PRA Final Notice on Co-op Bank - "cautious", with blurry lines...

"Two straws please"...

The PRA published a Final Notice last week regarding the numerous shortcomings of a UK bank over the last few years, which included the news of a colossal £121m fine which the PRA would have levied if the entity wasn't still losing wedge faster than a mojito in a cement mixer.

I'm sure some of us chortled at the Chrystal Methodist headlines a couple of years ago when the Non-Executive Chair of the UK's Co-operative Bank had his numerous vices sold to the highest tabloid bidder by a rented acquaintance. I covered some of the initial fallout on here, themed mostly around reputational risk and fit and proper persons, given the exponential effects of the exposé on the ultimate failure of the Group in its form at the time.

A document covering part of Co-op's demise, specifically its Bank, was released last week by the PRA,

The PRA's Final Notice to the Co-op Bank is issued publicly, and highlights where the firm breached what were at the time the FSA's Principles for Business, replaced since the PRA/FCA divorce by the PRA's Fundamental Rules.

Included in the Final Notice on this matter was a number of matters which risk practitioners should be salivating over, given the failures which led to this punishment include

• Inappropriate culture,
• Internal control framework failures,
• Ineffective risk management policies, and, the jackpot,
• A "three lines of defence" model "...flawed in both design and operation"!

The activities demonstrating this include a woeful suite of incomplete management information, three horrendously chancy accounting interpretations benefiting the balance sheet at the expense of real-world accuracy, and a suite of defensive line failures, all of which are followed through in forensic detail.

I have sectioned my notes below for my own use, particularly given the PRA goes on something of a limb here and provide usable definitions for certain terms which I suspect many practitioners would benefit from reading. The PRA (and EIOPA) generally try to dodge requests for definitions, so while the peg is square and the hole is round, it might be as good as you get!

Definitions and expressions

• Three lines of defence - "This is a system which relies on there being an opportunity at three complementary and independent levels to identify and correct any control failures". 
• Second line of defence - "Second line functions should support and challenge the management of risks firm-wide, by expressing views within a firm on the appropriateness of the level of risks being run"
• The above is supplemented by the following: "Responsibility for risk should not be delegated to risk management and control functions" - amen brother!
• Third line of defence - "Internal Audit should provide independent assurance over firms' internal controls, risk management and governance"
• Risk Appetite - "A firm's stated risk appetite is an important factor in determining whether a firm's risk and control framework is commensurate with [the] nature of its business, and should be both integral to a firm's strategy and at the heart of its risk management system" - not far off a direct quote from last year's Approach Paper on Banking Supervision (p22), though it has moved from "foundation" to "heart" in this Final Notice. I know what I prefer to build on!
• "Clearly-defined strategy" - they list "well-defined objectives, responsibilities and milestones" as expected
• Policies - "The establishment of appropriate policies [and procedures] governing the conduct of a firm's activities is an essential component in the exercise of appropriate organisation and control of a firm's business"
• "Good risk management culture" (p7) - interestingly an expression most bodies have avoided using, preferring "sound" to "good". They later go on to talk of culture more generically in terms of "right" and "inappropriate" (p33).

Observations

• Interestingly, Co-op Bank never refer to operating "3LOD" until their 2012 Annual Report (p56 for the boilerplate and clearly untrue definitions), so any deficiencies in the model before that year might be for a good reason!
• First line management oversight was seen as "inadequate" and "inappropriate" (p12)
• Their second line managers "...repeatedly voiced concerns" about headcount (p29), which weren't addressed until the back end of the period under scrutiny. Hard to think post-2007 it would be hard to justify reinforcing that area of the business, which perhaps says a lot about the entity's culture. 
• Second line not monitoring adherence to policies (p29) - quite hard to conceive of nobody in the second line doing this!
• A clear distinction made more than once between "Risk Management Framework Policies" and "adequate policies and procedures" relating to operational matters (p5)
• Some of the failure to follow 'internal policies' seems to have been sponsored by the acquisition of the Britannia book - perhaps a natural by-product of M&A activity, where the cultures and modus operandi clash (p21)
• Second line criticised for not providing proper "independent challenge" - happy to see this, given the focus tends to be on second line oversight, which always feels like a bit of a jib-job.
• Third line giving the business credit for proposed remedial action in its audit reports (p31) - even taking this into account, they were rolling over around 30% of recommended actions in their reports as "overdue"!
• Head of Internal Audit reported to the Head of Risk
• An implication that one may be permitted shortcomings in one's internal control framework, providing one's culture is "appropriate" (p5). 
• An interesting slant on reputational risk emerges from one of the accounting interpretations used, specifically that while assuming a particular accounting treatment (on the Leek notes in this case) which benefits the entity at the expense of counterparty might benefit the immediate balance sheet, the long-term effect on being able to raise new capital must be considered (p16)
• External Auditors using a 1-to-7 scale to assess how punitive/liberal the accounting treatments used by clients are. These assessments have bitten this particular client on the bum, given the PRA quote them in the document in the context of whether they align with a "cautious" risk taker!

Open ended questions

• Is "cautious" a realistic appetite for risk at Entity level? More importantly, if one has a "cautious" risk appetite, is one obliged to manage its capital "cautiously"?
• Management information was criticised for not being "sufficiently forward looking" - should it be (as opposed to mostly summarising positions at a point in time)?
• Is the PRA allocating resources to firms based on their Risk Appetite Statements (p13)?
• Is it possible for non-Accounting experts working in the second line to identify just how many ropey interpretations of UK GAAP/IFRS are being applied to a balance sheet? Is it plausible to leave such work to external audit firms who couldn't have a more vested interest in the grey areas of such legislation? The artificial boosting of the balance sheet listed in this notice would be subtle enough to trick an accountant or two I'd bet!
• Can quant risks be effectively managed in a separate team from the qualitative world? Appreciating there is a shockingly blurry line in Co-op Bank's approach (p29), it certainly feels like Solvency II pressures might lead to similar pressures on the staffing front, particularly for modellers and small/medium sized firms where staff may wear more than one hat.

Myners briefing on Governance at the Co-op - working class barred from the Board?

Wolf - step away from the door...

A corporate governance story that will echo in the eternity of MBA classes for years to come, the unravelling of the UK's Co-operative Group from the benign grocer-cum-divvy machine into a ying and yang shotgun conglomerate of opposites is proving to be a watershed moment for UK plc, with stakeholders attempting to balance myriad legal, political and ideological considerations in order to both keep the wolf from the door, and preserve the principle of mutuality for its membership.

There are no surprises that the crux of the Group's issues lies in its banking arm, nor that being acquisitive during the financial crisis (here, here and here) has proven to be poor strategy. Keeping the wolf from the door has therefore largely been delivered through the tried and tested combination of begging and borrowing, which the recently departed CEO appears to have delivered with some aplomb.

Governance structures
- choices choices...

However, the Group's hiring of Paul Myners back in December, a man with an extensive collection of t-shirts and hats, to independently review its governance arrangements, seems likely to deliver to the membership a menu of choices as unpalatable as a Sunday skip-dip.

Lord Myners has hurriedly delivered a briefing on his findings to-date, as well as performed some mainstream media duties (here and here), following the Group CEO's resignation last week. This early sighter was seemingly unscheduled, but the manner of the CEO's departure ("a tragedy" in Myners' words) meant that his findings to-date could not wait until May for its full publication date.

Myners has therefore naturally delivered a ruthless and scathing take-down of the governance structure and processes within the Co-operative, while calling out the Board member who are clearly well schooled in how to game the system, as well as the playground tactics/rabbit-in-a-hat tricks that turn "one-man-one-vote" into "one hundred men-all votes"!

Killer quotes

• The group endures a significant "democratic deficit"
• The future of my recommendations lies in the hands of around 100 elected individuals on the current Group and Regional boards, few of whom have any serious business experience and many of whom are drawing material financial benefits from their positions
• There is a phrase frequently used in Co-operative Group circles that the Executive should be "on tap but not on top"
• ...the Group Board has spent far too much time on transactions such as Somerfield and Britannia which have been breathtakingly value-destructive

Observations

• The "exceptional skill and tireless efforts" of the Executive team are cited as the reason for the Group's survival in its current form
• The current governance framework is variously referred to as "flawed", suffering from "acute systemic weaknesses" and having "consistently produced governors without the necessary qualifications and experience to provide effective Board leadership". Ouch...
• That the Groups social goals are not aligned with its strategic and commercial objectives. This is of course less of a worry for its financial services competitors.
• The the Group's "massive scale and complexity" means that a man-off-the-street approach to electing Board members, which may be sufficient for a farmer/grocer co-op, is not suitable.
• Shatters the "myth" that the Group has always been run by lay members, as opposed to those with commercial experience.
• The thought of creating a board of INEDs and lay members is disregarded due to the potential for creating "second-class citizenship"
• Highlights that Co-op's core business of groceries is savagely competitive at the moment (just look at Morrison's and Sainsbury's), so continued ineffective governance could be devastating
• Notes that there have been previously (disregarded) reviews of its governance architecture, which is "long known for its labyrinthine complexity and its disfunctionality"
• Stresses that, due to the current voting structure, acceptance of  his recommendations "...potentially lie[s] in the hands of fewer than 50 elected members". It sounds like they haven't been shy to remind him of that either!

Recommendations

• Halve the size of the Group Board, which will be subject to annual re-election
• Independent Chair, with no previous association with Co-op
• 6-7 INEDs and 2 Executive Directors
• All with qualifications of a similar ilk to its (listed) competitors
• Create a National Membership Council (NMC), with a 12-person executive committee to effectively represent the membership and co-operative principles and values
• The Board to be subject to scrutiny by the NMC, who have the right to be consulted on "key strategic and operational intiatives"
• "Arrangements" to be made to safeguard the confidentiality of information shared between the Board and the NMC (certainly not the case with current arrangements!)

The entire document feels drenched in class warfare and spectrum politics. That rather hideous take from the existing Board on their executive team ("on tap, but not on top") feels like the inspiration of Myners' recommendation for a professionalised, appointed Board, rather than the beer and sandwich brigade which currently exists.

That said, there is thought on the left-wing (here and here) who feel that mutuality and co-operation should remain unsullied by the commercial world, who remain unable to affect much in the way of democratic change in Boardrooms even after the raft of FRC-sponsored guidance released over the last couple of years (though PIRC are trying!). Is one failed attempt to democratise stakeholders best replaced by cherry-picking from a similarly deficient model?

On the basis that I have banged the drum for background diversity in Boardrooms (not just gender or race), and the existing Co-op Board is "diverse" in that respect, I'm left to wonder if I've been barking up the wrong tree. The Board delivered by their existing process is neither fit nor proper, and are able to outmanouevre their executive compatriots armed with little more than a working knowledge of provincial politics and a polyester suit.

Should we therefore use the grey-area of "fit and proper" regulation to ban the contract plasterers, nurses and retired publishers of the world from financial service provider Boardrooms on the basis that they don't have an MBA, and count with their fingers? Or can one make a valid contribution to a financial services Board of directors regardless of the colour of their collar?