(p. 641) Appendix 8 Guernsey Financial Services Commission
Legal Risk Guidance Note for Banks
Senior bank executives—indeed all those involved with banking—manage operational risk on a daily basis and have been doing so since banking began. In recent years, operational risk has attracted significant attention due to the emergence of a series of major losses by banks—and due to the increasing need to provide better customer service in a competitive banking environment. Accordingly operational risk has been the subject of widespread discussion, including the application of enhanced risk management approaches. However, legal risk—as a subset of operational risk—continues to be an area where discussions about its definition and application are still on-going. This Guidance Note is intended as a contribution to that discussion, with particular reference to the legal risks that face banks in Guernsey.
In Guernsey, legal risk is of some importance for banks given that (a) lending is often collateralised and (b) banks draw significant income from fees and commissions where credit and market risk is limited but where operational risk—including legal risk—can be high. Accordingly, the Commission is issuing this Note to help ensure that banks address some of the key legal risks in the jurisdiction. The Guernsey banking community is made up of several different sorts of banks and some of the legal risks outlined below may not align with the particular business model of some banks. The list should also not be seen as exhaustive. It does not, for example, deal with issues of tax law or anti-money laundering requirements. Each firm therefore should identify and consider the issues (both as to substantive risks and the management of them) that are relevant to its own business and take its own legal advice, as appropriate.
This Note has been prepared with the assistance of Mr Roger McCormick, a Visiting Professor and Senior Research Fellow at London School of Economics and Political Science and the author of Legal Risk in the Financial Markets (Oxford University Press, 2006). Mr McCormick was able to discuss the issues in this Note with several bankers and other parties in Guernsey. The Commission is grateful to all parties, especially Mr McCormick, for their support in developing this Note. This Note, however, expresses the views of the Commission alone.
The Commission defines legal risk, in this context, by adopting the definition of the International Bar Association which is attached to this Note. The Commission does not require firms to use the same definition but it is suggested that they would find it helpful—if only for the purpose of effective allocation of responsibility—to have some clearly accepted definition used throughout their business and appropriately documented as such. If no definition is used, the Commission would, at least, expect this to be the result of a conscious, reasoned decision taken at an appropriate level.
Specific legal risk issues to which the Commission wishes to draw attention at this stage are set out below.
Mis-selling risk, cross-border risk and other related risks
Firms should pay particular attention to the pre-contractual discussions that take place with customers, how the content of those discussions is recorded and which individuals and entities within a corporate group organisation are responsible for them. Particular care will be needed where the law of another jurisdiction may be relevant, where there may be scope for confusion as to agent and principal roles and where complex contractual relationships are intended (for example, where the Guernsey firm is intended to act on an ‘execution-only’ basis and investment advice is (p. 642) provided from another group entity). Firms should ensure that appropriate legal advice, and clear guidance and training on relevant legal risks (including the potential impact of changes in law in other relevant jurisdictions), are available to Guernsey management and other personnel. Where practical, steps should be taken intra-group to ensure that firms are not exposed to legal risks as a result of acts or omissions of individuals in other parts of a group structure outside Guernsey.
Basic documentation issues
Firms should have a clear understanding of when and why standardised documentation is to be used, when, how (and by whom) it may be amended or varied (formally or informally) and when it is appropriate to use ‘bespoke’ documents. The authors of legal documentation should be clearly identified to Guernsey personnel and be easily accessible for queries and explanations.
Generally, it might be expected that documentation would be governed by Guernsey or English law (with the parties submitting to the jurisdiction of the courts of those countries respectively) but, in circumstances where this is not appropriate (for example, where security documents are needed for real property located elsewhere), the decision to use another law (and/or venue for dispute resolution) should be clearly recorded and understood.
Standard documentation should be reviewed by appropriately qualified persons and updated as appropriate at reasonably frequent intervals.
Where a firm relies on a formal legal opinion, it should check that the opinion is addressed to it or that it otherwise may rely on it (and that it is not likely to have become out of date). Whether or not the issues are covered in an opinion, firms should check that counterparties are legally authorised to enter into documentation and that any appropriate filings or registrations in a relevant jurisdiction are effected.
Guernsey personnel should have access (if the need should arise) to legal advice (not merely formal legal opinions) from persons qualified under the relevant governing law at appropriate stages in any transaction.
Independence and other organisational issues
Notwithstanding that customer relationships may be regarded as an issue of group-wide significance, firms should have in place procedures that result in relevant legal risks being assessed independently by the Guernsey entity (albeit in reliance on advice sourced from another part of the group). Responsibility for the management of legal risk should be clearly established, with appropriate periodic reporting to the board of directors of the firm (or for example the executive committee for branches). Policies and procedures that are related to the management of legal risk should also be clearly documented in reasonable detail. Firms should consider the use of stress testing exercises to assess the adequacy of such policies and procedures. Firms should assume that intra-group service level agreements should be as legally binding as with a third party unless there are convincing reasons to the contrary.
Relationship with group credit risks
Recent global events have shown that even the most sophisticated market participants have tended to take legal risks in documentation that may have seemed appropriate where a very robust view has been taken of the creditworthiness of the counterparty, particularly if it was thought to be ‘too big to fail’, but which, in retrospect, appear to have been ill-judged. Firms should review, in the light of the financial crisis, whether this rationale for legal risk acceptance is still justified and, if so, appropriately priced in.
The risks associated with assuming that a counterparty is too big to fail may be exacerbated where the counterparty is the firm’s parent or another group company. Taking a ‘relaxed view’ of legal risk in such situations may turn out to be unjustified and prejudice the interest of depositors in Guernsey. Firms should, in particular, consider carefully the legal basis of ‘upstream’ payments or other transfers of assets they make to parents or other group companies. They should periodically (p. 643) review the terms of such payments or transfers (including any relevant intra-group guarantees or similar arrangements) and what their position would be—and the effect on their business and customers—if a payee or transferee (or any guarantor) became insolvent or otherwise got into financial difficulties. The documentation and surrounding legal circumstances (for example, the jurisdiction of incorporation of the payee or transferee or any guarantor) should not result in the firm being in any worse position than any other unsecured creditor unless this risk has been clearly understood and accepted by the firm. They should not result in property rights in any assets being modified unless as a result of a conscious, documented decision. Where money that is transferred is to be held as client money, the firm should verify that the necessary steps (which may include segregation) are taken to ensure that any applicable statutory trust or comparable protective arrangement comes into effect. Generally, the arrangements should be such that, as far as possible, a repayment of funds to the firm (and/or any closing out or netting of positions) can be made swiftly, without undue delay or formality, and without being open to challenge by an insolvency officer.
Where appropriate, independent legal advice should be taken by the firm on its position. The documentation should be clear and easily accessible in the event of problems arising.
Particular issues may arise where a group company sub-participates a loan (that it has made to a third party) to a firm. The firm should be clear, on the basis of the documentation and legal advice, as to whether it is taking credit risk on the third party alone or on the group company as well. It should have the benefit of any relevant legal advice and due diligence that is done in relation to the third party and the underlying transaction and, if appropriate, carry out its own due diligence.
In this Note the Commission has highlighted a number of known key issues for Guernsey banks. They are:
There may of course be other key legal risks that bankers will be aware of; especially for their particular firm. Nevertheless, it is expected that this Note, together with the attached definition of legal risks, will be of use to bankers as part of the process of mitigating the attendant risks.
IBA working party on legal risk
Suggested definition of legal risk
(NB: This definition needs to be read with the accompanying notes, which affect how it should be interpreted.)
Legal risk is the risk of loss to an institution which is primarily caused by:
(p. 644) The reference to a defective transaction in (a) above includes—
All references above to a transaction shall include a trust, any kind of transfer or creation of interests in assets of any kind, any kind of insurance, any kind of debt or equity instrument and any kind of negotiable instrument.
All references to entering into a transaction include taking an assignment of a contract or entering into a transaction in reliance upon a contract which is itself a defective transaction.