Costs of capital – senior counsel discuss hard lessons from the post-Lehman clampdown

With regulatory focus on financial services business unrelenting, effective risk management strategies are vital. We teamed up with Cornerstone Research to assess the challenges

Nine years ago, the financial services world began undergoing seismic changes with the onset of the credit crunch that have left the industry where it is today. The aftermath led to repeated overhauls of regulation, to the extent that none are certain what the endgame might be, particularly with significant new regulation such as Basel IV being widely spoken of.

With this in mind, Legal Business teamed up with Cornerstone Research to bring together senior legal and compliance experts from banks, as well as private practice partners specialising in financial services, to discuss the key challenges of the risk management strategies for financial institutions.

Professor René Stulz of the Fisher College of Business at The Ohio State University – who teaches risk management – observes that risk management is much more codified than it used to be. As a result, he says, established players are dropping out of existing markets. On one hand, banks are being accused of collusion, but on the other, regulation is making it very difficult for lenders to be competitive in a number of fields.

‘Conduct, culture and compliance [have] become much more of a concern to risk managers,’ comments Stulz. ‘Compliance used to be part of legal. It has now been moved to risk management and people are using sophisticated analytics. We are entering a different universe.’

 

***

 

Kate Cheetham, Lloyds Banking Group: Of course banking is a business that involves risk! Compliance plays a very significant role. Our compliance director is also the operational risk director. My legal team works very closely with compliance, operational risk and risk more generally. We have benefited from being much more aligned.

From a litigation perspective, we need to understand how to articulate what we do in the language of risk management. That is the way in which we have travelled over the last few years.

Michael Hancock, HSBC: Having the legal function split from compliance raises several challenges. One is trying to define how the middle ground between traditional compliance and legal is managed, because that is now a risky terrain which the regulators are looking at very carefully. Another is training lawyers, who were traditionally reactive advisers, to be proactive legal risk managers who embrace process. It does not run in the blood of many lawyers.

Kate Cheetham: You can divide that into two parts. One is how good are you at process and understanding how to set out controls, policies and procedures that work. The second part, which is equally challenging for lawyers, is how do you stop being an artisan? How do you stop being somebody who is used to dealing with one big transaction or one big case to somebody who manages the legal risks arising from lots of small cases and concentrates on policy?

Deborah Finkler, Slaughter and May: For some litigators, their natural inclination is to deal with specific problems as they arise. That is where the fight is and that is what we enjoy doing. But having done, say, a big piece of enforcement work, you are in a very good position to take an objective view of at least that part of the institution and give your thoughts on how to deal with risk there, and just as important, how to manage crystallised risk. But on the broader question of ‘culture’, we are not the right people to police that.

Kate Cheetham: There are people who describe lawyers as the conscience of the company and that is absolute nonsense. It is positively dangerous to suggest that we are taking responsibility and other people are not.

Nicholas Long, Morgan Stanley: It is like that old joke: two guys are in a forest and a bear comes out. They start running. One guy says: ‘You cannot outrun a bear.’ The other says: ‘I just have to outrun you.’ In financial services it is kind of the same. If you are the first person to find it, detect, disclose it you are better off than everyone else.

I struggle with compliance people who talk about controls as policies, procedures and training. That has nothing to do with controls. They are the way we try to mitigate the risk of getting it wrong. Controls are preventative and detective. Business is the front line. The second line is the true oversight, monitoring and ensuring people are complying. On top of that you have audit that does the entire framework. It is never going to be easy, but if you have the right building blocks it makes a good case to have legal and compliance as a single function.

Mark McAteer, Legal Business: Do we find innovation is being cut off because of this culture of adherence to regulation?

‘There are people who describe lawyers as the conscience of the company and that is absolute nonsense. It is positively dangerous to suggest we are taking responsibility and other people are not.’
Kate Cheetham, Lloyds Banking Group

Kate Cheetham: It is a fact of life that there is a huge amount of legal and regulatory change and that looks as though it is going to continue, but it is not cutting innovation off. It is very clear that the regulators support innovation. The Financial Conduct Authority (FCA) is active in supporting fintech. The question is, how we can get there with legislation that was drafted in a different environment if you are looking at banks offering digital services and products?

Adam Koon, Credit Suisse: All of us have experience of new business initiative committees where the box-ticking, the red tape and the unknown unknowns are meant to be crystallised. I can see the reasons why people look to lawyers to answer the unanswerable questions and provide assurance that a black swan event will never happen. You can get to the point where the filter is so heavy that you get a number of people giving up hope and saying: ‘Forget about it. I thought I had a good idea but after the 500th question maybe it was not such a good idea.’

John Reynolds: Has the role of the general counsel changed over the last eight years? Do they have greater influence?

Kate Cheetham: Structurally it has not changed, but legal risk is brought into the overall strategic discussions framework in a more combined way than it was before.

‘Regulation has concentrated risk for several thousand individuals onto one senior manager.’
Michael Hancock, HSBC

 

 

Michael Hancock: One of the consequences of the senior managers’ regime (SMR) is legal’s increased role in ensuring that, when decisions are being looked at three or four years after the event, they were documented and argued and evidenced in the right way. One issue arising from this is the challenge between regulatory risk on the one side – demonstrating why you did or did not do things – against litigation risk on the other, where the mantra has traditionally been to be very careful of what you write down. These imperatives are going in opposite directions. How do you navigate the right path? That is quite a challenge.

Yesim Richardson, Cornerstone Research: With the failure of a large financial institution, the economist’s job is to take all the evidence and recreate the world as it was and try to figure out: how were these decisions made and were they reasonable? If a limit was exceeded, was it documented? Was there a process in place that was followed?

Alex Cunliffe, Lamb Chambers: You are only ever getting a partial picture from the documents and the conversations that go on. You take some documents in out of context. Some are lost. You never have the full picture. People are so afraid of having to justify it in front of the court, in front of the regulator and in the court of public opinion.

There are so many fears about how it is going to play in the different arenas. As a pure litigator you hope [for] the chances of getting a good legal decision out of the facts and evidence rather than looking at how it is going to play elsewhere. It can get very frustrating trying to communicate that from my end up the line. I used to work in-house so I have experienced the other side. In the communication of individual cases or a range of cases pure litigation risk gets lost somewhere up the chain and everything else makes the decision for you instead.

Nicholas Long: Does anyone think that SMR prosecutions are ever going to happen?

Alex Cunliffe: Establishing an individual’s liability for anything is going to be nigh on impossible.

Peter Scott, Norton Rose Fulbright: We have seen that dynamic play out in the antitrust arena after the criminal cartel offence was introduced. There were some early prosecutions of executives who had pleaded guilty in the US and came across to the UK on a plea bargain. Since then there have been very few prosecutions.

John Reynolds: If you are being held to account for an organisation that has failed in some way, still the failings out there are systemic failings; they are not individual failings. It is going to take a long time to get to a situation where people can properly be held accountable for decisions, and maybe by the time that happens the rules will have changed completely.

Nicholas Long: It is interesting because in the SMR the general counsel is not currently a senior manager but the head of compliance is.

Deborah Finkler: There was a piece in the FT this morning about how the assumption was there would be 30,000 senior managers and there are in fact 7,000 and that is because nobody wants to do it. The suggestion is people who are prepared to do it are being made, in effect, to take responsibility for three departments with a very large pay packet. That was the unintended consequence. They have to have danger money to take some of these responsibilities on.

Kate Cheetham: The corollary of that is there are far more certified persons from the FCA perspective. On the one hand you have a small number of senior managers, but on the other hand you have a massive number of people who are subject to the conduct rules and all the internal requirements. Quite frankly it is hard to see why it is necessary to have that type of regime.

Michael Hancock: Ultimately the SMR has concentrated risk for potentially several thousand individuals onto one senior manager. If the regulators apply their new tools in a disproportionate way – and they have said they will be proportionate – then you are going to get senior executives tied up entirely in demonstrating that they have taken reasonable steps in respect of a whole host of issues. If that happens then it will have the wrong result. That is clearly a risk out there at this stage in the evolution of SMR.

Adam Koon: What about the argument that the regulators quite like the idea that it is practically impossible to make the SMR work for very large organisations and it forces the hands of these organisations to sleek down, massively? A lot of the regulatory framework these days is a war against size and against complexity. One person cannot manage 1,000 people in any detailed way if anything those people do is halfway complex. Maybe they could for 100?

Peter Scott: It is interesting that the FCA now has concurrent powers to enforce competition law, in addition to its powers under the FSMA [Financial Services and Markets Act]. So far it has used these powers quite extensively to look at different markets. They are not afraid to look at the extent to which a regulatory regime is driving behaviour that might be perfectly justified from a regulatory perspective, but it is having that unintended consequence of competition in the market.

Alex Cunliffe: Everybody is so scared of being caught up in the sanctions and getting a slapped hand for dealing with the wrong people that they are going to get slapped for withdrawing from the market. The FCA will say: ‘You have an ulterior motive there. We think it is having a negative market impact on competition.’

Peter Scott: There was a well-publicised case where a bank sought to withdraw from the money transfer market for what appeared to be perfectly justifiable risk reasons. It wanted to withdraw from an obviously risky country, but their customers said: ‘Hang on, this is an abuse of your dominant position’, which is an assertion that it was breaching competition law by that conduct. It was an interesting illustration of two worlds colliding.

Ronnie Barnes, Cornerstone Research: Given that the regulators are showing an increased desire to move away from internal models-based approaches to capital requirements, is there a concern that this will lead to a reduction in the willingness of management to invest in the development of such models? And if so, is there a worry that this will have a detrimental impact on risk management practice? Do we think the regulators are oblivious to these concerns or do they hear them but think they are not important?

René Stulz: You find chief risk officers (CROs) spending a lot more time trying to anticipate what regulators are going to say and trying to meet their requirements. It means that people can be distracted from doing their primary jobs. They should be anticipating risk and instead they are responding to regulators. That can lead them to say: ‘If regulators are going to spend that much time on this issue we are just going to get out of it.’ This is in addition to the cost of doing business in terms of the current capital requirements for some derivatives.

From an economist’s point of view 100% guaranteed compliance across the firm cannot be the optimal solution.

Nicholas Long: The cost of ongoing compliance for us is reasonably consistent. What really scuppers us is regulatory reform cost. It is external advice and most of it is IT. We have transaction-reporting requirements that are just disproportionate. No-one is going to look at all the information you send them, nor are they ever going to use it. The regulators operate in an environment where they do not have to implement and they do not care about the costs.

Alex Cunliffe: You can quantify the cost internally but you have to weigh it up against either [an] abstract idea or the fine you are going to get for the infringement when it goes wrong. The difficulty is you do not know what the fine is going to be nowadays with fine inflation, which seems to be what the public wants as well.

You are trying to deliver a return for the shareholders and do well for the business while having this amorphous idea of being a public service providing a good product, not misleading, advising and explaining to everybody every single thing that is going on in the product. The cost of compliance internally might be measurable but you have nothing to balance it against.

Nicholas Long: The problem is justifying the cost of compliance. You are trying to convince people that you save them money and that they did not lose from an event that did not happen. How do we spot the next Libor event? The answer is we do not. If you spot it early it is tiny and not a problem. If you miss it, you miss it, so it becomes a problem. That is the difficulty of quantifying the value of compliance and the cost and that is why you have to bring in the external factors.

Michael Hancock: A key thing is to be able to spot legal risks as they migrate from one region to another. That is where law firms have potentially a huge amount of added value. You see developments in say Australia or Hong Kong and this is something that could come here and so we should look at it early on. That dialogue is emerging but it is not where it needs to be yet.

John Reynolds: If the banks themselves cannot figure out where the next Libor is coming from or where the risk areas are, lawyers like us who are in and out when there is a problem have no chance. Banks succeed in part because they innovate and they are thinking of new products all the time. We cannot keep pace with the problems we see or with a whole load of different chief executives. You finish a case and you come up with a list of things you should not do again and that probably gets filed in a draw and you see it again next time.

‘With the failure of a financial institution, the economist’s job is to take all the evidence and recreate the world as it was.’
Yesim Richardson, Cornerstone Research

 

 

Nicholas Long: Most organisations now have a risk assessment team or a risk review team and they partner quite well regionally. They see the things coming up and share what is happening. The question I struggle with is whether you change when you go into the litigation or only after. The question people struggle with is: do you fix it as soon as you think it is an issue or is that some sort of an admission of liability?

John Reynolds: In any kind of investigation that will last longer than a few months, the regulators will want to know, when you started 12 months ago and you saw there was a problem, what [did] you [do] about it between now and then?

Nicholas Long: It is the regulatory-versus-litigation risk question again. LB

james.wood@legalease.co.uk