The internal risk controls of banks and financial firms will be overhauled by a radical new industry code of conduct that aims to prevent a recurrence of the rogue trading and interest-rate fixing scandals that have gravely damaged the reputation of the City of London in recent years.
Internal auditors will be given far greater powers under the new code, and will report to chairmen rather than chief executives to safeguard their independence. A draft version of the new code, which has been drawn up by the Chartered Institute of Internal Auditors (IIA) with input from regulators at the Bank of England and the Financial Services Authority, is published today and promises "significant change" for the internal auditing processes of financial firms.
Among the provisions, which will now go out for consultation, is an explicit requirement for internal auditors to have regard to the reputation and values of the organisation as they go about their work. The code also says auditors should be given free rein to assess the risks being run by any part of the business.
Inspectors should report to the company's chairman, rather than chief executives, in order to guarantee their full independence. According to the IIA, the new code is designed to furnish company boards and regulators with a "benchmark" against which they can judge the effectiveness of internal audits.
Andrew Bailey, director of the Bank of England and managing director of the FSA's prudential business unit, welcomed the draft code, arguing that banks and other financial firms had been guilty of expecting too little of internal audits in the past.
"The regulatory authorities expect firms to have robust internal audit functions capable of providing genuine challenge to management," he said. "I hope that this guidance will help internal audit functions position themselves to achieve that."
Roger Marshall of the IIA, who chaired the committee that drafted the code, said it would help firms establish "proper control" of the risks they are running. "[They] are likely to lead to significant change for some organisations and are likely to affect all internal audit functions of UK financial institutions to some extent" he added.
The City's standing has been severely dented in recent years by a host of activities that should have been picked up by effective internal risk audits. Last week, Royal Bank of Scotland was fined £391m by regulators in the US and the UK after traders attempted to manipulate Libor. This followed a £290m fine for Barclays for the same offence last year. Other scandals have also thrown light on the deficient risk controls in financial firms in the City.
Last year, the FSA fined the Swiss bank UBS £29.7m for "systems and control failings" that allowed London-based rogue trader Kweku Adoboli to lose £1.4bn. The regulator is also investigating how a trader at the London office of JP Morgan lost £6bn last year.
The IIA will be seeking comments on the draft code until April 12.