I should have seen it coming.
The Senior Manager & The Risky Acquisition
The following events are based on a true story.
Banque de Chance, London Headquarters, 8.00am.
Lucy Anderson, Head of Retail Banking
This is Lucy
Lucy was first in line for a promotion when her bank bought of Borrowers Building Society. The bank’s mortgage book more than doubled within 24 hours, along with Lucy’s responsibilities.
Before the acquisition Lucy was on it.
She had ensured the bank was cautious towards new mortgage applications, and she knew her risk profiles inside out.
But now with all the extra work she was busy, busy, busy!
She had assumed the bank’s massive risk and compliance team would have a handle on the acquisition. After all, the risk management of legacy loans was their job, right?
When the new mortgage business came in, Lucy focussed solely on the potential for growth. She didn’t focus on the legacy risks. She hadn’t carries out a formal risk assessment of the new business. She never made a plan for managing problem loans, and she didn’t consider whether the pre-existing risk management framework was still fit for business.
So, nine months after the acquisition, an internal audit report raised serious concerns about the quality of some of the loans the bank had inherited.
However, these issues were not escalated or fully addressed.
Lucy had failed to recognise her responsibility for the banks’ changed risk profile, and had failed to get a handle on it.
The bank had acquired a large amount of new quality loans. So called subprime mortgages.
It hadn’t reserved adequate levels of capital to cover those exposures.
Unfortunately, the bank didn’t realise the extent of the problem until it was too late.
One year on, external auditors saw the report and investigated further. As a result, the bank was left with a significant capital shortfall, which threatened its solvency, and required an injection of capital.
The regulator had to be immediately notified.
So following a lengthy enforcement investigation, the PRA fined Lucy £!35,000 and banned her from holding a similar role in the future.
The change in size of the business and subsequent internal audit should have been huge red flags to Lucy.
She needed to know the risks of the expanded business like the back of her hand.
There are three things she should have done differently:
Carried out a re-assessment of the risk management framework
Taken pro-active steps in response to the internal audit report. Ensuring any action or recommendation were implemented quickly and serious issues were appropriately escalated
Recorded every step she took, meeting she attended and issue she raised.
Proactively manage risks.
Don’t become a cautionary tale.
Personal risk deserves personal advice.
Brought to you by BLP’s Financial Regulation Group
After her bank snapped up a small competitor, Lucy Anderson went from being promoted…to being fined £135,000.
What were the wrong assumptions that led to this eye-watering fine, as well as Lucy being banned from holding a similar role in financial services?
Deputy Global Head of Litigation & Corporate Risk, and Co-head of the Investigations, Financial Regulation and White Collar practice group. Specialises in complex regulatory issues for…View Nathan Willmott's full profile