The blame game: Internal audit savages FSA

The Financial Services Authority's internal audit of its policing of Northern Rock reveals a catalogue of basic errors. By James Moore
Click to follow

Britain's financial watchdog yesterday enduring a public savaging the likes of which it has not endured since the collapse of Equitable Life.

An internal audit into the regulation of Northern Rock identified a series of failings which threaten to badly undermine the reputation of the Financial Services Authority.

The four key points identified by the review were:

* A lack of sufficient supervisory engagement with the company, in particular the failure of the supervisory team to follow up rigorously with the management of the bank on the business model vulnerability arising from changing market conditions;

* A lack of adequate oversight and review by FSA line management of the quality, intensity and rigor of the group's supervision;

* Inadequate specific resource directly supervising the firm; and

* A lack of intensity by the FSA in ensuring that all available risk information was properly utilised to inform its supervisory actions.

Those were the headlines – written in typical regulation speak by the watchdog's internal audit division.

But a cursory look at the auditors' report spells out in plain English what the official gobbledygook means.

Shockingly, between January 2005 and 9 August 2007, regulators held just eight "close and continuous" meetings with the company of which there were none in 2005, just one in 2006 and seven were in 2007, during the time leading up to crisis that engulfed the bank in August. Of those, five were held on just a single day and two were held over the telephone. That compares with an average of 43 meetings during the same period in 2007 for the five largest retail banks. Northern Rock was also the only "high impact" company without a "risk mitigation programme" in place.

The regulator, in a press release yesterday, was at pains to say that "even if supervision had been carried out at a level acceptable to the FSA, it was by no means the case that that would have changed the outcome".

This could be seen as a sly dig at the Treasury and the Bank of England, the FSA's partners in the so-called "tri-partite" supervision of financial markets. The regulator also complains, en passant, about the Bank's failure to inject cash into the financial markets when the effects of the credit crunch began to impact on the Rock. Neither the Bank nor the Treasury is planning to publish a similar public "mea culpa" anytime soon. But as a spokesman for the Bank pointed out, the day-to-day supervision of the Northern Rock was the responsibility of the FSA.

Except that there was precious little supervision going on. And it appears that even when it was, Northern Rock's supervisors were not exactly top-line banking regulators. From the beginning of 2005 until June 2006, the bank was, bizarrely, policed by the FSA department whose primary responsibility was insurance companies.

A reorganisation then meant that from June 2006 until February last year, the company was handed to a team which had responsibility for one other major company. Again, this was an insurance group. It was only in February last year that Northern Rock was finally brought together with its deposit-taking peers. And by this time the high-risk business model that drove its rapid expansion was already well established. The FSA's fondness for reorganisations – the report notes – meant that during the period of the review, "Northern Rock was the responsibility of three heads of department".

The report also says that there was "no requirement on supervisory teams to include any developed financial analysis in the material provided" to the FSA's risk-assessment panels. So there was no way the panels could have seen how different Northern Rock's business model – relying as it did on wholesale money market funding – was from its peers with significant deposit bases available to back their lending activities. This is widely seen as the fatal flaw at the core of the Rock.

The FSA has made much of its risk-based approach to regulation. But its internal auditors say: "We cannot provide assurance that the prevailing framework for assessing risk was appropriately applied to Northern Rock."

The publication of a report containing such conclusions has been a bruising experience for the FSA's chief executive, Hector Sants, the former investment banker who shot to prominence when he took on London's hedge funds. Thanks to the Rock affair, he now has a major black mark against his name and faces a savaging from MPs on the Treasury Select Committee. Its chairman, John McFall, said yesterday that Mr Sants' organisation "has essentially admitted a "dereliction of duty", adding: "This isn't just a failure of the supervisors of Northern Rock; it's a failure of the management of the FSA."

As for Britain's banking industry, it is now gearing up to deal with the review's recommendations, which boil down to a call for more regulation and more regulators. One analyst said yesterday: "What the FSA has done from the start is concentrate its resources on the very biggest firms. What this shows is that the failure of the smaller and medium-sized firms can have a very big impact."

Treading a fine line

Equitable Life

In 2000, the insurer closed to new business after it was unable to meet "guaranteed annuity rate" pension plans. An audit found that FSA departments failed to communicate with each other.

Independent Insurance

In June 2001, the insurer closed its doors to new business. Its chief executive, Michael Bright, was convicted of fraud. MPs, aggrieved customers and investors said the FSA failed to be pro-active enough.

Legal & General

In 2005 the Financial Services & Markets Tribunal criticised the FSA for "mishandling" a "flawed" investigation into alleged endowment mis-selling at Legal & General. The life insurer's £1.1m fine was reduced.