business, but we cannot view each one in isolation.
GRC is all about corporate integrity, and establishing and maintaining robust
and high-quality management of the business. Properly exercised, GRC enables
a firm to manage itself, its activities, its employees and agents, and its resources
more effectively.
The benefits are more than just regulatory compliance and avoidance of the
risk of sanctions. Quality corporate governance provides the business structures
and frameworks needed for the board to manage the firm. Good risk analysis
and management enables decisions to be made on an informed basis. Effective
compliance management means that firms are engaged with the legal, regulatory
and standards requirements or obligations that are enforced on the industry.
So, GRC regulates the functions and activities of the firm but those responsible for
ensuring GRC do not actually perform those functions and activities. And the result
of all this is that GRC has become a vital component within the overall complex
system of the company.
The Open Compliance and Ethics Group (OCEG)6 – a non-profit think-tank – defines
GRC as a system of people, processes and technology that enables a company to:
This unit also asks why we need regulation, and what commonly accepted
objectives and motivations underpin regulation. It looks at why we need to
consider previous mistakes, the changing markets in which financial services firms
operate and, importantly, it considers and explains the benefits of a compliance
culture within a financial services firm. It also considers the importance of the role
of the board of a firm in developing and promoting the culture and ethics within
the business that are so critical in the current environment.
6. http://www.oceg.org/about/.
26
Unit 1 Understanding Governance, Risk and Compliance
As mentioned in section 4.4 above, the OCEG has published its definition of
GRC. The OCEG argues that GRC adds value by helping us to understand the
real-life problems that can inhibit a company’s achievement of optimised value.
It discusses risk management and compliance within the context of governance,
and by ‘GRC’ it means all the processes within a firm that have to function together
effectively to ensure maximised sustainable, agile, long-term, compliant, and
responsible performance.
A firm’s risk culture can be determined by the system of values and behaviours,
collectively called the culture, that affect the company’s risk decisions. In practical
terms, employees need to understand the company risk exposures. The risk culture
is created by risk-management training, risk assessment and guidance about
decision making. It involves risk management and appetite policies as well as risk
statements and procedures. A strong risk culture is part of a good business-wide
risk-management practice. For instance, banks with a healthy risk culture were able
to deal with the 2008 credit crisis better than those without such a culture.
A strong risk culture is also a strong foundation for good standards of conduct.
Conduct is more than just the way in which the individual employees of a company
behave towards consumers: there are also market conduct dimensions and
company conduct considerations. Conduct is increasingly becoming a regulatory
‘hot topic’ and in some jurisdictions regulators require forms to provide evidence of
how they are achieving the regulatory requirements of high standards of conduct
and the management of conduct risks.
7. http://mydailyexecutive.blogspot.co.uk/2011/08/defining-grc-culture.html.
27
Unit 1 Understanding Governance, Risk and Compliance
An effective governance culture can be defined as the sum of the attitudes and
actions that lead to the building of a strong and competitive company that
enhances shareholder value. Governance culture determines the strategic direction
of a company, and how this strategy is embedded into business practices and
leadership capabilities at every level. A healthy governance culture would create
a reputational advantage among the investors. The governance culture reflects
beliefs about how business should be done and the ethical principles of the
management and employees in general.
Huwyler concludes that building a strong GRC culture is a consistent and long
process that is based on effective communication about ethics and practices and
on rewarding proper actions that comply with the GRC strategy. It is not enough
to have good intentions. It is not enough to have an Internal Audit department.
It requires leadership, accountability and appropriate infrastructure to create
an environment that is conducive to ethical behaviour and that it is part of the
company’s business model.
The questions that firms need to ask themselves about managing the risks
associated with regulatory reforms include the following.
28
Unit 1 Understanding Governance, Risk and Compliance
Do we have the best controls in place to address the risks of fraud, abuse, or
even excessive and meaningless over-reporting of information?
Do we have a monitoring process in place to evaluate the efficacy of all the
controls, and to ensure that the regulators’ recommendations are followed?
Ensure the board and senior management commit to, and endorse,
the strategy.
Consider all key stakeholders, and ensure that all their requirements
are accommodated.
Establish the guiding principles and be sure that they are aligned with
the firm’s strategic objectives.
Make sure that risk-assessment processes are clear and well defined.
Identify any opportunities that the GRC strategy may present and take
advantage of them for the benefit of consumers and the firm overall.
Make sure that people, processes, outcomes and management
information are used cohesively and collectively in the journey to
achieving effective GRC.
In 2012, Barclays Bank plc was fined heavily by both UK and US regulators over its
manipulation of the London Interbank Offered Rate (LIBOR). Commentators at the
time pointed to the fact that the bank’s internal controls had failed to identify and
prevent the activity in the first place.
Appropriate daily supervision of the desk by the supervisors, as well as periodic review
of the communications, should have discovered the conduct. However, Barclays
lacked specific internal controls and procedures that would have enabled Barclays’
management or compliance to discover this conduct.
Barclays gave its consent to the order, without specifically admitting or denying
its findings. Referring to activities to manipulate the EURIBOR rate, an order
published by the CFTC said:
8. http://blogs.reuters.com/financial-regulatory-forum/2012/07/03/barclays-governance-
compliance-weaknesses-exposed-in-u-s-regulators-findings/.
29
Unit 1 Understanding Governance, Risk and Compliance
Multiple traders engaged in this conduct, and no attempt was made by any of the
traders to conceal the requests from supervisors at Barclays during the more than
four-year period in which the activity occurred … and on occasion, the traders
discussed their requests with trading desk managers.
Furthermore, the CFTC order alluded to the possibility that the Bank of England had
put pressure on Barclay’s to manipulate its LIBOR reports.
Barclays increasingly felt tremendous external pressures concerning how it was being
perceived in the market and media, particularly due to its higher Libor submissions
relative to the other panel banks. Barclays continued to believe that the other panel
banks’ Libor submissions were unrealistically low. Even though it maintained that its
liquidity position was in fact strong, Barclays was increasingly worried about these
market and media perceptions. At this time, the Bank of England had a conversation
with a senior individual in Barclays, in which it raised questions about Barclays’ liquidity
position and its relatively high Libor submissions.
In late October 2008, reacting to this pressure and the discussion with the Bank of
England, Barclays believed it needed to lower its Libor submissions even further.
Professor David Jackman, chair and founder of The Ethical Space and Into The
Clearing, describes ethics as ‘being a steward, being responsible to broader society,
and behaving in a “proper” way’. He explains that ’In our industry we need to be
more subtle in working out what is appropriate, what is practical and what is
realistic: factors which make it very difficult to apply “simple” ethical standards’.
30
Unit 1 Understanding Governance, Risk and Compliance
Both the UK regulators place great emphasis on their high-level rules contained in
the Principles for Businesses Handbook (FCA) and the Fundamental Rules (PRA),
both when initially authorising firms and subsequently when supervising them.
These set out the fundamental principles on which firms should be run, and act as
the foundation on which other rules and principles are based. These are arguably
the most important components of the Handbook and Fundamental Rules, and all
the subsequent regulatory rules relate back to these core principles. The aim of the
principles is to focus firms on ‘doing the right thing’ in the course of conducting
business – in other words, behaving ethically. Breaching a core principle makes
a firm liable to disciplinary sanctions. Enforcement notices issued refer to those
Principles for Business or Fundamental Rules that have been breached, as well as
any specific rule breaches that have occurred.
Even after the original publication of the Principles for Business by the FSA, many
firms continued to focus simply on attaining compliance with the regulations.
Because of the difficulty of positively motivating firms to ‘do the right thing’, in 2004
the FSA introduced its Treating Customers Fairly (TCF) initiative and it remains an
important area of focus for the FCA because the focus of its remit is on the conduct
of businesses. As the name suggests, TCF was additional principles-based guidance
to encourage firms to behave ethically in the context of customer treatment. This
initiative aimed to bridge the gap between the FSA’s Rules and its principles, and
they expected senior management to incorporate TCF into the company culture and
strategy. The overarching aim of TCF was to encourage firms to look beyond mere
compliance with the rules, but rather to comply with the spirit underlying them.
Today, the FCA retains this focus on high standards of ethics and integrity and
emphasises the importance of ethics and integrity in business. In a speech to the
Worshipful Company of International Bankers in March 2014, Martin Wheatley, CEO
of the FCA, summarised the link between regulations and ethical standards:9
Now, clearly regulators and firms still require rules to function effectively. But experience
tells us red tape is more easily hurdled than principles. So as we move forward, firms will
begin to see themselves held up against stricter ethical standards.
dominant individuals
a ‘blame culture’ in which employees are afraid to escalate issues
steep authority gradients or hierarchies
9. http://www.fca.org.uk/news/speeches/ethics-and-economics.
31
Unit 1 Understanding Governance, Risk and Compliance
The board and senior management must be aware that the interrelationships
between people are as important as the quality of the systems of control that are
put in place to monitor compliance. Therefore the responsibility for breaking down
the human barriers in the firm rests with the senior management and the board.
These values are set, for example, by society, your employer, professional bodies
and colleagues.
32
Unit 1 Understanding Governance, Risk and Compliance
A truly effective board of directors must take full responsibility and accountability
for the firm it manages. In its definition of corporate governance, the Cadbury
Report of 1992 (The Financial Aspects of Corporate Governance Report)10 gave its
understanding of the role of the board:
Corporate Governance is the system by which companies are directed and controlled.
Boards of Directors are responsible for the governance of their companies.
leadership
effectiveness
accountability
remuneration policies that are designed to promote the long-term success
of the company
strengthening relationships with shareholders by enhancing the quality
of information investors receive on the long-term health and strategy of
the company.
10. http://www.ecgi.org/codes/documents/cadbury.pdf.
11. http://commissiecorporategovernance.nl/monitoring-reports
33
Unit 1 Understanding Governance, Risk and Compliance
The management board and the supervisory board are responsible for the corporate
governance structure of the company and for compliance with this code. They are
accountable for this to the general meeting and should provide sound reasons for any
non-application of the provisions.
Shareholders take careful note and make a thorough assessment of the reasons given
by the company for any non-application of the best practice provisions of this code.
They should avoid adopting a ‘box-ticking approach’ when assessing the corporate
governance structure of the company and should be prepared to engage in a dialogue
if they do not accept the company’s explanation. There should be a basic recognition
that corporate governance must be tailored to the company-specific situation and that
non-application of individual provisions by a company may be justified.12
Ultimately, the board and senior management will dictate the risk-control
environment and the prevailing cultural attitude towards it. It often falls to the
Compliance department to encourage and equip the board to perform this
important function correctly. It is therefore necessary for compliance professionals
to be able to promote the benefits of compliance at all levels within a business.
As with the creation of the compliance environment itself, there are two distinct
elements to every effective compliance framework. The first is the construction
of the framework itself through procedures, monitoring processes and other
operational elements. The second is in the development of a culture which
encourages employees to ‘buy in’ to making the framework operate. It is difficult to
overstate the importance of creating and promoting a healthy compliance culture,
not only by persuading employees to discharge their duties in the right way, but
also by influencing management to adopt an encouraging and supportive attitude
towards the benefits that compliance can produce. ‘Compliance by all, for the
benefit of all’ should be the message promoted by senior management.
All employees must be given regular updates to ensure that they remain aware
of their individual GRC responsibilities. These responsibilities are relevant to their
particular role, function or position in the company. Today, proving that the firm is
compliant is as much about proving that employees and responsible persons have
the requisite knowledge and training to perform their work in a compliant way as it
is about ensuring that everyone is behaving to the required standards.
There are certain requirements, such as for anti money laundering and dealing
with bribery and corruption issues, and other specific business functions, for which
staff must undertake periodic refresher training, but firms must also be able to
demonstrate that there is comprehensive understanding of responsibilities and
expected standards of behaviour.
12. http://commissiecorporategovernance.nl/download/?id=606.
34
Unit 1 Understanding Governance, Risk and Compliance
In the UK, the FSA released a discussion paper in October 2002 (DP18)13 which
examined how businesses can create an ethical framework. Despite the time that
has passed since publication, its content and sentiment remain highly relevant
today for compliance professionals seeking to influence the culture of their firm,
and its key messages can be seen to apply internationally.
Effective GRC within a firm helps it to demonstrate regulatory assurance, with the
development of compliance culture and ethical behaviour expectations and, in
addition, regulatory assurance leads to benefits other than the avoidance of the risk
of regulatory breach. These benefits extend to the consumer, the regulator, and the
firm. These will be discussed further in section 6.1 below.
The ‘culture’ of a firm can be defined as being the sum of its values, attitudes
and beliefs. As well as this, it may include the way in which those within the firm
perceive what it stands for and the way they understand the environment in which
it operates. Consider the following question.
Q. If the culture of a firm is geared towards being ‘just compliant’ (doing the
minimum to comply with the rules) does it protect itself against sanction?
A. No. Being ‘just compliant’ will not necessarily prevent a firm from behaving
in a way contrary to the principles of regulation, which may result in
putting investors at risk or diminishing its market integrity or reputation,
or the stability of the financial system. Even the most rule-compliant
procedures and controls will not remove the possibility of regulator
sanction. Mechanical ‘tick box’ compliance will do little to prevent
broader issues.
13. http://www.fsa.gov.uk/library/policy/dp/2002/discussion_18.shtml.
35
Unit 1 Understanding Governance, Risk and Compliance
While the example above highlights one benefit of encouraging the correct culture
and attitude towards compliance, many others exist. Below are some further
benefits of robust governance, risk management and compliance and a strong
ethical culture, but this list is by no means exhaustive.
All risks will be managed better, especially compliance risk, regulatory risk
and, as a result, reputational risk. With the right culture and attitude in place,
breaches are less likely to occur.
Decision making, based on clear understanding of the facts and associated
risks, will be improved.
Higher standards of customer conduct, corporate conduct and market
conduct will be easier to achieve and to demonstrate, because the reasons
for it are more readily accepted.
Investors, customers and other stakeholders will have increased trust in the
firm, which may in turn lead to increased business.
There will be a better relationship with regulators. If something should go
wrong, a sound base exists from which to work together constructively to
resolve it. If a firm has built up a good reputation with its supervisor,
this can often pay regulatory dividends by resulting in a less intrusive
regulatory approach.
Staff motivation is improved where employees care that the companies for
which they work are ethical and well run. They can be a very effective way
of engaging employees, who will see value in what they do. This in turn will
lead to lower staff turnover.
Competitive advantage: well-run, compliant firms can gain real competitive
advantage over those that are in the business for the wrong reasons. The
efficiencies created by doing things ‘right first time’ can pay real commercial
dividends later.
Unfortunately, many of the risks and rewards above are fairly intangible. For
this reason, it is vital that compliance officers identify opportunities and look at
real-life examples to help others to understand the benefits of good compliance.
(This applies to boards and senior management in particular.) These may entail
positive examples – for example where the regulator decides not to take further
action following the notification of a breach, because of the good relationship and
high degree of confidence that the firm will put things right – or negative ones,
such as highlighting where other firms have fallen foul of the regulations and the
consequences they faced.
36
Unit 1 Understanding Governance, Risk and Compliance
Overall, it is clear that effective GRC in firms leads to enhanced benefits for
the consumer.
For the regulator, there are many benefits to be realised when firms have clear
sight of regulatory assurance. These include:
Firms in the market can also benefit from developing and demonstrating regulatory
assurance derived from high standards of culture, ethics and integrity, including:
37
Unit 1 Understanding Governance, Risk and Compliance
as for regulators (see section 6.1.2 above), good working relationships lead
to trust and collaboration, both in terms of future regulatory developments
and in dealing with any issues that may arise
attracting motivated employees who genuinely care about the firm they
work for, and the culture and ethics that it represents. This leads to lower
staff turnover, reducing costs, and creating benefits ultimately measured in
terms of customer satisfaction.
GRC’s importance to the board has evolved significantly over the past ten years so
that senior management now pays far more attention to these aspects of business,
as regulators are demanding increasing accountability and transparency for the
firm’s processes and procedures. The liability of individuals for their actions or
inactions and also heightened emphasis on the ethics, culture and integrity they
demonstrate is now under constant scrutiny.
This scrutiny of ethics and integrity has never been greater, and raises an
interesting debate. Even though many of the recent financial scandals have been
as a result of unlawful actions and behaviours, some have been about activities
that are within the law. Yet, the ethics of those concerned have been called
into question.
Boards and senior managers must ask the question ‘what is doing the right
thing?’ Opinions on what this is in any given situation will be divided, and the
firm, employees, customers and regulators will probably not share the same
answer to this. Trust has therefore been compromised by the different views of
these stakeholders.
Leaders of firms therefore need to create a shared sense of doing the right
thing, to develop a vision of the core purpose, and start to rebuild trust in the
firm – and even in the financial services industry. To do this, the board and senior
management need to agree on a common set of core values, cultural and ethical
standards, and build governance within the firm to demonstrate assurance.
More than this, these leaders must lead with authenticity, which will help in
rebuilding trust. By following the right path to achieve the core purpose, that core
purpose itself will drive the values, culture, behaviours, ethics and actions the firm
needs in order to rebuild trust.
38
Unit 1 Understanding Governance, Risk and Compliance
Learning outcomes
outline the historical issues, including some past scandals, that have led to
today’s emphasis on regulation
explain the events that led up to the global financial crisis of 2007–8, the
problems with the regulatory system that existed at that time, and what was
revealed by the Turner Review
outline the six key objectives of regulation in the financial services industry and
see how these are approached, using the example of the UK, by regulators in
pursuing their operational objectives and using the powers conferred on them
by legislation
explain what effective GRC is, why it is important, who is responsible for
inculcating it throughout a firm and, in broad terms, how this might be done
appreciate that the regulatory landscape is going to continue to change
and know how GRC can help in preparing the firm and its employees for
future events
outline the links between the various aspects of the GRC framework and explain
how embedding these within the firm will benefit the consumer, the regulator
and, in consequence, the firm itself.
39