Roger Mccormick, Chris Stears
Roger McCormick, Chris Stears
- Credit risk — European Banking Authority (EBA)
British insurance companies, banks and other financial institutions achieved net exports of £19bn … in 2004, almost three times higher than their contribution to the UK’s balance of payments a decade ago. No other advanced country has enjoyed Britain’s success in deriving a large increase in export earnings from its financial sector … The surge has been driven principally by increased business in the City of London.1
There is now such creativity of new and very sophisticated financial instruments … that we don’t know fully where the risks are located … We are trying to understand what is going on but it is a big, big challenge.2
… the market is entitled to expect the law:
• to be accessible; …
• to facilitate the efficiency and stability of the market and reduce systemic risk;
• to be sufficiently responsive to the legitimate needs of investors, intermediaries and collateral takers to encourage them to select English law as the governing law and avoid a situation in which … English law is seen as the weak link in the chain …3
But ‘legal risk is now replacing credit risk’ as the key uncertainty, as one central banker notes, and this ‘raises questions about investability of the banks’. By late 2013, according to Prof McCormick’s data, the top 10 banks had posted £50bn reserves to absorb legal hits. But nobody knows if that will be enough.4
Intro 1.01 Banks and other financial market participants are in the risk business. The most basic and fundamental risks in banking business, such as credit risk, are so well understood (even though difficult to manage) as to be virtually self-explanatory. However, there are other risks in financial markets, many of them grouped under the heading of ‘operational risk’, which are less well understood and particularly (p. 2) difficult to manage. In this category fall legal and conduct risk, the subject of this book. As will be explained, these two risks are so closely related that one of them (conduct risk) may be regarded as a sub-category of the other. The purpose of this book is to describe and explain legal and conduct risk and suggest possible approaches to their management. This will involve both analysis of what the terms mean and the context in which the risks arise and also some narrative description of the main events of the Financial Crisis (2008–11) and its aftermath, when such risks and the consequences of failing to manage them threatened international stability. But, first, in the following paragraphs, we put the topic of risk generally into context.
Intro 1.02 No one who leads a normal life can avoid taking risks. They are part of the human condition, infinite in variety, both as to nature and as to seriousness. Everyday life involves taking risks on commonplace things such as the weather or the punctuality of trains as well as on more weighty matters such as the financial performance of investments or whether or not to change jobs or move house. We take risks from time to time on matters that might affect our health and physical well-being. We may risk our fortune or our reputation. Sometimes, albeit unwillingly, we may even have to take decisions that have life or death implications for ourselves or others.
Intro 1.03 How do individuals deal with everyday risks? If we are faced with a risk that we do not feel we should take, we might change our plans in order to avoid it or we might insure against it, so that our insurer bears the financial consequences. To be able to take a decision like that, we need to be alert to the risk in the first place and have some idea of its seriousness—by which we usually mean: how likely is this to happen and how badly would it affect things if it did happen? We also need to judge whether the benefit gained by transferring some or part of the risk to an insurance company is worth the cost (ie the premium). These decisions are not all easy and we sometimes make mistakes. Sometimes they can be very expensive mistakes. Unless we are content to rely purely on chance or luck, it is important that the decisions are informed decisions. Most of us seek a happy balance, not wishing to be overburdened with worry about relative trivia. But there are times when it pays to be cautious and not to rush decisions before all the implications have been taken into account. The same rules that apply to our personal lives apply, broadly, to business life. The main differences stem from the fact that business life involves third parties with commercial, and possibly other, expectations. They may have legal rights to have those expectations met. There may also be a more legally (and politically) intrusive regime than applies to the everyday life of an individual.
Intro 1.04 As stated above, this book is about risks that are commonly called legal risks.5 More specifically, it is about legal risks arising in the operation and practices of (p. 3) the financial markets. They are a part of the spectrum of risks that are inherent in the operations of banks and other financial institutions, affecting the lives of the people who work there and customers of all kinds who put their trust in them as well as, in more extreme cases, the financial system itself. Banking is, by nature, risky. It involves, at its core, the process known as ‘maturity transformation’, ie ‘lending long and borrowing short’. A bank takes money in (ie borrows it) from many sources, including individual and corporate customers and the money markets. Much of that money is withdrawable virtually at will—with little or no notice required to the bank. However, much of the money that a bank lends out, say, to householders for mortgages or to industry to finance development or expansion, is lent on a medium or long term basis. If all the depositors with the bank asked for their money back at the same time, it would not be able to pay them (however sound the loans that it had made might be). There is, therefore, a liquidity risk built into the system.6 We expect banks to perform this ‘utility’ role and to take, and manage, the implicit risks associated with it. Such risks include, of course, the risk of lending to borrowers who default as well as the risk of mismatched funding creating liquidity difficulties. But, just as banking involves more than the making of loans and acceptance of deposits, it also involves many other kinds of risk. For example, and particularly in the context of legal risk,7 in the years since the LIBOR scandal,8 risks associated with misconduct by bank employees and officers, have achieved a particular prominence.9 In this book, risk of this kind is referred to as ‘conduct risk’.
Intro 1.05 In June 2015, the European Systemic Risk Board published a report on macroprudential aspects of conduct risk (which it termed ‘misconduct risk’) (p. 4) entitled ‘Report on Misconduct Risk in the Banking Sector’ in which it considered its potential systemic impact. The report did not attempt to define conduct risk (noting that although it is part of operational risk it is broader when seen from a ‘supervision perspective’ because ‘it includes the risks to which banks may be exposed as a result of their poor business conduct, as well as the risks to which such risks conduct exposes their customers’. The report did, however, give some examples of ‘the main types of conduct risk’:
(c) violation of national and international rules and regulations (tax rules, anti-money laundering rules, anti-terrorism rules, economic sanctions, etc.) for instance EU banks breaking US sanctions against trade with Sudan, Iran, and Cuba;
Later in 2015, a definition of conduct risk was put forward by the European Banking Authority:
Conduct risk is defined as the current or prospective risk of losses to an institution arising from an inappropriate supply of financial services including cases of wilful or negligent misconduct.10
This definition appears to focus on paragraphs (a) and (b) of the ESRB’s statement set out above rather than (c) and (d). It is too narrow.
As stated above, it is considered that conduct risk is a form of legal risk but because it has become such a serious, at times almost existential, risk (for banks) the authors consider it merits analysis separate from other legal risks.11 (It is this kind of risk that Gillian Tett refers to as the risk of a ‘legal hit’ in the extract from her 2014 article captioned above12).
Risk is inevitable in entrepreneurial activity and banks are expected to take at least certain kinds of risk. As we shall see, much is said about the need for risk assessment and risk management. But the more basic question, which can arise in many different contexts, is: how much risk is appropriate? Or, to use the industry jargon, what is the risk ‘appetite’? There is rarely an easy or obvious answer. Further, and following the LIBOR scandal, an even more basic question (p. 5) has arisen: how can a bank control conduct risk that may lead to fines of such a magnitude that the bank’s reputation is fundamentally damaged and its ongoing viability threatened?
Intro 1.06 Risk in banking activity also poses problems that are peculiar to banks. Part of the theoretical ‘bargain’ between society and the banks includes the possibility of giving the banks financial support from the authorities, usually the central bank, if the risk that comes with the maturity transformation role becomes unmanageable for some reason. But it is important that such support is not guaranteed. If that were the case, banks would feel able to take all manner of risks, paying the returns to their shareholders and employees, knowing all the time that there would be a helping hand from the taxpayer if they got into difficulties. That scenario is often referred to as the ‘moral hazard’ problem. It is a scenario that some fear the Financial Crisis (2007–11)13 has brought to pass, as regulatory authorities around the world contemplate the unwelcome possibility of an institution that is deemed ‘too big to fail’ calling on them for a ‘bail-out’. However, it is not new. It is just that the Financial Crisis made us much more aware of it and the complexities that are involved as a result of globalization.
Intro 1.07 As has been all too graphically demonstrated by the Financial Crisis, the more serious risks taken by banks do not affect only themselves; they may also affect the financial stability of modern economic life. It is in our collective interest that the banking system and the financial markets are reasonably secure. We instinctively recoil from the injustice of ‘moral hazard’: the public sector should not guarantee banks’ profits, still less the financial rewards payable to individual bankers. But there is, nevertheless, a desire for stability, reflecting the need to ensure as far as possible that, to put it rather crudely, our money is ‘safe’ when it is placed in the hands of banks and financial institutions for non-speculative purposes. The desire for stability sits uneasily with the desire to encourage even ‘prudent’ or ‘responsible’ risk taking. Society is presented with a dilemma. It is a dilemma that pervades the various responses to the Financial Crisis that have been seen in the major financial market jurisdictions. The dilemma presents itself in different ways but one of the more important is in the legal and regulatory responses in those jurisdictions. The post-Financial Crisis landscape is a world where, on the one hand, banks have been able to return to profitability but, on the other, the agenda for reform and change—fundamental change—to the way banks do business, and especially as regards the ethical or moral behavior of bankers, is still very much on the table.14 The LIBOR scandal (and related events) have also triggered a substantial litigation and enforcement agenda as more information continues to come to light about transactions at the heart of the Financial Crisis and even subsequent (p. 6) to it, and regulators and law-makers have looked, and continue to look, to punish wrongdoers. And those who lost money consider legal action to recover it. A new set of risks flows from these phenomena. The scale of these risks and the uncertainty about how they may be managed may be described as a crisis its own right. In this book, that crisis is referred to as the Conduct Crisis.
Intro 1.08 Prior to the Financial Crisis, the City of London’s success as a venue for financial market activity (and the stability of the UK financial system) was built upon the relationship between market participants, those who regulate them, and those responsible for the laws that apply to market transactions. This will remain the case.15 Regulation of markets is a response to the behaviour of markets, and effective law and regulation applicable to market activity has to be informed by an understanding of the reasons for that behaviour. Although any successful marketplace needs more than just a reliable and soundly based legal system, if it does not have that as a foundation, it will not last for very long. Bad laws, which may threaten the reliability of bargains entered into in good faith or expose honest businesses to unacceptable hazards, cause risks to arise (‘legal risks’ again) which, ultimately, can drive markets away. Although, as we shall see, the financial markets will tolerate a degree of legal risk, it is rarely welcomed and generally only accepted, grudgingly, if it is unavoidable. The need to be vigilant in this area has only been intensified by the Crises as new laws have been enacted, in some cases as a matter of urgency, in response to issues raised by it. Few would dispute that these laws are needed but some of them have had a radical effect on the legal risks faced by banks, their shareholders and contractual counterparties.
Intro 1.09 In addition to specific changes in law, uncertainty about proposed changes in law can have an adverse effect on markets. The protracted, and at times very heated, debate, at national and international level, as to the nature of the structural changes (if any) that may be needed to the business of banking (in the broadest sense) in order to achieve a satisfactory solution to the ‘too-big-to-fail’ problem16 and correct perceived injustices related to individual bankers’ extremely high remuneration has introduced a significant element of uncertainty for market participants. Proposals for change, sometimes radical change, have come from many sources. There can be a significant time lag between a proposal surfacing and it either (a) becoming law or (b) being withdrawn. Until the outcome is known, uncertainty reigns. One of the most striking examples of such a proposal came in January 2010, when President Obama of the USA announced that, in the USA, banks would no longer ‘be allowed to own, invest or sponsor hedge funds, private (p. 7) equity funds or proprietary trading operations for their own profit unrelated to serving their customers.’ In the same announcement he also said that he was ready for a ‘fight’ with the banks and that ‘never again will the American taxpayer be held hostage by a bank that is too big to fail.’ The terms of the announcement, which indicated that banks in the USA would be subject to laws requiring major structural changes to the kinds of business in which they could engage, provided just one example of the degree of public anger (against banks and bankers) that the Financial Crisis (and, later, the Conduct Crisis) generated. Politicians respond as one would expect: it has become easy to blame unpopular bankers, almost as a form of displacement activity, when things go wrong. (At the time of the first Greek sovereign debt crisis,17 many European politicians blamed the financial markets for perceived weaknesses in the euro and failing confidence in the creditworthiness of various EU sovereign debtors.) The risks attached to this are, of course, partly political18—but they also involve legal risks in the form of the new laws and regulations that emerge over time. The Obama announcement also generated uncertainty. How and when would these proposals be implemented in detail?19 Leaving aside the unclear nature (at least as at the time of the announcement) of how the proposals might be formulated into law in the USA, there was also the question of the extent to which they may be followed elsewhere. Was the USA intent on ‘going it alone’ rather than acting ‘in convoy’ with other financial centres? The initial reaction to them from the UK and the EU was decidedly mixed, with many EU countries preferring to stay with the model of the big ‘universal bank’ and the UK government apparently feeling that other proposals already tabled in the UK would suffice in order to meet the relevant objectives. It is perhaps a sign of how far globalization of the financial markets has gone that whenever a country has indicated, post-Financial Crisis, that it might ‘go it alone’ on regulatory reform (for example, Germany, in relation to its announcement of a ‘naked short-selling’ ban in May 2010) it has tended to come in for criticism for that very reason.
Intro 1.10 The risk profile of banks is also affected by the continuing development of anti- terrorist and anti-money laundering laws, an increasingly uncompromising attitude of regulators to fraud and other kinds of financial crime, more aggressive (p. 8) political responses to tax evasion and ‘aggressive tax avoidance’ and an apparently ever-growing need for additional consumer protection measures to combat perceived unfair practices. All this has an impact on how banks manage their business. They play a central role in our lives. Their access to our money, and information about what we do with it, has caused that role to be extended into areas such as the criminal justice system and the tax collection apparatus20 that, in effect, make them part of the executive’s ‘enforcement machinery’ and place heavy responsibilities on them. The risks that flow from this ‘come with the territory’ but it is not necessarily a territory that they have voluntarily chosen to occupy.
Intro 1.11 Some legal risks are quite easy to understand and some are much more complex. However, they are all of concern to all of us, and their importance has increased markedly over the last 25 years. The concern extends not only to the risks themselves but also the cost of managing them and the impact of that cost on running a financial services business. Before the Financial Crisis, some commentators felt such businesses were subject to ‘over-regulation’.21 Following the Financial Crisis, many commentators have voiced criticism to the effect that the pre-Financial Crisis regulatory regime followed an excessively ‘light touch’ approach. There certainly seem to have been some regulatory shortcomings, whether due to the ‘regime’ or the manner in which it was operated. Inevitably perhaps, concerns have also been voiced that the regulatory reaction to the Financial Crisis might be too heavy-handed (although tougher regulation certainly has popular support). There are also differences of opinion at international level as to how and where (p. 9) any such ‘heavy hand’ should fall and the extent to which regulatory power should be handed over by national bodies to international bodies. Whatever the merits of any given regulatory measure, the legal risk (for any given financial institution) attached to regulatory non-compliance has to be taken seriously, even more seriously than before the Financial Crisis.22
Intro 1.12 The regulator for financial market activity in the UK for the period between 2001 and 2013 was the Financial Services Authority (FSA),23 which covered banking, mortgage lending and advice, all kinds of insurance, and investment business. Following the General Election of 2010, and the formation of a coalition government, the UK financial regulatory system was, in 2013, substantially overhauled, moving to a so-called ‘twin peaks’ system, with the roles of the FSA (which was abolished) being shared by the new FCA (as to conduct supervision) and the Prudential Regulation Authority (PRA) as to prudential supervision matters.24
Intro 1.13 The regulatory regime is complex. Regulated financial institutions are not only governed by laws (as we all are). They are also bound by ‘rules’ (some of which are expressed as very broad principles), told what to do by ‘directions’ and ‘requirements’, expected to be steered by ‘guidance’, protected by ‘safe harbours’ (but potentially damned by other ‘evidential provisions’), and required to comply with an ever-increasing number of codes of conduct.25 And that is just in the UK. The appropriate multiplier can be applied, depending on the number of jurisdictions in which a regulated business has activities. Managing the risks associated with this costs a great deal. It is understandable that we should ensure as far as possible (p. 10) that the regulatory system protects consumers who have savings, or indeed any credit balances, with banks and building societies. But does the system over-protect in certain areas? Does the extra protection we get from, say, being ‘mis-sold’ an insurance policy that is ill-suited to our needs or having more accessible complaint procedures justify the expense associated with the regulation? Why are we now so much more concerned about such risks? Are we more likely to be ‘victims’ of mis-selling than before? Have the products on offer become more difficult to understand or have we only recently woken up to their inherent risks?26 Will there come a time when we can be expected to manage the more ‘common or garden’ financial risks without the cloak of regulatory protection? Or have we become reluctant to accept responsibility for our own investment decisions?
Intro 1.14 The cost and extent of regulation (and the risk of being sued or fined) is a major issue, but legal risk for banks and other financial institutions involves other hazards affecting, for example, the recoverability of money lent or invested or the effectiveness of security for loans. There are also more technical, but crucially important,27 risks associated with whether or not claims and liabilities amongst financial market participants (and their customers) should be measured on a gross or net basis (so that, in the latter case, a bank’s liability to X is deemed to be reduced by the amount that X owes to that bank) and whether the legal analysis of the contracts that have been entered into, including property rights as well as the position on a party’s insolvency, supports the practice of the market.28 The management of these risks is a big business in itself and a major concern of regulators. Such risks have prompted a number of important EU directives as well as legal reforms all over the world in countries that host significant financial markets. Technical (or defective documentation) legal risk was also partly responsible for driving the fear in the markets that came close to panic at the height of the Financial Crisis. An article in the Sunday Times of 14 February 2010,29 examined the role of Hank Paulson30 in the Crisis and, particularly, at the time of the collapse of Lehman Brothers in September 2008:
(p. 11) The biggest problem with Lehman’s collapse came when Price Waterhouse Coopers, the administrator to Lehman in Britain, started to seize assets on behalf of creditors, including funds that supposedly belonged to clients. In his book,31 Paulson says he received a call from Lloyd Blankfein, his successor at Goldman Sachs, who told him that the administrator had spread panic. ‘He was shocked,’ said Paulson, ‘When collateral that was viewed as third party collateral in customer accounts in a broker-dealer gets frozen–that was something that accentuated the panic.’
Intro 1.15 It is evident from Paulson’s comments that this development took him and many others by surprise as well. Further commentary on the Paulson/Blankfein conversation is found in Sorkin’s book about the Lehman collapse, ‘Too big to fail’:32
Hank Paulson was in his office when Lloyd Blankfein called him at 9:40 a.m. in a panic. Blankfein, anxious by nature, was even more so now, and Paulson could sense it.
Blankfein told Paulson about a new problem he was seeing in the market. Hedge funds that had traded through Lehman’s London unit were suddenly being cut off, sucking billions of dollars out of the market. While the Fed had kept Lehman’s broker-dealer in the United States open in order to wind down trades, Lehman’s European and Asian operations were forced by law to file for bankruptcy immediately.
Blankfein explained that through an arcane process called rehypothecation, Lehman had reloaned the hedge funds’ collateral to others through its London unit, and sorting out who owned what had become a logistical nightmare. To stay liquid, many hedge funds were forced to sell assets, which pushed the market even lower.
Intro 1.16 One hedge fund manager was described as having to ‘tell his investors that their money had become trapped in a mysterious bankruptcy process in London.’ According to Sorkin, Blankfein was ‘pleading with his former boss33 to do something to calm the markets’ and ‘told Paulson that his biggest worry was that so much money was clogged up inside Lehman that investors would panic and start pulling their money out of Goldman Sachs and Morgan Stanley, too.’ Blankfein was right to be worried, as the subsequent difficulties with the Lehman administration and ‘client assets’ showed, but, in fact, there was nothing ‘mysterious’ about the bankruptcy process in London. The problem that investors who had given rehypothecation rights faced stemmed directly from the documents that they had signed; they had agreed to give up property rights and become unsecured creditors instead. The legal issues associated with recovering ‘client assets’ from the Lehman insolvency are considered in detail in paras [8.70] et seq.
(p. 12) Intro 1.17 As the Lehman ‘client assets’ problems demonstrate, legal risk, even when of a somewhat arcane, technical nature, retains the capacity to deliver nasty surprises, even to the very experienced and well-advised. The branch of legal risk that we call conduct risk, in particular, now presents a major, almost existential, problem for banks as they try, with only limited success so far, to ‘regain public trust’ and restore their reputations. Managing conduct risk raises important questions of ethics, morality, and culture and requires an understanding of individual and collective behaviour that is very new territory for conventional legal risk management. Kurer refers to the challenge as the ‘new frontier’, observing that:
There is … a very basic issue with the concept of individual behavior in the context of compliance: we know very little about it.34
Given that the author of these words is a past General Counsel, and also Chairman of UBS AG, his comments give some pause for thought.
Intro 1.18 The problem of ‘behaviour’ is closely linked, of course, to conduct risk. The need to deal more effectively with conduct risk must now be seen as a crucial part of the banks’ expressed desire to ‘regain public trust’ and correct what the Governor of the Bank of England, Mark Carney, has called ‘ethical drift’.35 The Governor has complained36 that ‘unethical behavior’ has gone ‘unchecked’ and has ‘proliferated’ and become ‘the norm’. Although ‘a good start’ may have been made to correcting past deficiencies, his critique37 that ‘too many participants neither felt responsible for the system nor recognized the full impact of their actions’ has a continued resonance for those concerned about the restoration of public trust in banks and financial markets generally. Mervyn King, who preceded Mark Carney as Governor of the Bank of England, has trenchant views on the conduct question:
The expansion of trading rather than traditional lending also altered the culture of banking. New ways of making money relied on recruiting extremely clever individuals—mathematicians, physicists, and engineers—whose job was to invent and price new financial instruments, and who were then lost to their former professions. Economists, who love being clever, applauded the application of mathematics to finance and the resulting explosion of transactions in derivatives. Sadly, (p. 13) the growth of trading led also to an erosion of ethical standards. There was a view that being very clever was a justification for making money out of people who were less clever … Almost all the major banks have been dragged into one or more misconduct scandals. Whether selling oversized mortgages to poor people in the US, selling inappropriate pension and other financial products to millions of people in the UK, rigging foreign exchange and other markets in which banks' own traders were operating around the world, failing to stop overseas subsidiaries in places as far apart as Mexico and Switzerland from engaging in money laundering and tax evasion, there seems no end to the revelations about what banks had been doing.38
Intro 1.19 In an article published by one of the authors in May 2015,39 the following observations were made about the related ‘trust question’:
In the post-Crisis climate, commentary on any significant failure (whether of systems, ethics or just basic performance and whether in relation to private or public sector activity) is frequently accompanied by suggestions that there has been a collapse in ‘public trust’. We hear this in relation to, for example, the health service, the police, supermarkets, and energy companies. We see it reflected in the current leitmotif of domestic politics: the mistrust of the so-called ‘Westminster elite’. But, most of all, we hear it in relation to banks. Six years after the collapse of Lehmans and the onset of the worst financial crisis of the post-war era, there appears, still, to be an ongoing crisis of public trust in relation to how our banks are run. If we take the United Kingdom as an example, we heard, in 2014, calls for banks to ‘professionalise’ themselves,40 for bankers to be required to swear solemn oaths as to their honesty and behaviour41 and for businesses generally (but especially banks) to enter into a ‘covenant’ with the communities they serve. Public confidence in banks remains very low.
Intro 1.20 The idea for the ‘covenant’ was put forward in August 2014 by Lord Digby Jones (former UK government minister and former Director-General of the Confederation of British Industry) when he asserted that ‘ … as we come out of one of the worst financial crises this country has ever experienced, trust in business is pretty much at rock bottom’. As indicated above, the problem is not unique to banking but we hear concerns of this kind more in the banking context than any other, typically from the mouths of bank CEOs and chairmen. The Chairman of the UK bankers’ trade organization, the British Bankers’ Association, said recently: ‘Restoring trust and confidence is the banking industry’s number one priority’.
Intro 1.21 This outbreak of ‘restore trust’ chest-beating was mainly triggered by the LIBOR scandal. The perception now is not just that the industry has been reckless in its habits; parts of it, perhaps large parts of it, have become downright dishonest. The ‘culture’ has been corrupted. The LIBOR scandal quickly led, in the UK, (p. 14) to the formation of the Parliamentary Commission on Banking Standards (which, ultimately, begat the Banking Standards Review) which held a series of searching interviews with senior bankers and published various reports on the theme of ethics and morality in banking. The Banking Standards Review Council (BSRC) has now been formed, with Dame Colette Bowe as Chair and (from April 2015) Alison Cottrell as CEO. We await further developments, following its Report of May 2014.
Intro 1.22 The ethics/culture refrain has been widely taken up. But where does this leave the somewhat narrower, more technical, field of corporate governance? On 12 September 2012, Sir David Walker (who in 2009 had authored a government-sponsored review of bank governance42 and is currently the Chairman of Barclays) gave evidence to the Parliamentary Commission. He acknowledged that standards in banking were low (but also pointed out that there had been other times in recent history when they had been low). But one of the most telling remarks he made was, in referring to his bank governance review, that he was ‘struck’ that he ‘did not talk much about culture or reputation’ in that document. The biggest issues in 2009 had been (he said) concerned with the ‘survival of banks’ and associated risk issues. Indeed, re-regulation, immediately post-Crisis, focused almost exclusively on financial stability, ‘overshadowing’ the questions of culture and reputational risk that the LIBOR scandal later brought to the fore (which Sir David acknowledged were ‘very serious’). This analysis by a senior, eminent banker of how public attention shifted, in 2012, from ‘classic’ governance issues (that is, focused mainly on risk management and responsibility for it) to the ‘morality/ethics/culture’ agenda demonstrates very neatly an important aspect of the relationship between what we know as ‘corporate governance’ and corporate culture. In the context of banking, it is no longer sufficient for policy makers to allow focus on the former (important though it is) to exclude attention to the latter, which presents related, but different, challenges. Whilst, in the context of banking, corporate governance may be more concerned with sound management of risks such as credit risk and other risks traditionally associated with market activity, corporate culture is more concerned with reputational risk and the bank’s own sense of what is acceptable (and unacceptable) behaviour. The ‘crisis of trust’, which is directly linked to corporate culture, relates, in simple terms, to how banks are run and, in particular, whether they are run honestly and respectably by people who feel they have some obligation to the society in which they operate that overrides the short-term desire to maximize profit.
Intro 1.23 Sir David has clearly developed his thinking further in this area since 2012. In December 2014, he gave an interview to the Financial Times (on the fifth anniversary of his bank governance review) in which he said that all bank boards should (p. 15) have a committee to deal with ‘soft culture’ issues such as conduct, operational, and reputational risks. Referring to his review, he said ‘I did not propose, because I did not recognize the importance of a board level focus on culture—not hard risk but the soft stuff.’ The soft stuff now seems to be costing more money than the hard stuff. It is encouraging to see that positive and responsible organizational changes of this kind are being adopted. The problem remains, however, that since the proceedings of board committees are, of course, secret, the public cannot gauge the success of Sir David’s ideas unless we have some reliable indicator of ‘conduct performance’.
We return to this in Chapter 12.
Intro 1.24 Apart from the LIBOR scandal itself, we might reflect on some further examples of bad bank behaviour or culture that have led to the trust crisis (and the Conduct Crisis). In his evidence to the Parliamentary Commission, Sir David referred to three ‘strands’ that were relevant. The first was the widespread practice (fed by a ‘commission culture’) of mis-selling financial products to consumers (notably, payment protection insurance). The second was the desire of many banks, in the pre-Crisis ‘go-go’ atmosphere, to increase market share regardless of price and risk considerations. Thirdly, the huge strides made in technological developments, with expectations of (for example) rapid responses to complex issues and questions (and the attractions of making quick returns) tended to prioritize ingenuity over integrity. Of course, in the time that has elapsed since Sir David was giving his evidence we have learned of other actual or potential scandals with ‘LIBOR overtones’ in relation to the foreign exchange market and other ‘benchmark’ rates such as Euribor.43
Intro 1.25 Sir David’s remarks are consistent with a description of poor organizational culture at the Royal Bank of Scotland provided by Ian Fraser in his compelling book, Shredded: Inside RBS, The Bank that Broke Britain. In Chapter 12 (‘The Fear Culture’) we hear of the concerns of a ‘retail banking executive’ (Jayne-Anne Gadhia) who was dismayed at the bank’s attitude to PPI selling …
… when her bosses insisted on continuing to sell PPI policies even after they were aware that it was a rip-off for which they knew the bank would eventually be hauled over the coals. Gadhia told the Parliamentary Commission on Banking Standards that, in 2006, she spoke to a senior RBS colleague ‘about the need to withdraw PPI at that time from our—from RBS’s—marketing’. The reply was, ‘Yes, it’s clear that that should be withdrawn, but we can’t be the first people to do it because we would be the ones who lose profit first’. Gadhia believes all the UK banks knew that PPI was rotten but ‘nobody was prepared to be the first mover to resolve it because they felt their share price and profitability would be damaged first.44
(p. 16) Intro 1.26 Those charged with legal and/or conduct risk management in banks thus now bear a heavy responsibility. The range of risks expected to be managed as part of legal, conduct, or ‘compliance’ risk includes: the risk of entering into documentation that does not adequately protect the position of the bank; the risk of procedures not being followed that are necessary to protect the position of the bank; the risk of non-compliance with a regulatory requirement and, as a result, triggering liability to pay a fine and also, possibly, compensation to a customer; the risk of an employee, or group of employees, committing fraud or otherwise falling short of ethical expectations; and the risk of having to restructure the bank’s operations in order to comply with new laws regarding (for example) ‘ring-fencing’. The skill-sets required in order to handle the range and the volume of such risks would rarely be found in one department or from those whose professional qualifications comprise only conventional legal training. The risk management issues are thus considerable; examples of failure are not hard to find.
Intro 1.27 Benjamin, in addition, notes that ‘the financial markets are a perennial source of legal risk’.45 The current pre-occupations with conduct risk, conduct costs, and all manner of regulatory reforms suggest that she is right. Why is legal risk of such concern in financial market activity? Is it more important now than it used to be? What exactly is it? How is it to be managed? By the private sector or the public sector? Is it in fact possible to manage it (and what do we really mean by ‘management’)? These are important questions that need to be considered in their social, political, and historical context as well as the context of current laws and regulatory regimes and related questions of culture and governance. In this book, we look at how our perception of legal risk has evolved and changed over the years, what we currently understand by the expression, how and why legal risk arises, current examples of it, and how we can best manage it.
Intro 1.28 This book, in addressing both conduct risk and other kinds of legal risk, involves an examination of law and regulatory developments that have different but, related, purposes. On the one hand, we see new laws and regulations that are designed to ensure that the UK’s financial markets continue to work as efficiently and fairly as possible, while providing a high degree of certainty. On the other hand, we see changes that are designed to control more effectively ‘bad behaviour’ by banks and bankers and ensure that miscreants are appropriately punished. The overriding objective that links these two kinds of legal change is the preservation of the UK’s reputation as a venue for sound, trustworthy, and reliable financial markets.
Intro 1.29 The approach of this book, which includes both narrative and analytical material, may be summarized as follows. Part I describes the general context against which legal risk needs to be considered. Part II sets out a summary narrative of the (p. 17) principal events that comprised the Financial Crisis (2007–11) and the legal and regulatory response to it. Part III considers in detail the impact of the Conduct Crisis that has been a feature of financial markets since 2012. Part IV looks at the legal and regulatory response to the Conduct Crisis in the period 2012–17. Part V considers various international aspects of legal and conduct risk. Part VI is concerned with early perceptions of legal risk. Part VII considers in detail the characteristics of legal risk (including its sources). Part VIII describes some well-known examples of legal risk. And Part IX is concerned with legal and conduct risk management.(p. 18)
2 Comments of Jean-Claude Trichet (the President of the European Central Bank) at the Davos World Economic Forum January 2007 (quoted in an article by Gillian Tett in the Financial Times, 28 January 2007).
3 From the Financial Markets Law Committee’s paper, ‘Property Interests in Investment Securities’ (analysis of the need for and nature of legislation relating to property interests in indirectly held investment securities, etc), July 2004, p 8, para 4.1.
4 From ‘Regulatory revenge risks scaring investors away’, by Gillian Tett in the Financial Times, 28 August 2014. See also Kurer, Legal and Compliance Risk (Oxford University Press, 2015) at pp 12–13 and Chapter 1 generally, where various commentators are cited as to how seriously legal risk is now perceived. As to the reference to ‘Prof McCormick’s data’, see research data published by the Conduct Costs Project at <http://ccpresearchfoundation.com>.
5 As will be explained (see Intro 1.05), the term is used to include conduct risk unless the context otherwise requires.
‘The idea that paper money could replace intrinsically valuable gold and precious metals, and that banks could take secure short-term deposits and transform them into long-term risky investments, came into its own with the Industrial Revolution in the eighteenth century. It was both revolutionary and immensely seductive. It was in fact financial alchemy—the creation of extraordinary financial powers that defy reality and common sense. Pursuit of this monetary elixir has brought a series of economic disasters—from hyperinflations to banking collapses.’
7 The characteristics of legal risk are discussed in detail in Part VII of this book but, in summary include the risk of defective documentation, adverse claims (including actions by regulators) and changes in law. (See also para 2.03). The risk of ‘regulatory action’ (resulting, for example, in heavy fines) is now perceived to be closely related to ‘conduct risk’ (see further, Intro 1.05) insofar as misconduct will often trigger a regulatory reaction.
8 References in this book to the LIBOR scandal (see, generally, Chapter 10) are to the various instances of market manipulation and associated misconduct related to banks’ role in the setting of the London Interbank Offered Rate, as exemplified by the much-publicised Barclays case which led to a fine of £59.5m being imposed by the UK regulatory authority, the Financial Services Authority (FSA) in June 2012. (The FSA was replaced by the Financial Conduct Authority (FCA): see Chapter 13).
11 See Part III of this book.
12 See n 4.
14 See Ch 12.
16 See, for an example of a discussion of the relevant issues concerning the ‘too-big-to-fail’ problem, the Report of the House of Commons Treasury Select Committee entitled ‘Too important to fail—too important to ignore’ (22 March 2010).
18 In an article in the Financial Times of 31 January 2010 (Goff: ‘Political meddling seen as danger for banks’) a report by the Centre for the Study of Financial Innovation (which conducts annual surveys of bankers’ risk perceptions) was referred to: ‘Political interference, which has never before been identified as a risk in the survey, was considered the most severe threat to global markets, ranking above credit risk, over-regulation, macroeconomic trends, liquidity and the availability of capital.’
19 The US Senate passed a reform bill in implementation of the Obama proposals on 20 May 2010. According to the Financial Times of 21 May 2010, ‘Members of Congress are now set for a final period of haggling, and a final frenzied lobbying effort from the financial industry, as they merge the Senate bill with a House version that passed last year.’
20 See the Financial Markets Law Committee paper (Issue 146) commenting on the HM Revenue and Customs consultation document of 29 June 2009 for a ‘code of practice’ (raising significant rule of law issues) regarding the role of banks in tax collection (and tax avoidance). See also the (extrajudicial) comments of Lord Hoffmann (at the time, the Chairman of the FMLC) in ‘A conversation with Lord Hoffmann’ LFMR Vol. 4 No. 3 at 242.
21 Many examples of industry concerns (refer to ‘Financial Crisis’) about over-regulation could be cited. A joint report on behalf of the Corporation of London and the Investment Management Association (May 2005) stated that one in four respondents regarded the UK tax and regulatory regime as the single greatest disadvantage of having a business located in the UK. See also Pigott, ‘Banana Skins 2005: The CSFI’s Annual Survey of the Risks Facing Banks’ (2005) 05 JIBFL 165, where Andrew Hilton, the director of the Centre for the Study of Financial Innovation, is quoted as saying: ‘There is a feeling that a regulatory tide is sweeping all before it—and that it could well drown some of the industry’s smaller players. The cost is enormous: it jacks up the price of even the simplest products, it deters innovation, it undermines the principle that investors should take responsibility for their own actions, and it makes it harder for new entrants to join the market.’
Lord Lawson (as Nigel Lawson, a former Chancellor of the Exchequer in Margaret Thatcher’s government) complained, in an article in the Financial Times of 22 October 2006, that ‘ … in a number of areas regulation remains excessive and in some it is arguably getting worse. Regulation with a light touch is essential to London’s continuing pre-eminence.’
The FSA itself (in the Turner Review, at p 86) regarded the adjective ‘light touch’ as ‘somewhat of a caricature’. Its ‘defence’ to the implicit charge of being too easy-going in the past is: ‘A clear set of rules has always played an essential role within both prudential and conduct of business regulation, and the FSA has always made extensive use of its powers to require firms to make improvements in prudential management and conduct of business, and extensive use of its powers in relation to enforcement of standards.’
The truth probably lies somewhere in between. In reality, the FSA, before it was abolished, could be quite a harsh regulator (certainly attracting criticism at the time from those who experienced its wrath) but it suited politicians and others who wanted to promote London as a financial centre to encourage the perception that the UK’s approach was ‘light-touch’—especially when compared to the USA, after the passing of the Sarbanes-Oxley legislation. In an interview prior to the 2010 General Election, the Prime Minister, Gordon Brown appeared to acknowledge that he had encouraged a ‘light touch’ approach. (Interview broadcast on ITV, 14 April 2010).
22 In a speech given on 12 March 2009, Hector Sants, the then Chief Executive of the FSA, famously said: ‘There is a view that people are not frightened enough of the FSA. I can assure you that this is a view I am determined to correct. People should be very frightened of the FSA.’ He also signalled a change in approach to a more ‘invasive’ style of supervision: ‘In the future we will seek to make judgments of senior management and take actions if in our view those actions will lead to risks to our statutory objectives. This is a fundamental change. It is moving from regulation based only on observable facts to regulation based on judgments about the future.’ A few days later, on the publication of the Turner Review, the front page headline in the Financial Times (19 March 2009) was: ‘Turner to end City’s light touch regulation.’ (Hector Sants, to the surprise of many, announced his resignation as Chief Executive of the FSA on 9 February 2010). As to Conduct Risk generally, see Part III of this book.
23 The FSA is an independent non-governmental body with statutory powers under the Financial Services and Markets Act 2000. Its board is appointed by HM Treasury and it is accountable to Treasury Ministers and, through them, to Parliament. See generally its website at <http://www.fsa.gov.uk>.
24 See Financial Services Act 2012 and Ch 13.
25 See para 24.57.
26 It should be noted that accusations of mis-selling are not confined to sales to consumers. In late 2004, HSH Nordbank claimed that Barclays Bank had mis-sold it derivative products known as Collateralized Debt Obligations (CDOs) worth US$151m. That claim was settled. In February 2005, it was reported that Banca Popolare di Intra was claiming compensation from Bank of America for a sale of CDOs worth US$80m. See the Financial Times, 15 February 2005. The Crisis has resulted in yet more inter-bank litigation of this kind. The courts tend to be not very sympathetic to ‘sophisticated’ claimants: (see Benjamin, Financial Law (Oxford University Press, 2007) at 5.10 for a review of recent cases).
27 The ability to enter into legally secure agreements that allow for liabilities to be netted against each other can result in enormous reductions in a bank’s market exposure. See further, Ch 16 below, and also Henderson, ‘Master Agreements, Bridges and Delays in Enforcement Part 1’ (2004) 10 JIBFL 394.
35 See the Governor’s speech of 10 June 2015, given at the Lord Mayor’s Banquet for Bankers and Merchants of the City of London (at the Mansion House, London. The Governor attributed the ethical drift to (a) market structures that presented specific opportunities for abuse and which were generally vulnerable to conflicts of interest and collusion; (b) poor understanding of standards of acceptable market practice (which were often ignored and lacking ‘teeth’ (c) poor internal governance systems (d) skewed incentives for individuals and (e) a lack of personal accountability and a ‘culture of impunity’.
36 See speech referred to in n 35.
37 See speech referred to in n 35.
43 See, generally, Part III of this book.
44 See p 130 of the book.