Sponsored by
Keith Blacker – 28th June 2012
Systemic Operational Risk:
A Financial Services Case Study
Systemic
Operational Risk - A
Financial Services
Case Study
“Black Swan Event: An event or occurrence that
deviates beyond what is normally expected of a
situation and that would be extremely difficult to
predict.”
As described by Nassim Taleb
IIA Webinar 28 June 2012 Systemic Operational Risk
A few words about Keith Blacker
 Chartered Accountant - 30+ years in financial services
 Internal Audit (former Council Member IIA), Business Development,
Operations Director, Consultant and Trainer, Finance Director, NED
 DBA (Henley Management College) – operational risk management in
UK retail banks
 Recent papers on People Risk co-authored with Pat McConnell
 Currently Non-Executive Chairman of Protection & Investment (IFA) &
Valley Leisure (Charity), Council member AIFA and Independent
Consultant
IIA Webinar 28 June 2012 Systemic Operational Risk
The PPI Scandal
The PPI scandal
1.
2.
3.
4.
5.
6.
7.
Background
What went wrong?
Summary of risks in the PPI process
Systemic operational risk
Implications for operational risk management
Organisational culture
Organisational disasters
IIA Webinar 28 June 2012 Systemic Operational Risk
Background
Distribution
PPI
Process
Other
Parties
Borrower
Underwriting & Claims
Lender
Broker/
Intermediary
IIA Webinar 28 June 2012 Systemic Operational Risk
Insurer
Background
1.
2.
Major types of PPI - PLPPI, CCPPI, MPPI, SMPPI
Market statistics 2006
IIA Webinar 28 June 2012 Systemic Operational Risk
Background
Influence of the UK Government
•
All UK political parties promoted home ownership
•
1999 Government, CML and ABI launch the “Sustainable Home
Ownership Project”
•
Baseline set a minimum standard of cover for MPPI policies
•
==> penetration rate up from 25% to 35% in just 4 years!
•
Risk of something going wrong increased unless rapid growth was
controlled……
•
More generally, economic climate changed the ‘attitude’ to debt
•
More debt = more opportunities for PPI
•
Was the traditional British value of thrift being undermined,
whether deliberately or intentionally, by government policy?
IIA Webinar 28 June 2012 Systemic Operational Riskc
What went wrong?
1.
2.
3.
4.
Grumblings by Which? back in 1998
“Protection Racket” report published by CAB in 2005
“Range of evidence suggests widespread failures of consumer
protection in both the PPI selling process itself and in the wider
regulation of PPI sales”
• Inappropriate product
• Insufficient documentation
• Exclusions
• Inappropriate bundling
• Excessive cost
• Delayed claims
This report was the catalyst for further investigations
IIA Webinar 28 June 2012 Systemic Operational Risk
What went wrong?
1.
FSA Report published in 2005
•
•
•
•
•
•
•
Relatively complex product sold to vulnerable customers
High risk of inappropriate sales due to inadequate control
Poor quality advice
Level and structure of inducements and targets
Reliance on product documents
Competence of sales staff
Poor monitoring
2.
BUT no evidence of high-pressure sales techniques
3.
OFT study led to “super complaint” to the Competition Commission
4.
Judicial Review - banks must design and sell products that are
compliant with the general principles of ethical behaviour.
IIA Webinar 28 June 2012 Systemic Operational Risk
Summary of risks in the PPI process
1.
2.
3.
4.
5.
6.
7.
8.
9.
Inappropriate product for the customer
Inappropriate exclusions
Inappropriate bundling
Inappropriate sales practices
Inappropriate incentives
Insufficient staff knowledge
Lack of due diligence (on the customer)
Adverse selection
Anti-selection
IIA Webinar 28 June 2012 Systemic Operational Risk
Systemic Operational Risk
1.
Basel 2 Definition of Operational Risk (at the firm level):
“The risk of loss resulting from inadequate or failed internal
processes, people, systems or from external events”
2.
Systemic:
“Of or pertaining to a system”
3.
Much of what went wrong (root cause) was people related =
operational risk
4.
The events that took place operated across the whole
system/industry.
IIA Webinar 28 June 2012 Systemic Operational Risk
Systemic Operational Risk
1.
2.
3.
BUT why did it become systemic?
• Herding - identical firms/identical strategies/identical
products
• Groupthink - individuals supporting superiors
• Naysayers (Internal Audit?) not welcome!
• Universal banking model
• Role of government
• Role of the Regulator
It’s happened before.
• Pensions mis-selling
• Global financial crisis
Could it happen again?
• Equity release (FOS, 2008)
• Interest rate derivatives to businesses (FSA report due).
IIA Webinar 28 June 2012 Systemic Operational Risk
Implications for Operational Risk
Management
1.
2.
3.
4.
5.
6.
7.
8.
“A firm’s control functions should be involved in the firm’s product
design and oversight arrangements” (FSA and OFT)
New regulations ==> risk management actions
Prohibited/restricted business practices ==> new risks
Regulatory ‘input’ on products because of customer complaints
KYC becomes KYCEB and demonstrate TCF
More regulatory reporting
Behaving ethically
and finally….
Don’t forget the PPI scandal was not a black swan event.
IIA Webinar 28 June 2012 Systemic Operational Risk
Organisational Culture
1.
2.
3.
4.
5.
6.
(Dominant) culture…... informs (shared) values……. leads to
behaviours
Really Treating Customers Fairly
What a business stands for is just as important as what it sells
Auditing Culture - the role of IA?
Will it be a regulatory focus?
More of the fairer sex in the boardroom?
“We have to recognise that values go beyond “what we can get away with”, and that
values are in the end critical to value. Better risk management, enhanced regulation,
codification of director’s responsibilities in company law - all these things are necessary.
But they are not, and cannot be, sufficient without a culture of values. As individuals, we
do not govern our own behaviour simply by what is allowed by law or regulation. We
have our won codes of conduct, and hold ourselves accountable. We take responsibility
for our own actions.”
Stephen Green, former Chairman HSBC
IIA Webinar 28 June 2012 Systemic Operational Risk
Organisational Disasters
Like all major organisational disasters, this did not happen
overnight………….. (Turner 1976)
• Initial beliefs and norms
• Incubation period
Risk Management
………………………………………….……………….
• Precipitating event
• Onset
• Rescue and Salvage
Crisis Management
Crisis Management
• Full cultural adjustmentultural adjustment
IIA Webinar 28 June 2012 Systemic Operational Risk
Organisational Disasters
 Initial beliefs and norms
•
Culturally accepted beliefs and norms begin to fail
 Incubation period
• Rigidity of beliefs
• Decoy Phenomena
• Disregard of complaints from outsiders
• Information difficulties and noise
• Involvement of strangers
• Failure to comply with regulations
• Minimising emergent danger
IIA Webinar 28 June 2012 Systemic Operational Risk
A final thought ………
“Too much competition and too little co-operation can cause intolerable
inequities and instability. Insofar as there is a dominant belief in our
society today, it is a belief in the magic of the marketplace. The
doctrine of laissez-faire capitalism holds that the common good is
best served by the uninhibited pursuit of self-interest. Unless it is
tempered by the recognition of a common interest that ought to take
precedence over particular interests, our present system is liable to
break down”
George Soros (1997)
IIA Webinar 28 June 2012 Systemic Operational Risk