To recap, last week’s report by the FSA’s Internal Audit Division found a regulator in disarray, failing to record key meetings, keep a proper audit trail, have robust management systems in place or even properly understand its own supervision processes.
Many of the regulatory problems facing Northern Rock stem from a risk assessment endorsed by its Arrow Panel in February 2006. The panel is used as part of the Arrow process to assess a firm’s strategy, capital and liquidity positions and nature of funding.
But the internal audit found that because FSA staff failed to make formal records of key meetings, it was unable to assess analysis of the bank prepared by FSA staff alongside contributions from Northern Rock executives and external auditors. This went against standard Arrow practice.
The internal report also criticises the fact there was no formal requirement on supervisory teams to include any developed analysis including comparisons with other banks in material provided to Arrow panels.
It suggests this may have thrown light on key aspects of Northern Rock’s business model including its a high target for asset growth and a high reliance on wholesale funding compared to its peers.
As a result of this Arrow panel assessment, no risk mitigation programme was put into place and the period between formal Arrow risk assessments was lengthened to 36 months, from the 24 months proposed by the supervisory team.
Out of the 38 firms in the major retail and wholesale divisions, Northern Rock was the only one not to have a risk mitigation programme and only four other firms had a risk assessment period of 36 months.
Because a risk mitigation programme was not put into place, the FSA’s “close and continuous” supervision system for the bank became more important.
But, yes you’ve guessed it, again FSA staff fell embarrassingly short of what was required. The report found the FSA’s supervisory team had an “incomplete understanding” of C&C supervision.
After the Arrow panel in February 2006 there was only one set of C&C meetings with the firm during the period reviewed by the internal audit. These took place on April 30, 2007.
The internal audit found agendas for the five meetings yet there was a typed record for only part of one of them, so the audit was unable to ascertain what was discussed.
The average number of C&C meetings for firms in the FSA’s major retail groups division was 74 for the period audited, rising to 143 for the five largest retail banks. But Northern Rock had only eight meetings in this period.
Added to the list of failures, the report observes although a number of business risks for the lender emerged, due to its rapid growth, this was not recorded on the FSA’s database which triggers further action.
Alongside the report, the FSA published a list of improvements it will make including around 100 extra supervisors and staff to work in its risk assessment department.
The full costs of these reforms have yet to be calculated but the FSA is caught up in the dilemma of needing to hire top quality individuals at a premium without inflicting too much pain on the industry in terms of extra fees.
In a statement last week, the FSA said it would reverse its practise of reducing staff numbers in order to fund better quality staff, potentially worrying stuff in itself.
Advisers have already suffered massive hikes in their fees, including recent rises to pay for extra FSA small firm supervision. Further increases to mop up the mess the regulator made of Northern Rock would not be welcome.