Restoring trust in banking
This is the first of two posts discussing points raised in the ICAEW's recent conference on banking.
"The five most dangerous words in banking", declared Deloitte's Kari Hale, "are these":
"IT IS DIFFERENT THIS TIME"
Hale went on to explain that, despite financial innovations, the key risks of banking are evergreen:
- credit and concentration risk
- liquidity risk
- market risk
- operational risk
- conduct risk
One of the fundamental causes of the financial crisis was the mistaken belief that risks had been eliminated, when they had simply been transferred to unsuspecting and unprepared recipients. Some risks cannot be eliminated - only managed.
Hale was presenting the ICAEW's Audit Insight report into Banking at the recent ICAEW banking conference. His presentation was followed by a lively panel discussion chaired by Iain Coke, the head of the ICAEW's financial services and author of an article in the FT on the need to restore trust in banking.
Restoring trust in banking is the first key point or "flag" of the Audit Insight report, and the most fundamental. Indeed it could be said that all bank and regulatory reform is about restoring trust in banking.
Without trust, banking is impossible. The business model of banking only works when customers and banks trust each other. And when trust breaks down, the resulting bank runs and failures are incredibly damaging to the wider economy. The fact is that banks are central to a monetary economy: they depend on us, but even more, we depend on them.
Yet more than five years on from the financial crisis, people's trust in banks remains severely damaged, and recent problems such as the Co-Op Bank's deceitful behaviour, the revelation of new forms of mis-selling and the regulatory fines imposed on bank after bank do not help matters. Root and branch reform of banking culture and practices are required in order to restore trust. There are no quick fixes: as Iain Coke puts it, "restoring broken trust is hard, slow work".
At the very least, we need transformation of bank business models. Flag 2 of the Audit Insight report advises that "Banks should adapt their business models to the new world".
Banking is fundamentally a service business, but it has become too focused on product sales and not enough on giving good service to customers. In the panel discussion after Hale's presentation, Jane Fuller of CSFI observed that the fundamental need was to identify what it is about bank business models that encourages bad behaviour. Incentives clearly need to be addressed, but so too do the design of products and the ways in which they are bundled together. Banks use unprofitable lines and low-value core services as loss leaders, attracting customers to whom higher-value products can be sold. But this practice creates obvious opportunities for abuse and incentives for mis-selling. It should be ended, so that customers pay the right price for each product and service they purchase.
The trouble is that the UK's free banking model is completely dependent on the ability to cross-sell products and impose additional charges. The panel - and the audience - were in agreement that the focus on simpler products and transparent pricing is likely to mean the end of "free while in credit" current account banking.
In fact banking services are likely to become more expensive generally, due to higher capital requirements and stricter and more costly regulation. Not only free banking, but cheap borrowing and solid returns on savings may become things of the past. Competition may help to drive down prices, but there are still problems with barriers to entry and the continuing existence of an implicit subsidy to banks perceived as Too Big To Fail. Paul Lynham of Secure Trust Bank - a "challenger bank" - commented that the new account switching facility would not improve competition unless customers had a wider choice of providers. The panel expressed concern that regulatory requirements designed to make banks safer could actually impede competition by creating difficulties for smaller players. The costs and benefits of regulatory changes need to be evaluated: for example, James Chew of HSBC argued that ring-fencing would have huge IT implications and could well end up being an waste of resources, since banks were shrinking their investment arms anyway. The need to provide cost-effective products and services to customers is as important as safety.
As we might expect from an audit body, the third flag concerns financial performance reporting. Quality of information is more important than quantity, and there is a risk that in the new drive for transparency, banks will produce so much information that customers and investors are swamped and unable to identify the key indicators they really need. There is a need for common reporting standards across financial institutions, so that customers and investors can easily compare disclosures and make informed choices. But the most serious criticism was levelled at the use of internal models to calculate risk measures. Kari Hale noted in his presentation (his emphasis):
"Bank boards need to ensure there is good governance and control over their bank's internal models, including the principles that underpin them. They should also consider whether they are provided with sufficient assurance that the inputs and assumptions applied to the models are reasonable".
Given the role that bank internal risk models played in the 2008 financial collapse, this recommendation is welcome, although some may think it does not go far enough. Earlier in the conference, there was a panel discussion about the value of a leverage ratio and whether it could supersede the risk weighted capital ratio as an indicator of bank fragility. The panel concluded that both measures are necessary, since a leverage ratio alone encourages banks to invest in riskier assets. Risk weighted measures do discourage excessive risk-taking, but the way in which they are calculated requires more transparency and there should be better controls around the use of internal risk models. Whether internal models should be subject to external audit is still being discussed.
The Audit Insights report also noted that banks need to improve systems and controls over regulatory measures and address the challenge of managing a wider range of regulatory targets which interact with each other". The overall picture is one of increasingly intrusive regulation in all areas of bank business, which - as noted in Flag 2 - will be costly. But there is also a risk that banks will spend so much time and effort simply trying to comply with regulations that they will fail to address their core task, which is to accept and manage risks in order to keep money and credit flowing in the economy. Regulation cannot solve all the problems of banking, and a completely risk-free future is neither attainable nor desirable.
The fourth flag - and perhaps the most frightening - is the need to replace legacy IT systems and improve IT security.
Banks rely on IT systems for processing of payments and other transactions on which the economy is critically dependent. But many of these systems are very old, written in languages that now few people understand, poorly documented and using obsolete technology that does not interface well with modern systems. The costs and risks of replacing core systems for essential functions such as payment processing are so enormous that banks have for decades shied away from addressing the problem, preferring to add layers of additional functionality around the existing systems rather than replacing them with streamlined integrated solutions. Each additional layer adds additional complexity and therefore additional risk: the likelihood of a systems failure is increasing, and the adverse consequences of such failure are becoming potentially devastating. A recent report into the failure of Knight Capital placed the responsibility firmly at the door of a systems bug in an automated trading system, caused by failure to retire obsolete software. And RBS's two systems failures, while recoverable, caused major disruption for customers. Cyber crime, too, is becoming an increasing threat, and legacy bank systems are extremely vulnerable. New, resilient and secure systems are desperately needed - but the cost is prohibitive.
Whether banks that are already facing increased costs and reduced profits due to regulatory changes will want to take on enormous IT projects is unclear. If they do, there will clearly be implications for the price of core customer services. So if simplification of products and elimination of cross-selling doesn't eliminate free banking, IT system replacement almost certainly will.
I can't imagine that anyone would be surprised by the findings of the Audit Insights report. The rotten culture in banking has existed for decades. And elements of it will remain until all the people who were part of that culture have gone and the legacy they left has been forgotten. To be fair, the banks do seem to be making real efforts to reform from within. But re-education of staff, and even elimination of those who "don't share the new values", won't be enough. Nor will costly re-engineering of business models, improvements to financial reporting and replacement of legacy IT systems. Culture in corporations is inter-generational: managers recruit people who are like themselves and train them to behave in the same ways that they do. It will be a long, long time before the desired integrity really exists at all levels and in all areas of banking.
But even that may not be enough. Trust is fragile. Once lost, it can never really be regained: some suspicion always remains. The 2008 crash and its aftermath is already the stuff of legend, and "evil banksters caused the crash" is rapidly becoming a folk meme. Will people ever really trust banks again - at least the ones that were involved in the crash? I do not know. Perhaps we need an even more radical transformation of banking.
But as Jane Fuller noted, disintermediation is already a noticeable trend. Perhaps the banks we have now will, like dinosaurs, die out and be replaced with new, sleeker breeds better suited to the needs of customers in the twenty-first century.
Audit Insights: Banking - ICAEW
"Rotten" sector must restore trust - Iain Coke, FT (paywall)
The legacy systems problem - Coppola Comment
Turning back the clock? The future of retail banking - Coppola Comment
The slow death of banks - Pieria
A broken model - Pieria
Financial dislocation - Pieria