Financial Institutions, Regulation and Compliance

Professor Daniel Hodson


Guests: Michael Foot, Managing Director and Head of Financial Supervision,
The Financial Services Authority, and David Pritchard, Director, Lloyds
TSB Group plc

This is the fourth lecture in my series for this academic year on the theme of Governance. Tonight I address the issue of the governance of Financial Institutions, making I hope some distinction with other types of corporate governance, and focussing on the role of the Board, as one who has served as an executive and nonexecutive director on several such boards (including Girobank, Nationwide BS, LIFFE, Independent Insurance).To help the debate I'm joined on the platform by two very distinguished figures in the financial world, one a main board director of a major bank, and the other a top regulator. I very much hope that my guests may take a slightly different approach to mine, emphasising more regulatory and executive level governance, in setting the ball rolling for our discussion later on.


Why are financial institutions different

Simply put, the basic functions of a financial institution fall into four categories: risk transference, investment and trading on own account, distribution/ broking, and money transfer. Each class involves risk, to a greater or lesser degree, and it is principally the central theme of risk management that, I contend, sets financial institutions apart. It is also in many cases, and particularly in larger entities, their complexity and depth, accompanied by risks of comparable complexity at every level throughout an often diverse and sophisticated organisation.

Add to these characteristics the potential numbers of clients, the longer term nature of the relationship and the strong duty of care associated with many of them (overriding in the case of retail institutions), as to the quality and appropriateness of the products themselves, and in their fiduciary role as the bailees or trustees of the clients own resources, be the latter cash or investment instruments, physical or derivative; then stir in the central economic position of large financial corporates, their importance in sustaining confidence in the financial structure of the economy, and the potential for fraud; and finally address the importance of the regulatory environment arising not just from the need to protect the client, but also the safety and quality of the markets in which the institution operates, at both a microeconomic, ie transactional level, and also at a macro level, ie solvency and capacity to undertake the risks involved: and there are indeed some very significant differentiators at play.

These issues are recognised in stakeholder priority: a greatly heightened emphasis on the client/customer and the Regulators), perhaps only just behind that of the shareholder, although as with most corporates, the latter continuing as sovereign, and the public interest not far behind. In these circumstances, it is difficult to not to argue that the balance, required skills, and responsibilities of the boards of financial organisations may to a degree set them apart from those of other corporate organisations.


Risk review

Risk management responsibilities are therefore paramount to the boards of financial institutions. It is fashionable to complain about and make light of new requirements for boards in general in relation to their 'statutory' declarations in their annual reports to shareholders. The most recent is the need for a complete and comprehensive risk review of the business, to ensure that the board is fully apprised of all the major risks relevant to the business and the ways in which management has dealt with them, and is so declaring to the shareholders.

But in the context of financial institutions, it becomes an overriding and critical project, and indeed, although it is at least an annual exercise for the board, it should be the subject of continual review by management.

At the heart of the requirement is the absolute requirement for understanding at board level of the major risks taken on by the institution. Two anecdotes illustrate the importance of this. The more homely concerns one of the most successful bankers of recent times, Sir Denis Weatherstone, who rose from clerical origins in the City via the trading desk to be Chairman of JPMorgan in New York, then the most admired and blue blooded bank in the world. His test for complex new products was simple: he asked the promoting manager to explain it to him in the clearest language. If he then felt he did not understand it, he would ask for another explanation. And if he could not grasp it then, he threw the product out, regardless of the arguments being promoted in its favour. He took the view that if he did not understand it, there was no way that his board would, and the risk level was therefore not acceptable. Modern bankers please take note.

Another example is provided by asetback suffered by NatWest, one of the chain of negative events which ultimately of course led to the latter's takeover by Royal Bank of Scotland. In this instance it concerned a portfolio of complex derivative options held by the investment banking side of the institution and valued internally on a regular basis. In 1994, the bank acquired the US based Greenwich Associates, not least for their derivative expertise. A logical first task for the newly joined firm was to take a look at the existing option valuations. And of course the result, based on a new and presumably more sophisticated approach, was very different, and resulted in huge writeoffs. Who really understood what was going on, and at what level? It seems certain that NatWest Board had no concept of the actual or potential exposure.


The 'four eyes' principle and the structure of Boards

The risk review exercise will undoubtedly draw attention to up to, say, 20 major operational and strategic risks on which the Board should keep an eye, and a rather smaller number which are of overwhelming strategic importance. To what extent should individual members, executive or nonexecutive, of the board have more than a superficial knowledge and understanding of each of these risks, their origin and management, and where appropriate the products associated with them? There used to exist a notion, sponsored by the Bank of England in its past regulatory role, called the 'four eyes concept': namely that every board should contain at least two people who understood every significant risk and/or product associated with the institution, hence the expression 'four eyes'. Indeed this concept was also putatively applied to major subsidiary boards, sitting as strategic boards over large self accounting areas of operation.

This did not of course imply that every director should understand every product, but rather that at least two members should do so. The question then arises as to whether nonexecutive directors of the main board of financial institutions should be expected to have sufficient skills to be expected to contribute some of those 'eyes'. I would argue that they unequivocally should.

This is not to demean the role of directors with general, but not necessarily financial services, business experience. The expression 'there is nothing new under the sun' is as germane in the financial services world as it is throughout industry, and a great many if not most of the strategic, organisational and operational issues which will face the board of any financial institution will be comparable to those experienced by any corporate body; in those circumstances the highly experienced, but generalist (and by implication nonspecialist) director will be of huge importance.

Nonetheless it is hard to escape the fact that financial institutions are for the most part, as I have argued earlier, about risk transference and risk management. From this follows the proposition, which I find compelling, that there should be sufficient nonexecutive directors to provide understanding at Board level of both the major operational and strategic risks.

The second 'pair' of eyes (thus making four, subject to any unforeseen physical disability) would then belong to an executive member of the Board, who would either have direct responsibility for or have a proper understanding of the appropriate risk/product.

There are two possible objections to the increased formalisation of a 'four eyes' rule. First that it may increase the size of boards to unmanageable proportions, a criticism that may be applied to many financial institutions with or without a four eyes doctrine. Certainly I believe it to be true that main boards function best with no more than 12 members, as I have stated in an earlier lecture, and pruning would I believe be a major benefit in many boards across the City. But of course an NED with the appropriate risk understanding may have knowledge of many such risks (and may also have the general business background and other qualities necessary in an NED), so that four or five NEDs between them may indeed have the complete range of risk and general business understanding.

It is also argued that such paragons are hard to find, and indeed would probably only come from competitors. This is easy to refute given the vast array of advisors, accountants, investment bankers, lawyers and non-competitive market participants from which they might be drawn, as well as those who learned their skills as competitors, but have now moved on.


The governance framework

In support of and underpinning a suitably qualified board is the framework within which it operates. In many respects this is not substantially different from that of nonfinancial entities. I have in earlier lectures addressed the roles of the various committees of the Board, and specifically those, which are general to all major and pie type boards, such as the Audit Committee and the Remuneration Committee. The proper functioning of such committees, together with the regular supply of appropriate management information, are critically important, as indeed is the Board's obligation to ensure that the appropriate management structure and senior executives are in place. Given the importance of the Regulator as a key stakeholder, the compliance and regulatory functions within the management framework must be of particular concern to the Board.

Perhaps the Equitable Life could have been saved had there been a modem governance structure in place, appropriate to a life company with over a million policyholders, over'the decades in which the'seedsof its destruction were sown. The story is relatively simple: the Equitable Life had been selling guaranteed annuities as part of their pension package since 1957, in effect fixing the amount of future pension that a sum invested today could buy, regardless of the performance of markets or indeed of variations in actuarial life expectancy in the meantime. Both turned against them - bond yields fell and life expectancy increased, forcing down the yield at which annuities could be bought. They consequently found that if they were to meet the contractual expectations of the relevant policy holders, a substantial deficit would be incurred, which could only be filled by reducing the bonuses made available to other unguaranteed policyholders. The Board therefore set about disclaiming a substantial part of the guaranteed element of the policies, but failed to convince the courts. Consequently the fund is now closed and a great institution laid low.

Much of the sad tale turns round actuarial judgements, which argues of course for greater actuarial knowledge amongst nonexecutive directors on relevant financial boards. This is an issue for yet another lecture in its own right. However, if the latter had been in place it is possible to suggest that:

1 - The original Board decision to launch the product, would, particularly with the four eyes concept adopted, have resulted in a deep understanding of the risks involved, and the progress of the product would have formed a regular item on the Risk Review.

2 - When it became clear that economic and market circumstances were creating a potential funding deficit, appropriate provisions or reserves should have been made, spreading the cost over an appropriate period, and flagging the need for caution in pricing and bonus strategy in general. This would have been principally a matter for the Audit Committee in its scrutiny of the formal financial accounts of the institution.

3 - The size of the deficit and the reserves set aside against it would have been a regular feature of Board level management information.

4 - The decision to attempt reduce the apparently guaranteed benefits of certain policy holders was an ethical issue of huge importance. In these circumstances, and given the standing of Equitable, 'my word is my bond' and the potential reputational risk to the company, quite apart from any other considerations should not have been far from the collective mind of the Board. Is it fair to argue that a major misjudgement occurred and one which a differently constituted Board - one with a different, and better technically qualified nonexecutive imput - might have avoided? The decision was certainly one which the institution had to take on its own, and at least in principle. I shall return to the potential role of the regulator in this affair, later in this lecture.


The Regulator as longstop

It has been suggested that the Regulator might provide the 'second' pair of eyes, after those of the executive, rather than for instance individual NEDs. But this is to misunderstand the role of the Regulator.

It would of course take a whole course of lectures to describe the background to and the activities of regulation in respect of financial institutions. In the simplest terms, however the Regulator is charged with the protection and supervision, to a varying degree, of four elements of financial markets: the markets themselves, the participants in those markets, the users of those markets and the public interest associated with those markets.

What is absolutely clear is that the Board cannot in any way delegate its responsibilities to the Regulator, and specifically in the context of the comprehension and management of risk. It may be theoretically true that the Regulator should have as broad and deep a view and understanding of complex risks as possible, it is not always practically the case, and it will in any event remain first and foremost the responsibility of the Board.

But it is also true that the regulator must fulfil a longstop role, in the interest of the institution, the relevant markets and the public.. This role is particularly critical when the internal compliance, regulatory and delegatory framework of the institution may be incomplete or incompetent.

In my role as CEO of LIFFE, I was also a senior regulator, since the exchange was a Recognised Investment Exchange (RIE) and therefore operating as a frontline selfregulating body. There were a number of times when some interesting market developments or positions arose which made it necessary for me to call the head of the relevant firm for a chat to make sure that everybody fully understood what was going on. On more than one occasion, I found myself telling my opposite number something new (and presumably exciting), where the ve,ry fact of the call meant that extraordinary risk - either for the market or the firm itself - was potentially being incurred. The question is, was it right that that individual heard the glad tidings from me, or should he at least been aware/ authorised the establishment of the position?


Culture and ethics

The Board also has a critical role in setting the cultural and ethical environment of any institution. This responsibility is undoubtedly more pronounced with financial institutions, given in particular their prudential and fiduciary responsibilities, nor is it an area where the regulator can necessarily take a leading role. And, arguably, the tone adopted should that associated with the highest ethical values. A clear illustration of this is the behaviour of the Building Societies, and many other retail depositories, at least until the early 90s, in relation to the introduction of 'new' accounts.

Building Societies had been in the habit of simultaneously attracting new deposit funds and reducing their overall cost of liabilities by creating a new deposit product, often only marginally different from one already existing, with a great song and dance, and very competitive pricing. The investors' money would pour in, but it was of course expensive, and the trick then was to gradually and subtly reduce the interest rate payable on any comparable 'old' product, playing on the inertia of the 'old' depositors, who would take a while to catch up. Some, usually the weakest, never did, and were in effect ripped off for years. The principal sin was a deliberate failure to communicate.

l was workirig at the Nationwide in the late 80s and early 90s and we were as guilty as any other society of using this technique. But we got caught out at two levels. First, the personal money columns cottoned onto what was going on, probably on account of one particularly blatant new product line introduced by us. This resulted in horrendous negative publicity, and a six hour AGM, at which more than just the Board's collective bladders were tested. And second we acquired a Chairman from outside the industry, Sir Colin Comess, who was flabbergasted at what had for years been going on, and ordered it stopped.

With hindsight it is clear that the practice was unfair, and the relevant depositories boards (and there were many involved) should have called a halt a long time earlier. Leaving aside the universal issues involved (what lan Hay Davidson, the first great 'dust buster' at Lloyds used to describe as The Ten Commandments), the reputational damage was enormous.

What is perhaps particularly interesting about this episode is that the practice went on under the baleful eye of one of the most diligent regulators in the history of that art, the Building Societies Commissioner. Inevitably also there were complaints to the Building Societies' Ombudsman, who never took serious action, either, feeling that the practice was not one that he could proscribe as such.


The Barings example

As a final roundup I find it impossible not to take examples from the Barings collapse, illustrating as it does not only how proper governance structures might, in various ways have saved the bank, but also a failure of frontline longstop' regulatory supervision.

The story is simple. Nick Leeson, stationed in Singapore, set up increasingly large proprietary (or house) positions first in Singapore, and then in Osaka, trading in the Nikkei (Japanese FTSE equivalent) index, both long. He told his colleagues in London and the Singapore exchange (SIMEX) that he was arbitraging between the two exchanges, having a long position in one (Singapore) offsetting that with a short position in the other (Osaka), a barefaced lie. The losses on both exchanges grew as the Nikkei fell, and Leeson had to produce more margin at the respective exchanges/clearing houses to cover these positions. In Japan he used client margin money, possible there because of lax rules on the use of client money; in Singapore the situation became so difficult that he had to ask Barings London for a sum roughly equivalent to the firm's capital, justifying it on the grounds that it was for arbitrage and that the underlying position was therefore virtually risktree. There were various subplots, but the conclusion, as all the world knows, was inevitable and violent, and the story continues to this day with the recent announcement of ING's disposal of the rump of Barings investment banking operations.

In order to analyse the lessons learned, there is a further, lesser known, but stunning point to add: whereas the positions of individual investors is in general a secret matter, the rules at Osaka meant that the details of Barings' long position were entirely public and were pinned on a notice board. And all this while Leeson was declaring that he was short in Osaka and being believed in SIMEX and in Barings London. Perhaps the cutest operators in this whole affair was at least one London based investment bank who withdrew their counterparty lines with Barings a few weeks before the collapse.

And so the lessons from an institutional governance perspective are:

1 - It was clear that there was no in depth understanding of the risks involved in derivatives trading at Barings board level, either executive or nonexecutive; arguably application of the four eyes principal would have at least rectified that.

2 - In particular the proper application of a risk review as currently proscribed should have underlined the specific risk involved

3 - Regular and routine management information should have drawn the inherent loss in each exchange to the attention of first management, and then the Board

4 - The export, allegedly to provide margin cover for arbitrage activities, of a sum equivalent to the whole of the capital of the institution should have been a board matter, with a full examination and details. In the event it seems to have been handled totally informally; there appear to have been no constraints from the Board on a remittance with such a purpose.

5 - This is a case where the longstop role of the frontline regulator, in this case SIMEX, could have been critical. Had SIMEX talked to Osaka, or even asked somebody to look at the public position board at the latter, Leeson's seam would have been exposed much earlier and Barings would have stood a good chance of being saved.

And reverting to an earlier topic, could the Equitable Life debacle been avoided had the regulator been more diligent in understanding the position and taking action to force the Board to accept and mitigate the risks inherent in the products being sold?



The conclusions I therefore leave with you for debate are:

Financial institutions are distinguished principally by their central activity and skill of risk management and the significantly enhanced importance of the regulator and the client/customer (particularly retail) as stakeholder

The basic responsibility of their boards remain the same, but they should pay particular attention to the formal process of risk review, to the governance and management information framework, and to the structure of regulatory compliance and delegation

Boards should in particular apply the 'foureyes' principle: that at least one executive and one nonexecutive member of the Board should understand every major risk undertaken

The Board's role is also critical in setting the cultural and ethical environment in which the institution is operating.

The Regulator can never substitute for the management responsibilities of the Board, but may be reasonably be expected to act as a longstop.

Both the Barings collapse, and arguably the current difficulties of Equitable Life could have been avoided had this longstop role been effective.


© Daniel Hodson