Hubris: How HBOS Wrecked the Best Bank in Britain (33 page)

In the 2007 HBOS annual report and accounts, 40 pages are given over to corporate governance, describing in detail the structure of the board and its committees, the way they are expected to
work and the individuals who serve on them. A further 19 pages describe the risk management procedures followed by the Bank. Search the report for the word ‘risk’ and you come up with
more than 500 references. You could get the impression that the Bank was obsessed by risk. Yet many of the thousands of words contained in these pages are bland statements of the obvious, clearly
included as part of some box-ticking exercise. Under the heading: ‘Key risks and uncertainties facing the group’ for example, are the unsurprising assertions that earnings could be
affected by an economic downturn and that ‘future earnings growth and shareholder value creation depend on the group’s strategic decisions’.

There follows a diagram of the ‘Three lines of defence’ against risk: first the divisional chief executives supported by the divisional risk committees, second, the whole executive
structure, from the chief
executive and his senior management committee, through the Group Finance Director and the Group Risk Director to eight divisional risk committees.
The final defence line includes the audit committee, the divisional risk control committees and the group internal audit function. Over the whole army sits the general staff – the group
board.

In an investigation of HBOS corporate banking between 2006 and 2008, the FSA uncovered significant failings in all three lines of defence.
²
The picture painted of the corporate division is explored in more detail in the next chapter, but the report also exposed gaps in the general risk management framework.
Corporate banking’s internal controls should have provided the first line of defence, but the FSA found that the low credit quality of the deals it was doing meant that there was a relatively
high risk of default. Effective monitoring of individual transactions and the portfolio as a whole should have been important, but credit skills and processes were inadequate and key controls were
ineffective – weaknesses that were pointed out in repeated control reports.

Throughout the period the corporate division was being pushed to handle greater and greater numbers of new transactions, which were increasingly complex. There were ‘continuing,
significant and widespread’ weaknesses in the effectiveness of the management of the relationship managers, who initiated the deals, and the key sanctioning committees which were supposed to
check and authorise these deals had less time to scrutinise each one. Rather than concentrating on reducing risk, the FSA found that the pressure to increase growth and the time taken up by a wide
range of change management projects meant that less attention was paid to risk management. As a consequence the control framework failed.

The second line of defence should have been provided by the Group Risk department but the FSA found that this failed too. The picture here is of a department lacking in resources and expertise
which could not exert adequate controls. It realised that the difficult economic situation and strong competition posed threats and that its own procedures were not up to the challenge, yet it
periodically assured the firm that the credit risk framework was sound and fit for purpose.

There was no group-wide framework for credit risk management. Although Group Risk recognised the need for a clear statement of the ‘risk appetite’ the company was prepared to accept,
which would
provide a consistent view across the Group of the maximum tolerable risk in all types of lending, what was produced was no more than a regurgitation of
divisional profit targets and forecasts of the provisions which might be needed to cover dubious debts. This statement took little account of the challenges in the market where competitive
pressures were leading to increased levels of risk and did not factor in the risk of an economic downturn. The FSA found that the Group Risk department failed to provide effective challenge to the
corporate division, either in setting risk limits or responding when it broke these limits.

The third line of defence should have been provided by the Group Internal Audit department, which had the responsibility of checking other controls and providing assurance to the board that they
were functioning properly in measuring and managing risk. But here too the FSA found a lack of business expertise and resource. The department focused on major regulatory and change projects rather
than business as usual, and it was uncertain where the responsibility of the internal audit department ended and the Group Risk department began. The result was, according to the FSA ‘an
underlap’ between the two departments – a gap which meant that some risks were not adequately monitored or assessed.

The FSA judged that HBOS was guilty of very serious misconduct, in that the corporate department, trading under the Bank of Scotland name, failed to comply with one of the FSA’s 11
Principles for Businesses: ‘A firm must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems.’ Between January
2006 and March 2008, the FSA found that HBOS failed to take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems to cope with the
aggressive growth, high-risk business and lending strategy it was pursuing.

Overseeing all three lines of defence and ultimately responsible legally and morally, was the board of the bank, made up of full-time executive directors including the chief executive, finance
director and the divisional heads; as well as non-executive directors who were supposed to add extra skills, experience and, above all, independence. The key responsibility of a non-executive
director is to challenge the executive – to rock the boat – yet in HBOS there seems to have been a serious lack of challenge.

At its beginning the HBOS board inherited some directors from both sides of the merger who were prepared to hold the executives to account, men nearing the ends of their
careers who had nothing left to prove and were not afraid to contradict the chief executive or the chairman. These included Sir Bob Reid, from the Bank of Scotland board, and Louis Sherwood, who
had been on the Halifax board. ‘The executive and Dennis [Stevenson] didn’t like Louis,’ one of his non-executive colleagues remembers. ‘He was continually asking blunt
questions and if he didn’t get an answer he would ask it again, and again, and again. It didn’t make him popular, but every board needs a Louis Sherwood and every audit committee needs
a Louis Sherwood.’ As these men retired they were replaced with younger faces. ‘They were very talented and competent business people and they were conscientious, but they did not have
the experience or the confidence of the older board members and they did not ask as many questions.’

Although part-time, the job of a non-executive on the HBOS board could be very demanding. There were ten board meetings a year and numerous committee meetings. The audit committee met seven
times. For each meeting there would be hours of preparation, going through mountains of complex documentation. On paper, board members also bore a heavy responsibility: they were liable under the
Companies Acts for the conduct of the business and held accountable by the FSA. So far these have been theoretical rather than practical sanctions. No non-executive has been criticised by either
the Department of Business, or the FSA. The posts were well rewarded. Ordinary non-executives earned £100,000–£200,000 in 2008, with Sir Ron Garrick, the senior independent
director being paid £258,000 and Tony Hobson, chair of the audit committee, £230,000. Lord Stevenson, the chairman, received £815,000 and, unusually among non-executives, also
received shares under a long-term incentive plan.

It is a matter of debate whether payments at this level to non-executive directors ensure that companies get high-calibre people who are properly rewarded for the large amount of work they are
expected to do, or whether such large payments prejudice their independence by making them less likely to challenge the chief executive or chair. There is also a question mark over how much
scrutiny non-executives are able to perform at a practical level if they
are not party to individual lending decisions and do not have banking experience.

The overriding culture of HBOS was that of a retail company and many of its later non-executive board recruits were skilled and experienced retailers or marketeers. It lacked banking expertise
among its non-executives until late in its life when it recruited John E. Mack, who had been Corporate Treasurer of Bank of America and Chief Financial Officer of Shinsei Bank of Japan, who joined
in May 2007. Despite the resources it apparently devoted to governance and risk management, they ultimately failed to protect it and it is difficult to escape the conclusion that, despite their
efforts, non-executive board members did not know what the bank was doing, even less the implications.

Yet the implications could not have been more serious and the warning signs should have been there for the board to see. According to the FSA report:

Tracey McDermott, FSA acting director of enforcement at the time, commented: ‘Banks and other firms have to manage their business by ensuring that their systems and controls are
appropriate for the risks that they are running. The conduct of the Bank of Scotland illustrates how a failure to meet regulatory requirements can end not just in massive costs to a firm, but
losses to shareholders, taxpayers and the economy.’

This was a severe censure; however, coming nearly four years after
the event, it was far too late to influence any change in HBOS. Public criticism of the institution was
also as far as the regulator was prepared to go. No individuals were named, nor were any sanctions imposed. The FSA suggested that had a fine been imposed it would have set a record, surpassing
even the £17.5 million imposed on Goldman Sachs for breaches of rules. Since the horse had not only bolted, but sent to the knacker’s yard and slaughtered, there was hardly any point in
making the owner pay for a new stable door.

‘The severity of Bank of Scotland’s failings during this time would, under normal circumstances, be likely to warrant a very substantial financial penalty. However, because public
funds have already been called on to address the consequences of Bank of Scotland’s misconduct, levying a penalty on the enlarged Group means the taxpayer would effectively pay twice for the
same actions committed by the firm. Therefore, to reflect these exceptional circumstances, the FSA has not levied a fine against Bank of Scotland but has issued a public censure to ensure details
of the firm’s misconduct can be viewed by all and act as a lesson in risk management failings.’

Will anything be done to reform the corporate governance of banks? The signs are not hopeful. In 2009 a review led by Sir David Walker,
⁴
a former Treasury and Bank of England official, conducted a consultation and published a report which saw very little wrong with the system which had failed to stop the collapse of HBOS, The Royal
Bank of Scotland and Northern Rock. Its five recommendations amounted only to tweaking a system which was clearly inadequate. The existing code for bank boards, it concluded, combined with tougher
capital and liquidity requirements and a tougher regulatory stance on the part of the FSA, provided ‘the surest route to better corporate governance practice’. It did concede some
failings in bank boards, but said these related much more to patterns of behaviour than to organisation. ‘The sequence in board discussion on major issues should be: presentation by the
executive, a disciplined process of challenge, decision on the policy or strategy to be adopted and then full empowerment of the executive to implement. The essential
‘‘challenge’’ step in the sequence appears to have been missed in many board situations and needs to be unequivocally clearly recognised and embedded for the future.’
How boards were to be made more assertive and challenging it did not say.

Walker’s report also called for more board involvement in ‘risk
oversight’ with particular attention to the monitoring of risk and discussion leading to
decisions on the bank’s risk appetite and tolerance, but how this was to be achieved by non-executives having to grapple with the scale of complexity of modern banking it again did not
specify. It did make a plea for a greater involvement by institutional shareholders. On remuneration, it looked only at executive pay and did not comment on the objectivity of non-executives.

HBOS clearly exhibited a breakdown in corporate governance, which despite many thousands of words of lip service paid to it, failed to control the group. But do not expect change – at
least not in the near future.

The drive for profit at any price

It is not often that the veil which shields the inner workings of a massive corporation is lifted to let us see the machinations hidden behind it, but the 2012 FSA report into
HBOS corporate banking
¹
gave some astonishing insights. Here was a division that had delivered phenomenal growth, being constantly pressed
to go further – whatever the consequences.