Financial services fines increasingly focused on lapses in risk management

17 June 2013

66% of UK regulatory fines due to weak internal control systems 

An analysis by the Chartered Institute of Internal Auditors (IIA) of fines of financial services companies shows regulators are increasingly focusing attention on failings in internal risk management systems at banks and other financial institutions.

Problems with risk management and controls accounted for 66% of all fines levied by the Financial Services Authority (FSA) during its last year of operation, up from 59% of all fines in the previous year.

 Financial services firms can be fined for breaches of any of the eleven Principles for Business set out by the FSA and its successor, the Financial Conduct Authority (FCA).*

'Principle 3' states that that an institution must put in place adequate risk management systems and controls.

The value of fines given for breaches of 'Principle 3' has soared even more dramatically than the number of fines - increasing tenfold, from £38m in 2011 to £388m in 2012.

The huge fines meted out for lapses in risk management in 2012 included a £200m fine for Swiss bank UBS and an £85m fine for Barclays for their part in the LIBOR and EURIBOR rigging scandal.

 Dr Ian Peters, Chief Executive of the Chartered Institute for Internal Auditors (IIA) says: "The management of risk at financial institutions is coming under intensive scrutiny by the UK's financial regulators."

 "The financial crisis and scandals like LIBOR and interest rate swaps misselling have underlined how easily weak internal controls can lead to inappropriate conduct, and, at the extreme, even let potentially criminal practices go unnoticed."

Dr Ian Peters adds: "Internal controls should be a priority for the Financial Conduct Authority and the Prudential Regulatory Authority, which are working with our industry committee on the development of a new code of conduct for financial services firms' internal auditors that will help them to measure firms' performance on this area."

The FCA has already announced two major fines for breaches of Principle 3: a £6m fine for EFG Private Bank, and a £4.4 m fine for JP Morgan International Bank.

 Internal auditors help organisations to manage all the major risks facing them, including but not limited to, financial risks. They help the board and management identify and address risk management, internal control and corporate governance issues before they become a problem.

The institute says that regulatory bodies are now asking financial services firms to make better use of their internal audit function in order to help manage the sector's risks. A new code on internal audit in financial services has recently been the subject of a consultation exercise, managed through an industry-led committee established by the Chartered Institute of Internal Auditors comprising non-executives, executives and observers from leading banks, insurers, the FCA, and Bank of England.

Dr Ian Peters comments: "The draft code follows widespread recognition that the management of risk within the financial services sector is still far from being fixed. Regulators want to see internal audit playing an important role delivering that fix."

"The proposed code aims to ensure boards and their committees give themselves a better resource to avert further problems of the sort which impact the public purse, damage reputations and confidence in the financial system."

"The massive scale of fines for financial services firms demonstrates that as well as causing reputational damage, the regulatory response alone can really hurt."

*The FCA took over responsibility for supervising financial services firms from the FSA in April 2013. 

ENDS