“We Can't Afford This Risk Management Project”

Today’s £62 million fine imposed on Citigroup Global Markets Limited (Citi) by the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) underscores the real cost of inadequate risk management systems. This substantial penalty resulted from breaches of numerous PRA and FCA Rules between April 2018 and May 2022. Unfortunately, this is not an isolated incident; significant fines have been levied on most major financial institutions for similar failings in risk management and controls.

The cost of non-compliance

Citi's violations included:

  • PRA Fundamental Rule 2: Lack of due skill, care, and diligence.

  • PRA Fundamental Rule 5: Ineffective risk strategies and management systems.

  • PRA Fundamental Rule 6: Poor organization and control of affairs.

  • Algorithmic Trading Rule 2.1: Inadequate systems and risk controls for trading operations.

  • Algorithmic Trading Rule 2.2(2): Failure to properly test and monitor systems.

These infractions led to significant financial penalties, which highlight the substantial risks and costs associated with non-compliance. The financial penalty is just the tip of the iceberg. The cost of remediation can be many times the fine. And reputational damage, potential loss of client trust, and increased regulatory scrutiny can have far-reaching and long-lasting impacts.

Other notable examples of costly failures

Over the past decade, the FCA has issued fines totalling a staggering £4.1 billion. Some of the larger examples include:

In 2014, the FCA imposed fines totaling £1.1 billion on five major banks for failing to control business practices in their G10 spot foreign exchange (FX) trading operations. The banks fined were:

  • Citibank N.A.: £225,575,000 ($358 million)

  • HSBC Bank Plc: £216,363,000 ($343 million)

  • JPMorgan Chase Bank N.A.: £222,166,000 ($352 million)

  • The Royal Bank of Scotland Plc: £217,000,000 ($344 million)

  • UBS AG: £233,814,000 ($371 million)

These fines were imposed because the banks failed to manage risks around confidentiality, conflicts of interest, and trading conduct between January 2008 and October 2013. Traders at these banks shared confidential client information and attempted to manipulate G10 spot FX currency rates, undermining the integrity of the financial market.

Additionally, JPMorgan Chase Bank N.A. faced a £137,610,000 fine for serious failings related to its Chief Investment Office’s “London Whale” trades. The £6.2 billion trading losses in 2012 were attributed to high-risk trading strategies, weak management, and an inadequate response to significant risk indicators.

The pitfalls of underinvesting in risk management

With CFOs focused on efficiency, it can be tempted to see risk management enhancements as a nice-to-have. However, the true cost of such an approach is often much higher. Effective risk management is an essential investment that can save firms from severe financial and reputational damage.

Consider these points:

  1. Improved risk management: While the eye-watering fines may attract attention, it’s important to remember why risk management exists: to help firms to take risk in a measured and controlled manner.

  2. Avoiding regulatory fines: Upfront investment in compliant systems is usually far cheaper than paying fines for non-compliance.

  3. Preserving reputation: Regulatory breaches can tarnish a firm’s reputation, leading to client attrition and long-term business losses.

  4. Operational efficiency: Robust risk management systems enhance operational efficiency, preventing errors and minimizing disruptions.

  5. Strategic advantage: Firms with strong risk management frameworks are better equipped to navigate uncertainties and seize opportunities.

Hidden costs of poor controls

The economic impact of poor controls may seem minimal initially - especially in a bouyant market - but the hidden costs can be significant:

  • Increased scrutiny: Regulatory breaches invite closer scrutiny from regulators, leading to more frequent audits and higher compliance costs.

  • Legal expenses: Defending against regulatory actions and potential lawsuits can incur significant legal expenses.

  • Remediation programmes: The cost of fixing poor controls, often to tight timelines dictated by regulators, can be many times the upfront cost of implementing effective controls.

Investing in the future

Effective risk management is about foresight. Recognising the potential pitfalls in financial markets and preparing to navigate them successfully is crucial. The investment in robust risk management systems pays off in terms of stability, compliance, and strategic resilience.

In conclusion, the idea that a firm "can't afford" a risk management programme is a misconception. The real unaffordable scenario is one where a firm neglects its risk management responsibilities, leading to fines, reputational damage, and operational inefficiencies. Investing in effective risk management is not just prudent; it is essential for long-term success and sustainability.

James Nicholls

Managing Director at Braithwate - specialist advisors in financial services. We help our clients develop effective strategies, launch new business models, manage risk, comply with regulatory requirements and execute transformational change initiatives. Our expert consultants - based in New York, London and San Francisco - serve both the traditional financial services sector (banks, broker-dealers, insurance companies) as well as FinTech and RegTech firms.

https://www.braithwate.com
Previous
Previous

The power of licensing for ambitious fintechs

Next
Next

Consumer Duty Board reporting