GRR working with their stakeholders to become
“A New Standard in Regulatory Risk Management”
Our performance in 2004 – key achievements
For discussion with Mike Ellis – 2nd December 2004
Enhancing shareholder value through business focused regulatory risk Enhancing shareholder value through business focused regulatory risk managementmanagement
Contents
Our accountabilities
Key departmental priorities for 2004
Vision for 2004
Context for 2004’s performance
Our performance in a nutshell
“Shaping Strategy”
“Delivering Results”
“Building Capability”
Final message
GRR’s accountabilities are as follows:-
Setting group wide regulatory risk management standards, policies and
framework.
Carrying out oversight of and providing advice on regulatory risk management
and the Combined Code (Turnbull) in each of the eight operating divisions and
in Group Areas.
Providing functional / technical leadership and advice to Regulatory Risk
Management specialists in the operating divisions.
Fulfilling the regulatory accountabilities of Group MLRO and Data Protection
Officer including processing suspicion reports to go to NCIS
Coordinating communications and relations with the FSA including managing
the Approved Persons regime.
Coordinating the operational implementation of new regulatory developments.
Our accountabilities
Key departmental priorities / objectives
Business and client focused regulatory risk management oversight, advice
and leadership. [Note:- This will be achieved through deep business
understanding, developing outstanding relationships with business colleagues and
technical excellence]
Developing outstanding relationships and credibility with the FSA
Continued focus on fighting all aspects of financial crime
Creating a centre of excellence in our new Technical and Policy Services
Team
The implementation of The Integrated Prudential Source Book
Developing our people to be the right people with the right mixture of skills
Developing a cohesive approach to leading and managing GRR
Communicating our vision and strategy for GRR effectively
Our vision for 2004
Typical extracts from colleague feedback in “GRR Today” 31/12/04
“The GRR Team has added real value this year by helping us to
understand and manage our regulatory risks better”.
“The whole approach to risk regulatory risk management across the
HBOS Group feels different. It feels simpler, more business focused and
more effective at the same time. GRR’s new vision, strategy and
approach has made a tangible difference to the way we manage
regulatory risk in HBOS”.
Context for 2004 – “very difficult”
The FSA yet to be convinced that our risk management and control
framework was effective and keeping pace with our growth. Clearly
concerned with the way Group Risk functions relate to the Divisions and
whether they are really able to carry out their oversight role effectively.
FSA concluded in 2003 "…that the risk posed by HBOS Group to the FSA's
four regulatory objectives is higher than it was perceived….".
Increased ICR. Very challenging RMPs particularly in Retail including S166.
GRR Business Plan – “The regulatory environment – a key strategic
challenge.” Keys to success; communications and relationships with FSA;
more rigorous oversight by second line of defence in which FSA has
confidence; the demonstrable and enthusiastic engagement of the
operating divisions
Major organisational changes required to GRR – strategy, structure, people.
Our performance in a nutshell - 1
HBOS regulatory risk profile reduced. FSA’s confidence significantly
increased. Additional ICR to be removed. No regulatory censure.
Positive outcome of S166 – “We have been impressed with the limited
number of senior personnel that we have interviewed in GRR”
Positive feedback received from George Mitchell, Alistair MaCrae,
Steven Cragg, Colin Matthew, Richard McDonald (BOSI), George
McArthur (HBOSA)
“Our relationships with GRR in particular have been good……We are
quite comfortable to rely on GRR……and that is the real test” Kirstie
Canneparo – 26th November 2004
“I can’t believe the turn-around in our relationships with the FSA” –
Tony Hobson – November 2004
Major organisational change in GRR effected highly successfully – MORI.
“An excellent year all round building on a similar result in 2003. The
New Horizons programme has been transformational. The work with
HBOS FS in SJPC (life-saving support!) was excellent and both are
emerging in much better shape as a result. You have recruited some
excellent people and have inspired many of the old GRR folks to new
heights.” Phil Hodkinson 30 November 2004.
“Phil Thanks for the opportunity to contribute and to see the IID
executive views [on GRR]. Very helpful. Its obviously very positive
feedback for Paul and the team and I can only reiterate your positive
views. Tony” Tony Hobson 30 Nov.
Outstanding oversight and advice work carried out in Retail despite
difficulties which has added significant value and protected Retail from
undoubted FSA intervention. Courage in action.
Our performance in a nutshell - 2
“Shaping Strategy”
There wasn’t one. Now there is. It has created an esprit de corp in GRR
Developed, communicated and got buy-in from all key stakeholders to a
powerful vision and strategy for regulatory risk management around
HBOS – “A New Standard in Regulatory Risk Management”. Very strong
support from the GRR management team and department as a whole.
Inspired and gave direction.
Inherent in the vision and strategy is a broader change agenda for the
division focusing on clients, people, excellence, openness, simplicity
and clear accountability – which will drive down costs and profits up by
creating an atmosphere in which innovation can thrive.
Delivering Results – Australia and Ireland Undertaken very effective RRME in Ireland which has been very well received -
and the recommendations of which are being taken forward.
Feedback positive from both Ireland and Colin Matthew (“Good, it’s gone down
well … we’re making good progress here”).
Australian RRME also well received - draft report being discussed.
Good relationship established with
International Operations - “our relationship with your guys is great”
Ireland
Australia
Not easy bearing in mind the various constituencies and their differing
approaches.
Helped Strategy on two potential acquisitions.
Assisted PPU by carrying out certain work while they resource up.
Delivering Results – Corporate & Treasury
Strong positive feedback from George Mitchell, Alistair Macrae and
Stephen Kragg. “I can’t believe the difference in approach” – Stephen
Kragg
Provided critical support to Treasury during period when it might have
ben impossible to have delivered the compliance plan they had
promised to the FSA. Fully involved in the recruitment of Ian Capes.
Substantial support to Corporate throughout the year to support the
improved relationship with the FSA.
Full scale review of regulatory risk management effectiveness in
Corporate carried out since late September and now almost complete.
Early presentation given to Corporate Board on November. Feedback
positive.
Delivering Results – Insight
Delivered all aspects of planned activity. A number of key oversight
reviews have been completed or substantially completed by the end of
2004 in relation to;-
Market timing, a key piece of assurance work within tight deadlines in order
to satisfy FSA’s requirement that controls and processes were robust to
counteract this type of investor behaviour.
Derivatives, a key area of business development for which GRR provided an
independent view of the control environment
Financial promotions – a major part of the FSA’s TCF initiative.
Anti-money laundering – significant advice and assurance has been provided,
CCR filters successfully negotiated with FSA resulting in substantial
operational cost savings.
Delivering Results – Insight
Regulatory risk management effectiveness review - a major piece of
work completed in Q1/Q2 resulting in confirmation of the correct
approach for Insight being to restructure the risk areas into one
department and establishing a formal risk committee structure.
Outsourcing - a major change in the business. Our work has ensured
that the changes have been made but that controls have been suitably
maintained.
Temporary Resource via a secondment for 6 months assisting in
relation to monitoring and policy work
Data Protection - GRR has provide specialist resource during transition
of responsibilities.
Very strong positive feedback from Dougie Ferrans and Keith Lovett.
Delivering Results – HBOS GI
Delivered all aspects of planned activity & accommodated additional work - at same
time as being faced with need to build relationships with three different Heads Of Risk
and changing business risk team during the year who had limited experience of
similar roles.
Leading the cross-Group oversight of General Insurance Regulation – feedback from
all involved has been positive, seen as a strong ‘second line’ control mechanism and
the way forward on oversight of regulatory issues with cross-divisional impact.
Assisting HGI towards successfully implementing requirements of GI regulation
Carried out a significant amount of direct monitoring/review work in the business -
compensated for the lack of ‘first line’ monitoring carried out by the business Risk
team due to a period of resource/skill shortage.
Strong positive feedback from HGI senior management. “You have done a great job,
created a great team, and left a quality legacy. “ Howard Posner, November 2004
Temporarily filled a technical expertise vacuum on ICOB issues for HGI - (Quotes
from MW/SAB…”cooperative in terms of resource utilisation”..”supportive of
HBOS GI, a real ‘win-win’ for both teams”)
Received excellent feedback from business on performance and quality of
support and advice (whilst acknowledging the increased challenge) - Quotes from
MW…”visibly challenging of the business in Risk Committees and Project
Steering Groups.
FSA have commented orally that they are comfortable with Risk Management
Effectiveness within GI.
Built positive working relationships with the Finance Director, Heads of Risk, Risk
team and individuals in the business (Quotes from Stephen Blott…”overall very
positive relationship” and from MW…” supportive of me personally…”)
Fighting financial crime - Conducted extensive AML oversight across most
business areas.
Delivering Results – HBOS GI
Mike Gardener described as “a complete star”. Very strong positive feedback from
Jonh Edwards and Mike Davies.
Successfully delivered on all key material areas of oversight, in a year of
transition and change following Project Crystal and against a background of
significant team resource devoted to the SJP Strategic Review Implementation
Programme.
Played a significant role in helping our Divisional risk colleagues and the Divisional
CEO to implement a new risk structure and strategy in a difficult year of change.
Through a key secondment (Paul Gowland) Designed, trained and implemented a
revised Divisional Risk Monitoring Programme and significant improvements in
content and quality of reporting Board/Governance committees. Positive oral
feedback from Head of IID and Divisional Director of risk.
Built excellent working relationships with divisional colleagues.
Successfully helped divisional colleagues establish positive lines of communication
and professional relationship with the FSA supervisory team.
Delivering Results – HBOS FS
Delivering Results – HBOS FS
Arrow – Assessed and monitored the actions taken in response to the Arrow RMP,
culminating in the Arrow visit in October 2004 when FSA advised that they
viewed that the overall risk profile presented by HBOS FS was at a reduced level.
Provided functional leadership on a number of joint reviews with Divisional risk
colleagues. Also assisted in selection process for key divisional risk roles in new
risk structure.
Delivered effective oversight of AML issues within the division. Additionally
obtained FSA agreement for the use of two major filters (IFA introductions and
payments from major banks) in the HBOS FS Current Customer Review exercise.
This was considered a significant step forwards with major cost savings for the
division.
Delivered effective oversight of Data Protection issues within the division whilst
assisting in the recruitment and training of a new divisional Data Protection Risk
adviser.
Delivering Results – Retail
Delivered all aspects of planned activity & accommodated significant
additional work. Significant oversight work undertaken in key areas.
Despite some negative findings in a number of these reviews, the
quality of the work undertaken, and the determination of the
organisation to resolve its regulatory issues has added greatly to the
credibility of risk management effectiveness within the Group
Sales Culture and Controls Review – A major review of the extent to
which the sales culture within Retail was matched by the control
environment.
ACT and CBF – Review of the operation of the Advice Checking team within
Advisory Sales and the sale of the Corporate Bond Fund.
Complaints Handling - Several interlinking pieces of work undertaken by
GRR on complaints and complaints handling in 2004. A key part of the work
was the support, advice and oversight provided as part of the MEC Review.
Complaints handling (advice) - A critical "win" from the work
included FSA withdrawing their threat of enforcement action on Post A
day complaints and FSA agreeing in writing that HBOS could use the
"Attitude to Risk" prevailing at the time of the sale to assess suitability
as part of handling a complaint - this was critical for not only current
business but for establishing a stable and known platform for business
going forward – undoubtedly this work has saved the organisation many
£millions. Critical input to Pre A Day issues.
MCOB - GRR were fully involved in the work and Steering Group which
led up to the successful delivery of MCOB on 31/10/04. GRR undertook
several key pieces of work in conjunction with both GIA and RRR and is
a key part of the "FSA Dummy Run" work being planned ahead of the
expected FSA visit on MCOB.
Delivering Results – Retail
Delivering Results - SJPC
Managed a major regulatory sensitive review and substantial
implementation programme at SJPC.
The extent of this work was not originally built in to our 2004 plan
The implementation programme has been successfully delivered
During the implementation programme, business performance has
continued to be very good – the programme was designed to ensure
the business could continue (as far as possible) as normal.
Significantly helped to develop FSA confidence in quality of GRR
staff/their regulatory expertise and professionalism.
Feedback from SJPC senior management has been very good.
Delivering Results – Financial Crime
Continued to deliver requirements in relation to fighting financial crime
including processing of suspicious transactions. Supported the
divisional teams. Recruited and trained STR team implementing
Release 0 of Searchspace and replanning Releases 1 and 2 following
delay in delivery due to software supplier. Moving to final AML structure
within GRR by 31/01/05.
Fulfilling roles of Group MLRO and Data Protection Officer - achieved
through significant transition.
Processing suspicion reports for NCIS - achieved with application times
now at industry best levels.
Recruitment of key staff and, in particular, new Deputy GMLRO.
Delivering Results - Other
IPSB – Key input at beginning of year to design of new project structure.
Successful implementation of new “Sysc” & Group Contagion Risk requirements.
Development of new vision and strategy for “Technical and Policy Services”
ready for full launch post AML transition. Excellent early input to divsions.
Managed S166 Review and key involvement in post S166 recommendations.
Development of clear and detailed 2005 Business Plan following involvement in
Group-wide regulatory risk assessments of operating division business plans.
Design and development of new and much clearer approach to GRR Annual
Oversight Plans. Business Plan presented and accepted by FSA – “The Plan
contains everything we would have expected” – November 26 2004 FSA.
Introduced new Regulatory Communications Policy. Coordinated all
communications with the FSA very successfully including. Managed the Approved
Persons Regime including MAP project. Introduced new and successful training
programme.
Fulfilled all reporting requirements.
Building Capability
Reorganised and re-launched GRR at February conference. New structure. New
Vision. New Strategy.
Outstanding MORI survey results – best in GF&R – even stronger given the level of
change when you would expect them to be worse.
Recruitment of a large number of new staff
Roll out of Project New Horizons to the whole of IID and new GRR – “This is
functional leadership in action” – David Fisher. Plus hugely positive feedback from
throughout IID and the delegates. Developed new programme for 2005 “People
Matters Matter Most”
Set up new centralised Operations Management team freeing up professionals to
focus on technical work. Strong financial management.
Rolled out completely new and effective communications strategy for GRR including
“Town Hall” meetings, regular bulletins etc etc. Set up GRR Advisory Panel.
Reviewed work / life balance with LetsDoLife. Introduced “Smileometer”.
Final message
Highly difficult circumstances on take-over in November 2004
Very high regulatory risk environment
Demoralised department with no real direction
Excellent stakeholder feedback throughout
Strong technical quality of oversight and other work
High work volumes
High impact – little confidence to greatly improved confidence
Significantly improved relationships with FSA
“Our relationships with GRR in particular have been good……We are
quite comfortable to rely on GRR……and that is the real test” Kirstie
Canneparo – 26th November 2004.
