The landscape of banking in many jurisdictions is changing as governments are putting in place new “regulatory architectures” and new regulators, such as the FCA, to monitor and proactively change business conduct by financial institutions. Many of these efforts are aimed at reducing people-related risks, such as misselling of financial products and manipulating markets.
McConnell and Blacker (2013) argue that the aim of such systemic regulation should be to identify when risks are reaching unacceptable levels across the system and to take rapid remedial action appropriate to the level of problems being encountered. Since it is not possible by regulation or education to create an environment where the probability of having a problem is zero, this means that systemic regulation must focus on developing systemic key risk indicators (SKRIs) that will alert regulators and regulated firms to the potential for serious problems. Such indicators could, for example, look at the growth in a particular product or the emergence of new markets. Within regulated firms, the development of SKRIs has a number of implications, not least that boards of directors should develop “risk appetite” statements around systemic risks. Such risk appetite statements would set the boundaries within which a set of KRIs would be deemed to be acceptable (Blunden and Thirlwell 2010). In turn, such risk appetite statements can be used by internal operational risk manage- ment (ORM) functions to create the reporting infrastructure to capture, monitor and report such risks, first to internal management and then, in aggregate, to systemic and prudential regulators. If a systemic issue begins to emerge, the best defense for a particular firm will be to have a robust operational risk management framework in place that is alert to the potential for systemic people risk.
In addition, regulators and regulated firms should encourage independent academic inquiry into emerging systemic operational risks, for example, by making available market data, such as historical position data, and encouraging data analysis. Aca- demics must also follow the lead of Haldane (2009), Cecchetti et al (2009) and Espinosa-Vega and Solé (2010) in researching new models of “financial networks” that may better reflect the operations of the modern global economy upon which to base new regulations.
6.2 People-risk management: firm level processes
The LIBOR scandal has highlighted the need for improved people-risk management and McConnell and Blacker (2011, 2012, 2013) argue that the role of people-risk management be formally recognized by regulators as an independent skilled function within the operational risk management function, with well-defined responsibilities and protections.
McConnell and Blacker (2011, 2012, 2013) identify issues that such a people-risk management function should explicitly and independently address across the firm, including the following.
People-risk governance.
Assisting the board and executive in developing formal “people-risk policies’; a “people-risk appetite’; and a specific people-risk framework (within the overall risk framework of the firm).
Monitoring and reporting on compliance with people-risk policies. People-risk framework.
Developing processes and systems for the formal identification of people risk with all departments of the firm.
Establishing key risk indicators for people risk based on the firm’s risk appetite.
Developing education and induction programs for people risk and ethical issues.
People-risk partnerships.
Working with systemic and prudential regulators to develop and implement systemic key risk indicators for people risk.
Establishing formal lines of communication with internal people-related func- tions such as human resources and compliance and legal.
6.3 People-risk management: new tools
In addition to changes to governance and risk management processes, this paper argues that there is a need for operational risk managers to consider new tools for people- risk management, in particular to identify and help manage “conflicts of interest” and to detect and prevent “collusion”. In discussing white collar crime, Coleman (2001) notes that “conflicts of interest between professionals and their clients arebuilt into the very nature of the relationship” [emphasis added]. In other words, the potential for an individual to take advantage of a conflict of interest, either alone or in collusion with another party, will be ever-present in banking. This reality, and the fact that abuses of conflict of interest situations have occurred within the banking industry to considerable cost, implies that these issues must be addressed proactively rather than being left to the good intentions of an (often ill-trained) staff member. Where conflicts of interest are regularly abused and become part of business as usual, they are no longer perceived to be constraints on behavior.
All of the firms involved in the LIBOR scandal had published an official Code of Business Conduct, or similar document, which, for example, in the case of UBS “sets out the principles and practices that UBS expects all of its employees and directors to follow unreservedly both in letter and in spirit” (FINMA UBS 2012). In elegant and well-intentioned prose, these documents invariably cover a myriad of ethical issues such as conflicts of interest and insider trading. For example, the latest UBS Code, essentially unchanged since before the LIBOR scandal, states
We are mindful of conflicts of interest, take all reasonable steps to assist in their identification and management, and escalate concerns promptly to management or control functions as appropriate.
UBS (2013) But as the LIBOR scandal shows, UBS management were not “mindful” and did not “take all reasonable steps”. This illustrates that lofty sentiments at board level have to be translated into action at the lowest level of the company if they are to be effective. This is known as developing a robust “risk culture”. However, it is extremely difficult to create and maintain such a culture across a firm as large as UBS, because inevitably in such large organizations subcultures exist (for example, in trading environments) which may not be a reflection of the overall corporate culture being promoted by the board (IIF 2009).
To assist in creating such a risk culture, it is suggested that, as part of every for- mal operational risk and control self assessment (ORCSA) exercise (Blunden and Thirlwell 2010), a “people mapping” exercise is made a requirement. Such an exer- cise, which is similar in concept to the business process mapping (BPM) activities undertaken by some banks (BCBS 2009), would “map” the “interactions” between various internal and external “Roles” and identify where conflicts of interest could be
matched for collusive purposes.9 Particular attention would be paid to those “inter- actions” where there is a difference in power relationships, such as manager/staff or trader/submitter as well as interactions where there are matching incentives, such as between a trader and a broker. Having identified the potential for collusion, managers and ORM should work on mitigating actions, such as instituting “firewalls” between a firm and its brokers as regards contracts and reporting.
This paper suggests that ORM, compliance and human resources professionals and academics should initiate the necessary research to help develop not only people mapping protocols but also the supporting systems and services. This will require “out of the box” thinking by all of these parties and a willingness to redefine areas of responsibilities. Furthermore, senior management, if they are truly serious about managing the risks that arise because of people, must proactively promote and assist in this process.
It is acknowledged that some of these concepts may be difficult to implement in practice, not least because they require extensive engagement with internal functions, such as human resources and compliance, with whom operational risk management has traditionally not been closely involved. Furthermore, operational risk managers would have to become trained in areas with which they are unfamiliar and which do not lend themselves to easy quantification, such as ethics and compliance.
7 SUMMARY
Manipulation of LIBOR rates was not a local event. Unscrupulous traders and senior managers in some of the largest banks around the world manipulated borrowing rates. It was not the work of isolated rogue traders, but part of business-as-usual in the international money markets. The practice relied on collusion between people within the firm and, more surprisingly, in other firms. This paper describes the LIBOR scandal and argues that it is yet another example of systemic operational risk, in particular people risk.
The paper first described the central role of LIBOR in financial markets as a result of its almost ubiquitous use as a reference rate in heavily traded OTC derivatives, particularly IRSs. The manipulation of LIBOR was not driven by a flaw in the LIBOR process itself, but the integrity of the process was undermined by managers and traders in order to benefit from fixing rates in the huge IRS market.
The paper then looked at official inquiries into manipulation of LIBOR at three banks: Barclays, UBS and RBS. The transcripts of conversations unearthed by these inquires show rampant illicit activities that were apparently part of doing business, as traders, LIBOR submitters and brokers colluded to manipulate LIBOR for their
own interests. But they were not alone; the inquiries also show that the some senior bankers in these “too big to fail” banks also manipulated LIBOR during the GFC, essentially to save their jobs.
This paper argued that the ethical breakdown in, and across, banks is an example of systemic operational risk and describes the Basel II regulations covering such risks. Finally, the paper made some suggestions as to how the management of systemic people risk may be addressed by banks and regulators.
The overall argument for more intrusive management of people risk was made forcefully by Johnny Cameron, former Chairman of Global Banking and Markets, RBS Group, in testimony to the UK Parliamentary Commission on Banking Stan- dards. Mr Cameron had been in charge of the traders and submitters involved in the LIBOR scandal at RBS (CFTC RBS 2013) and was asked, “You must surely have known, then, what was going on and what their culture was, at its most general?” He replied:
No.That is why traders need very tight, close management. In the particular case of
LIBOR, … therisk managers, control managers and so on and so forth completely
missed the point, because everybody thought that the way LIBOR was fixed was that there are however many banks it is and the bottom quartile and the top quartile are
excluded.It just did not occur to anyone– and this is me reading reports as much as
anything – that this was a rate that could be fiddled, but then it turns out thatthere was
a cartel of people across a number of banks who felt they could fix it. I don’t know to what extent they were successful. But yes, there are a number of things that have
come out in this Commission and other committees where, with hindsight,dreadful
things happened because the risk managers missed the potential risksthat we are now talking about. [Emphasis added.]
Parliamentary Commission on Banking Standards (2013)