Jump to Content Jump to Main Navigation
Legal and Conduct Risk in the Financial Markets, 3rd Edition by McCormick, Roger; Stears, Chris (22nd March 2018)

Part I The General Context, 2 Risk and Capital

Roger Mccormick, Chris Stears

From: Legal and Conduct Risk in the Financial Markets (3rd Edition)

Roger McCormick, Chris Stears

Credit risk — Financial stability

(p. 29) Risk and Capital

We do need to remind ourselves that taking risk is required for a return and with risk there must be the possibility of loss.1

I have heard several times, in the last two or three years, very senior executives in banks saying, ‘The regulators ought to have imposed higher capital requirements on us.’ My rather strongly felt view is that what capital you need is a business decision—perhaps the most important of business decisions, and certainly the most important of business decisions for banks—and it is a commercial decision, not a regulator’s decision.2

2.01  Of course, all commercial enterprises take risks. The word ‘enterprise’ implies risk taking—with a view to profit. The limited liability entity—the most common form of enterprise—exists (as a legal creature in contrast to the individual, or ‘natural’ person) in order to make risk taking more manageable.3 Entrepreneurs, as individuals, have an appetite for risk and that appetite is reflected in every kind of business enterprise, large or small, whether run as a corporation, partnership, or otherwise. Investors in such enterprises are expected to accept the risk that is inherent in the arrangement, although there are a great many laws and regulations to protect investors against the unscrupulous and, up to a point, the negligent. The activities of banks and other financial services enterprises, however, give rise to special considerations not only because of the ‘maturity transformation’ role referred to above4 but also because banks may attract funds from individuals (and others) who have either no appetite for risk (such as an account-holder with a high street bank) or a much more conservative attitude to risk (such as the holder of, say, a ‘with-profits’ insurance policy). The inter-connection of financial institutions in the wholesale financial markets, where they enter into transactions (p. 30) with each other involving enormous sums of money on a daily basis, also means that if one institution gets into financial difficulty there is a serious risk, as the Financial Crisis has shown, that the problem may spread rapidly to other financial institutions (who have credit exposures to the one in trouble) and cause serious financial instability, damaging economic activity across the board. Indeed, the evolution of the ‘credit crunch’ into the Financial Crisis, triggering the global economic recession that began in 2008, appeared to follow exactly this pattern.

2.02  The special considerations affecting financial markets require a degree of regulation and supervision which would not normally be necessary for commercial enterprises in non-financial sectors. As mentioned above, it is vitally important that ‘the financial system’ works properly (if not always perfectly) and that the public have confidence in it. Banks, more than most commercial enterprises, carry on business using ‘other people’s money’. They have money from depositors and a range of commercial and financial counterparties as well as the implicit (and, in some cases, explicit) assurance from the taxpayer that (in many, if not all, cases) they will be helped with some form of assistance if they get into serious financial difficulties and pose a threat to the financial system. We do not generally wish to place our life savings with someone who will take rash decisions that may affect the chances of our seeing our money again. Consequently, the risks taken by banks and other financial institutions are a matter of concern to everyone and that is why the regulatory regime requires, amongst other things, that banks set aside an appropriate amount of capital so that there is a reasonable chance that any adverse consequences of risk can be absorbed. This concept is known as ‘capital adequacy’. Most regulatory systems determine what is ‘adequate’ capital for an institution by reference, mainly, to the risks undertaken by it.5 In this context, (p. 31) capital means equity capital or capital that has the principal legal and economic features of equity (such as certain kinds of heavily subordinated debt). From the perspective of the institution, such capital is ‘expensive’ in that it demands a higher return than debt capital (because it takes higher risks). So the determination of what is ‘adequate’ by the regulator is a highly sensitive matter. Following the Financial Crisis, the concept of ‘adequacy’ is, at the time of writing, undergoing a fundamental review.

2.03  Banking involves many different kinds of risk, such as credit risk, liquidity risk, reputational risk, operational risk, and political risk. Legal risk, a sub-category of operational risk, is a particular kind of risk. As stated above,6 it is commonly understood to include conduct risk7 and, in particular, to relate to the risk of being sued or being the subject of a claim or proceedings due to some infringement of laws or regulations, or the commission of a tort such as negligence or some other act giving rise to civil liability. However, in the context of the financial markets, the phrase is also frequently used to mean the risk of technical defects in the manner in which a transaction is carried out, resulting in loss, sometimes very serious financial loss, for those that put money at risk in the transaction. Another kind of legal risk, embraced by the International Bar Association’s definition,8 is change in law risk. The introduction of the Banking Act 20099 and later, the Banking Reform Act 201310 in the UK provide an important example of this and the generally increased appetite for more regulation and government intervention (in some cases, in areas that have only a tenuous link to the causes of the Financial Crisis) suggests that change in law risk will be much more prominent in the future. In more extreme situations, as indicated above, legal risks, like other risks, can have a ‘domino’ effect in the market, either because the financial failure of one major institution may trigger failures in other institutions that have funds at risk with it or because the market as a whole has misunderstood the legal position on a point which is of particular importance to the recoverability of funds thought to be safely (or relatively safely) invested. This is sometimes referred to as ‘systemic risk’.

2.04  Systemic risk is the most serious kind of risk that, from time to time, threatens the financial markets. The Financial Crisis provides the example par excellence of how damaging it can be. Concern about systemic risk has triggered a great deal of debate and legislative reform in recent years, both before and after the Financial Crisis. The identification and management of systemic risk was among the major policy concerns driving the UK’s post-crisis, ‘financial stability’-focused (p. 32) regulatory reforms; with the creation of the Financial Policy Committee specifically charged with removing or reducing systemic risk. And while the danger of systemic risk on the markets was painfully illustrated through the Financial Crisis, aspects of regulatory policy had already provisioned for this. As the FMLC noted back in 2004,11 the EU directives on settlement finality and financial collateral12 ‘are specifically directed to market stability and reduction of systemic risk’. It is trite to say that the fear of a collapse of a bank triggering other collapses elsewhere, with financial panic spreading like a contagion around highly sensitive and suggestible markets, is a fear that regulators have lived with from the late 19th century but there are a number of characteristics of modern, globalized financial markets that give rise to increased cause for concern in this area. Panic may not be confined to bank customers forming queues in the high street to withdraw their savings; it may also affect providers of wholesale funding, resulting in seize-up of the inter-bank market and an evaporation of liquidity. There are also particular features of legal risk that can trigger a systemic reaction, quite independently of any one institution’s financial failure. As the international law reform organization, UNIDROIT13 observed in a paper published in 2004:

… legal risk may become systemic in a less destructive sense. Consider, for example, the scenario in which an entire market suddenly changes its behaviour because the participants become aware of a major legal problem inherent in a specific kind of transaction unsuspected until then. In order to avoid this risk, the market participants avoid entering into this type of transaction as long as the legal problem remains unsolved. Such a mass reaction, if not properly restrained, could seriously damage the market.14

2.05  Over the last decade, concerns about risk in the financial markets have been growing steadily and the Financial Crisis triggered reactions that, at times, turned such concerns into something close to outright panic. The pre-Financial Crisis financial collapse of major companies and financial institutions (and the well-known difficulties of BCCI, Baring Brothers, Enron,15 and Parmalat are just four from a distressingly long list) carried with it not only enormous losses for (p. 33) investors, creditors and, possibly, employees and pension-holders, but also potential liabilities for individuals such as directors (including non-executive directors) and professional advisers, as well as the company’s auditors.16 The Financial Crisis of course produced more collapses, with even more serious consequences. The liabilities can be so large that, in some cases, they are virtually uninsurable and, for this reason, there have been calls for the law to be changed in order to limit liability, in certain contexts, to a ‘reasonable’ level. The Companies Act 2006 brought in new provisions that enable company auditors to limit their liability by agreement.17 This raises difficult policy issues. The idea of limiting auditors’ liability has not been universally welcomed by their clients. On the other hand, the Financial Crisis has, it would seem, only served to increase their exposure to lawsuits.18 The question arises as to how the law could have developed to the point where, apparently, there is a shortage of individuals who are willing to take on roles that might expose them to such liabilities (which may arise even where they have acted in good faith).19 The deterrent effect of the risk is partly due to (p. 34) the fact that legal risk is not confined to the risk of being found culpable, but also embraces the risks associated with defending major law suits and regulatory action whether or not one is legally culpable.

2.06  These risks are not only financial (for example, the need to pay advisers’ fees) but also personal and health-related because of the extraordinary stress and time commitment that litigation (and attendant media coverage) can involve for individuals. Further, the management time taken up can severely disrupt the running of the business involved in the litigation and the constant media ‘noise’ that often attends high-profile claims can have an adverse effect on reputation regardless of the eventual outcome. Litigation risk is not the same as liability risk. But they are both legal risk. Contingency-fee fuelled, deep-pocket seeking litigation is a concern for all kinds of business, and the management of this kind of risk, in what is now widely regarded as a ‘compensation culture’, has become increasingly important for banks as well as others. Apart from government and regulatory agencies, firms of accountants (mainly because of the audit function), banks, and insurance companies are probably the favourite deep-pocket target. Lawyers themselves are probably not far behind.

2.07  Not surprisingly, institutions active in the financial markets, and those who regulate them, are concerned that risks such as legal risk are identified and managed as efficiently and effectively as possible—if they are not, the consequences will include the regulators requiring greater capital reserves than would otherwise be necessary, with consequent inefficiencies for everyone. The focus of market participants on legal risk was sharpened, to some extent, by the publication, in June 2004, of the Basel Committee on Banking Supervision’s report, ‘International Convergence of Capital Measurement and Capital Standards’. This is the report, following on from, and replacing, the Basel Accord of 1988 (which has the same title as the 2004 document) which is commonly known as ‘Basel II’.20 The work of the BCBS21 demonstrates, and is driven by, the importance of these issues for the financial markets internationally. Basel II was of enormous importance to banking regulation but also of specific importance to consideration of legal risk because of the new emphasis it placed upon operational risk22 (which, under Basel II, (p. 35) specifically includes legal risk) and the desire of BCBS to ‘engage the banking industry in a discussion of prevailing risk management practices’. ‘Stronger risk management practices’ are a key objective of Basel II, much of which was influenced by a spate of serious operational problems experienced by international financial institutions, many of them involving fraud and some of them leading to the financial collapse of the entire institution. However, the Basel II capital rules23 have themselves been subject to reconsideration in view of the experience of the Financial Crisis. In its consultative paper of December 2009 (‘Strengthening the resilience of the banking sector’) BCBS suggested changes in the following areas:

  • •  raising the quality, consistency and transparency of the capital base;

  • •  strengthening capital requirements in specific areas (including the trading book and derivative counterparty exposures);

  • •  introducing a leverage ratio as a supplementary to the Basel II risk-based framework;

  • •  requiring capital buffers to be built up in ‘the good times’ so as to be better prepared in ‘times of stress’; and

  • •  introducing a ‘global minimum liquidity standard’ for internationally active banks.

These changes are now reflected in ‘Basel III’ (introduced in June 2011) and various subsequent measures put forward by BCBS.

2.08  Concerns are often expressed (before and after the Financial Crisis) about whether the ‘architecture’ of the international financial system is sufficiently robust.24 Scepticism has also increased as to the ability of regulatory tools such as requiring more capital and better risk management to provide comprehensive solutions.25 Such concerns and the perceived relationship between operational failures and the expansion of activities of banks into a wide range of financial product areas (p. 36) (especially in the derivative markets), which bear little, if any, resemblance to the commercial banking activities that were the subject of more traditional regulation methods, is an evident stimulus of the regulators’ new determination to require a more focused approach to corporate governance, ‘culture’ and operational risk management. The Financial Crisis has spurred on this determination and broadened the focus to related areas such as the role played by credit rating agencies, the possibility of so-called ‘direct product regulation’ on, for example, credit default swaps, the need for more effective non-executive directors and risk officers and the highly politicized question of executive remuneration (especially bonus structures).

2.09  It is an inevitable consequence of the expanded range of financial activities, the rapidity with which new financial ‘products’ are developed and deployed, and the increased potential for conflicts of interest which results from the new multiplicity of roles of financial institutions that the legal risks involved in the financial markets have become more complex and, potentially, more serious. The regulators have therefore for some time been seeking the establishment of, and are prepared to offer significant financial incentives for, a more proactive risk management function within financial institutions. Post-Financial Crisis, this is now closely related to governance and ‘culture’. The need for sound corporate governance across the board is no longer seen as just a ‘nice to have’.26 The consequences of giving ‘gung-ho’ management a free rein with no effective checks or balances can be catastrophic. Those checks and balances should, in theory, be provided by ‘engaged’ shareholders. In practice, this rarely is the case. So there is a gap to be filled. However good the laws and legal system may be (and however vigilant a bank’s lawyers may be), if corporate behaviour is bad, legal risks will follow. More ‘intrusive’ regulation is therefore likely to involve closer regulatory oversight of the key individuals in financial organizations. The impact of these individuals on ‘culture’ may also be an impact on risk, even systemic risk. But regulatory oversight cannot extend to regulators running the bank in place of the management who are appointed to that role. Certain risks of misbehaviour (ie conduct risk) cannot be eradicated. This is implicit in the nature of ‘trust’: a bank’s management has a number of fiduciary roles. But how effectively do they perform those roles? According to Lee, ‘One of the biggest lessons of the financial crisis is that investment bankers cannot be trusted.’27 If the management is determined, say, to dress up a balance sheet to deceive investors or to bully the General Counsel by threatening to sack him if he does not deliver ‘convenient’ advice, the problem runs deeper than mere ‘risk management’, at least in the conventional (p. 37) sense. The problem will be worse if the bank is in financial difficulties. As the Financial Times proclaimed in its lead Editorial on 13 March 2010, ‘a barely alive bank is an extremely dangerous thing.’

2.10  The philosophy embodied by Basel II placed less reliance upon ‘backward-looking evaluations’ of performance and instead involved much more analysis of what financial institutions themselves regard as significant risks and the appropriate measures to be taken to mitigate and manage them. The Financial Crisis may have shaken confidence in an approach that places such reliance on the banks’ own judgement, however. ‘Better risk management’ is still pleaded for but it no longer seems to be the solution to all ills.(p. 38)


1  Hector Sants (FSA)—from a speech of 12 March 2010.

2  From Professor John Kay’s evidence to the Treasury Select Committee of 19 January 2010.

3  The Financial Crisis has caused some to argue that the replacement of unlimited liability partnership structures in investment banking and the professions by limited liability entities has contributed to irresponsible risk taking because the individuals involved no longer have all their personal assets at stake.

4  See Intro 1.03.

5  See the BIPRU section of the FCA handbook. The link between capital and risk is illustrated by a Financial Times article (the ‘Lex’ column of 13 December 2004) which (commenting on the Bank of England’s ‘Financial Stability Review’, published the same day) makes the following observations:

… the British financial industry, like its US counterpart, has enjoyed extraordinarily benign conditions this year, with small credit losses, declining provisioning and no market shocks. However, the ensuing sense of calm is now creating its own dangers. One problem is that consumers … keep increasing debt. Another is that institutional investors are raising their exposure to market risk … The consequence is an explosion in structured credit products, energy and commodity trading and prime brokerage services for hedge funds. The good news is that British banks currently seem able to handle this risk. Tier 1 capital for UK banks is at a very healthy 9 per cent, up from 8 per cent last year, and liquidity levels are high … Most banks have revamped their risk modelling practices after the 1998 Long Term Capital Management crisis, and claim they are less vulnerable to a repeat of that debacle. However, the bad news is that these new quantitative risk modelling practices have generally not been tested by any ‘real life’ market shock yet, making it hard to judge whether banks are really less exposed.

(The market ‘shock’ did of course come with the Financial Crisis and bank capital was shown in many cases to be inadequate. Tier 1 capital is the form of capital that, from the regulatory perspective, is the ‘most reliable’ in the sense that, if a bank gets into financial trouble that capital should ‘be there’ to absorb at least some of the losses while allowing a bank to continue to trade. There are detailed requirements as to the criteria to be satisfied for capital to ‘count’ for Tier 1.)

6  See Intro 1.05.

7  See Intro 1.03 and 1.04.

8  See para 23.21.

9  See para 8.11 et seq.

10  Its full title being the Financial Services (Banking Reform) Act 2013, c. 33 (U.K.). See Ch 14 and, as to the effects of this and other post-crisis legislative and regulatory reforms, see Ch 15.

11  See FMLC paper of July 2004, ‘Property Interests in Investment Securities’.

12  See European Parliament and Council Directive of 19 May 1988 on Settlement Finality in Payment and Securities Settlement Systems (98/26/EC) and European Parliament and Council Directive of 6 June 2002 on Financial Collateral Arrangements (2002/47/EC).

13  International Institute for the Unification of Private Law.

14  See UNIDROIT’s Explanatory Notes to the Preliminary Draft Convention on Harmonised Substantive Rules Regarding Securities held with an Intermediary, December 2004; considered further in Ch 26 below. For a report on the relationship between systemic risk and conduct risk, see also the ‘Report on Misconduct in the banking sector’ (June 2015) published by the European Systemic Risk Board.

15  According to the Financial Times, 20 June 2005, Citigroup and J P Morgan between them paid US$4.2bn to settle class action claims by Enron investors. ‘Eight other banks have yet to fold. But estimates of total proceeds are $7bn–$15bn.’ A later report in the same newspaper (3 August 2005) records Canadian Imperial Bank of Commerce paying $2.4bn to settle Enron-related litigation.

16  The reputational issues associated with the collapse of Enron (especially allegations of shredding documents) ultimately led to the collapse of its auditor, Arthur Andersen. Robert Herz, the chairman of the Financial Accounting Standards Board, expressed the view that, in the increasingly litigious climate (especially after the Enron failure) auditors (and audit committees in companies) have become reluctant to make judgements, preferring a reporting regime based on ‘rules’ rather than ‘principles’. He says: ‘There seems to be a reluctance to exercise more judgment. If anything, we have perceived people are requesting more rules because they want clarity and defences against being second guessed’ (Financial Times, 24 January 2005).

17  See section 534 et seq. See also Gower and Davies, Principles of Modern Company Law (8th edn, Thomson, 2008) at 22–37 et seq.

18  According to the Financial Times of 29 March 2010, ‘The number of professional negligence lawsuits filed against accountants last year because of the credit crunch was higher than the total brought in the previous five years.’ In an article by Jane Croft (‘Negligence actions against auditors rise’) it is asserted that: ‘Big accountancy firms have long been expected to be on the receiving end of lawsuits as investors search for scapegoats to blame for the wave of banking collapses and international investment frauds, such as the Madoff scheme. Auditors are often sued for the entire cost of a company collapse, regardless of the size of their role, because they are seen as the only ones left with deep pockets.’

19  In an article, ‘What possesses somebody to be a director of a public listed company these days?’, Financial Times, 18 April 2005, Tucker points out that: ‘For executive management, the risk–reward ratio has changed for the worse since a spate of corporate scandals forced regulators and shareholders to assert their rights. It is now common for investors, both in the US and Europe, to turn to the courts for financial redress when businesses falter—and aim their fire at the executive management … On average, every year more than 200 lawsuits are filed by investors in the US alone, most of which target the boardroom.’ The article also notes that of the 234 such (class action) lawsuits brought last year, 33 were against non-US domiciled companies, including Shell, Parmalat, Deutsche Bank, and Astra Zeneca. The theme was reprised in the same newspaper in an article of 22 June 2005 by Dickson, ‘The sweet siren’s song that calls a little louder’: ‘Is the accumulated weight of governance rules, government meddling, a hostile press and legal risk driving talented executives off the boards of quoted companies into less exposed and more profitable private equity?’

A more recent echo of this theme came in April 2010 when the Association of British Insurers, in its response to an FSA consultation, voiced concerns that the FSA’s more ‘intrusive’ approach to the vetting of candidates for non-executive director positions risked restricting ‘an already limited talent pool’. According to the Financial Times of 29 April there was ‘some evidence that some candidates have already backed off applying for jobs’.

20  That terminology is used throughout in this book (and the Basel Committee on Banking Supervision is referred to as ‘BCBS’).

21  Basel II operated at a high level in that it did not itself constitute law in any particular country. Instead, it operated as an authoritative set of principles and standards which are designed to ‘secure international convergence on revisions to supervisory regulations governing the capital adequacy of internationally active banks’. This is also true of changes to the Basel II regime (referred to below, and sometimes described as ‘Basel III’ by market participants. Insofar as standards are laid down, they are intended to be minimum standards. The BCBS itself is not a legislator; it is a committee established by the Central Bank Governors of the ‘Group of Ten’ countries in 1975 and its members include senior banking supervisors from Belgium, Canada, France, Germany, Italy, Japan, Luxembourg, the Netherlands, Spain, Sweden, Switzerland, the UK, and the US.

22  Basel II defines operational risk as ‘the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. This definition includes legal risk but excludes strategic and reputational risk.’ Operational risk is thus something of a miscellany. It is contrasted, chiefly, with credit risk and market risk. The reference to legal risk was broadened when the final version of Basel II was published in June 2004. A footnote now states: ‘Legal risk includes, but is not limited to, exposure to fines, penalties, or punitive damages resulting from supervisory actions, as well as private settlements.’

23  For an account of how Basel II was brought into the UK regulatory system, see McKnight: ‘Basel 2: the implementation in the UK of its capital requirements for banks’ LFMR Vol. 1 No. 4 at 327.

24  See, eg, Attanasio and Norton (eds), A New International Financial Architecture: A Viable Approach (British Institute of International and Comparative Law, Sir Joseph Gold Memorial Series, Vol. 3, 2001).

25  See, eg, the Treasury Select Committee Report, ‘Too important to fail–too important to ignore’ (29 March 2010) at paras 56 and 72: ‘Better risk management may go some way to meeting our objectives, but it cannot remove the risk that Governments will have to provide support to the sector.’ ‘… the financial crisis occurred despite repeated attempts to reform capital and liquidity regimes. The lessons of this and preceding crises can be used to improve the capital and liquidity regimes, but that will at best be only a contribution to the wider structural reforms that are required.’

26  See speech by Lord Myners (Financial Services Secretary) to the NAPF (National Association of Pension Funds) Annual Investment Conference, 12 March 2009.

27  Financial Times, 15 December 2009 (‘Investors should control financial regulation’). (Ann Lee is an adjunct professor at New York University and a former investment banker and hedge fund partner.)