Weak risk management systems were responsible for more than half of all the fines* handed out by the Financial Services Authority (FSA) to financial services businesses last year, reveals research by the Chartered Institute of Internal Auditors.
The FSA can issue fines for breaches of any of its eleven principles, which cover a range of operational and ethical areas. But the Chartered Institute of Internal Auditors' analysis shows that 60% of the fines levied by the FSA in 2011 were either entirely or substantially due to weaknesses in the risk management systems of those businesses, up from 55% in 2010.*
Dr Ian Peters, Chief Executive of the Chartered Institute of Internal Auditors says: "The scale of these fines is meant to send a clear signal to the market that the management of risk at banks and other financial firms is under the FSA's microscope."
"The message for firms is that ineffective risk management and systems of internal control will be taken very seriously by the regulator."
Internal auditors help organisations to manage all the major risks facing them, including, but not limited to, financial risks. They help the board and management identify and address risk management, internal control and corporate governance issues before they become a problem.
Regulatory bodies are asking financial services firms to make better use of their internal audit function in order to help manage the sector's risks.
Dr Peters continues: "Whilst regulatory investigation used to be focused on incidences where customers had suffered losses now the emphasis is on prevention. The FSA expects firms to have the systems and controls in place to ensure that customers and counterparties cannot even be put into such a situation."
"Regulators and politicians are demanding far higher standards of risk management, internal control and corporate governance within the financial services sector in order to rebuild consumer confidence and lessen the risk to the public finances."
The research by the Chartered Institute of Internal Auditors showed that lapses in risk management and internal control systems cost financial firms £38.5m in fines during 2011.
Areas where the FSA has reviewed for weak risk management systems include; anti-money laundering controls, the ring fencing of client assets through to the provision of advice on products to customers.
Dr Peters says that internal auditors are playing a progressively more important role in providing an objective perspective to the company's board on how the organisation's risk management and internal control systems are working.
Dr Peters continues: "In large, complex and often international businesses, senior management cannot hope to keep a constant check on the minutiae of how their risk management systems are working without delegating to other appropriate staff. Internal auditors are perfectly placed to help provide executive and non-executive directors with an independent view on how that process is working and what improvements need to be made."
*Proportion of total fines levied by the FSA by number, where breaches of Principle Three were cited as the only factor or contributing factor. Principle Three requires financial services firms to have proper controls and risk management systems in place.