Systemic Operational Risk The UK Payment

The Journal of Operational Risk (79–139) Volume 7/Number 1, Spring 2012
Systemic operational risk: the UK

payment protection insurance scandal
Patrick McConnell
Macquarie University Applied Finance Centre, Level 3, 10 Spring Street,
Sydney, NSW 2000, Australia; email: pjmcconnell@gmail.com
Keith Blacker
5 Rewlands Drive, Winchester, Hampshire, SO22 6PA, UK;
email: blacker.keith@btinternet.com
May 2011 was a very bad month for UK banks. In the previous month, a long-
running legal case was resolved when the UK High Court ruled against the British
Bankers’ Association, which had petitioned for a judicial review of regulatory
action concerning mis-selling of payment protection insurance (PPI) products.
Following the ruling, the four major UK banks announced provisions totaling over
£6 billion to cover restitution to buyers of their PPI products. Some of the banks
also decided to exit the PPI business. At first glance, PPI appears to be a standard
insurance product. For an up-front or monthly premium, an insurer will sell pro-
tection to a borrower against being unable to make loan repayments, as a result
of illness or unemployment, for example. Before the market collapsed, the main
distributors/arrangers of PPI contracts were the largest UK banks, often using
their affiliated insurance subsidiary as the insurer. The underlying problems that
generated the so-called PPI scandal should not have come as a complete surprise
to the banks. For several years prior to the ruling, consumer advocacy groups had
been complaining loudly about banks selling PPI products to customers who did
not fully understand the policies and, in many cases, did not need the protection
provided. Yet, having seemingly taken on a life of its own, the practice of sell-
ing PPI policies continued and grew rapidly in all major banks. Various official
inquiries found that the “people” involved, including frontline bank staff, lending
managers and insurers, simply did not exercise the due diligence necessary to
check the suitability of PPI for many customers. Prudence seems to have been
diluted or even abandoned in a chase for increased product volume across the
whole UK retail banking sector. This paper argues that the losses incurred as a
result of the PPI scandal were, in most part, precipitated by systemic operational
risk, particularly people-related risks. Using examples from official inquiries, this
paper identifies some of the people risk that went unmanaged in this part of the UK
retail banking sector system, until the PPI market seized up in 2011. The paper
then suggests proactive approaches to people risk management that should help
to detect and minimize the impact of similar scandals in the future. This topic is
important as the demographic shift toward longer periods of retirement and the
prevalence of the “universal banking model” means that nontraditional banking
products such as insurance, pensions and investments will be increasingly sold
through banks, raising the specter of further mis-selling scandals in the future.
79
80 P. McConnell and K. Blacker
1 INTRODUCTION
The payment protection insurance (PPI) scandal1 was not a “black swan” event (Taleb
(2007)). The conclusion of the scandal was not sudden or climactic, as over several
years there had been a sense of inevitability that things would not end well for the
United Kingdom’s largest banks, which were the largest “distributors” of PPI products.
The sense of inevitability came from the fact that there had been a similar scandal
not many years previously involving the mis-selling of pensions (see the case study
in Blacker (2001)) that did not end well for the UK financial industry (Financial
Services Authority (FSA) (2002)). The Financial Conduct Authority (FCA), the new
UK business conduct regulator, notes that such problems are not new:
Confidence in the financial services sector as a whole is at a low level. Conduct
issues since 1990 have been a major factor, particularly the significant instances of
widespread mis-selling of financial products [including PPI] to retail consumers.
FCA (2011, p. 5)
Payment protection insurance,2 as the name suggests, is an insurance product that

covers borrowers against being unable to make payments (in this case repayments
of loans) such as mortgages, credit card balances and unsecured loans, often but not
always connected to a specific purchase. While PPI is a moderately complex product,
the terms and conditions have been standardized, to an extent, as the product grew in
popularity. The product was certainly popular with the UK consumer, with estimates
of 20 million policies3 active in 2006 (Office of Fair Trading (OFT) (2006)). Though
sold widely, PPI had been dogged by bad press from the mid-1990s as anecdotal
evidence of selling of PPI to customers who could never claim against their policies
was unearthed by consumer groups and newspapers. Around 2005, the UK finan-
cial services regulator, the FSA, began to focus on PPI and, prompted by consumer
advocates, the OFT began an investigation, which in turn triggered an inquiry by the
Competition Commission that concluded that the PPI market was “uncompetitive”
(Competition Commission (2008a)). It was a short step then to the FSA requiring PPI
distributors, in effect the “vertically integrated” UK banks, to make restitution to any
customers who had been sold inappropriate products. The cost to the UK banking
industry is estimated to be of the order of £8 billion (Reuters (2011)).
1 The term “scandal” as used in the UK press implies a value judgment that is not meant here.
However, other terms such as “disaster” would be an overstatement because human life was not
lost, “crisis” implies an element of surprise that was not present, and “operational loss event” does
not describe the outrage generated by what transpired.
2 PPI was originally known in the industry as accident, sickness and unemployment insurance as it
related to covering these types of risks when a loan was taken out.
3 Note that the total population of the United Kingdom in 2011 is estimated at less than 62 million,
implying that PPI products were widely used by the adult population.
The Journal of Operational Risk Volume 7/Number 1, Spring 2012

Systemic operational risk: the UK PPI scandal 81
Under Basel II rules, the losses experienced by UK banks as a result of the PPI
scandal should be classified as “operational risk loss events” (Basel Committee on
Banking Supervision (BCBS) (2004)). But the losses resulting from the regulatory
decisions on PPI are not merely the result of inadequate processes within the banks
concerned: there is also a systemic dimension to these losses. This paper argues that the
PPI scandal is an example of systemic4 operational risk and, in this case, of systemic
people risk, as the losses were due to bank staff (people) selling inappropriate products
to customers (people) rather than an economic event, such as a recession.
Because of the size of the losses involved, it is important that lessons are learned
from the events that led up to the losses. This paper aims to identify lessons that might
be helpful in preventing similar events occurring in future. As the earlier pension mis-
selling scandal illustrates, it has happened before and can happen again. In a 2003
speech (just before the full impact of the PPI scandal broke in the public domain),
Carol Sergeant,5 former director of regulation at the FSA, presciently warned senior
bankers:
My proposition to you today is that the retail sector poses significant strategic risks to
you, your top management and Boards and, moreover, that these risks are all too often
not explicitly identified, monitored and managed, to the potential detriment not only
of individual consumers but also of market confidence and ultimately shareholder
value.
Sergeant (2003)
The landscape of banking around the world is changing rapidly as governments put
new “regulatory architectures” into place to monitor business conduct by financial
institutions, particularly with respect to consumer protection. Many of these efforts
are aimed at reducing people-related risks, such as conflicts of interest. Moreover,
these new regulations are based on general principles of good business conduct rather
than strict rules of conformance. In essence, this means that operational risk manage-
ment functions must be proactive in ensuring, as new banking products are designed,
developed and marketed across banking networks, that operational risks are properly
identified, managed and monitored throughout the product life cycle.
4 It is recognized that systemic risk generally refers to risks that could impede upon the functioning
of the financial system, which is not the case with the PPI scandal as the impact was confined to
a number of banks/insurers. However, Schwarcz (2008) and IMF (2010) point out that there is no
consensus regarding the term “systemic risk”, with definitions that range from total failure of the
financial system to a “chain of significant losses to financial institutions” (Schwarcz (2008)).
5 It should be noted that Ms. Sergeant left the FSA shortly after giving this speech to join Lloyds TSB,
one of the banks affected by the PPI scandal, as Chief Risk Officer (see http://business.timesonline.
co.uk/tol/business/article1004432.ece).
Forum Paper www.journalofoperationalrisk.com

First, this paper describes the PPI model as it evolved in the United Kingdom
from the mid-1990s. The roles of consumer advocates and competition regulators
in bringing the problems in the PPI market to light are then described. The paper
then describes the concept of operational risk, as defined in the Basel II regulation,
and identifies operational risks, particularly people risk, that were present throughout
the PPI business model. The paper then describes some of the changes proposed
to banking regulation in the United Kingdom and the United States in the wake of a
number of financial crises. Finally, the paper discusses the implications of the systemic
breakdown of responsibility, accountability and ethics across the UK retail banking
system that led to the PPI scandal and proposes mechanisms to help prevent further
such scandals in future.
2 PAYMENT PROTECTION INSURANCE IN THE UNITED KINGDOM

2.1 What is PPI?
PPI is, as the name suggests, an insurance product that
protects a borrower’s ability to maintain loan repayments should they be unable to
keep up their repayments due to accident, sickness or unemployment. [Some policies]
also cover risk to life.
OFT (2006)
PPI is a product aimed squarely at ordinary consumers who are seeking a loan and wish
to cover against being unable to make the necessary repayments. Loans considered
for PPI coverage range from the significant, such as mortgages (called MPPI) and the
large (secured loans such as second mortgage or car loans) to the relatively small (such
as unsecured loans or credit card debt). If selected, the cost of PPI insurance is either
via an up-front charge (a so-called “single premium”) or as a regular payment usually
combined with a monthly mortgage repayment or credit card payment. Coverage of
loan repayments by the insurer in a PPI is not intended to be indefinite and there is
often a maximum payment period (typically six to twelve months) during which it is
expected that the borrower6 will recover if sick/injured or find new employment.
The FSA has noted in many press releases that,
when properly structured, explained and sold, payment protection insurance can
provide worthwhile cover for consumers against unexpected changes in their personal
circumstances. We were therefore pleased to see that sales of regular premium PPI
sold with prime mortgages are generally compliant.
FSA (2005b)
6 From an insurance perspective, the term “purchaser” is often used to refer to the person(s) who
buy protection, but from the credit perspective these are typically called “borrowers”, which is the
term used predominately and interchangeably in this paper.

So if PPI is, per se, a “good” product, why have there been such serious problems? The
key point here is that “when properly structured, explained and sold”, PPI is a useful
product for knowledgeable consumers (FSA (2005b)). The processes of structuring,
explaining and selling are all people-related activities and, hence, that is where the
(bulk of) PPI problems are likely to occur.
2.2 How PPI works
As shown in Figure 1 on the next page, there are four generic participants in the PPI
business model (OFT (2006, p. 16)).
Borrowers: persons requiring credit, such as mortgages, secured or unsecured loans,

and revolving credit, such as credit cards.
Lenders: regulated financial institutions that extend credit to borrowers, and option-
ally will arrange for the purchase of PPI insurance cover from insurers.
Insurers: regulated financial institutions that underwrite the insurance cover, and
resolve claims under a PPI policy.
Brokers: intermediaries, such as mortgage brokers or car dealerships, that provide

introductions for borrowers to lenders and/or insurers for a fee or commission.
Interactions between the participants in the PPI business model are complex. In
the majority of cases, a borrower will interact with a lender and if PPI is “bundled”
in the loan package, the lender will arrange cover directly with an insurer. Alter-
natively, a borrower might approach a broker to help arrange for a loan and/or PPI
insurance cover. In some situations, predominantly related to mortgages, a borrower
may negotiate with an insurer directly.
In UK law, the distributor or arranger of the PPI product is responsible for assessing
its suitability for retail purchasers. This places an onus on the lender/broker being
suitably trained to sell the product the insurer has to offer. Brown (1992) discusses
this in the context of the “vertically integrated” (or Allfinanz) business model asserting
that specialization (ie, product knowledge) at the point of sale will work but it requires
discipline on the part of both partners involved (the insurance company and the bank).
With a broker, however, the relationship will be with a number of different providers
(insurers) requiring a further degree of specialization and discipline in the selling
process and thus increasing operational risks.

FIGURE 1 PPI business model.
Distribution Underwriting and claims
PPI Borrower Lender Insurer

process
Other Broker
parties (credit)
Historically, PPI has had a low average claims ratio,7 around 14% compared,
for example, with 55% for household insurance (Competition Commission (2008b,
p. 132)), making it a very attractive product for insurers and lenders. For most PPI
policies, therefore, there will never be a claim, but if a claim is to be made the bor-
rower will typically interact with the insurer for restitution of the agreed payment
amount(s), but if the claim is refused, the borrower may take up a complaint with the
lender.
It is when a claim is made and then either rejected or delayed that problems with
the original PPI sale will come to the fore. When a borrower has made PPI payments,
he/she may have (albeit unrealistic) expectations that they will be covered if the “worst
was to happen”. It is not difficult to see how problems could arise. For example, it
is sometimes difficult to precisely define “illness”. Obviously, for verifying illness, a
doctor’s opinion would be required, but which doctor, what expertise, what evidence
and for how long? Tricky questions of coverage also arise, such as, for a joint mortgage
where repayments are based on a couple’s income, who is covered: both or one
person? If one, which one?8 These issues, and more, were evident with PPI policies
in the United Kingdom.
7 The claims loss ratio represents the average percentage of the net premium received that is paid
out in claims. Thus, a 14% claims loss ratio means that, for every £100 taken in premiums, £14
is paid in claims, leaving a £86 margin for the insurance company to cover its costs, profit margin
and commission to distributors, which was estimated in 2006 to be £68 (Competition Commission
(2008b, p. 133)).
8 Although the terms and conditions of policies do specify inclusions and exclusions, inquiries found
that key exclusions were often hidden in small print, such as coverage of the “first name” only, and
were not highlighted by sales staff.

The problems that can arise when a claim is rejected should be seen in the context
of a claimant’s situation, which is often very distressing. Typically, the claimant has
suffered a significant setback in life, from illness or unemployment, and is relying
on payments they thought they had covered via their insurance policy. On top of the
setback, they now have to worry about running up even more debt or even being
threatened with losing their homes (Citizens Advice Bureau (CAB) (2005, p. 41)).
This worry can exacerbate an already very trying situation, especially if the claim is a
result of a claimant’s stress or depression. PPI claimants are often vulnerable people
in desperate circumstances, and it is hardly surprising that banks and insurers are
seen in such cases to be “kicking them when they are down”. Banks and insurance
companies are not charitable organizations, but are running serious reputational risks
if they are perceived to be too uncaring or heavy-handed, especially to sick customers
who have paid for a service they did not receive.
Rejection of a claim can be devastating, as can delays in making a decision about
whether or not to pay a claim. Most PPI policies have an “initial waiting period”
before a claim can begin to be paid out. This makes sound economic sense since,
for example, newly unemployed workers are normally paid for a “notice” period and
firms often pay a period of “sick leave”, if backed by medical documentation. If, at the
end of the waiting period, the insurer were to delay payment of a claim, for perfectly
sound reasons such as checking for unemployment or confirming illness, claimants
will be forced to make loan repayments from savings, if they have any. The longer the
delay (whether justified or not), the more some claimants may spiral into debt. If the
situation persists for any length of time, the lender, who sold the original policy, may
start recovery proceedings even though the insurer (often part of the same banking
group) is in the process of settling the claim (CAB (2005, p. 41)).
Finally, it should be noted that just because a claim is never made, it cannot be
assumed that the purchaser has had value for money. In some cases, the insurance
may have been unnecessary (for example, coverage for an employee whose wages are
covered for sickness by their employer for a period longer than that provided by the PPI
cover). This aspect of assessing value for money is, along with others, important from
a regulatory point of view and has been embodied in the FSA’s Treating Customers
Fairly (TCF) principles (FSA (2001, 2006b)). These principles serve to illustrate that
a product may be mis-sold regardless of whether a claim is made!
2.3 The UK PPI market

Perhaps the most comprehensive source of information on the PPI market in the
United Kingdom is the snapshot of financial year 2006 collected by the Competi-
tion Commission in its preliminary report (Competition Commission (2008a)). The

Commission collected detailed information on the four major types of PPI policy,9
which together account for over 90% of the UK market (Competition Commission
(2008a, pp. 31–32, 35)).
PLPPI: personal loan PPI, based on unsecured fixed-term loans, which are most
often charged as a “single premium” that is added to the loan amount, thereby also
incurring interest.
CCPPI: credit card PPI, based on revolving credit card balances, normally charged
as a percentage of the outstanding balance on a monthly basis.10
MPPI: mortgage PPI, based on a “first charge” mortgage, normally charged as a
monthly premium.
SMPPI: second mortgage PPI, also called a secured loan, predominantly paid by a
single premium (approximately 66%), with the remainder on a monthly premium.
Table 1 on the facing page shows some key statistics for the PPI market and the gross
written premiums (GWPs)11 for PPI products for 2006.
Other types of payment protection insurance not covered by PPI products include
short-term income protection,12 which will pay a fixed amount for a period in the event
of illness or unemployment, but, unlike PPI, this is typically sold as a “standalone”
product, not linked to a related credit application (Competition Commission (2008a,
p. 79)).
As Table 1 on the facing page illustrates, the underwriting of PPI policies is domi-
nated by the insurance subsidiaries of the five largest UK banks (OFT (2007, Annex A,
p. xvi)). PPI policies related to loans are predominantly sold through three distribu-
tion channels: face-to-face contact in branches of banks, over the telephone and over
the Internet (Competition Commission (2008a, p. 6)). Over half of all policies are
sold through face-to-face contact with a “sales adviser”. Legally, sales are conducted
on either a nonadvised basis or an advised basis “where a personalized recommen-
dation is provided as to the suitability of the product for a customer” (Competition
Commission (2008a, p. 6)). Obviously, the behavior of the salespeople involved in
advised/nonadvised sales must differ regarding whether or not they are perceived to
make recommendations.
9 Note that there is no standard terminology across the industry on PPI product types.
10 Large stores also provided a type of credit card, the so-called “store card” that was the subject of
separate analyses by fair trading regulators and not covered here.
11 Note that, in the United Kingdom, an insurance premium tax of (currently) 6% is deducted from
the GWPs before any charges are levied. Insurance premium tax is a revenue-raising mechanism
introduced by the UK government in 1994.
12 Income protection, as its name suggests, is aimed at preserving a person’s monthly income and
is often used by self-employed people who do not get paid if they are not working for any reason.

TABLE 1 Selected PPI statistics for 2006 (Competition Commission (2008a) and OFT
(2007)).
Estimated number of customers covered by PPI in 2006 15.5 million

Estimated number of PPI policies written in 2006 1.8 million
Estimated GWPs per annum for PPI £4.4 billion
Of which
PLPPI £2.0 billion 45%
CCPPI £1.0 billion 22%
MPPI £0.6 billion 14%
SMPPI £0.5 billion 11%
Other £0.3 billion 8%
Estimated number of MPPI policies provided by brokers £0.2 billion 32%
Estimated GWP per annum by underwriter

Insurance subsidiaries of top five banks £2.9 billion 66%
Largest independent insurer (Norwich Union) £0.8 billion 19%
Other insurers £0.7 billion 15%
Estimated allocation of GWP

To distribution £3.0 billion 68%
To underwriting £0.8 billion 18%
To claims £0.8 billion 14%
Average profitability after costs 2003–6 £2.6 billion 59%

as a percentage of GWP
Weighted average revenue for a single-premium PLPPI £690

Range of revenue £388–999
Range of cost to distributor £20–60
The value of a particular PPI premium would depend on the type and size of
coverage required, but, as Table 1 shows, an approximate profitability of over 90%
(Competition Commission (2008b, pp. 15–18)). This is a large profit margin, which
explains why growing volume while managing costs (albeit at the expense of due
diligence) was the predominant business model in this business sector (Competition
Commission (2008a)).
Table 1 shows that PPI was evidently not a boutique business but a solid production
line, with new policies running at some 1.8 million per year. However, sales volume
is not a good indicator of growth of the market for PPI, since, for example, PPIs
connected with personal or unsecured loan PPIs are typically short term (often less
than twelve months), whereas credit card PPI will typically stay in force as long as
the card is active, ie, the number of policies will grow as new cards are issued.

2.4 Influence of the UK government

To paraphrase the proverb, the road to large losses is paved with good intentions. As
was the case in the US in the lead-up to the global financial crisis (GFC) (McConnell
and Blacker (2011)), UK politicians of all political persuasions promoted increased
homeownership as a key objective (Croucher et al (2003)). But increased home own-
ership only makes sense if borrowers can continue to repay their mortgages, through
economic cycles and life events, such as illness.13
In 1999, the UK government, in conjunction with the Council of Mortgage Lenders
(CML) and theAssociation of British Insurers (ABI), launched the “Sustainable Home
Ownership Project”, which aimed to increase the sale of mortgage protection for
homeowners (CML (2006)). As part of this initiative, the CML and ABI developed a
“baseline … which sets a minimum standard of cover that MPPI policies must pos-
sess” (CML (2006)). Over the next four years, the “penetration rate”14 of MPPI in
the market for new mortgages increased from around 25% to 35%15 (CML (2006)).
Whilst MPPI is only a part of the PPI market, the Sustainable Home Ownership
Project had significant backing from what was then the Department of the Environ-
ment, Transport and the Regions and the Department of Social Security. This level of
influence was bound to have an effect on the market and potentially increase the risk of
something going wrong unless the resulting rapid growth was adequately controlled
both at the firm and industry level.
In a July 2004 report PriceWaterhouseCoopers (2004, p. 29) reported how, over a
period of ten years, UK household debt (both secured and unsecured) had risen to
historically high levels as consumers borrowed to raise spending levels relative to
incomes. This increase was driven in the main by access to so-called easy credit at a
time of low interest rates, thus giving rise to a series of boom years with very little
discussion about the consequences if things were to go wrong. But as Hancock and
Zahawi (2011) noted, “the economic culture was ultimately dictated by the Treasury,
and it was the Treasury which allowed debt to lose its traditional taint of social
unacceptability”. In other words, unconstrained debt, and with it PPI on the loans
taken out, was seen as an easy, and some would say irresponsible, way to bolster
economic consumption and improve the general living standards of the population.
The traditional British value of thrift was being undermined, whether deliberately or
intentionally, by government policy.
13 In the UK social security system, the government may have to pay some or all of a mortgage
payment to maintain claimants in their home, a potentially huge cost.
14 The penetration rate is the rate at which PPI is added to new credits at, or near, the “point of sale”.
15 For reasons that are not well understood, penetration rates declined from around 2005. The decline
could be due to the adverse publicity in the market as other PPI markets also declined around the
same period.

The extent to which government policy played a part in the development of the
PPI scandal shows similarities to the GFC, where US government housing policy was
seen as an essential element of the crisis (McConnell and Blacker (2011, p. 18)). In
both cases, it was not so much that the policy was wrong, but more the way that the
policy was implemented and controlled that enabled the crises to develop.
3 THE EVOLUTION OF THE PAYMENT PROTECTION INSURANCE

SCANDAL
There are many lenses through which the PPI scandal can be viewed: from the perspec-
tive of the consumer and society (CAB (2005) and OFT (2007)), from the perspective
of financial regulation (FSA (2005a, 2006a, 2007)), from the perspective of market
operation (Competition Commission (2008a)), and so on. Another perspective, rec-
ommended by Turner (1976), is to view any “disaster”, over time as it develops, as
Turner argues:
Disasters, other than those arising from natural forces, are not created overnight. It is
rare that an individual, by virtue of a single error, can create a disastrous outcome in an
area believed to be relatively secure. To achieve such a transformation he or she needs
the unwitting assistance offered by access to the resources … of large organizations,
and time.
Turner (1976) also suggests that the best sources for such analyses are official
inquiries, which provide a level of objectivity, albeit with the benefit of hindsight,
that participants and commentators closer to the action might lack. This section con-
siders the PPI scandal as it evolved in the fifteen years from the mid-1990s, using
reports produced by official or semi-official inquiries.
3.1 Which?
Originally known as the Consumers’Association, Which? is a not-for-profit organiza-
tion, with over 650 000 members, whose primary activity is performing independent
testing of household products, such as washing machines. But Which? is also an
organization that campaigns16 on behalf of its members on a wide range of consumer
issues, such as energy bills and personal finance.
Which? has, and continues to, run a successful grass-roots campaign around the
mis-selling of banking products (Which? (2011)) and has been credited with raising
initial concerns about PPI products in 1998 – a subject that was taken up, in response to
numerous complaints, by others, including campaigning newspapers (Evans (2011)).
16 For further information on various campaigns, see www.which.co.uk.

3.2 The Citizens Advice Bureau

Grumbling about the inequities of PPI continued at a relatively low level from the
mid-1990s until a report, provocatively titled “Protection Racket”, was published
by the CAB (2005). Citizens Advice is a network of over 400 independent Citizens
Advice Bureaux, each a registered charity, spread across the United Kingdom, oper-
ated mainly by volunteers and funded not only by charitable donations but mainly
(more than 85%) by government grants (CAB (2009)). CAB advice is available to
anyone without charge and aims to help “people resolve their problems with debt,
benefits, employment, housing, discrimination, and many more issues”.
The “Protection Racket” report collated evidence of problems with PPI reported
by disgruntled borrowers from around the United Kingdom and concluded that
the range of this evidence suggests widespread failures of consumer protection in
both the PPI selling process itself and in the wider regulation of PPI sales.
CAB (2005)
The study identified a number of common problems (CAB (2005)).
Inappropriate product: borrowers were sold PPI insurance which was not appropriate
to their circumstances and often not needed by them.17
Insufficient documentation: borrowers were provided complex documentation, often

late in the lending process, without time to obtain independent advice, and there
was some evidence of “pressure selling”.
Exclusions: borrowers sometimes found that when they made a claim they were
excluded from a payment by “small print” in the documentation, such as “age
exclusions”.
Inappropriate bundling: in most cases, borrowers were interested in obtaining a loan,

and PPI was added as an afterthought into the bundle, in such a manner that it was
difficult to understand the various costs involved.
Excessive cost: borrowers were being charged excessive premiums for the cover that
they received, and products were “poor value for money”.
Delayed claims: when making a claim under a PPI, borrowers often found that, when
they most needed the insurance to pay bills, insurers would delay payment.
17 For example, Croucher et al (2003, p. xi) estimated that between 40% and 50% of mortgagors
would benefit little from MPPI, as they would have sufficient savings or other household income to
cover mortgage payments.

One of the many examples of pressure selling and excessive premiums unearthed by
the study was the case of a man who
sought advice … after he took out a loan to consolidate credit card debts and an
overdraft. The client was persuaded to take out optional payment protection because
he was told that otherwise the loan would not have been approved. The original
loan was £14 575. With interest of £10 660, and the payment protection insurance
premium of £7 700, the client ended up owing over £32 000.
CAB (2005, p. 26)
The CAB study concluded that

PPI premiums are [estimated to be] about three times the cost of providing cover.
This implies that borrowers could be overcharged by as much as £3 billion per year
for PPI cover.
CAB (2005, p. 2)
The report also suggested reasons why PPI problems had been allowed to grow:
Because of the way that PPI straddles the jurisdiction of several regulatory regimes
covering insurance, consumer credit and competition issues respectively, no single
regulator has their eye on the whole ball.
CAB (2005, p. 42)
In hindsight, the “Protection Racket” report was the catalyst that prompted consumer
and financial regulators to focus on what had, to this point, been anecdotal evidence
of problems in the PPI market.
3.3 The Financial Services Authority

The year 2005 was an inflexion point of the trajectory of the PPI scandal. In Jan-
uary 2005, the FSA assumed responsibility for the supervision of “general insurance”,
which includes products such as PPI. In assuming this responsibility, the UK Treasury
Subcommittee of the UK Parliament recommended that
once the transfer of responsibilities for insurance regulation to the FSA has been com-
pleted the FSA should begin an investigation into the selling of payment protection
insurance.
UK Treasury Subcommittee (2005)
As one of its first actions, the FSA instituted a “thematic review” of the PPI market,
which resulted in a report that was published in November 2005 (FSA (2005a)).
The thematic review involved formal regulatory visits to a small but representative
sample of PPI distributors and a separate “mystery shopping” exercise conducted by
an independent market research firm.
The findings of this first thematic work were in line with the CAB report, although
the focus was on how well firms were complying with FSA rules rather than whether
the PPI product or processes were flawed. The findings of the “mystery shopping”

exercises were in line with regulatory visits, but not surprisingly (given the absence of
warnings about the shoppers’ visits) appeared to find a higher incidence of breaches.
The issues found were clearly “systemic” as the FSA “found the same issues in
most firms in the sample” (FSA (2005a, p. 2)). The FSA review made the following
discoveries (FSA (2005a)).
PPI is a “relatively complex” product that is often sold, as a secondary purchase,

to “vulnerable18 customers”.
The practices of the majority of firms in the sample posed a “high overall risk”
to the FSA’s consumer protection objectives.
There was a high risk of “inappropriate sales”. Over half of the firms were
found to fail to take reasonable steps to avoid this. In particular, there were
“inadequate controls in place for nonadvised sales”.
“Advice on PPI was often likely to be of poor quality.”
“The level and structure of inducements and targets for sales staff could encour-
age mis-selling in some small and medium-sized firms.”
Firms relied on product documents at the “expense of explaining the policy to

the customer orally”.
The “majority of firms selling single-premium policies did not give the customer
sufficient information on the lack of refunds”.
“Competence of sales staff was not sufficient in many cases.”
“Monitoring was of variable quality and was very poor in some cases.”
On the other hand, the FSA review found no evidence of high-pressure sales techniques
to induce customers to purchase PPI.
It should be noted that, although the FSA review did conclude that “fair selling
practices are made all the more difficult because of the way in which PPI contracts
are designed” (FSA (2005a, p. 4)), these are all people-related issues. The review
also pointed out that regulatory compliance monitoring was made difficult due to the
lack of appropriate management information systems to support monitoring of sales
performance and quality (FSA (2005a, p. 27)).
18 Though not a measure of “vulnerability”, per se, the Competition Commission found that “PPI
consumers are more likely to earn less than the national average income or come from socio-
economic groups C and D” (Competition Commission (2008a, p. 7)).

Following the 2005 review, the FSA continued its thematic work, producing updates
in 2006 and 2007. The first follow-up work, which consisted of regulatory visits to
forty firms, found that although firms had taken steps to improve their PPI sales
standards in line with advice and guidance published by the FSA, there remained
three “key areas of widespread concern” (FSA (2006a, p. 2)):
“many firms are still not giving customers clear information during the sales
conversation”, particularly relating to the information that PPI is optional;
“customers are still not being made fully aware that there may be parts of the
policy under which they cannot claim”;
“where customers are sold single-premium policies, this is not always done
with the best interests of the customer in mind”.
The 2006 review also identified several areas of good practice that it wished firms to
adopt, including improved training, better written disclosure material and improved
management information systems (FSA (2006a, p. 4)).
In 2006 the FSA also published an update on the industry’s progress toward imple-
menting its TCF initiative (FSA (2006b)),19 which showed “mixed progress” toward
achieving the “six outcomes” of the TCF initiative in particular (FSA (2006b, p. 2)):
An example of where there is still some way to go is in quality of advice, where firms
need to improve the way they give financial advice to retail customers in order to
reduce the risk of mis-selling.
In their survey of the industry, from a TCF perspective, the FSA found that, although
they
found many examples of good TCF practice … there remain an unacceptable number
of firms that fail to take the steps necessary to reduce the risk of mis-selling, both in
terms of the detailed rules and the wider principles.
FSA (2006b, p. 30)
In particular,
Almost all of the firms held themselves out as offering a full advice service, but only
a third actually undertook a full review of clients’ needs and objectives. Very few
gave consideration to debt repayment.
FSA (2006b, p. 30)
In 2007, the FSA conducted a third thematic review of PPI using a larger number
of regulatory visits and mystery shopping exercises (FSA (2007)). The findings of
the review showed that the FSA was clearly exasperated that, despite much official
19 Note that the TCF initiative had been discussed with the industry since 2001 (FSA (2001)).

prompting and several well-publicized examples of firms being fined for breaching
rules (FSA (2007, p. 14)), compliance with acceptable practice remained patchy. Some
key areas were found to have improved in the interim, most importantly the fact that
PPI was optional was being properly communicated. However, the review concluded
that “some firms’ sales processes still fall short of expectations”, in particular that
one-third of firms could not demonstrate that sales staff had (FSA (2007, p. 5))
“properly established whether customers were eligible to claim under the dif-
ferent elements of the policy”,
“properly determined whether the particular PPI policy was suitable”,
“properly explained the significant exclusions and limitations of the policy to

customers”,
“given customers sufficient information when selling single-premium policies

or single-premium refund terms”.
The review found that over two thirds of firms could not demonstrate that they had
“taken sufficient steps to ensure their sales processes meet the required standards”
(FSA (2007)) and that inadequate systems and controls continued to be a problem for
over one-third of firms.
From reading the thematic reviews conducted over three years by the FSA, it
is apparent that improving the market at that point would be a multiyear project.
However, the PPI landscape was about to be changed by inquiries undertaken by
other regulatory bodies.
3.4 The Office of Fair Trading

The OFT is a “nonministerial” (ie, semi-independent) department of the UK gov-
ernment and the regulator for consumer protection and competition. Following the
publication of its Protection Racket report, the CAB presented a “super complaint”20
on PPI to the OFT, which it agreed to investigate. In a reported published in early
2007, the OFT found that there was
evidence of features of the market that it suspects are preventing, restricting or dis-
torting competition and thereby harming consumers.
OFT (2007, p. 1)
20 In UK law, certain bodies, such as the CAB, are “designated consumer bodies” that have the right
to request that the OFT investigate market practices that may be harmful to consumers (OFT (2006,
p. 6)).

In a regulatory version of “pass the parcel”, the OFT then referred the issue onto the
Competition Commission for an “investigation into all payment protection insurance
(PPI) services except store card(s)” to retail customers in the United Kingdom (OFT
(2007)). Before doing so, however, the OFT fulfilled its regulatory role by conduct-
ing a very valuable in-depth study of the UK PPI market from several perspectives:
separate business and consumer surveys, economic analysis of the market, consumer
behavioral studies and “mystery shopper” surveys to experience actual market prac-
tices (OFT (2007)).
The OFT study found that there was an identifiable “market” in PPI products but
that market had “structural features” that were harmful to consumers. Its findings
include (OFT (2007, p. 2))
that PPI was a “secondary”, bought almost always as a result of taking out the
primary credit, ie, PPI was almost always tied to the original loan;
that there was “little competitive pressure” at the point of sale and there was
little product information prior to point of sale;
that the complex nature of PPI made comparison of policies difficult and eval-
uation of the cover provided for cost was not transparent;
that the market was “vertically integrated” with 60% of providers, undertaking
both distribution and underwriting within the same group;
that the market had high barriers to entry because of the strength of entrenched
players; and
that because claims on PPI were low compared with other insurance products,
commissions to distributors tended to be higher than for other products.
In other words, sellers had distinct advantages in negotiations with purchasers, who
tended to view PPI as a secondary purchase anyway. So what is to prevent sellers
from abusing such a position, particularly as the business was profitable, with little
perceived risk to the seller? Regulation to check such abuses includes official guidance
from the UK financial services regulator (the FSA) and voluntary self-regulation, such
as the Banking Code.21
It should be noted that the OFT conclusions did not go uncontested. Looking
specifically at MPPI, the CML argued strongly that MPPI should be excluded from
the OFT’s referral to the Competition Commission because there was a “voluntary
21 Note that the Banking Code (of Conduct) was replaced in 2009 by the “Lending Code” now
administered by the Lending Standards Board and sponsored by, among others, the British Bankers’
Association.

baseline” of minimum standards of protection in the industry and that the product
had a better claims resolution ratio than other products (CML (2006)). Nonetheless,
the OFT referral, including MPPI, went forward to the Competition Commission
unchanged.
In addition to its commentary on structural market problems, the OFT report con-
sidered some of the practices that were raised by the CAB and found confirming
evidence that codes of conduct were not being strictly adhered to (OFT (2007, p. 3)):
borrowers were told, or given the impression, that granting of credit would be
eased by purchase of PPI;
lack of up-front information made it difficult for borrowers to determine whether

they were getting a good deal;
point-of-sale negotiations centered on the Annual Percentage Rate (APR) of

the credit being sought, without factoring in the impact of the PPI, which could
(dramatically) affect the effective APR.
The Competition Commission gave an example of just how much a PPI policy could
change the effective APR:
For most PLPPI policies we looked at, the cost of PLPPI over the term of the loan was
greater than the interest payable on the loan. We calculated from Which?’s data that
the average APR quoted for loans on its list was 7.8 per cent. If the APR calculation
had included the price of PPI, the average APR would have been 18.8 per cent.
Competition Commission (2008a, p. 6)
Borrowers, of course, were not completely blameless. The OFT found that consumers
did not shop around for PPI insurance, perhaps because their primary interest was in
obtaining a loan, and did not pay sufficient attention to, or have a good understanding
of, the documentation that they signed (OFT (2007, p. 4)).
Interestingly, the OFT report includes an academic analysis of consumer behavior in
purchasing PPI (OFT (2007, Annex C)). As part of the overall OFT study, Professor
Rob Raynard, an academic psychologist at the University of Bolton, analyzed the
results of a consumer survey from the perspective of the psychology of purchasing
decisions. He made the following conclusions (OFT (2007, Annex C, p. 3)).
Borrowers often did not make their decision on the “basis of comparisons” but
considered the product as part of a “package”.
Because of complexity, borrowers often simplified the decision to purchase

(or not) based on often biased “heuristics” around the probability of negative
outcomes.

Although cost was a major concern for borrowers, more than half did not know
the amount that they paid on a monthly basis.
Borrowers did not always make the decision to purchase PPI based on purely
economic consideration but because it “gives them peace of mind”.
These findings align with the theories of behavioral finance as developed by, among
others, Kahneman and Tversky (1979) and the theory of “bounded rationality” pro-
posed by Simon (1990). The implications for risk management in financial institutions
of considering behavioral factors in addition to traditional economic perspectives is
expanded later.
3.5 The Competition Commission

The remit of the UK Competition Commission is very wide, covering not only finan-
cial services but also topics as diverse as mergers in the food industry and the operation
of local bus services. On its website, the Commission describes itself as an
independent public body which conducts in-depth inquiries into mergers, markets
and the regulation of the major regulated industries, ensuring healthy competition
between companies in the United Kingdom for the benefit of companies, customers
and the economy.
Inquiries by the Commission are usually undertaken as a result of a reference by

another statutory body, as in the case of the PPI inquiry, which was referred to the
Commission by the OFT in February 2007. Over the next eighteen months, the Com-
mission held meetings with interested parties and initiated detailed market investiga-
tions including market research surveys. During 2008, the Commission conducted a
series of economic analyses of the PPI market published as a series of working papers
on its website.
Analyzing the profitability of the PPI market from 2003 to 2006, the Commission
found that, in 2006, profits totaled some £2.6 billion, a figure that had been stable
over several years (Competition Commission (2008b, p. 14)). The analysis concluded
that,
viewed as an add-on product, PPI distribution is highly profitable. Distributors earn

a high proportion of the total income from PPI premiums and in comparison the
additional costs incurred in selling PPI are low.… The distribution of PPI is a low-
risk activity for the distributor and consequently the additional capital required to
support the PPI distribution business is relatively low.
Competition Commission (2008b, p. 3)

Interestingly, the Commission also looked at the profitability of the underlying, ie,
primary, loan product and found that
the personal loans business has suffered from declining profits in recent years to the
point where in 2006 it appears to have been loss making before taking into account
income from PPI. With PPI included, the sector appeared to have been marginally
profitable.
Competition Commission (2008b, p. 4)
Although the Commission found that the credit card and mortgage businesses were still
profitable without PPI, this points up the fact that PPI had become a significant source
of income and profit for lenders and hence provided an incentive to increase volume,
potentially at the expense of due diligence. The high levels of profitability generated
by the PPI products does lead to the question as to whether a lower premium level
(implying lower profitability for the seller but better value for money for the consumer)
would have caused the same level of complaints. Seller’s greed may, therefore, have
been the root cause of this matter escalating.
Breaking out the underwriting component of PPI premiums, some 32% of GWP,
the Commission found that the capital allocated to PPI adequately reflected the risks
being taken by insurers, producing a reasonable return on capital in the 10–20% range
(Competition Commission (2008a, p. 4)). They considered that no further investiga-
tion was needed in this area, implying that problems, if they did exist, would be
present in the distribution rather than underwriting process.
Interestingly, the Commission reported that, when asked to break out profitability
between PPI and the primary loan component, distributors claimed that
it was not meaningful to assess the financial performance of PPI as an add-on product,
as it was fundamentally and inextricably linked with the sale of the underlying credit
product and there was no meaningful way of allocating the costs between them.
This is important in this context because it implies that firms did not have the man-
agement systems to assess different components of PPI profitability, which further
implies that sales incentives were based on a bundled, as opposed to an individual
product, basis, ie, sales staff viewed the loan and PPI as a single sales opportunity.
Firms just did not consider PPI as “a separate business” (Competition Commission
(2008b, p. 17)).
In July 2008, the Commission produced a report of its provisional findings, con-
cluding that PPI distributors
face little competition for the sale of payment protection insurance (PPI) when it is
sold in combination with the credit it insures. As a result of this lack of competition,
it is highly profitable to distribute PPI.

As further evidence of a lack of competition in the market, the commission found that,
although prices did vary between PPI providers, there was “little [competitive] price
movement over time” and contrary to what would be expected in a truly competitive
market, there were “very few examples of price decreases” (Competition Commission
(2008a, p. 7)).22 The Competition Commission report was critical in elevating the PPI
issue to the industry regulator, the FSA.
Industry reaction to the report was given by the ABI, which acknowledged the
problem but warned against making changes that could leave customers unprotected:
The ABI supports any measures that help people make an informed choice – for
example, the remedies for clearer, more timely information about the cost of PPI and
the product features. However, the ABI believes that the point of sale ban carries
significant risks for borrowers, mainly by leaving them unprotected at a time when
unemployment cover has never been needed more.… Figures released only yesterday
by the ABI show that in November 2008 there were 19 105 new unemployment claims
on PPI policies. That is an increase of 118% from 8772 in November the previous
year. This massive leap in claims shows that PPI is helping many people through a
difficult financial period.
ABI (2009)
3.6 The Financial Ombudsman Service

The Financial Ombudsman Service (FOS) is a statutory body created by the UK
Parliament in the Financial Services and Markets Act 2000 with the mission23 of
helping to “settle individual disputes between consumers and businesses providing
financial services – fairly, reasonably, quickly and informally”.
The FOS is not a financial market regulator but an independent legal service that is
free to complainants, and is funded by fees and levies on the financial industry. The
FOS “ombudsmen” and “adjudicators”, all experienced legal, banking or insurance
specialists, do not consider systemic issues but adjudicate in individual claims via
detailed forensic analysis of the evidence provided by claimants and the financial
firms that are the subjects of complaints.
The work of the FOS can be illustrated by its own example of the case of Mr. A24
in which an eight-page “final decision” found in favor of the complainant requiring
that the firm involved should reimburse a portion of an upfront single premium for a
loan that was settled early:
22 The Commission did find, however, that terms and conditions such as exclusions were relaxed
over time.
23 From the FOS website “Aims and Values” (www.financial-ombudsman.org.uk/about/aims.htm).
24 Note that the identities of complainants and firms are not disclosed by the FOS.

Mr. A’s case is fairly typical of reported PPI problems. After some shopping around,
Mr. A was offered an unsecured loan by the firm of £6000 to be repaid in four years.
The firm “recommended” that Mr. A also purchase a single-premium PPI policy
costing £972.86, which was added to the loan and hence incurred interest. After two
years, Mr. A repaid the loan in full but received only £171.45 in a refund for the PPI,
even though only half the policy term had expired.
FOS (2008a)
Having “recommended” the PPI policy, as part of the loan sale, the firm therefore
had a duty “to take all reasonable steps to ensure that recommendation was suitable”
(FOS (2008a)). The case then became one of whether the specific policy offered was
“suitable”, which ultimately came down to a “he said, she said” difference of opinion,
as not all conversations were recorded. Both the ombudsman and the adjudicator who
had handled the initial negotiations between the complainant and the firm concluded
that the firm was acting as a “professional insurance adviser”, and hence it had the
duty to ensure that the product was suitable, regardless of whether or not Mr. A had
understood the implications of the policy. The ombudsman concluded that “the firm
did not take reasonable care to ensure the suitability of its advice to Mr. A and … did
not pay due regard to the information needs of its customer” and that therefore Mr. A
should receive fair compensation (FOS (2008a)).
Given the amount of legal analysis needed to arrive at the decision in the case of Mr.
A, the sum involved in this claim, some £300 plus interest, was small, even trivial. In
publishing and emphasizing this case, however, the FOS was in effect setting standards
(or case law), with regard to the level of evidence that is sufficient to decide similar
cases. The FOS published their findings in several other cases which appeared to set
standards for similar decisions. The need for clearly setting out principles to guide
other adjudications was prompted by the caseload reported by the FOS in mid-2011,
when there was a backlog of over 100 000 complaints and growing (FOS (2011)).
At this point one might ask, given the “David and Goliath” disparity in resources
between a typical complainant and a major retail bank, why anyone would under-
take a protracted legal action for such a seemingly paltry return. The answer illus-
trates a new phenomenon: the emergence of specialist “claims management” com-
panies that pursue a case for a claimant on a no-win, no-fee basis (see, for exam-
ple, www.nofeeppirefunds.co.uk). The FOS notes that, in the 2010 financial year,
some “76% of the 104 597 new PPI cases” they received were entered by profes-
sional claims management companies (FOS (2011)). It is not the purpose of this
paper to judge the ethics of “ambulance chasing” other than to note that the phe-
nomenon somewhat redresses the balance of power in the bank–customer relation-
ship, which has implications for sales and claims operations and associated operational
risks.

The rise of specialist claims management companies raises serious issues of repu-
tational risk for financial institutions in that, by aggregating and publishing details of
operational error, whether settled or not, pressure will be brought to bear on financial
institutions to settle claims sooner rather than later. With a disputation infrastructure
already in place and the possibility of good returns for their efforts, claims manage-
ment firms are just waiting for the “next big thing” (FOS (2011)).
In July 2008, the FOS sent a letter to the FSA as part of its “wider implications
process” pointing out that “consumer complaints were not the appropriate way to deal
with such a problem” and that further regulation was needed. In considering the rapid
rise in complaints, Merricks (2008) also argued that “malpractice and detriment have
clearly not been confined to those particular firms [that had already been fined]. So
we could see a widespread systemic problem”.
3.7 FSA action: single-premium PPI payments

Following the somewhat disappointing results of its thematic review in 2007 and later
publication of similar findings by the OFT (2007) and the Competition Commission
(2008a) followed by the ombudsman’s referral, the FSA was prompted/stung into
action. In September 2008, the FSA announced that it was escalating its regulatory
intervention and, in a thinly veiled warning, advised bank management that
firms may wish to consider stopping selling single-premium PPI sold alongside unse-
cured personal loans, given the continuing problems in the sales of this product.
FSA (2008a)
Only a few months later the FSA went even further, announcing25 that it had
written to all firms still selling single-premium Payment Protection Insurance with
unsecured personal loans (SP PPI UPL) asking them to withdraw the product as soon
as possible, and by no later than 29 May.
FSA (2009)
In addition to its proscription of single-premium PPI policies, the FSA became increas-
ingly active in prosecuting firms for general transgression of PPI rules such as fining
one of the medium-sized UK banks, Alliance & Leicester, £7 million for failing to
inform customers of the full cost of PPI (FSA (2008b)).
Cognizant of the growing backlog of unresolved PPI complaints clogging up the
FOS, after industry consultation the FSA issued a new policy statement on assessing
25 It should be noted that, by the time of this “CEO letter”, a number of the major PPI distributors
had already announced that they were planning to move from single payment to regular monthly
payments for this product (FSA (2009)).

and redressing PPI complaints (FSA (2010a)). The industry’s reaction to the new
FSA rules was strong, arguing that the FSA had overreacted and contending that the
FSA had not made out a case that there were “widespread PPI problems” nor was
there a proven link between PPI selling practices and the number of complaints. Nor,
they argued, was there adequate evidence of complaint handling problems (British
Bankers’ Association (BBA) (2011)).
3.8 The PPI judicial review

To state that the UK banking industry was incensed by the new FSA rules on PPI
claims would be an understatement, but it must be remembered that, in the wake of
the bailout of three leading banks by taxpayers after the GFC, the banks’ position was
weak. Nonetheless, in January 2011, the BBA, the trade association for the major
lending banks, requested a judicial review in the High Court of the FSA’s policy
statement (BBA (2011)).
The BBA argued that the judicial review was not about PPI complaints handling
per se, as the UK banking industry had “to date implemented every reform on PPI sales
and complaints handling required by the regulators” (BBA (2011)). The industry’s
contention was that the rules were retrospective and unlawful, “effectively creating a
precedent which permits it to apply new rules to previous sales”. In this the BBA had
a good case on the surface, as one of the key requirements of the new FSA rules was
that firms are required to take action as a consequence of their “neglect of root cause
analysis and fairness obligations toward noncomplainants” (FSA (2010a, p. 4)). In
effect, the FSA was stating that banks have a fiduciary duty of care whether or not
regulators have made specific rulings on a particular activity.
In April 2011, Mr. Justice Ouseley handed down his decision on the matter and
it was unequivocal, dismissing all of the BBA’s arguments, and finding for the FSA
and the FOS (Ouseley (2011)). Using strong wording, the judge rejected the BBA’s
contention that the FSA could not retrospectively apply new rules to previous sales,
stating very clearly that general principles, as set out by regulators, take precedent
over specific rules:
The Principles are the overarching framework for regulation, for good reason. The
FSA has clearly not promulgated, and has chosen not to promulgate, a detailed all-
embracing comprehensive code of regulations to be interpreted as covering all possi-
ble circumstances. The industry had not wanted such a code either.… The Principles
are best understood as the ever-present substrata to which the specific rules are added.
The Principles always have to be complied with. The specific rules do not supplant
them and cannot be used to contradict them. They are but specific applications of
them to the particular requirements they cover.
Ouseley (2011)

The implications of the judge’s finding are quite far-reaching in that they imply that
banks must design and sell products that are compliant with general principles of
ethical behavior, ie, bankers must do the right thing whether told to or not!
The judge’s statements were so clear and unequivocal that the BBA announced
in May 2011 that it would not appeal against the High Court ruling. Following this
statement, the FSA urged banks to speed up the process of resolving PPI claims and
the major UK banks announced that they had set aside substantial provisions26 to
cover costs related to the mis-selling of PPI policies (Reuters (2011)).
As far back as 1976, Turner argued that “disasters” (in this case “scandals”) do not
happen overnight but are the result of organizational failures over a long period of
time. Turner (1976) argues that disasters build up gradually over time and that the
signs should be apparent to management, but instead go unnoticed or ignored because
of “cultural rigidity” that manifests itself in erroneous assumptions and reluctance to
face unpalatable outcomes.
In terms of Turner’s model of the six stages of the development of disasters, the
industry could, after accepting the inevitable, now move onto the final stage of “full
cultural adjustment” (Turner (1976)). However, it is dangerous to adjust to a new
business model without understanding the root causes of the problems that generated
the scandal in the first place. In its report into the derivatives losses at National Aus-
tralia Bank, the Australian Prudential Regulatory Authority highlights the importance
of in-depth analysis of organizational failures: “the wisdom of hindsight provides a
valuable platform from which to learn lessons for the future” (Australian Pruden-
tial Regulatory Authority (2004)). This paper is part of the effort to understand and
explain the factors that helped to create the problem.
3.9 Academic and industry perspectives

Not surprisingly, given its importance in the general economy, academic research
into PPI has focused on the mortgage market, which was a social priority of succes-
sive governments (Croucher et al (2003)). Ford (2000) found that take-up of MPPI
policies had increased in the late 1990s following government actions but that the
increase was less than might have been expected, covering some 17% of mortgages.
Estimates of MPPI cancellations were high (20–30%), typically resulting from “lack
of affordability, rejection of claims, perceptions that policies are not value for money
and a reassessment of personal circumstances” (Ford (2000)).
The decision to purchase MPPI was not taken purely for economic reasons (cost,
affordability and terms and conditions) but includes “attitudinal influences” (Ford
(2000)). In the academic research initiated by the OFT, Raynard found that “taking
26
Both Barclays and RBS announced provisions of over £1 billion, Lloyds some £3.2 billion, with
HSBC announcing a smaller hit of £440 million (Evans (2011)).

protective action in the face of a risk [such as buying insurance] depends on both the
cognitive appraisal of the risk and emotional considerations” (OFT (2007, Annex C)).
In particular, borrowers may decide to purchase PPI “driven more by worry than a
rational appraisal of the options, and … in anticipation of the reduction of worry, or
peace of mind, that it could bring” (OFT (2007, Annex C)). Note that the “Protection
Racket” report found that these are the sentiments actively targeted by advertisements
for PPI, pointing out that
prominent references to “peace of mind” and “repayments taken care of” suggest a
guarantee to meet the borrower’s commitments under the credit agreement should
anything go wrong. Not just a product, payment protection evokes the idea of a
relationship of trust, mutual support and value between lender and borrower.
CAB (2005, p. 13)
In other words, lenders (typically the customers’ bank) were, in the eyes of borrowers,
selling a “relationship” rather than a mere product.
Ford and Kempson (1997) also found
a strong correlation between the views people have of insurance and the likelihood of
them taking an MPPI policy. Those insuring were also more heavily insured overall,
sometimes covering the same eventuality more than once, indicating a relationship
between insurance and a risk averse stance.
Croucher et al (2003, p. xi) found the reverse effect:

Consumers with negative attitudes towards insurance generally are unlikely to take
out MPPI whatever their perceived risk of being unable to meet mortgage commit-
ments.
Rayner (OFT (2007, Annex C)) noted that a survey of PPI purchasers suggested that
“PPI was seen as expensive by most purchasers, but they also recognized its emotional
benefits”. By selling expensive products to people who are overinsured or worried,
banks can expect little public sympathy if they are found not to keep their side of the
bargain.
Before considering the lessons that can be learned from analyzing systemic people
risk within the PPI market, the next section considers the regulation of operational
risk.
4 BASEL II, OPERATIONAL RISK AND PEOPLE RISK

4.1 Basel II and operational risk
In 2004, the Basel Committee of the Bank for International Settlements, the world’s
senior banking regulator, finalized proposals to bring the management of operational
risk in line with the standards already adopted for market and credit risks (BCBS

(2004) and Federal Reserve (2006)). These so-called Basel II proposals are designed
to strengthen risk controls in international banks and to ensure that they set aside
sufficient capital to cover large losses resulting from operational problems. As history
will attest, these proposals clearly failed in the run up to the GFC in some jurisdictions,
not least because they were not applied in a uniform manner, such as the United States.
(McConnell and Blacker (2011)).
While Basel II applies only to banks,27 it does provide a general definition of
operational risk that looks to identify some major “root causes” of operational risk
losses, specifically
the risk of loss resulting from inadequate or failed internal processes, people and
systems or from external events. This definition includes legal risk but not strategic
or reputational risk.
BCBS (2004)
The four dimensions of operational risk in this definition are: people, processes, IT sys-
tems and external events. The Basel framework also identifies a series of “operational
risk event types”, several of which are specific to people risk, in particular: fiduciary
breaches, flawed products, improper business practices, etc (BCBS (2004, Annex 7)).
This paper uses the Basel II definition as a “lens” for analyzing operational risks
within the processes that contributed to the PPI scandal. It does so not at the level of
the individual firm, as proposed by Basel II, but at the “systemic level”.
4.2 People risk framework

McConnell (2008) and McConnell and Blacker (2011) developed a generic “people
risk framework” that considers people risk occurring within four distinct zones.
Incident: how people, especially employees, react when an unforeseen “incident”

happens.
Individual: how an individual (or a small group of individuals) behave with respect
to their responsibilities.
Institution: how the firm behaves with respect to the behavior of the individuals that
it employs and with whom it deals.
Industry: how the industry as a whole behaves.
27 The Basel II equivalent for insurance companies in the United Kingdom is Solvency 2. The
Solvency 2 approach to regulation is currently being implemented in the United Kingdom and is
similar to Basel II in that it takes a three-pillar approach: pillar 1 focuses on capital requirements
and modeling, pillar 2 focuses on supervisory activities over firms’ risk management activities and
pillar 3 focuses on disclosure requirements by regulated firms.

FIGURE 2 Frequency and severity of losses.
Frequency Severity
of loss of loss
events events
Low Industry High
Industry
Institution
Institution
Individual
Individual
Incident
Incident
High Low
Figure 2 shows this “four Is” framework with respect to the frequency and severity
of operational losses arising from the four areas of people risk identified above. In
this model, the frequency of losses increases as we descend the hierarchy, whereas
the severity of losses rises as we expand from incident to industry.
Incident. While many loss-making incidents will occur in any firm, the magnitude/
severity of each incident tends to be limited, by the very nature of standard operating
controls within a mature operation.
Individual. Inevitably, some individuals in a firm will break its rules and precipitate
losses, either by fraud or by incurring regulatory fines. However, the size of such
losses will not typically be very large: sometimes, but rarely, in the millions of
dollars.28
Institution. History has shown that some institutions are dysfunctional, displaying
scant regard for their responsibilities to their customers and employees, usually
in pursuit of large profits. While rare, the severity of the losses occasioned by the
28Examples of individual losses in the millions would be rogue trader incidents (McConnell (1998,
2003, 2005)).

unethical behavior of individuals at all levels of such a firm can be massive (for
example, the collapse of Enron).
Industry. Periodically, the banking industry loses its ethical compass and, as with
the subprime and PPI scandals, very significant losses occur, often in the form
of regulatory fines (Blacker (2001); Securities and Exchange Commission (SEC)
(2005); and McConnell (2006)).
An example of significant industry losses are fines such as the US$400 million
levied against the brokerage arm of Citigroup, in April 2003, by the US securities
regulator, the SEC. Citicorp was just one of ten firms fined more than US$1.4 billion
for breaches related to “undue influence of investment banking interests on securities
research at brokerage firms” (SEC (2005)). These fines, which were part of the fallout
from the stock market scandal of the early 2000s, are examples of the “low-frequency,
high-severity” losses that firms are required to include in their assessment of oper-
ational risk capital under Basel II (Jobst (2007)). Fines of this magnitude are levied
not because of the unethical/illegal activities of one individual, or a small group of
individuals, or even a single institution, but because of an across-the-board failure
of ethical standards across the industry. Blame is spread across many firms to send
a message to boards, executives and staff that such behavior will not be tolerated in
future.
Since Basel II concentrates on ensuring that firms maintain capital to cover “unex-
pected losses” from “low-frequency, high-severity” events (BCBS (2004)) it would
appear that the greatest losses may not occur within a firm but at the industry level.
On the other hand, while important, banks and regulators have tended to concentrate
on the higher-frequency, lower-severity areas of individual and incident risk; that is,
Basel II does not address operational risk at the more dangerous systemic level.
McConnell (2008) and McConnell and Blacker (2011) argue that, for either the
individual or the institution, risky activities may be classified as intentional, with
the individual or group being fully aware of the consequences of their actions, or
unintentional, where adverse outcomes can result from ignorance or inexperience. In
turn, adverse consequences can result from intentional risks that are
illegal (clearly against the law),
unethical (within the bounds of the law but unacceptable in normal business,
such as failing to provide all information upon which to make an insurance
purchasing decision),
inappropriate (unacceptable behavior such as aggressive sales techniques).
For example, a lender may sell a borrower a bundled PPI policy that is not appropriate
to their financial circumstances. This may happen because a salesperson makes a

mistake resulting from the failure of the institution to train and/or monitor its staff
properly. Alternatively, a salesperson, perhaps to meet a sales target, will cross the
line between advising and not advising the customer on a policy that does not meet
their circumstances (FSA (2007)). Regardless of how this circumstance arose, the
impact is the same: a PPI policy was sold that was not appropriate for the needs of
the customer.
The next section considers such people risk within the PPI model.
5 PEOPLE RISK IN THE PAYMENT PROTECTION INSURANCE

MODEL
5.1 Product, process, price or people?
The problems found with PPI by the various inquiries into the mis-selling scandal are
multifaceted and it is difficult to attribute fault to one single factor, as there is much
blame to go around. However, this paper argues that some factors are more relevant
than others.
The first question to ask is whether the PPI product itself was flawed. Industry
insiders almost all agree that some form of protection against being unable to make
credit payments is useful, even essential, to many borrowers (CAB (2005) and FSA
(2005a)). Many criticisms of PPI focus not on the structure of the products sold
by most providers but on perceived missing features, such as lack of coverage of
“relationship breakdown” (CAB (2005)) but since the PPI products described here
did not generally cover these occurrences29 the products themselves cannot be blamed.
Inquiries also found that some variants of the PPI product did not provide for a return
on cancellation of the “single premium” or calculated the refund unjustly: clearly an
abuse of power (CAB (2005)). Other serious criticisms of PPI products highlight a
preponderance of exclusions, some of which are perceived to be overly onerous, even
unnecessary (CAB (2005)). Insurance products are legal contracts that must spell out
the boundaries of the contract, both exclusions and inclusions. The issue then is not the
exclusions in the contract but whether the buyer is informed of, and understands, the
exclusions and, more importantly, whether the exclusions mean that, for a particular
buyer, all claims will be rejected as a matter of course. This is not a problem with the
product per se but with the information provided to the purchaser during the selling
process and the due diligence of the seller and underwriter in regard to determining
the suitability of a particular product for a particular customer. It also places a duty
29Indeed, this risk may have been considered by providers but rejected because of the potential for
a higher incidence of claims, which in turn would have increased premiums even further.

on the customer to fully read the small print in the terms and conditions to make sure
that they know and understand the contract that they are signing up to.30
It is apparent that the “end to end” PPI process, from sale to resolution of claims, was
not always efficient. In particular, the “back end” process of settling claims has been
widely criticized (CAB (2005); FSA (2005a); and FOS (2008a)). It appears, however,
that problems were concentrated in certain types of claims, such as unemployment and
illness (CAB (2005)), rather than the overall resolution process itself. One important
aspect of any insurance claims process is the inherent “emotional” tension that is built
into the process because, on the one hand, the insurer wants to minimize their losses
whilst, on the other, the claimant wants to ensure that they are paid. All processes will
break down at times through, for example, lack of staff knowledge, but it appears that
breakdowns in the overall PPI process per se were intermittent and localized rather
than systemic. Contrast this situation with the breakdown in the securities ratings
process that occurred prior to the GFC (McConnell and Blacker (2011)), which was
systemic, causing investors, who relied on such ratings, to purchase securities that
were “overrated”.
The price of PPI products versus the coverage provided has been widely criticized
(see CAB (2005) and FSA (2007)). While it appears that PPI was indeed a profitable
“cash cow” that was milked by large and small companies (OFT (2007)), it was not
the price of coverage per se but the greed of the distributors that precipitated the PPI
crisis. PPI premiums, although large for the coverage provided and in many cases
adding to borrowers’ indebtedness (OFT (2007)), were not in themselves sufficient
to cause borrowers to default. It was, however, the lack of effective competition in
the PPI market that caused the OFT to refer consideration of the market to the UK
Competition Commission (OFT (2007); Competition Commission (2008a); and BBA
(2011)), which ultimately brought the PPI issue to a head in the UK courts.
While product, process and price were all factors in creating a market in which
inappropriate products were sold to individual borrowers, it was the breakdown in
due diligence in the face-to-face selling process that appears to have caused the failure
of the market across credit sectors and across institutions. Lack of due diligence is a
people-related issue and, in this case, a systemic people31 issue as it was inappropriate
selling in one link of the PPI process that caused problems later in the chain, when
claims were made against policies that should never have been sold in the first place.
30 Small print in policy documents is notorious for being jargonistic and difficult for the average
consumer to understand. Plain English would certainly help to mitigate this problem (see www.
plainenglish.co.uk for further information).
31 Note that there are “people” other than market participants who may have exhibited “risky behav-
ior”, such as regulators and auditors, but they are outside of the PPI process itself and are not
discussed here.

5.2 Summary of people risk in the PPI process

The various inquiries into the PPI scandal identified a number of recurring people-
related issues in the selling of policies (CAB (2005); FSA (2005a, 2006a, 2007); OFT
(2007); Competition Commission (2008a); and Independent Commission on Banking
(ICB) (2011a)).
Inappropriate product for the customer: borrowers were sold PPI insurance that was
not appropriate to their circumstances and when claims were made were rejected,
often because of inappropriate exclusions.
Inappropriate exclusions: overly onerous exclusions that were often hidden in the
small print of the documentation provided and not explained properly to buyers.
Inappropriate bundling: for borrowers interested in obtaining a loan, often the sec-
ondary PPI policy was added as an afterthought into a “bundle” in such a manner
that it was difficult to understand the true costs involved.
Inappropriate sales practices: although the FSA (2005a) found no evidence of the
pressure selling detected by others (CAB (2005)), the FSA (2005a, 2006a, 2007)
nonetheless found that sales staff were not completely sure of what was appropriate,
particularly the line between “advised” and “nonadvised” sales.
Inappropriate incentives: the FSA (2005a, 2006a) found that sales incentives were
not aligned with good sales practices, sometimes leading to “adverse selection”.
The people risk listed above can be mapped directly onto Basel II loss event type
classification mainly in the category of “clients, products and business practices”. For
example, inappropriate product, which is covered by the level 2 category “selection,
sponsorship and exposure” or “fiduciary breach”; inappropriate exclusions, which is
covered by “product flaws”; and so on (BCBS (2004, Annex 7)).
Note that there are several other people-related risks that are apparent in the actions
of various parties in the PPI process, in particular the following.
Conflict of interest. When parties are rewarded for completing transactions, there are,
as identified in some cases of single-premium PPI sales (FSA (2006a)), conflicts
of interest between increasing income and maintaining reputation.
Staff knowledge. It takes time for staff at all levels of an organization to understand
new products and processes (the so-called learning curve). Until staff are deemed
competent with new procedures, they should be closely supervised, otherwise there
will be a risk that such staff will inadvertently make mistakes that may not be
picked up.

Lack of due diligence. It is difficult, time consuming and expensive for financial pro-
fessionals to determine the needs of another party. Where there is pressure to
increase volumes of sales, individuals and firms may short circuit product evalu-
ation processes, either intentionally, by misleading, or inadvertently, by not using
research forums where appropriate questions can be put to customers.
Adverse selection. When parties have options with regard to which products to sell,
there is a tendency to select those that provide the highest return to the seller without
fully considering additional risks that would be implied by the higher return.
Anti-selection. From the buyers’ perspective, they may select a product (to the detri-
ment of the insurance provider) because they anticipate making a claim on the
policy.
5.3 Moral hazard and adverse selection

In economics, “moral hazard” and “adverse selection” are special cases of “informa-
tion asymmetry”, where one party to a contract has better or more information than
another party. Moral hazard occurs when a party to a contract behaves differently
when insulated from risk than when exposed to it (Nyberg (2011)). For example,
after buying insurance, a person takes more risks than when uninsured (for example,
undertaking dangerous sports when covered by a PPI illness policy). On the other
hand, adverse selection occurs when information is not available to one or more of
the parties to a contract (for example, a seller hiding the quality of a product such as
a used car from a buyer (Akerlof (1970))).
In the context of the PPI scandal, the various inquiries identified that these two
conditions were seen to have occurred (OFT (2007)).
Moral hazard: when lenders have less incentive to perform full diligence on sales
because they know that claims will be met by the insurer (Competition Commission
(2008a)).
Adverse selection: when sales staff have incentives to sell one type of policy rather
than another (for example, single-premium PPI policies (FSA (2006a))).
In the Basel II definition of operational risk, losses resulting from instances of moral
hazard and adverse selection would be classified as people risk, specifically under
the event type category of “clients, products and business practices” (BCBS (2004)).
However, the Basel definition covers people risk beyond these “intentional” illegal,
unethical or inappropriate actions (McConnell (2008)), including the following.

Incompetence: actions that fall below the levels expected of a particular role, such
as delaying the resolution of a claim on a PPI.
Negligence: lack of appropriate action, such as nonverification of a borrower’s

employment status.
Lack of knowledge: actions that are based upon lack of requisite knowledge, such as
improperly trained telesales staff selling PPI (FSA (2005a)).
Lack of accountability: actions and nonactions where responsibilities are ill-defined,

such as identifying a borrower’s suitability for a particular PPI policy (FSA
(2005a)).
Aggression: improper use of power, such as pressuring borrowers to purchase PPI as

part of a bundle (CAB (2005)).
While illegal activities should obviously always be identified and countered, it is often
the softer, more difficult to detect risks than can precipitate large aggregate losses. A
good example of the latter is inadequate staff training, which is cited frequently as a
cause when things go wrong (see, for example, FSA (2011a)). Unfortunately, the lines
between these risks are often blurred and, in many situations, identical behavior by
one individual (usually a junior) can result in dismissal but be tolerated if perpetrated
by another, more senior, individual. The Barings, Allied Irish Bank, National Australia
Bank, Daiwa and Nomura Securities and, more recently, the UBS cases all illustrate
how inappropriate behavior can lead to unethical actions that, if tolerated, can lead
to illegal activities and can, in extreme circumstances, result in serious losses to the
firm (Zhang (1995); Cruz (2002); McConnell and Blacker (2011); and UBS (2011)).
During the inquiries and investigations into the causes of the PPI scandal, numer-
ous examples of people-related risks were documented. We now investigate how the
selling practices that were eventually deemed inappropriate became so widespread
and acceptable.
5.4 Systemsthink
Janis (1971) first documented the phenomenon of “groupthink” where managers and
staff suspend their natural skepticism in the face of “group pressure”. This same
phenomenon has been identified by Gleick (1992) in documenting the findings of the
official inquiry into the space shuttle Challenger disaster, and by Augustine (1995)
on the problems that beset the Hubble Space Telescope. Similar groupthink has been
identified, on a much broader scale, by the US Senate report into intelligence failures
in Iraq (US Senate (2004)), which found that there was “a collective presumption” in
the international intelligence community that Iraq had an active and growing weapons

of mass destruction program. The Senate committee concluded that this groupthink
led analysts and their managers to play up ambiguous evidence that supported this
thesis and play down anything that seemed to undermine it.
In looking at the failures of Irish financial institutions in the GFC, the Nyberg
commission of inquiry found frequent evidence of
behavior exhibiting bandwagon effects both between institutions (“herding”) and

within them (“groupthink”), reinforced by a widespread international belief in the
efficiency of financial markets.… While these behaviors may be seen as a combi-
nation of a number of basic human psychological biases which are not confined to
economic issues, it is clear that, when present particularly in the financial sector they
may be important underpinnings of systemic disturbances.
Nyberg (2011)
Nyberg (2011) distinguishes between “herding” where, driven by the need to achieve
similar profitability to the rest of the industry, firms pursue almost identical strategies.
On the other hand, “groupthink” occurs within a firm, where a consensus forms
“without serious consideration of consequences or alternatives, often under overt or
imaginary social pressure” (Nyberg (2011, p. 8)). Nyberg also noted that groupthink
often
feeds a tendency among staff to suggest and support proposals that their superiors
are known to prefer, hoping to gain a favorable reputation.… Those challenging
their superiors’ proposals may risk sanctions and would thus need to feel particularly
confident in their preferred alternative.
Nyberg (2011, p. 9)
The tendency of firms to sanction naysayers is evident in the dismissal of risk managers
who disagreed with the actions of their superiors during the GFC, as at Lehman
Brothers (McConnell and Blacker (2011)).
Groupthink may occur within a firm but not necessarily across the industry. For
example, take the arrogance exhibited by National Australia Bank in the face of indus-
try criticisms of its trading practices before its derivatives losses (McConnell (2005)).
Likewise, “herding” may occur at the industry level but be opposed by many staff
internally, as is the case, for example, with an industry-wide move toward outsourc-
ing of staff. However, where herding and groupthink coincide as “systemsthink”, a
challenge to the prevailing thinking can only come from outside of the industry, such
as from consumer bodies, such as the CAB or FOS, or market regulators, such as the
Competition Commission.
This paper argues that the financial services industry must proactively guard against
systemsthink, by structured operational risk management at both the firm and systemic
level, as the consequences of not doing so can be serious, and even catastrophic.

5.5 People risk and the universal banking model

The largest of the UK banks affected by the PPI scandal are structured in what has
been variously called the “universal (or integrated) banking model”, Allfinanz, banc-
assurance and assurfinance (Brown (1992); Benoist (2002); Nyberg (2004); and Field
et al (2007)). Although corporate structures may differ, the terms cover the manage-
ment of a range of financial activities, including retail banking, investment banking,
securities, wealth management and insurance within a large conglomerate (Molyneux
et al (1996) and Ashby (2010)). Molyneux et al (1996) and Field et al (2007) have
identified some of the main reasons why this type of organization has grown,32 which
include the following.
Economies of scope: the efficiencies to be gained from including multiple financial
products under one “brand” or operating infrastructure.
Reduced variability of revenues: the diversification benefits of multiple business
streams operating in different cycles.
Improved capital utilization: efficiencies in capital allocation.
Improved risk management: spreading funding, credit and liquidity risks across mul-
tiple diversified businesses.
The ICB noted that
while banks are highly regulated, within the UK there are very few restrictions on
how they choose to structure themselves. Large universal banks are a complex web
of legal entities and intra-group relationships.
ICB (2011a, p. 76)
In light of the GFC, where seemingly solid retail banking operations were brought
to the brink of bankruptcy by losses in related investment banking operations
(McConnell and Blacker (2011)), there have been various proposals to break out
(US Congress (2010)) or “ring fence” retail banking from investment banking busi-
nesses (ICB (2011a)). In an analysis of analysis of the UK banking market, the ICB
identified the following problems with the universal banking model (ICB (2011b,
p. 74)).
High impact of failure: since size is critical to the success of this model, failure of
such a firm will have a disproportionate impact.
Increased systemic risk: it is “harder to stop problems spreading from one part of the
system to another”.
Increased risk taking: as a consequence of economies of scale and scope.
32It should be noted that “universal banking” has been prevalent in jurisdictions such as Germany
for over 100 years (Molyneux et al (1996, p. 70)).

These problems may give rise to a situation where profits of universal banks are better
than average in good times, because of economies of scale, but losses could be worse
because of the same effect. The final report of the ICB noted that
the risks of unrestricted universal banking are in general greater for larger banks. The
impact of failure, and thus the importance of resolution and of reducing contagion,
is greater the more customers and creditors are affected.
ICB (2011a, p. 39)
The ICB also queried the underlying assumptions of economies of scope in the uni-
versal banking model, questioning
the belief that functionally universal banks offer diversification benefits [which] is
held by a number of market participants, including some universal UK banks, but
the available quantitative evidence is limited and mixed.
ICB (2011a, p. 274)
This paper does not address the issue of ring fencing for banks nor the economic
benefits and risks that arise from integrated banking models but discusses the specific
issue of the “operational risks” that may be present in a bancassurance model where
insurance is sold through branch banking networks, as was the case in the PPI scandal.
Benoist (2002) describes three generic risks that are present in the bancassurance
model.
Image risk: the risk that the bank/insurer suffers by the failings of the other party.
Qualifications/staff risk: the different skills and qualifications needed to sell different
types of financial products.
Network risk: or the difficulties of managing overlaps in related banking and insur-
ance businesses.
Whilst Brown (1992) argues that these types of risks may be mitigated by having the
right structural arrangements in place, the point remains that the effective operation
of the model depends upon the people involved and how they interact and commu-
nicate. Nyberg (2004) identified two particular “conflicts of interest” that arise in
the universal banking model, specifically, the risk that sellers promotes their own
interests over the customers’ needs (moral hazard), and incentives to deviate from
correct “internal pricing”, such as the unwarranted splitting of commissions to reduce
taxation.
A particular area of concern is a point raised by Benoist (2002), who suggested
that there might be “certain fundamental differences in culture [between banking and
insurance] that cannot be overcome, even by investing heavily in training”. If this
hypothesis is even partially true, then it imposes a heavy responsibility on operational

risk management functions to ensure that such cultural differences are identified and
that risk mitigation strategies are put in place by business units to reduce the impact of
these people-related risks. Note that it also places a duty on risk managers to recognize
any potential deficiencies in their own knowledge, approach and culture that might
preclude them from identifying potentially large risks in a multiproduct operation.
In practice, this would imply that operational risk functions should be staffed by
professionals experienced in a number of businesses not just by those with a narrow
banking focus.
Before tackling the issue of how to address people-related risks, it should be noted
that the problems do not relate merely to the banking–insurance interface or to the
narrow PPI product, but are much wider. Examples of problems in the past include
the mis-selling of pensions, the interface between banking and wealth/investment
management (Blacker (2001)) and the mis-selling of mortgage endowment policies,
the banking–insurance interface (FOS (2011)).
As an example of problems potentially being stored up for the future, the equity
release product is a case in point. Equity release products, sometimes called reverse
mortgages (Financial Crisis Inquiry Commission (FCIC) (2011, p. 11)), are financial
mechanisms whereby an “asset rich/cash poor” senior citizen can draw regular income
or lump sums against the value of their home (Age Concern (2010)). Like PPI, these
are hybrid banking/insurance products that are designed to repay a loan usually when
the borrower dies or “downsizes”. Often the customer buying the product is vulnerable
(for example, needing money to pay for repairs or to supplement pension income).
The potential for mis-selling problems in such cases were identified by the FOS
(2008b, p. 72), which upheld a complaint against a bank for mis-selling a “shared
appreciation” mortgage, probably due to a staff misunderstanding of what a complex
product is.
This is not to suggest that UK banks are unethical in their handling of equity
release products at present, but evidence from the United States has shown growing
problems in this area (Twomey (2009)). This paper does suggest, however, that with
the baby boomer generation retiring over the next twenty years and, especially where
defined contribution retirement pensions have experienced shortfalls in investment
appreciation, such “lifestyle” products will become increasingly popular (Twomey
(2009, p. 6)), and may be subject to the types of people-related risks evidenced
elsewhere. Wainer et al (2010) have documented a growing incidence of “financial
abuse” of the elderly, though perpetrators tend to be family members or carers rather
than financial institutions. Although banks may recognize the potential for abuse in
such cases, they may feel constrained by privacy concerns. This is a position in which
banks may act perfectly ethically, within their own policies, but may be seen by the
public as accessories to abuse, ie, reputational risk.

5.6 Parallels with the global financial crisis

The impact of the GFC for economies, financial institutions and individuals around
the world was, and remains at the time of writing, extremely large (Krugman (2008);
Schiller (2008); Crouhy et al (2008); FCIC (2011); Levin and Coburn (2011); and
McConnell and Blacker (2011)). On the other hand, the impact of the PPI scandal
was relatively small (compared with the GFC): it was localized to the UK banking
sector and had little impact on the local economy.
The causes of the “subprime crisis” (Schiller (2008)), which precipitated the GFC,
cut across the entire system of “mortgage-backed” securitization in the United States
(the so-called origination to distribution model) with ethical failures not only in mis-
selling of mortgages to retail banking customers but also in the structuring, rating and
selling of securities created from those mortgages (FCIC (2011); Levin and Coburn
(2011); and McConnell and Blacker (2011)). In contrast, the PPI scandal arose from
the mis-selling of a class of insurance products mainly by the biggest banks in the
United Kingdom (Ouseley (2011)). The failures were more localized, across one
(albeit large) sector of the UK financial industry.
Nonetheless, there are parallels between the two “disasters”, particularly in the
breakdown in ethical behavior across the industry at the front end of both processes,
in the selling of financial products to unsophisticated customers, driven by consid-
erations of increasing business volumes (and hence profits) rather than ensuring the
suitability of a particular product for a particular customer. Greed appeared to over-
power fiduciary duty in both situations.
It is argued here and elsewhere that this lack of due diligence was produced at least
in part by the moral hazard created by the splitting of the selling process from handling
problems that might occur later in the process (McConnell and Blacker (2011)). Such
situations are therefore systemic, occurring across one or more sections of a financial
industry and are also people-related risks, as opposed to economic shocks.
5.7 Systemic operational risks

The risks discussed in this paper are related not only to the multiple parties involved in
a very complex process but also risks that arise as a result of the interactions between
the parties. Such risks may be considered “systemic risk” as they are related to the
system as a whole. Employing the definition of Basel II, such risks are also operational
risks, as they are related to interactions between “people” (for example, failures to act
on negative feedback) and “process”, failures of processes governing the interactions
between parties. The PPI process is therefore subject not only to “operational risks”
within the firms involved, both regulated and unregulated entities, but also “systemic
operational risks” that are related to the structure of the distribution and underwriting
process itself and the interactions between the parties involved.

Since operational risk is defined, within Basel II at least, solely at the level of
the regulated firm, there is a need to consider mechanisms for addressing systemic
operational risk that impact not only regulated institutions but also individuals.
6 CHANGES TO THE UK BANKING SYSTEM

6.1 Independent Commission on Banking
Turner (1976) points out that, in the aftermath of a disaster, organizations move onto
“full cultural adjustment”, which invariably means changing the policies, processes
and management culture that led to the disaster in the first place. Governments in both
the United Kingdom and the United States have proposed radical changes to banking
systems in their jurisdictions (ICB (2011a) and US Congress (2010)).
In the wake of the GFC, the UK government set up the ICB with a very wide mandate
to consider “structural and related nonstructural reforms to the UK banking sector
to promote financial stability and competition” (ICB (2011b)). After producing an
issues paper for industry feedback (ICB (2010)) and an interim report (ICB (2011b))
and consulting widely with the industry and interested parties, the commission pro-
duced its final report in September 2011, which was accepted by the UK government,
agreeing, inter alia, to the “ring fencing” of retail banking from investment banking.
The ICB recommendations are very wide-ranging, covering issues such as new
capital requirements for “loss absorbency”, market concentration and competition,
and “switching” between banks (ICB (2011a)). In the context of this paper, the major
recommendation is to “ring fence”, rather than separate, retail operations from invest-
ment banking. The objective of the proposed ring fence is to be able to reduce the
likelihood of “taxpayer funded solvency support” by being able to spin off critical
retail banking operations in the event of a bank’s failure (ICB (2011a, p. 233)). To
achieve this partitioning, the commission identified a number of “mandated services”
that could only be operated by ring-fenced banks where “a temporary interruption
to the provision of [such a] service resulting from the failure of a bank has signifi-
cant economic costs” (ICB (2011a, p. 234)). Conversely, the commission identified a
number of services that were “prohibited” in a ring-fenced bank, such as the purchase
of credit-related derivatives (ICB (2011a, p. 235)).
In analyzing existing products, the ICB found that PPI was “a source of excess
profits, as well as a common area of mis-selling” and criticized banks for “misdirected
competition”:
Instead of increasing their earnings by selling products that met consumer needs
on better terms than their competitors, banks profited by selling inappropriate PPI
contracts to many customers that were overpriced and unsuitable for customers’
needs.
ICB (2011a, p. 189)

However, the ICB does not explicitly prohibit products such as PPI, although such
products do not fall within the narrow definition of “mandated services”, but it appears
that such products will in future be viewed from a “competition” perspective:
A distinction is needed between “good competition” to serve customers well, and
“bad competition” that exploits customer unawareness or, for example, creates a
race to the bottom on lending standards.
ICB (2011a, p. 153)
However, as with the example of PPI, the ICB requires that

the permitted extent of its relationships with other parts of the group should be no
greater than regulators generally allow with third parties, and should be conducted
on an arm’s length basis.
ICB (2011a, p. 12)
This means, for example, that in future the relationship between a distributor and
related insurer in the PPI market, such as with sharing of commissions, would need
to be treated as a third-party contract. However, evidence from the GFC in the United
States demonstrated that conflicts of interest can occur just as easily on an arm’s length
basis as on a related one (McConnell and Blacker (2011)).
6.2 UK Treasury: a new approach to financial regulation

In February 2011, the UK Treasury issued a document outlining a “new approach to
financial regulation”, which proposed a radical change to prudential regulation in the
United Kingdom (UK Treasury (2011)). In summary, the UK government proposed
that the responsibilities of the existing prudential regulator, the FSA, be split among
three bodies: the Bank of England, through a new Financial Policy Committee, would
assume overarching responsibility for “delivering systemic financial stability through
macro-prudential regulation”; a new Prudential Regulation Authority would assume
the responsibilities of the “oversight of the safety and soundness of banks, insurers
and other prudentially significant firms”; and a new FCA would assume the remaining
FSA responsibilities for the regulation of “business conduct” (UK Treasury (2011)).
At the firm level, one of the authors has had personal experience of the new direction
of supervision being developed by the FCA. At a high level, the focus will be on the
overall governance arrangements in place and how this links into the culture and the
day-to-day operations of the business. There will be increasing emphasis placed on
the management of risks and the control environment that exists to mitigate those
risks. In addition, the FCA will be looking to see that the business planning process
takes full account of the risks to the achievement of the firm’s strategy and the board
is actively engaged in monitoring such risks.
These changes to UK regulation will have a significant impact on banks operating
in the United Kingdom, but in this paper we will focus on issues of “financial conduct”
specifically relating to people-related risk.

6.3 Financial Conduct Authority

In June 2011, the FCA’s approach to regulation33 was described as
using its new powers of intervention and enforcement [to] promote good outcomes
for consumers; be more outward-looking; intervene earlier to tackle potential risks to
consumers; and be tougher and bolder, building on and enhancing the FSA’s credible
deterrence strategy.
FCA (2011, p. 7)
All in all, a very much more proactive regulatory approach than what had been in
place prior to the changes, “aiming to intervene earlier in retail markets to protect
consumers before they suffer direct effects as a result of failures in these markets”
(FCA (2011, p. 17)).
The responsibilities of the new FCA are wide-ranging, covering not only the con-
duct of regulated firms with respect to retail customers, but also a wide range of
“wholesale” customers and also providers of “market infrastructure” such as stock
exchanges (FCA (2011, p. 16)). The FCA will also have a major role in addressing
“financial crime”, giving “priority to the protection of consumers as potential victims
of financial crime, and to the use of firms as a conduit for financial crime, than to the
protection of firms themselves as potential victims” (FCA (2011, p. 38)). Note that
these are all issues that fall within the definition of operational risk of Basel II.
With respect to the problems with PPI discussed in this paper, the FSA recognized
that “its response to the mis-selling of PPI should have been stronger” and outlined
the FCA’s new approach to
spot issues earlier; be willing to intervene early to improve standards either in spe-
cific firms or wider; take robust action designed to address weaknesses in competition
revealed by economic analysis; give greater recognition, sooner, to the importance of
securing redress (and not leave this solely to the ombudsman service); and, improve
cooperation and working arrangements with the ombudsman service to ensure regu-
latory issues which complaints are revealing are dealt with sooner.
FCA (2011, p. 34)
A recent example of how the FSA will be changing their approach can be found
in the joint guidance with the OFT on PPI which has been issued following recent
developments and emerging concerns about new products and practices (FSA and
OFT (2011)). This guidance that firms should ensure that product features reflect the
needs of the consumers that they are targeting and they identify
33It should be noted that, at this stage, the FCA was operating under the umbrella of the FSA and
had not yet been broken up.

four key areas of concern that providers should think about carefully:
firms not properly identifying the target market for the protection product;
the protection not reflecting the needs of the intended consumers;
the benefit of a successful claim not matching the needs of the claimant;
product features or pricing structures creating barriers to comparing products,
exiting a policy or switching cover.
FSA and OFT (2011)
The detail of the guidance may be interpreted as a checklist of things to consider to

ensure fair outcomes and, if this is an illustration of the direction of supervision, there
may be further checklists to follow in perceived areas of concern.
It is assumed that many of the FSA staff will transfer to the new authorities and
that they will be supported by experienced people brought in to handle the different
regulatory regime. Staff who transfer will undoubtedly require training to ensure that
they are better equipped to deal with the new regulatory requirements, so that the
mistakes of the past are not repeated going forward. As a consequence, regulated
banks will have to be more proactive and responsive to customers’ problems with the
products and services that they are selling.
6.4 UK Money Advice Service

In April 2010, the UK government passed the Financial Services Act 2010, which,
among other provisions, created the Consumer Financial Education Body (CFEB), an
independent body carved out of the FSA34 with responsibility for “helping consumers
understand their finances better [by providing] impartial information, education and
advice through a national financial advice service” (FSA (2010b)).
In April 2011, the CFEB was renamed the Money Advice Service (MAS) with the
overriding objective to “make it the norm for people to manage money well” (MAS
(2011)). A second key objective is to “achieve greater leverage from our work”, which
is important in the context of this paper as it relates to “working with and influencing
the financial services industry, regulatory and public policy agendas” (MAS (2011)).
An example of how banks may be affected by the new organization in the future
is the section on the organization’s website (www.moneyadviceservice.org.uk) that
deals with PPI, which not only contains an educational page on the PPI product but
also a set of “comparison tables” listing a plethora of products tailored to information
entered by the potential buyer, such as age, employment status, etc. The website also
identifies those products where information has been supplied voluntarily by providers
but also identifies “nonparticipants”. It will, of course, be a business decision whether
34Note that, although independent, the Money Advice Service is funded though industry levies
collected by the FSA, which also controls board appointments.

to supply product information or not but if the MAS initiative (or similar efforts
by other regulators) is successful, then nonparticipation may be seen, potentially
incorrectly, as noncompliance, ie, there is both a reputation risk and also an operational
risk if problems are subsequently detected in the product by consumer advocates.
6.5 The Dodd–Frank Act: consumer financial protection

Following the GFC, the US Congress promulgated the “Wall Street Reform and
Consumer Protection Act”, also known as the Dodd–Frank Act, with the purpose,
inter alia, of protecting “consumers from abusive financial services practices” (US
Congress (2010)). Amongst a raft of reforms, the Dodd–Frank Act created the Finan-
cial Protection Bureau (US Congress (2010, Sections 1011–1100)) with the aim of
establishing
a single point of accountability to assure that markets for consumer financial products
work for American consumers and for responsible providers of those products.
Consumer Financial Protection Bureau (2011)
In July 2011, the Consumer Financial Protection Bureau (CFPB), which is similar
to the UK MAS, began work initially focusing on contentious areas of consumer
finance, such as mortgages, student loans and credit cards, with an initial objective of
creating a simplified mortgage disclosure form, called “Know before you owe” (CFPB
(2011)). At the time of writing this paper, the CFPB had just come into existence as
an independent body working to create the organizations and information technology
infrastructure to create a “consumer finance market place” where
customers can see prices and risks up front and where they can easily make product
comparisons; in which no one can build a business model around unfair, deceptive,
or abusive practices; that works for American consumers, responsible providers, and
the economy as a whole.
CFPB (2011)
It is difficult to guess precisely when the new regulator will be fully engaged with
banks and other financial institutions but the intention is clear: the elimination of
“unfair, deceptive, or abusive practices” (CFPB 2011).
6.6 Implications for operational risk management

It is not the purpose of this paper to hypothesize on the impact of new legislation on
the banking industry in general. However, there are a number of trends in the new
legislation that will affect how operational risks must be managed. Before discussing
those features, it is worth noting that, if implemented as proposed, the impact of these
new rules on banks, particularly retail banks, will be significant. Frontline businesses
that interact with customers will have to adapt to more stringent rules on business

conduct; product specialists will have to ensure that products are designed to “treat
the customer fairly”; compliance specialists will have to ensure that new rules are
understood and adhered to by staff; treasury managers and accountants will have to
adapt to new realities regarding arm’s length funding and profit allocation; and many
more effects.
It should also be remembered that operational risk managers are not themselves
responsible for designing, developing or selling products, although the recent pro-
nouncement by the FSA and OFT may cast doubt on this: “a firm’s control functions
should be involved in the firm’s product design and oversight arrangements” (FSA and
OFT (2011, Section 1.39)). Nor are they responsible for training staff or monitoring
selling practices: these are all business line responsibilities. Operational risk man-
agers are responsible for ensuring that all operational risks are identified, assessed,
mitigated and monitored within the stated risk appetite of the firm,35 in this case, the
people-related risks that should be identified and managed appropriately.
Although the legislation and the various newly created regulatory bodies are dif-
ferent in each jurisdiction, there are a number of common themes that are relevant to
this paper.
There will be a set of new regulations that must be understood and translated into
risk management actions. It should be noted that, for banks with international
operations, there will be multiple sets of rules that must be understood within
the context of risk management for the full firm.
There will be a set of business practices that are to be prohibited or restricted,

giving rise to new risks of people breaking or bending the rules. Tightening
the control environment to prevent this happening will be a key management
activity.
Regulators may restrict, suspend or prohibit a particular product or set of prod-

ucts because of customer complaints. Prohibiting the sale of particular products
may be done either at the firm level or across the industry, such as with the
banning of “single premiums” (FSA (2009)). Likewise, the rules for selling
products may change across the industry such as the proposal by the FSA to
better regulate so-called “packaged accounts”, which often “bundle” banking
with insurance products in a single account (FSA (2011b)).
There will be multiple channels for customer complaints which must be mon-
itored for emerging problems.
35 This also implies, of course, that there is a stated operational risk appetite for the firm.

Though not specifically chartered to do so, firms will have to ensure that finan-
cial literacy is improved across the industry, since “an informed consumer is
the first line of defense against abusive practices” (CFPB (2011)).
Firms will be required to understand their customers’ expectations better to

ensure that decisions to purchase products and services are being made appro-
priately.
Firms will be required to collect, analyze and provide to regulatory bodies new
information on volumes, commissions, complaints, etc.
Last, and most important, the onus of proof will now be on the firm to demon-
strate that it is behaving ethically within overall principles rather than on a
regulator to show that a firm has transgressed specific rules.
The implications of the change in burden of proof are quite far-reaching. For exam-
ple, if one bank is found to have behaved improperly in the sale of a popular product
and a ban on the (family of) product is being considered, other banks will inevitably
be questioned as to their compliance with regulatory principles. Failure to provide
good answers in the new regimes will be viewed as unacceptable. What better way
to demonstrate compliance with general principles than being able to provide on-
demand, detailed, up-to-date and fully operational risk management policies, frame-
works, processes, actions, outcomes and improvement plans? A comprehensive and
proactive approach to people risk management will be one of the key defenses against
banks losing their licenses to operate in certain markets and products.
7 ADDRESSING PEOPLE RISK

7.1 People risk
The implications of the well-documented breakdowns in responsibility, accountability
and ethics across the UK banking industry, in banks and insurance companies, in
boardrooms, branch offices and face-to-face with customers, is profound. Of course,
not everyone in every bank and insurance company behaved in an unethical fashion,
but the numbers that did were sufficient to precipitate a major crisis whose impact
may not end for many years. The sheer extent of the problem uncovered by official
inquiries means that there is not going to be a single simple solution – no silver bullet
– to stop similar crises happening in the future.
It should be repeated that the cause/evolution of the PPI scandal was primarily due
to the mis-selling of loan-related products. The problems were not caused by a single
person or group of individuals, but were enabled and accelerated as the result of the
actions, or lack of actions, of many trusted bankers. Consequently, there is no one

“bad apple” who can be caught and punished, although some individuals, such as the
boards and CEOs of large “universal banks”, appear to be more culpable than others.
Some people behaved unethically, even illegally, and many others who should have
known better just went along with it out of fear (of losing their job), ambition (to
improve their job prospects), greed (to improve their salaries/bonuses), loyalty (to the
firm), apathy (“above my pay grade”), and other very human emotions.
Because the reasons why people did not behave wholly ethically are so varied, no
single solution, such as regulation of remuneration, will ensure that similar events do
not happen in future.
It is obvious that, where people are at fault and cause real losses to customers, there
should be some sanction, although, in practice, it has proved extremely difficult to
convict individuals in cases of “white collar crime” (Coleman (2001)). Because such
legal cases tend to be long and expensive, they are often resolved by the payment
of (sometimes quite hefty) fines, but frequently without admission or denial of any
wrongdoing (McConnell and Blacker (2011)). While, sometimes, fines are imposed
on individuals in addition to firms, the final irony is that it is the shareholder who
often picks up the tab for the crimes of individuals in the firm in which they invest.
Another element of people risk that cannot be overlooked is that of fading memories.
Whilst the PPI scandal remains firmly implanted in people’s minds, the passage of time
will see it fade in people’s memories, much as happened with the pension mis-selling
scandal in the early 1990s. Complacency and fatigue vis-à-vis risk management will
set in and people will go about their daily routines much as they were doing during the
development phase of the PPI crisis. All that this will do is to increase the likelihood
of something similar happening again, although the scale and nature may be different.
The history of rogue trader incidents over the last twenty years bears witness to this
(McConnell (2008)).
7.2 People risk management: systemic level

The landscape of banking in many jurisdictions is changing as governments are putting
new “regulatory architectures” and new regulators, such as the FCA and CFPB, in
place to monitor and proactively change business conduct by financial institutions,
particularly with respect to retail consumer protection. Many of these efforts are
aimed at reducing people-related risks, such as conflicts of interest and mis-selling
of financial products.
The new regulatory structure in the United Kingdom consists of two independent
functions, with the FCA responsible for regulating business conduct of retail and
wholesale markets (ie, people risk within banks) and the MAS (ie, consumer risks).
The FCA aims to reduce people risk by setting and monitoring general principles of
business conduct by regulated firms, whereas the MAS aims to reduce people risk

by educating consumers. For regulated firms, this creates an unnecessary separation

because it is in the firm’s long-term interest to have both well-educated customers
and knowledgeable staff that are able to confidently provide the services and products
that are most appropriate for those customers.
But, as demonstrated in the PPI scandals and others, the customer–firm interface
is not without risks, particularly people-related risks, such as lack of knowledge,
pressure sales and unethical practices. The aim of systemic regulation must then be to
identify when such risks are reaching unacceptable levels across the system and to take
rapid remedial action that is appropriate to the level of problems being encountered.
Since it is not possible, by regulation or education, to create an environment where
the probability of having a problem is zero, this means that systemic regulation must
focus on developing key risk indicators (KRIs) that will alert regulators and regulated
firms to the potential for serious problems.
For example, the incidence of complaints for a particular product, the acceptance/
rejection rate of complaints, the time taken to resolve complaints and the ratio of
complaints referred to bodies such as the FOS would appear to be suitable candidates
for “first cut” KRIs. If one or more of such KRIs was rising inexorably over time for
numerous firms, this would raise the specter of “systemic risk” and the possibility of
regulatory intervention, perhaps even prohibition of the products/services in question.
At this point it should be noted that the KRIs described above are the most obvious
but not necessarily the most effective. For example, for products such as annuities
or endowments, rates of return against standard benchmarks might indicate potential
problems in future. In other words, some KRIs will be generic but some will be specific
to the type of product. Furthermore such KRIs consider only the product aspect and
not the people risk, such as the skills of the staff, as in training and education levels.
One final point to note with any KRI is that monitoring trends is as important as the
absolute figures themselves as such trends will reveal emerging patterns, both good
and bad.
The need to create systemic KRIs argues strongly for regulators to have in-house
operational risk expertise (as opposed to operational risk regulation capabilities) to
help identify, measure and monitor people risk at the systemic level. It also argues
strongly for having a collaborative, as opposed to a confrontational, approach to devel-
oping and, more importantly, understanding the implications of operational KRIs.
The traditional regulatory model would require regulators to clearly state the
information that they require from regulated firms, such as the triennial foreign
exchange statistics collected by the Basel Committee (Bank for International Set-
tlements (2010)), and for banks to then supply that information when requested. In
a collaborative model, systemic regulators and regulated firms would propose and
openly debate the types of KRIs that are most appropriate for different types of
products and businesses. Then a systematic process of developing and agreeing the

parameters of appropriate KRIs and their frequency of reporting would be followed,

resulting in the development of clear disclosure requirements. After suitable trials
and a “learning curve” period, the KRI information would be openly disclosed by
regulated firms.
At this point it should be emphasized that, in order to detect emerging systemic
risks, the systemic KRIs would be best aimed at the generic business rather than at
the detailed product level, and should not be used for regulatory intervention per se.
That is, the systemic regulator should operate at the systemic level, only referring to
a prudential regulator when a specific firm has egregiously exceeded KRI operating
limits over a period of time.
Within regulated firms, the development of systemic KRIs has a number of impli-
cations, not least that boards of directors should develop “risk appetite” statements
around systemic risks. Such risk appetite statements would set the boundaries within
which a set of KRIs would be deemed to be acceptable and they can in turn be used by
internal operational risk management functions to create the reporting infrastructure
to capture, monitor and report, first to internal management and then, in aggregate,
to systemic and prudential regulators. If a systemic issue begins to emerge, the best
defense for a particular firm will be to have a robust operational risk management
framework in place that is alert to the potential for systemic risks.
In addition, regulators and regulated firms should encourage independent academic
inquiry into emerging systemic risks, for example by funding “mystery shopper” exer-
cises to flesh out potential problems of product/service quality. Academics must also
follow the lead of Haldane (2009), An et al (2009) and Cecchetti et al (2009) in
researching new models of “financial networks” which may better reflect the opera-
tions of the modern global economy upon which to base new regulations.
7.3 People risk management: behavioral finance

As noted above, Raynard found that borrowers did not always make the decision
to purchase PPI based on purely economic considerations but because it gave them
“peace of mind” (OFT (2007, Annex C, p. 3)). Behavioral finance is the branch of eco-
nomics that deals with such “irrational” decision making: irrational, that is, in terms of
conventional economics, which removes all emotions from financial decisions (Kah-
neman and Tversky (1979)). Ariely (2008) argues that individuals are “predictably
irrational” in that they will, often for emotional reasons, make decisions that are not
economically optimal, such as opting for “free offers” which turn out to be more
expensive overall than other options. Ariely (2008) also points out that advertisers
are particularly adept at finding the “hot buttons” that cause purchasers to behave
irrationally, such as setting the “full price” of a product arbitrarily high and then
discounting so that it looks like a bargain.

Nyberg (2011) documented a number of cognitive biases that were present in

the run-up to the Irish financial crisis, specifically groupthink and herding but also
“confirmation bias” or searching for evidence that confirms one’s preconceptions (in
this case, ever-rising property prices (Nyberg (2011, p. 90))). Other cognitive biases
include “illusion of control” or the perceived ability to “manage” risks which often
“causes an inaccurate assessment of risks” (Durand (2003)). Note that, from a people
risk perspective, such cognitive biases could manifest themselves in both the customer
and the seller, which must be recognized when dealing with the resulting operational
risks.
The consideration of economically “irrational” behavior in banking is not well-
developed, concentrating mainly on the high-risk area of financial trading (see, for
example, Willman et al (2005)) and the effect of “perverse remuneration” on decision
making:
Compensation systems – designed in an environment of cheap money, intense com-
petition, and light regulation – too often rewarded the quick deal, the short-term gain
– without proper consideration of long-term consequences.
FCIC (2011, p. xix)
It is not the role of operational risk management to determine marketing or remunera-

tion strategies for banks but, as part of the risk identification, such as risk and control
self-assessment exercises (BCBS (2011, p. 12)), to ensure that behavioral factors
and cognitive biases are explored (Watchorn (2007)). Further industry and academic
research is needed to identify how operational risk management frameworks can
incorporate concepts of cognitive biases and behavioral finance.
7.4 People risk and organizational culture

The organizational culture within which people risk are identified and subsequently
managed has been the subject of research by a number of authors (see, for example,
Blacker et al (2004)) and a culture of good risk management is driven by people’s
attitudes and beliefs and the way that they behave in the working environment. Each
of the PPI parties identified above operated within an organization with an established
culture, which the board of directors would have been instrumental in developing and
nurturing throughout the organization.
Green (2009), former chairman of HSBC, develops this further and describes the
culture in terms of the values that are embedded in the business and how these values
affect the day-to-day operations and emphasize the things that matter. He describes
it as follows:
We have to recognize that values go beyond “what we can get away with”, and that
values are in the end critical to value – to sustainable value that is. Better risk man-
agement, enhanced regulation, codification of directors’ responsibilities in company

law – all these things are necessary. But they are not, and cannot be, sufficient without
a culture of values. As individuals, we do not govern our behavior simply by what is
allowed by law or regulation. We have our own codes of conduct, and hold ourselves
accountable. We take responsibility for our actions.
All organizations are driven by a set of values that, if they are to be effective, must be
nurtured and shared throughout the organization. Barrett (1998) describes an approach
for auditing such values as a basis for establishing whether the board’s expectations
of its own value set are understood and agreed with throughout the business. Gaps
can be identified using this approach and action can be taken to reaffirm what the
organization really stands for and how it expects business to be done. One such value,
fairness, is a theme analyzed in depth by Hutton (2010). The FSA emphasis on treating
customers fairly and the UK coalition’s approach to treating fairness as a core value
in its government programme (UK Government (2010)) are clear indications of the
morality expected when business decisions are being made. In other words, what a
business stands for is just as important as what a business sells.
Garratt (1997) discusses culture as part of the governance framework and reminds
boards that they need to decide which corporate culture or, more likely, range of
cultures is appropriate for their needs. He states that “a single, dominant culture need
not be imposed on all parts of the enterprise – provided that the purpose, visions and
values are clear to all and committed to”. Once these values have been articulated,
then they can be turned into a series of recognizable behaviors which become the
accepted norm and, in turn, form the basis upon which an appraisal system can be
built.
It is not clear to what extent the FSA will look at organizational culture and the
values that drive a business in their new supervisory roles. The management of people
risk, however, is part of the internal control system and the effectiveness of the internal
control system is influenced by the organizational culture. The FSA are also in a
unique position to look across the banking and insurance industries and assess cultural
characteristics which are good and bad both for the industry and, in turn, for the
customer. For example, following the GFC, there have been calls to increase the
presence of females in the boardroom (see, for example, Hancock and Zahawi (2011,
p. 237)) in order to bring a better balance to decision making and to improve board
effectiveness.
7.5 People risk management: firm level

By the time a “white collar crime” (Coleman (2001)) is detected, it is often too late; the
damage has been done. There is a need, therefore, not only to take action on unethical
or illegal activities, but also to take evasive action prior to such actions being taken,
ie, to actively manage the people risk that may cause losses.

People risk is an operational risk as defined by Basel II and, within regulated banks,
therefore falls under the responsibilities of the operational risk management function.
However the management of people risk, per se, is not well-developed, concentrating
on identifying and mitigating illegal activities, such as fraud, rather than actively
engaging, for example, on ethical issues or personnel issues such as training and
remuneration, ie, addressing the “unintentional acts” of people.
The PPI scandal has highlighted the need for improved people risk management
and McConnell and Blacker (2011) argue that the role of people risk management be
formally recognized by regulators as an independent skilled function within the risk
management function, with well-defined responsibilities and protections. This does
not, of course, obviate the need for line management to understand the role that they
have on the front line of people risk management.
Such a people risk management function would explicitly and independently cover
issues across the firm, such as the following.
Developing and gaining approval from the board for formal “people risk poli-
cies”.
Assisting the board and executive in developing a “people risk appetite”.
Developing a specific people risk framework (within the overall risk framework
of the firm) that specifies how people risk are to be identified, measured, treated
and monitored.
Identifying methodologies for measuring people risk and allocating capital

against such risks.
Establishing key risk indicators for people risk based on the firm’s risk appetite.
Working with the board to undertake a values/culture audit across the organi-
zation.
Reporting on the operation and effectiveness of the people risk framework to

the risk committee, board and shareholders.
Influencing the development of an organizational culture that emphasizes the

role of people as being critical to successful risk management.
Working with systemic and prudential regulators to develop and implement

systemic key risk indicators for people risk.
Performing scenario analysis of people risk and stress testing the results.

Establishing formal lines of communication with human resources and ensuring

that recruitment practices are designed to adequately assess people risk issues
before an applicant is offered a position of employment.
Establishing lines of communication with legal compliance, fraud, procure-

ment, marketing, outsourcing, contracts functions36 and third-party service
providers to discuss mutual issues of interest, of which there will be many.
Establishing formal lines of communication with marketing and the sales force
to ensure that products are being marketed appropriately and customers are
being treated fairly.
Establishing formal lines of communication with clients, such as “voice of the

customer” programs, to gain feedback on the marketing of products.
Establishing formal lines of communication with operations, to ensure under-

standing of “know your customer” legislation and polices to ensure appropriate
marketing of products to customers.
Establishing formal lines of communication with consumer protection regula-

tors, such as the FCA/CFEB and CFPB, with a view to cooperating in providing
operational risk data.
Establishing formal lines of communication with the complaints handling func-

tion(s) of various business lines to ensure that complaints are registered and
reported properly, and tracked to satisfactory completion.
Developing policies around the use of “mystery shopper” exercise undertakings

by external experts in order to identify potential areas of operational risk.
Developing education and induction programs for people risk and ethical issues.
Educating and training business line managers in the application of the people
risk framework.
Developing processes and systems for the formal identification of people risk
with all departments of the firm with a particular focus on the people risk within
control functions.
Monitoring compliance with people risk policies.
36 Note that the people risk policy and framework would have to clearly identify the specific roles
and responsibilities of the people risk management, and other functions such as human resources,
compliance and fraud.

Subsuming the responsibilities of the “whistle-blowing” function and issuing

and strengthening guidelines for whistle-blowing that are compatible with the
people risk framework.
Contributing to the new product process for issues related to people risk and for
each new product to ensure that there is a monitoring and complaints handling
component integrated into all new processes.
Monitoring the incidence of (publicized) people risk incidents in other indus-

tries to establish what lessons may be learnt and what processes may need
changing.
Assisting in the development of appropriate people risk metrics that would drive
executive remuneration packages.
These are similar to functions and processes that already exist in other risk functions
(eg, credit and market risk) and within existing operational risk management functions
as generic activities. This paper argues that, because the impact of losses resulting from
people’s actions/behavior can be so great, there should be a specific and dedicated
focus on people risk management within the firm.
It is also acknowledged that some of these concepts may be difficult to implement in
practice, not least because they require extensive engagement with internal functions,
such as human resources, with whom operational risk management has traditionally
not been closely involved. Furthermore, operational risk managers would have to
become trained in areas in which they are unfamiliar and which do not lend themselves
to easy quantification, such as ethics.
8 SUMMARY
The ramifications of the PPI scandal continue to work their way through the UK finan-
cial system as politicians and regulators consider new rules for financial institutions.
Regulators have begun to create new bodies to consider and regulate “systemic risks”
across the UK financial sector. One of the systemic risks identified by regulators and
competition authorities was the failure of UK banks to properly manage the selling
of PPI products to their customers. This was not one bank at fault but, as the paper
demonstrates, a profitable business that grew into a cash cow that was enthusiastically
milked by all major UK banks without proper attention to their customers’ needs for
these particular products.
After describing the PPI business model, this paper traces the growth of the
PPI scandal from relatively minor grumbles to consumer advocate groups to a whole-
sale attack on UK banks by competition and industry regulators, eventually resulting
in those major banks having to reimburse millions of customers for mis-sold products.

The paper argues that it was the operational risks inherent in the systemic separation
of the PPI sales process from the insurance claims process that went unidentified and
unmanaged as profits grew, but eventually emerged to cause losses to the major
banks. In particular, the paper describes the people risk, as identified by Basel II,
which proliferated throughout the PPI process. The paper then describes some of the
proposed changes to the UK banking system to tackle systemic risks such as those
identified in the selling of PPI products. Finally, the paper makes practical suggestions
as to how firms, and the industry as a whole, may address such people-related risks
to avoid, or at least attempt to minimize, similar scandals in future.
People are at the heart of every business and it is their behavior, both individually
and collectively, that produces organizational results, whether those results are good
or bad. How people go about their daily tasks and routines can be influenced by a
myriad of factors, not least of which is the culture in which they operate both within
the firm and within the markets in which the firm operates. This was a theme picked
up by George Soros ten years before the dark clouds of the GFC storm appeared on
the horizon (Soros (1997)):
Too much competition and too little cooperation can cause intolerable inequities and
instability. Insofar as there is a dominant belief in our society today, it is a belief in
the magic of the marketplace. The doctrine of laissez-faire capitalism holds that the
common good is best served by the uninhibited pursuit of self-interest. Unless it is
tempered by the recognition of a common interest that ought to take precedence over
particular interests, our present system is liable to break down.
This paper argues that, in addition to macroeconomic models of complex market

processes, there is a need to research, model and understand the systemic operational
risks that occur in the interactions between people in different sectors of the financial
industry.
REFERENCES
Akerlof, G. A. (1970). Market for “lemons”: quality uncertainty and the market mechanism.
Quarterly Journal of Economics 84(3), 488–500.
Age Concern (2010). Fact sheet 65: equity release. Age UK, London (October). URL:
www.ageuk.org.uk.
An, L., Subramanian, D., King, A. T., and Ashcraft, A. B. (2009). Modeling some essential
dynamics of the subprime mortgage crisis. Paper presented at the 27th International
Conference of the System Dynamics Society 2009, Albuquerque, New Mexico. URL:
www.systemdynamics.org/conferences/2009/proceed/papers/P1232.pdf.
Ariely, D. (2008). Predictably Irrational: The Hidden Forces that Shape Our Decisions.
Harper Collins, London.
Ashby, S. (2010). The 2007–2009 financial crisis: learning the risk management lessons.
Financial Services Research Forum, Nottingham.

Association of British Insurers (2009). ABI: Competition Commission has ignored wors-
ening economic conditions to the detriment of consumers (29 January). URL: www.abi.
org.uk.
Augustine, N. R. (1995). Managing the crisis you tried to prevent. Harvard Business Review
(November), pp. 147–158.
Australian Prudential Regulatory Authority (2004). Report into irregular currency options
trading at the National Australia Bank (March 24).
Bank for International Settlements (2010).Triennial central bank survey of foreign exchange
and derivatives market activity in 2010: final results. Bank for International Settlements,
Basel (December). URL: www.bis.org/publ/rpfxf10t.htm.
Barrett, R. (1998). Liberating the Corporate Soul. Butterworth–Heinemann, Woburn, MA.
Basel Committee on Banking Supervision (2004). International convergence of capital
measurement and capital standards: a revised framework. Bank for International Settle-
ments, Basel Committee on Banking Supervision. URL: www.bis.org.
Basel Committee on Banking Supervision (2011). BCBS: 195 principles for sound man-
agement of operational risk. Bank for International Settlements, Basel Committee on
Banking Supervision (June). URL: www.bis.org.
Benoist, G. (2002). Bancassurance: the new challenges. Geneva Papers on Risk and Insur-
ance 27(3), 295–303.
Blacker, K. (2001). An investigation into operational risk mitigation in UK retail banks. DBA
Thesis, Brunel University.
Blacker, K., Mills, R. W., and Weinstein, W. (2004). People risk in the financial services
industry. Working Paper, Henley Management College.
British Bankers’ Association (2011). PPI fact sheet: why the BBA brought a judicial
review. British Bankers’ Association, London (9 May). URL: www.bba.org.uk/media/
article/ppi-factsheet.
Brown, B. M. J. (1992). Allfinanz without Limits. Lafferty, Dublin.
Cecchetti, S. G, Disyatat, P., and Kohler, M. (2009). Integrating financial stability: new mod-
els for a new challenge. Bank for International Settlements, Basel (September). URL:
www.bis.org/publ/othp06.htm.
Citizens Advice Bureau (2005). Protection racket. Report, Citizens Advice Bureau, London
(September).
Citizens Advice Bureau (2009). Annual report and accounts. Report, Citizens Advice
Bureau, London. URL: www.citizensadvice.org.uk/index/aboutus/publications/annualrep
orts/ar_10.htm.
Coleman, J. W. (2001). The Criminal Elite: Understanding White Collar Crime, 5th edition.
Worth, New York.
Competition Commission (2008a). Market investigation into payment protection insurance
provisional findings report. Competition Commission, London (June). URL: www.compet
ition-commission.org.uk.
Competition Commission (2008b).The profitability of PPI working paper. Competition Com-
mission, London. URL: www.competition-commission.org.uk.
Consumer Financial Protection Bureau (2011). Building the CFPB. Consumer Financial
Protection Bureau, Washington (July). URL: www.consumerfinance.gov.

Council of Mortgage Lenders (2006). Mortgage payment protection insurance: response by

the Council of Mortgage Lenders to the OFT report on the payment protection insurance
market study. Council of Mortgage Lenders, London (November). URL: www.cml.org.uk.
Croucher, K., Quilgars, D., Wallace, A., Baldwin, S., and Mather, L. (2003). Paying the
mortgage: a systematic literature review of safety nets for home owners. University of
York, Department of Social Policy.
Crouhy, M., Jarrow, R. A., and Turnbull, S. M. (2008). The subprime crisis of ’07. Work-
ing Paper, Bauer College of Business University of Houston. URL: www.bauer.uh.edu/
sturnbull/documents/SubprimeCreditCrisis.pdf.
Cruz, M. G. (2002). Modeling, Measuring and Hedging Operational Risk. Wiley Finance.
Durand, P. (2003). Predicting a firm’s forecasting ability: the roles of organizational illusion
of control and organizational attention. Management Journal 24, 821–838.
Evans, R. (2011). PPI: timeline of the mis-selling scandal. Telegraph, London (5 May).
URL: www.telegraph.co.uk/finance/personalfinance/insurance/incomeprotection/84951
61/PPI-timeline-of-the-mis-selling-scandal.html.
Federal Reserve (2006). Risk based capital standards: advanced capital adequacy frame-
work. Joint Notice of Proposed Rulemaking, Federal Reserve System, Washington.
Field, L. P., Fraser, D. R., and Kohlari, J. W. (2007). Is Bancassurance a viable model for
financial firms? Journal of Risk and Insurance 74(4), 777–794.
Financial Conduct Authority (2011). Approach to regulation. Financial Services Authority,
London (June). URL: www.fsa.gov.uk.
Financial Crisis Inquiry Commission (2011). Final report of the national commission on the
causes of the financial and economic crisis in the United States. Financial Crisis Inquiry
Commission, Washington (January) URL: www.fcic.gov/report.
Financial Ombudsman Service (2008a). Final decisions: complaint by Mr. A. Financial
Ombudsman Service, London (November). URL: www.financial-ombudsman.org.uk.
Financial Ombudsman Service (2008b). Newsletter issue 72: case studies involving
equity release schemes. Financial Ombudsman Service, London (November). URL:
www.financial-ombudsman.org.uk.
Financial Ombudsman Service (2011). Ombudsman newsletter 94. Financial Ombudsman
Service, London (June/July). URL: www.financial-ombudsman.org.uk.
Financial Services Authority (2001). Treating customers fairly: after point of sale. Financial
Services Authority, London (June). URL: www.fsa.gov.uk.
Financial Services Authority (2002). £11.8 billion compensation for pensions and FSAVC
reviews. Financial Services Authority, London (June). URL: www.fsa.gov.uk.
Financial Services Authority (2005a). The sale of payment protection insurance: results of
thematic work. Financial Services Authority, London (November). URL: www.fsa.gov.uk.
Financial Services Authority (2005b). FSA update on payment protection insurance (PPI).
Financial Services Authority, London. URL: www.fsa.gov.uk/library/communication/pr/
2005/115.shtml.
Financial Services Authority (2006a). The sale of payment protection insurance: results of
follow-up thematic work. Financial Services Authority, London (October). URL: www.fsa.
gov.uk.
Financial Services Authority (2006b). Treating customers fairly: towards fair outcomes for
consumers. Financial Services Authority, London (July). URL: www.fsa.gov.uk.

Financial Services Authority (2007). The sale of payment protection insurance: thematic
update. Financial Services Authority, London (September). URL: www.fsa.gov.uk.
Financial Services Authority (2008a). FSA update on its review of the sale of PPI. Financial
Services Authority, London (September). URL: www.fsa.gov.uk.
Financial Services Authority (2008b). Alliance & Leicester to pay £7 million fine for PPI
failings. Financial Services Authority, London (2008). URL: www.fsa.gov.uk.
Financial Services Authority (2009). FSA wants all firms to stop selling single premium
PPI. Financial Services Authority, London (February). URL: www.fsa.gov.uk.
Financial Services Authority (2010a). The assessment and redress of payment protection
insurance complaints: on the further consultation in CP10/6 and final handbook text.
Financial Services Authority, London (August). URL: www.fsa.gov.uk.
Financial Services Authority (2010b). FSA announces CFEB chairman. Financial Services
Authority, London (September). URL: www.fsa.gov.uk.
Financial Services Authority (2011). FSA fines Barclays £7.7 million for investment
advice failings and secures as much as £60 million in redress for customers. Finan-
cial Services Authority, London. URL: www.fsa.gov.uk/pages/Library/Communication/
PR/2011/006.shtml.
Financial Services Authority (2011b). Packaged bank accounts: ICOBS rules for the sale
of non-investment insurance contracts. CP11/20, Financial Services Authority, London
(October). URL: www.fsa.gov.uk.
Financial Services Authority and Office of Fair Trading (2011). Guidance consultation: pay-
ment protection products. GC11/26/OFT1385, Financial Services Authority and Office
of Fair Trading (November). URL: www.fsa.gov.uk//
Ford, J. (2000). MPPI take-up and retention: the current evidence. Finance 45 (February),
University of York Centre for Housing Policy.
Ford, J., and Kempson, E. (1997). Bridging the gap? Safety nets for mortgage borrowers.
University of York Centre for Housing Policy.
Garratt, B. (1998). The Fish Rots from the Head. Harper Collins, London.
Gleick, J. (1992). Genius: Richard Feynman and Modern Physics. Abacus, London.
Green, S. (2009). Good Value: Reflections on Money, Morality and an Uncertain World.
Penguin, London.
Haldane, A. G. (2009). Rethinking the financial network. Speech delivered at the Financial
Student Association, Amsterdam (April). Bank of England, London. URL: www.bankof
england.co.uk.
Hancock, M., and Zahawi, N. (2011). Masters of Nothing. Biteback, London,
Hutton, W. (2010). Them and Us: Changing Britain: Why We Need a Fair Society. Little
Brown, London.
Independent Commission on Banking (2010). Issues paper: call for evidence. Indepen-
dent Commission on Banking, London (September). URL: http://bankingcommission.
independent.gov.uk.
Independent Commission on Banking (2011a). Final report: recommendations. Inde-
pendent Commission on Banking, London (September). http://bankingcommission.
independent.gov.uk.
Independent Commission on Banking (2011b). Interim report: consultation on reform
options. Independent Commission on Banking, London (April). http://bankingcommi
ssion.independent.gov.uk.

International Monetary Fund (2010). Global financial stability report: meeting new chal-
lenges to stability and building a safer system. International Monetary Fund (April). URL:
www.imf.org.
Janis, I. (1971). Groupthink: the desperate drive for consensus at any cost. In The Classics
of Organisational Theory, Shafritz J. M., and Ott, J. S. (eds). Wadsworth, Belmont, CA.
Jobst, A. (2007). Constraints of consistent operational risk measurement and regulation:
data collection and loss reporting. Journal of Financial Regulation and Compliance 15(4),
423–449.
Kahneman, D., and Tversky, A. (1979). Prospect theory: analysis of decision under risk.
Econometrica 47, 263–291.
Krugman, P. (2009). The Return of Depression Economics and the Crisis of 2008. W. W.
Norton, New York.
Levin, C., and Coburn, T. (2011). Wall Street and the financial crisis: anatomy of a
financial collapse. Subcommittee On Investigations: United States Senate, Washington
(April). URL: www.hsgac.senate.gov/public/index.cfm?FuseAction=Press.MajorityNews
&ContentRecord_id=51bf2c79-5056-8059-76a0-6674916e133d.
McConnell, P. J. (1998). Barings: development of a disaster. International Journal of Project
and Business Risk 2(1), 59–74.
McConnell, P. J. (2003). AIB/Allfirst: development of another disaster. Working Paper, Hen-
ley Management College.
McConnell, P. J. (2005). NAB: learning from disaster. Working Paper, Henley Management
College.
McConnell, P. J. (2006). A perfect storm: why are some operational losses larger than
others? Continuity Central Paper. URL: www.continuitycentral.com/Perfect_Basel.pdf.
McConnell, P. J. (2008). People risk: where are the boundaries? Journal of Risk Manage-
ment in Financial Institutions 1(4), 370–381.
McConnell, P. J., and Blacker, K. (2011). The role of systemic people risk in the global
financial crisis. Journal of Operational Risk 6(3), 65–123.
Merricks, W. (2008).The future of banking regulation: speech to the BBA seminar. Financial
Ombudsman Service, London (October). URL: www.financial-ombudsman.org.uk.
Molyneux, P., Altunbas, Y., and Gardener, E. (1996). Efficiency in European Banking. John
Wiley & Sons, Chichester, UK.
Money Advice Service (2011). 2011/2012 business plan. Money Advice Service, London
(April). URL: www.moneyadviceservice.org.uk.
Nyberg, L. (2004). How do conflicts of interest in universal banking emerge and what are the
arguments for a separation of commercial and investment banking? Speech, Swedish
Central Bank, Stockholm.
Nyberg, L. (2011). Misjudging risk: causes of the systemic banking crisis in Ireland. Ministry
of Finance, Dublin (March). URL: www.bankinginquiry.gov.ie/Documents/Misjuding%20
Risk%20-%20Causes%20of%20the%20Systemic%20Banking%20Crisis%20in%20
Ireland.pdf
Office of Fair Trading (2006). Payment protection insurance: report on the market study
and proposed decision to make a market investigation reference. Office of Fair Trading,
London (October). URL: www.oft.gov.uk.

Office of Fair Trading (2007). Payment protection insurance: OFT’s reasons for making a
market investigation reference to the Competition Commission. Office of Fair Trading,
London (February). URL: www.oft.gov.uk.
Ouseley, D. B. W. (2011). Judgement in the judicial review brought by the British Banking
Association against the Financial Services Authority and the Financial Ombudsman Ser-
vice. Mr. Justice Ouseley, High Court of Justice Queens Bench Division, Administrative
Court, London (May).
PriceWaterhouseCoopers (2004). PriceWaterhouseCoopers UK economic outlook. Lon-
don (July).
Reuters (2011). Trio of British banks take $3 bln mis-selling hit. Thomson Reuters,
London (9 May). http://uk.reuters.com/article/2011/05/09/britain-banks-idUKLDE74805
E20110509.
Schiller, R. J. (2008). The Subprime Solution. Princeton University Press.
Schwarcz, S. (2008). Systemic risk. Paper 1632008, Duke Law School. URL: http://ssrn.
com/abstract=1008326.
Securities and Exchange Commission (2005). Global research analysts settlements. Secu-
rities and Exchange Commission, Washington (March). URL www.sec.gov/news/studies/
2008/craexamination070808.pdf.
Sergeant, C. (2003). A strategic approach to treating customers fairly. Speech to Retail
Financial Services Forum (October). Financial Services Authority, London. URL: www.
fsa.gov.uk/Pages/Library/Communication/Speeches/2003/sp1.
Simon, H. A. (1990). Invariants of human behavior. Annual Review of Psychology 41, 1–19.
Soros, G. (1997). The capitalist threat. Atlantic Monthly 2, 45–58.
Taleb, N. (2007). The Black Swan: The Impact of the Highly Improbable. Penguin, London.
Turner, B. (1976). The organisational and interorganisational development of disasters.
Administrative Science Quarterly 21, 387–397.
Twomey, T. (2009). Subprime revisited: reverse mortgage lenders put older homeowners’
equity at risk. National Consumer Law Center, Boston (October).
UBS (2011). UBS provides more details of unauthorized trading. Media Release, Union
Bank of Switzerland, Zurich (September 18). URL: www.ubs.com.
UK Government (2010). The coalition: our programme for government: freedom, fairness,
responsibility. London (May). URL: www.direct.gov.uk.
UK Treasury (2011). A new approach to financial regulation. HM Treasury, London (Febru-
ary). URL: www.official-documents.gov.uk/document/cm80/8012/8012.asp.
UK Treasury Subcommittee (2005). Special report of session 2004–05. Treasury Sub-
Committee, House of Commons, London (April). URL: www.publications.parliament.uk/
pa/cm200405/cmselect/cmtreasy/508/508.pdf.
US Congress (2010). Wall Street Reform and Consumer Protection Act. US Congress,
Washington (July). URL: www.gpo.gov/fdsys/pkg/PLAW-111publ203/pdf/PLAW-111publ
203.pdf.
US Senate (2004). Report on the US intelligence community’s pre-war intelligence assess-
ments on Iraq. Sates Senate, Select Committee on Intelligence (July).
Wainer, J., Darzins, P., and Owada, K. (2010). Prevalence of financial elder abuse in Victoria.
State Trustees of Victoria, Melbourne (May). URL: www.statetrustees.com.au/uploads/
content/199-170-Prevalence-of-Financial-Elder-Abuse-in-Victoria_black-and-white.pdf.

Watchorn, E. (2007). Applying a structured approach to operational risk scenario analysis in

Australia. Working Paper, Australian Prudential Regulatory Authority, Sydney (Septem-
ber).
Which? (2011). Payment protection insurance. Which?, Hertfordshire, UK (August). URL:
www.which.co.uk/campaigns/personal-finance/the-ppi-campaign/our-successes.
Willman, P., Fenton-O’Creevey, M., Nicholoson, N., and Soane, E. (2005). Noise trading and
the management of operational risk; firms, traders and irrationality in financial markets.
Journal of Management Studies 43(6), 1357–1374.
Zhang, P. G. (1995). Barings Bankruptcy and Financial Derivatives. World Scientific.

Systemic Operational Risk The UK Payment

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Systemic Operational Risk The UK Payment

Uploaded by

Copyright:

Available Formats

The Journal of Operational Risk (79–139) Volume 7/Number 1, Spring 2012

Systemic operational risk: the UK

Payment protection insurance,2 as the name suggests, is an insurance product that

The Journal of Operational Risk Volume 7/Number 1, Spring 2012

Forum Paper www.journalofoperationalrisk.com

2 PAYMENT PROTECTION INSURANCE IN THE UNITED KINGDOM

The Journal of Operational Risk Volume 7/Number 1, Spring 2012

2.2 How PPI works

Borrowers: persons requiring credit, such as mortgages, secured or unsecured loans,

Brokers: intermediaries, such as mortgage brokers or car dealerships, that provide

Forum Paper www.journalofoperationalrisk.com

FIGURE 1 PPI business model.

Distribution Underwriting and claims

PPI Borrower Lender Insurer

The Journal of Operational Risk Volume 7/Number 1, Spring 2012

2.3 The UK PPI market

Forum Paper www.journalofoperationalrisk.com

The Journal of Operational Risk Volume 7/Number 1, Spring 2012

Estimated number of customers covered by PPI in 2006 15.5 million

Estimated number of MPPI policies provided by brokers £0.2 billion 32%

Estimated GWP per annum by underwriter

Estimated allocation of GWP

Average profitability after costs 2003–6 £2.6 billion 59%

Weighted average revenue for a single-premium PLPPI £690

Forum Paper www.journalofoperationalrisk.com

2.4 Influence of the UK government

The Journal of Operational Risk Volume 7/Number 1, Spring 2012

3 THE EVOLUTION OF THE PAYMENT PROTECTION INSURANCE

16 For further information on various campaigns, see www.which.co.uk.

Forum Paper www.journalofoperationalrisk.com

3.2 The Citizens Advice Bureau

The study identified a number of common problems (CAB (2005)).

Insufficient documentation: borrowers were provided complex documentation, often

Inappropriate bundling: in most cases, borrowers were interested in obtaining a loan,

The Journal of Operational Risk Volume 7/Number 1, Spring 2012

The CAB study concluded that

3.3 The Financial Services Authority

Forum Paper www.journalofoperationalrisk.com

PPI is a “relatively complex” product that is often sold, as a secondary purchase,

“Advice on PPI was often likely to be of poor quality.”

Firms relied on product documents at the “expense of explaining the policy to

“Competence of sales staff was not sufficient in many cases.”

The Journal of Operational Risk Volume 7/Number 1, Spring 2012

Forum Paper www.journalofoperationalrisk.com

“properly determined whether the particular PPI policy was suitable”,

“properly explained the significant exclusions and limitations of the policy to

“given customers sufficient information when selling single-premium policies

3.4 The Office of Fair Trading

The Journal of Operational Risk Volume 7/Number 1, Spring 2012

Forum Paper www.journalofoperationalrisk.com

lack of up-front information made it difficult for borrowers to determine whether

point-of-sale negotiations centered on the Annual Percentage Rate (APR) of

Because of complexity, borrowers often simplified the decision to purchase

The Journal of Operational Risk Volume 7/Number 1, Spring 2012

3.5 The Competition Commission

Inquiries by the Commission are usually undertaken as a result of a reference by

viewed as an add-on product, PPI distribution is highly profitable. Distributors earn

Forum Paper www.journalofoperationalrisk.com

The Journal of Operational Risk Volume 7/Number 1, Spring 2012

3.6 The Financial Ombudsman Service

Forum Paper www.journalofoperationalrisk.com

The Journal of Operational Risk Volume 7/Number 1, Spring 2012