Professional Documents
Culture Documents
Systemic Operational Risk The UK Payment
Systemic Operational Risk The UK Payment
Keith Blacker
5 Rewlands Drive, Winchester, Hampshire, SO22 6PA, UK;
email: blacker.keith@btinternet.com
May 2011 was a very bad month for UK banks. In the previous month, a long-
running legal case was resolved when the UK High Court ruled against the British
Bankers’ Association, which had petitioned for a judicial review of regulatory
action concerning mis-selling of payment protection insurance (PPI) products.
Following the ruling, the four major UK banks announced provisions totaling over
£6 billion to cover restitution to buyers of their PPI products. Some of the banks
also decided to exit the PPI business. At first glance, PPI appears to be a standard
insurance product. For an up-front or monthly premium, an insurer will sell pro-
tection to a borrower against being unable to make loan repayments, as a result
of illness or unemployment, for example. Before the market collapsed, the main
distributors/arrangers of PPI contracts were the largest UK banks, often using
their affiliated insurance subsidiary as the insurer. The underlying problems that
generated the so-called PPI scandal should not have come as a complete surprise
to the banks. For several years prior to the ruling, consumer advocacy groups had
been complaining loudly about banks selling PPI products to customers who did
not fully understand the policies and, in many cases, did not need the protection
provided. Yet, having seemingly taken on a life of its own, the practice of sell-
ing PPI policies continued and grew rapidly in all major banks. Various official
inquiries found that the “people” involved, including frontline bank staff, lending
managers and insurers, simply did not exercise the due diligence necessary to
check the suitability of PPI for many customers. Prudence seems to have been
diluted or even abandoned in a chase for increased product volume across the
whole UK retail banking sector. This paper argues that the losses incurred as a
result of the PPI scandal were, in most part, precipitated by systemic operational
risk, particularly people-related risks. Using examples from official inquiries, this
paper identifies some of the people risk that went unmanaged in this part of the UK
retail banking sector system, until the PPI market seized up in 2011. The paper
then suggests proactive approaches to people risk management that should help
to detect and minimize the impact of similar scandals in the future. This topic is
important as the demographic shift toward longer periods of retirement and the
prevalence of the “universal banking model” means that nontraditional banking
products such as insurance, pensions and investments will be increasingly sold
through banks, raising the specter of further mis-selling scandals in the future.
79
80 P. McConnell and K. Blacker
1 INTRODUCTION
The payment protection insurance (PPI) scandal1 was not a “black swan” event (Taleb
(2007)). The conclusion of the scandal was not sudden or climactic, as over several
years there had been a sense of inevitability that things would not end well for the
United Kingdom’s largest banks, which were the largest “distributors” of PPI products.
The sense of inevitability came from the fact that there had been a similar scandal
not many years previously involving the mis-selling of pensions (see the case study
in Blacker (2001)) that did not end well for the UK financial industry (Financial
Services Authority (FSA) (2002)). The Financial Conduct Authority (FCA), the new
UK business conduct regulator, notes that such problems are not new:
Confidence in the financial services sector as a whole is at a low level. Conduct
issues since 1990 have been a major factor, particularly the significant instances of
widespread mis-selling of financial products [including PPI] to retail consumers.
FCA (2011, p. 5)
1 The term “scandal” as used in the UK press implies a value judgment that is not meant here.
However, other terms such as “disaster” would be an overstatement because human life was not
lost, “crisis” implies an element of surprise that was not present, and “operational loss event” does
not describe the outrage generated by what transpired.
2 PPI was originally known in the industry as accident, sickness and unemployment insurance as it
related to covering these types of risks when a loan was taken out.
3 Note that the total population of the United Kingdom in 2011 is estimated at less than 62 million,
implying that PPI products were widely used by the adult population.
Under Basel II rules, the losses experienced by UK banks as a result of the PPI
scandal should be classified as “operational risk loss events” (Basel Committee on
Banking Supervision (BCBS) (2004)). But the losses resulting from the regulatory
decisions on PPI are not merely the result of inadequate processes within the banks
concerned: there is also a systemic dimension to these losses. This paper argues that the
PPI scandal is an example of systemic4 operational risk and, in this case, of systemic
people risk, as the losses were due to bank staff (people) selling inappropriate products
to customers (people) rather than an economic event, such as a recession.
Because of the size of the losses involved, it is important that lessons are learned
from the events that led up to the losses. This paper aims to identify lessons that might
be helpful in preventing similar events occurring in future. As the earlier pension mis-
selling scandal illustrates, it has happened before and can happen again. In a 2003
speech (just before the full impact of the PPI scandal broke in the public domain),
Carol Sergeant,5 former director of regulation at the FSA, presciently warned senior
bankers:
My proposition to you today is that the retail sector poses significant strategic risks to
you, your top management and Boards and, moreover, that these risks are all too often
not explicitly identified, monitored and managed, to the potential detriment not only
of individual consumers but also of market confidence and ultimately shareholder
value.
Sergeant (2003)
The landscape of banking around the world is changing rapidly as governments put
new “regulatory architectures” into place to monitor business conduct by financial
institutions, particularly with respect to consumer protection. Many of these efforts
are aimed at reducing people-related risks, such as conflicts of interest. Moreover,
these new regulations are based on general principles of good business conduct rather
than strict rules of conformance. In essence, this means that operational risk manage-
ment functions must be proactive in ensuring, as new banking products are designed,
developed and marketed across banking networks, that operational risks are properly
identified, managed and monitored throughout the product life cycle.
4 It is recognized that systemic risk generally refers to risks that could impede upon the functioning
of the financial system, which is not the case with the PPI scandal as the impact was confined to
a number of banks/insurers. However, Schwarcz (2008) and IMF (2010) point out that there is no
consensus regarding the term “systemic risk”, with definitions that range from total failure of the
financial system to a “chain of significant losses to financial institutions” (Schwarcz (2008)).
5 It should be noted that Ms. Sergeant left the FSA shortly after giving this speech to join Lloyds TSB,
one of the banks affected by the PPI scandal, as Chief Risk Officer (see http://business.timesonline.
co.uk/tol/business/article1004432.ece).
First, this paper describes the PPI model as it evolved in the United Kingdom
from the mid-1990s. The roles of consumer advocates and competition regulators
in bringing the problems in the PPI market to light are then described. The paper
then describes the concept of operational risk, as defined in the Basel II regulation,
and identifies operational risks, particularly people risk, that were present throughout
the PPI business model. The paper then describes some of the changes proposed
to banking regulation in the United Kingdom and the United States in the wake of a
number of financial crises. Finally, the paper discusses the implications of the systemic
breakdown of responsibility, accountability and ethics across the UK retail banking
system that led to the PPI scandal and proposes mechanisms to help prevent further
such scandals in future.
PPI is a product aimed squarely at ordinary consumers who are seeking a loan and wish
to cover against being unable to make the necessary repayments. Loans considered
for PPI coverage range from the significant, such as mortgages (called MPPI) and the
large (secured loans such as second mortgage or car loans) to the relatively small (such
as unsecured loans or credit card debt). If selected, the cost of PPI insurance is either
via an up-front charge (a so-called “single premium”) or as a regular payment usually
combined with a monthly mortgage repayment or credit card payment. Coverage of
loan repayments by the insurer in a PPI is not intended to be indefinite and there is
often a maximum payment period (typically six to twelve months) during which it is
expected that the borrower6 will recover if sick/injured or find new employment.
The FSA has noted in many press releases that,
when properly structured, explained and sold, payment protection insurance can
provide worthwhile cover for consumers against unexpected changes in their personal
circumstances. We were therefore pleased to see that sales of regular premium PPI
sold with prime mortgages are generally compliant.
FSA (2005b)
6 From an insurance perspective, the term “purchaser” is often used to refer to the person(s) who
buy protection, but from the credit perspective these are typically called “borrowers”, which is the
term used predominately and interchangeably in this paper.
So if PPI is, per se, a “good” product, why have there been such serious problems? The
key point here is that “when properly structured, explained and sold”, PPI is a useful
product for knowledgeable consumers (FSA (2005b)). The processes of structuring,
explaining and selling are all people-related activities and, hence, that is where the
(bulk of) PPI problems are likely to occur.
As shown in Figure 1 on the next page, there are four generic participants in the PPI
business model (OFT (2006, p. 16)).
Lenders: regulated financial institutions that extend credit to borrowers, and option-
ally will arrange for the purchase of PPI insurance cover from insurers.
Insurers: regulated financial institutions that underwrite the insurance cover, and
resolve claims under a PPI policy.
Interactions between the participants in the PPI business model are complex. In
the majority of cases, a borrower will interact with a lender and if PPI is “bundled”
in the loan package, the lender will arrange cover directly with an insurer. Alter-
natively, a borrower might approach a broker to help arrange for a loan and/or PPI
insurance cover. In some situations, predominantly related to mortgages, a borrower
may negotiate with an insurer directly.
In UK law, the distributor or arranger of the PPI product is responsible for assessing
its suitability for retail purchasers. This places an onus on the lender/broker being
suitably trained to sell the product the insurer has to offer. Brown (1992) discusses
this in the context of the “vertically integrated” (or Allfinanz) business model asserting
that specialization (ie, product knowledge) at the point of sale will work but it requires
discipline on the part of both partners involved (the insurance company and the bank).
With a broker, however, the relationship will be with a number of different providers
(insurers) requiring a further degree of specialization and discipline in the selling
process and thus increasing operational risks.
Other Broker
parties (credit)
Historically, PPI has had a low average claims ratio,7 around 14% compared,
for example, with 55% for household insurance (Competition Commission (2008b,
p. 132)), making it a very attractive product for insurers and lenders. For most PPI
policies, therefore, there will never be a claim, but if a claim is to be made the bor-
rower will typically interact with the insurer for restitution of the agreed payment
amount(s), but if the claim is refused, the borrower may take up a complaint with the
lender.
It is when a claim is made and then either rejected or delayed that problems with
the original PPI sale will come to the fore. When a borrower has made PPI payments,
he/she may have (albeit unrealistic) expectations that they will be covered if the “worst
was to happen”. It is not difficult to see how problems could arise. For example, it
is sometimes difficult to precisely define “illness”. Obviously, for verifying illness, a
doctor’s opinion would be required, but which doctor, what expertise, what evidence
and for how long? Tricky questions of coverage also arise, such as, for a joint mortgage
where repayments are based on a couple’s income, who is covered: both or one
person? If one, which one?8 These issues, and more, were evident with PPI policies
in the United Kingdom.
7 The claims loss ratio represents the average percentage of the net premium received that is paid
out in claims. Thus, a 14% claims loss ratio means that, for every £100 taken in premiums, £14
is paid in claims, leaving a £86 margin for the insurance company to cover its costs, profit margin
and commission to distributors, which was estimated in 2006 to be £68 (Competition Commission
(2008b, p. 133)).
8 Although the terms and conditions of policies do specify inclusions and exclusions, inquiries found
that key exclusions were often hidden in small print, such as coverage of the “first name” only, and
were not highlighted by sales staff.
The problems that can arise when a claim is rejected should be seen in the context
of a claimant’s situation, which is often very distressing. Typically, the claimant has
suffered a significant setback in life, from illness or unemployment, and is relying
on payments they thought they had covered via their insurance policy. On top of the
setback, they now have to worry about running up even more debt or even being
threatened with losing their homes (Citizens Advice Bureau (CAB) (2005, p. 41)).
This worry can exacerbate an already very trying situation, especially if the claim is a
result of a claimant’s stress or depression. PPI claimants are often vulnerable people
in desperate circumstances, and it is hardly surprising that banks and insurers are
seen in such cases to be “kicking them when they are down”. Banks and insurance
companies are not charitable organizations, but are running serious reputational risks
if they are perceived to be too uncaring or heavy-handed, especially to sick customers
who have paid for a service they did not receive.
Rejection of a claim can be devastating, as can delays in making a decision about
whether or not to pay a claim. Most PPI policies have an “initial waiting period”
before a claim can begin to be paid out. This makes sound economic sense since,
for example, newly unemployed workers are normally paid for a “notice” period and
firms often pay a period of “sick leave”, if backed by medical documentation. If, at the
end of the waiting period, the insurer were to delay payment of a claim, for perfectly
sound reasons such as checking for unemployment or confirming illness, claimants
will be forced to make loan repayments from savings, if they have any. The longer the
delay (whether justified or not), the more some claimants may spiral into debt. If the
situation persists for any length of time, the lender, who sold the original policy, may
start recovery proceedings even though the insurer (often part of the same banking
group) is in the process of settling the claim (CAB (2005, p. 41)).
Finally, it should be noted that just because a claim is never made, it cannot be
assumed that the purchaser has had value for money. In some cases, the insurance
may have been unnecessary (for example, coverage for an employee whose wages are
covered for sickness by their employer for a period longer than that provided by the PPI
cover). This aspect of assessing value for money is, along with others, important from
a regulatory point of view and has been embodied in the FSA’s Treating Customers
Fairly (TCF) principles (FSA (2001, 2006b)). These principles serve to illustrate that
a product may be mis-sold regardless of whether a claim is made!
Commission collected detailed information on the four major types of PPI policy,9
which together account for over 90% of the UK market (Competition Commission
(2008a, pp. 31–32, 35)).
PLPPI: personal loan PPI, based on unsecured fixed-term loans, which are most
often charged as a “single premium” that is added to the loan amount, thereby also
incurring interest.
CCPPI: credit card PPI, based on revolving credit card balances, normally charged
as a percentage of the outstanding balance on a monthly basis.10
MPPI: mortgage PPI, based on a “first charge” mortgage, normally charged as a
monthly premium.
SMPPI: second mortgage PPI, also called a secured loan, predominantly paid by a
single premium (approximately 66%), with the remainder on a monthly premium.
Table 1 on the facing page shows some key statistics for the PPI market and the gross
written premiums (GWPs)11 for PPI products for 2006.
Other types of payment protection insurance not covered by PPI products include
short-term income protection,12 which will pay a fixed amount for a period in the event
of illness or unemployment, but, unlike PPI, this is typically sold as a “standalone”
product, not linked to a related credit application (Competition Commission (2008a,
p. 79)).
As Table 1 on the facing page illustrates, the underwriting of PPI policies is domi-
nated by the insurance subsidiaries of the five largest UK banks (OFT (2007, Annex A,
p. xvi)). PPI policies related to loans are predominantly sold through three distribu-
tion channels: face-to-face contact in branches of banks, over the telephone and over
the Internet (Competition Commission (2008a, p. 6)). Over half of all policies are
sold through face-to-face contact with a “sales adviser”. Legally, sales are conducted
on either a nonadvised basis or an advised basis “where a personalized recommen-
dation is provided as to the suitability of the product for a customer” (Competition
Commission (2008a, p. 6)). Obviously, the behavior of the salespeople involved in
advised/nonadvised sales must differ regarding whether or not they are perceived to
make recommendations.
9 Note that there is no standard terminology across the industry on PPI product types.
10 Large stores also provided a type of credit card, the so-called “store card” that was the subject of
separate analyses by fair trading regulators and not covered here.
11 Note that, in the United Kingdom, an insurance premium tax of (currently) 6% is deducted from
the GWPs before any charges are levied. Insurance premium tax is a revenue-raising mechanism
introduced by the UK government in 1994.
12 Income protection, as its name suggests, is aimed at preserving a person’s monthly income and
is often used by self-employed people who do not get paid if they are not working for any reason.
TABLE 1 Selected PPI statistics for 2006 (Competition Commission (2008a) and OFT
(2007)).
Of which
PLPPI £2.0 billion 45%
CCPPI £1.0 billion 22%
MPPI £0.6 billion 14%
SMPPI £0.5 billion 11%
Other £0.3 billion 8%
The value of a particular PPI premium would depend on the type and size of
coverage required, but, as Table 1 shows, an approximate profitability of over 90%
(Competition Commission (2008b, pp. 15–18)). This is a large profit margin, which
explains why growing volume while managing costs (albeit at the expense of due
diligence) was the predominant business model in this business sector (Competition
Commission (2008a)).
Table 1 shows that PPI was evidently not a boutique business but a solid production
line, with new policies running at some 1.8 million per year. However, sales volume
is not a good indicator of growth of the market for PPI, since, for example, PPIs
connected with personal or unsecured loan PPIs are typically short term (often less
than twelve months), whereas credit card PPI will typically stay in force as long as
the card is active, ie, the number of policies will grow as new cards are issued.
13 In the UK social security system, the government may have to pay some or all of a mortgage
payment to maintain claimants in their home, a potentially huge cost.
14 The penetration rate is the rate at which PPI is added to new credits at, or near, the “point of sale”.
15 For reasons that are not well understood, penetration rates declined from around 2005. The decline
could be due to the adverse publicity in the market as other PPI markets also declined around the
same period.
The extent to which government policy played a part in the development of the
PPI scandal shows similarities to the GFC, where US government housing policy was
seen as an essential element of the crisis (McConnell and Blacker (2011, p. 18)). In
both cases, it was not so much that the policy was wrong, but more the way that the
policy was implemented and controlled that enabled the crises to develop.
Turner (1976) also suggests that the best sources for such analyses are official
inquiries, which provide a level of objectivity, albeit with the benefit of hindsight,
that participants and commentators closer to the action might lack. This section con-
siders the PPI scandal as it evolved in the fifteen years from the mid-1990s, using
reports produced by official or semi-official inquiries.
3.1 Which?
Originally known as the Consumers’Association, Which? is a not-for-profit organiza-
tion, with over 650 000 members, whose primary activity is performing independent
testing of household products, such as washing machines. But Which? is also an
organization that campaigns16 on behalf of its members on a wide range of consumer
issues, such as energy bills and personal finance.
Which? has, and continues to, run a successful grass-roots campaign around the
mis-selling of banking products (Which? (2011)) and has been credited with raising
initial concerns about PPI products in 1998 – a subject that was taken up, in response to
numerous complaints, by others, including campaigning newspapers (Evans (2011)).
Inappropriate product: borrowers were sold PPI insurance which was not appropriate
to their circumstances and often not needed by them.17
Exclusions: borrowers sometimes found that when they made a claim they were
excluded from a payment by “small print” in the documentation, such as “age
exclusions”.
Excessive cost: borrowers were being charged excessive premiums for the cover that
they received, and products were “poor value for money”.
Delayed claims: when making a claim under a PPI, borrowers often found that, when
they most needed the insurance to pay bills, insurers would delay payment.
17 For example, Croucher et al (2003, p. xi) estimated that between 40% and 50% of mortgagors
would benefit little from MPPI, as they would have sufficient savings or other household income to
cover mortgage payments.
One of the many examples of pressure selling and excessive premiums unearthed by
the study was the case of a man who
sought advice … after he took out a loan to consolidate credit card debts and an
overdraft. The client was persuaded to take out optional payment protection because
he was told that otherwise the loan would not have been approved. The original
loan was £14 575. With interest of £10 660, and the payment protection insurance
premium of £7 700, the client ended up owing over £32 000.
CAB (2005, p. 26)
The report also suggested reasons why PPI problems had been allowed to grow:
Because of the way that PPI straddles the jurisdiction of several regulatory regimes
covering insurance, consumer credit and competition issues respectively, no single
regulator has their eye on the whole ball.
CAB (2005, p. 42)
In hindsight, the “Protection Racket” report was the catalyst that prompted consumer
and financial regulators to focus on what had, to this point, been anecdotal evidence
of problems in the PPI market.
As one of its first actions, the FSA instituted a “thematic review” of the PPI market,
which resulted in a report that was published in November 2005 (FSA (2005a)).
The thematic review involved formal regulatory visits to a small but representative
sample of PPI distributors and a separate “mystery shopping” exercise conducted by
an independent market research firm.
The findings of this first thematic work were in line with the CAB report, although
the focus was on how well firms were complying with FSA rules rather than whether
the PPI product or processes were flawed. The findings of the “mystery shopping”
exercises were in line with regulatory visits, but not surprisingly (given the absence of
warnings about the shoppers’ visits) appeared to find a higher incidence of breaches.
The issues found were clearly “systemic” as the FSA “found the same issues in
most firms in the sample” (FSA (2005a, p. 2)). The FSA review made the following
discoveries (FSA (2005a)).
The practices of the majority of firms in the sample posed a “high overall risk”
to the FSA’s consumer protection objectives.
There was a high risk of “inappropriate sales”. Over half of the firms were
found to fail to take reasonable steps to avoid this. In particular, there were
“inadequate controls in place for nonadvised sales”.
“The level and structure of inducements and targets for sales staff could encour-
age mis-selling in some small and medium-sized firms.”
The “majority of firms selling single-premium policies did not give the customer
sufficient information on the lack of refunds”.
“Monitoring was of variable quality and was very poor in some cases.”
On the other hand, the FSA review found no evidence of high-pressure sales techniques
to induce customers to purchase PPI.
It should be noted that, although the FSA review did conclude that “fair selling
practices are made all the more difficult because of the way in which PPI contracts
are designed” (FSA (2005a, p. 4)), these are all people-related issues. The review
also pointed out that regulatory compliance monitoring was made difficult due to the
lack of appropriate management information systems to support monitoring of sales
performance and quality (FSA (2005a, p. 27)).
18 Though not a measure of “vulnerability”, per se, the Competition Commission found that “PPI
consumers are more likely to earn less than the national average income or come from socio-
economic groups C and D” (Competition Commission (2008a, p. 7)).
Following the 2005 review, the FSA continued its thematic work, producing updates
in 2006 and 2007. The first follow-up work, which consisted of regulatory visits to
forty firms, found that although firms had taken steps to improve their PPI sales
standards in line with advice and guidance published by the FSA, there remained
three “key areas of widespread concern” (FSA (2006a, p. 2)):
“many firms are still not giving customers clear information during the sales
conversation”, particularly relating to the information that PPI is optional;
“customers are still not being made fully aware that there may be parts of the
policy under which they cannot claim”;
“where customers are sold single-premium policies, this is not always done
with the best interests of the customer in mind”.
The 2006 review also identified several areas of good practice that it wished firms to
adopt, including improved training, better written disclosure material and improved
management information systems (FSA (2006a, p. 4)).
In 2006 the FSA also published an update on the industry’s progress toward imple-
menting its TCF initiative (FSA (2006b)),19 which showed “mixed progress” toward
achieving the “six outcomes” of the TCF initiative in particular (FSA (2006b, p. 2)):
An example of where there is still some way to go is in quality of advice, where firms
need to improve the way they give financial advice to retail customers in order to
reduce the risk of mis-selling.
In their survey of the industry, from a TCF perspective, the FSA found that, although
they
found many examples of good TCF practice … there remain an unacceptable number
of firms that fail to take the steps necessary to reduce the risk of mis-selling, both in
terms of the detailed rules and the wider principles.
FSA (2006b, p. 30)
In particular,
Almost all of the firms held themselves out as offering a full advice service, but only
a third actually undertook a full review of clients’ needs and objectives. Very few
gave consideration to debt repayment.
FSA (2006b, p. 30)
In 2007, the FSA conducted a third thematic review of PPI using a larger number
of regulatory visits and mystery shopping exercises (FSA (2007)). The findings of
the review showed that the FSA was clearly exasperated that, despite much official
19 Note that the TCF initiative had been discussed with the industry since 2001 (FSA (2001)).
prompting and several well-publicized examples of firms being fined for breaching
rules (FSA (2007, p. 14)), compliance with acceptable practice remained patchy. Some
key areas were found to have improved in the interim, most importantly the fact that
PPI was optional was being properly communicated. However, the review concluded
that “some firms’ sales processes still fall short of expectations”, in particular that
one-third of firms could not demonstrate that sales staff had (FSA (2007, p. 5))
“properly established whether customers were eligible to claim under the dif-
ferent elements of the policy”,
The review found that over two thirds of firms could not demonstrate that they had
“taken sufficient steps to ensure their sales processes meet the required standards”
(FSA (2007)) and that inadequate systems and controls continued to be a problem for
over one-third of firms.
From reading the thematic reviews conducted over three years by the FSA, it
is apparent that improving the market at that point would be a multiyear project.
However, the PPI landscape was about to be changed by inquiries undertaken by
other regulatory bodies.
20 In UK law, certain bodies, such as the CAB, are “designated consumer bodies” that have the right
to request that the OFT investigate market practices that may be harmful to consumers (OFT (2006,
p. 6)).
In a regulatory version of “pass the parcel”, the OFT then referred the issue onto the
Competition Commission for an “investigation into all payment protection insurance
(PPI) services except store card(s)” to retail customers in the United Kingdom (OFT
(2007)). Before doing so, however, the OFT fulfilled its regulatory role by conduct-
ing a very valuable in-depth study of the UK PPI market from several perspectives:
separate business and consumer surveys, economic analysis of the market, consumer
behavioral studies and “mystery shopper” surveys to experience actual market prac-
tices (OFT (2007)).
The OFT study found that there was an identifiable “market” in PPI products but
that market had “structural features” that were harmful to consumers. Its findings
include (OFT (2007, p. 2))
that PPI was a “secondary”, bought almost always as a result of taking out the
primary credit, ie, PPI was almost always tied to the original loan;
that there was “little competitive pressure” at the point of sale and there was
little product information prior to point of sale;
that the complex nature of PPI made comparison of policies difficult and eval-
uation of the cover provided for cost was not transparent;
that the market was “vertically integrated” with 60% of providers, undertaking
both distribution and underwriting within the same group;
that the market had high barriers to entry because of the strength of entrenched
players; and
that because claims on PPI were low compared with other insurance products,
commissions to distributors tended to be higher than for other products.
In other words, sellers had distinct advantages in negotiations with purchasers, who
tended to view PPI as a secondary purchase anyway. So what is to prevent sellers
from abusing such a position, particularly as the business was profitable, with little
perceived risk to the seller? Regulation to check such abuses includes official guidance
from the UK financial services regulator (the FSA) and voluntary self-regulation, such
as the Banking Code.21
It should be noted that the OFT conclusions did not go uncontested. Looking
specifically at MPPI, the CML argued strongly that MPPI should be excluded from
the OFT’s referral to the Competition Commission because there was a “voluntary
21 Note that the Banking Code (of Conduct) was replaced in 2009 by the “Lending Code” now
administered by the Lending Standards Board and sponsored by, among others, the British Bankers’
Association.
baseline” of minimum standards of protection in the industry and that the product
had a better claims resolution ratio than other products (CML (2006)). Nonetheless,
the OFT referral, including MPPI, went forward to the Competition Commission
unchanged.
In addition to its commentary on structural market problems, the OFT report con-
sidered some of the practices that were raised by the CAB and found confirming
evidence that codes of conduct were not being strictly adhered to (OFT (2007, p. 3)):
borrowers were told, or given the impression, that granting of credit would be
eased by purchase of PPI;
The Competition Commission gave an example of just how much a PPI policy could
change the effective APR:
For most PLPPI policies we looked at, the cost of PLPPI over the term of the loan was
greater than the interest payable on the loan. We calculated from Which?’s data that
the average APR quoted for loans on its list was 7.8 per cent. If the APR calculation
had included the price of PPI, the average APR would have been 18.8 per cent.
Competition Commission (2008a, p. 6)
Borrowers, of course, were not completely blameless. The OFT found that consumers
did not shop around for PPI insurance, perhaps because their primary interest was in
obtaining a loan, and did not pay sufficient attention to, or have a good understanding
of, the documentation that they signed (OFT (2007, p. 4)).
Interestingly, the OFT report includes an academic analysis of consumer behavior in
purchasing PPI (OFT (2007, Annex C)). As part of the overall OFT study, Professor
Rob Raynard, an academic psychologist at the University of Bolton, analyzed the
results of a consumer survey from the perspective of the psychology of purchasing
decisions. He made the following conclusions (OFT (2007, Annex C, p. 3)).
Borrowers often did not make their decision on the “basis of comparisons” but
considered the product as part of a “package”.
Although cost was a major concern for borrowers, more than half did not know
the amount that they paid on a monthly basis.
Borrowers did not always make the decision to purchase PPI based on purely
economic consideration but because it “gives them peace of mind”.
These findings align with the theories of behavioral finance as developed by, among
others, Kahneman and Tversky (1979) and the theory of “bounded rationality” pro-
posed by Simon (1990). The implications for risk management in financial institutions
of considering behavioral factors in addition to traditional economic perspectives is
expanded later.
independent public body which conducts in-depth inquiries into mergers, markets
and the regulation of the major regulated industries, ensuring healthy competition
between companies in the United Kingdom for the benefit of companies, customers
and the economy.
Interestingly, the Commission also looked at the profitability of the underlying, ie,
primary, loan product and found that
the personal loans business has suffered from declining profits in recent years to the
point where in 2006 it appears to have been loss making before taking into account
income from PPI. With PPI included, the sector appeared to have been marginally
profitable.
Competition Commission (2008b, p. 4)
Although the Commission found that the credit card and mortgage businesses were still
profitable without PPI, this points up the fact that PPI had become a significant source
of income and profit for lenders and hence provided an incentive to increase volume,
potentially at the expense of due diligence. The high levels of profitability generated
by the PPI products does lead to the question as to whether a lower premium level
(implying lower profitability for the seller but better value for money for the consumer)
would have caused the same level of complaints. Seller’s greed may, therefore, have
been the root cause of this matter escalating.
Breaking out the underwriting component of PPI premiums, some 32% of GWP,
the Commission found that the capital allocated to PPI adequately reflected the risks
being taken by insurers, producing a reasonable return on capital in the 10–20% range
(Competition Commission (2008a, p. 4)). They considered that no further investiga-
tion was needed in this area, implying that problems, if they did exist, would be
present in the distribution rather than underwriting process.
Interestingly, the Commission reported that, when asked to break out profitability
between PPI and the primary loan component, distributors claimed that
it was not meaningful to assess the financial performance of PPI as an add-on product,
as it was fundamentally and inextricably linked with the sale of the underlying credit
product and there was no meaningful way of allocating the costs between them.
Competition Commission (2008a, p. 5)
This is important in this context because it implies that firms did not have the man-
agement systems to assess different components of PPI profitability, which further
implies that sales incentives were based on a bundled, as opposed to an individual
product, basis, ie, sales staff viewed the loan and PPI as a single sales opportunity.
Firms just did not consider PPI as “a separate business” (Competition Commission
(2008b, p. 17)).
In July 2008, the Commission produced a report of its provisional findings, con-
cluding that PPI distributors
face little competition for the sale of payment protection insurance (PPI) when it is
sold in combination with the credit it insures. As a result of this lack of competition,
it is highly profitable to distribute PPI.
Competition Commission (2008a, p. 4)
As further evidence of a lack of competition in the market, the commission found that,
although prices did vary between PPI providers, there was “little [competitive] price
movement over time” and contrary to what would be expected in a truly competitive
market, there were “very few examples of price decreases” (Competition Commission
(2008a, p. 7)).22 The Competition Commission report was critical in elevating the PPI
issue to the industry regulator, the FSA.
Industry reaction to the report was given by the ABI, which acknowledged the
problem but warned against making changes that could leave customers unprotected:
The ABI supports any measures that help people make an informed choice – for
example, the remedies for clearer, more timely information about the cost of PPI and
the product features. However, the ABI believes that the point of sale ban carries
significant risks for borrowers, mainly by leaving them unprotected at a time when
unemployment cover has never been needed more.… Figures released only yesterday
by the ABI show that in November 2008 there were 19 105 new unemployment claims
on PPI policies. That is an increase of 118% from 8772 in November the previous
year. This massive leap in claims shows that PPI is helping many people through a
difficult financial period.
ABI (2009)
22 The Commission did find, however, that terms and conditions such as exclusions were relaxed
over time.
23 From the FOS website “Aims and Values” (www.financial-ombudsman.org.uk/about/aims.htm).
24 Note that the identities of complainants and firms are not disclosed by the FOS.
Mr. A’s case is fairly typical of reported PPI problems. After some shopping around,
Mr. A was offered an unsecured loan by the firm of £6000 to be repaid in four years.
The firm “recommended” that Mr. A also purchase a single-premium PPI policy
costing £972.86, which was added to the loan and hence incurred interest. After two
years, Mr. A repaid the loan in full but received only £171.45 in a refund for the PPI,
even though only half the policy term had expired.
FOS (2008a)
Having “recommended” the PPI policy, as part of the loan sale, the firm therefore
had a duty “to take all reasonable steps to ensure that recommendation was suitable”
(FOS (2008a)). The case then became one of whether the specific policy offered was
“suitable”, which ultimately came down to a “he said, she said” difference of opinion,
as not all conversations were recorded. Both the ombudsman and the adjudicator who
had handled the initial negotiations between the complainant and the firm concluded
that the firm was acting as a “professional insurance adviser”, and hence it had the
duty to ensure that the product was suitable, regardless of whether or not Mr. A had
understood the implications of the policy. The ombudsman concluded that “the firm
did not take reasonable care to ensure the suitability of its advice to Mr. A and … did
not pay due regard to the information needs of its customer” and that therefore Mr. A
should receive fair compensation (FOS (2008a)).
Given the amount of legal analysis needed to arrive at the decision in the case of Mr.
A, the sum involved in this claim, some £300 plus interest, was small, even trivial. In
publishing and emphasizing this case, however, the FOS was in effect setting standards
(or case law), with regard to the level of evidence that is sufficient to decide similar
cases. The FOS published their findings in several other cases which appeared to set
standards for similar decisions. The need for clearly setting out principles to guide
other adjudications was prompted by the caseload reported by the FOS in mid-2011,
when there was a backlog of over 100 000 complaints and growing (FOS (2011)).
At this point one might ask, given the “David and Goliath” disparity in resources
between a typical complainant and a major retail bank, why anyone would under-
take a protracted legal action for such a seemingly paltry return. The answer illus-
trates a new phenomenon: the emergence of specialist “claims management” com-
panies that pursue a case for a claimant on a no-win, no-fee basis (see, for exam-
ple, www.nofeeppirefunds.co.uk). The FOS notes that, in the 2010 financial year,
some “76% of the 104 597 new PPI cases” they received were entered by profes-
sional claims management companies (FOS (2011)). It is not the purpose of this
paper to judge the ethics of “ambulance chasing” other than to note that the phe-
nomenon somewhat redresses the balance of power in the bank–customer relation-
ship, which has implications for sales and claims operations and associated operational
risks.
The rise of specialist claims management companies raises serious issues of repu-
tational risk for financial institutions in that, by aggregating and publishing details of
operational error, whether settled or not, pressure will be brought to bear on financial
institutions to settle claims sooner rather than later. With a disputation infrastructure
already in place and the possibility of good returns for their efforts, claims manage-
ment firms are just waiting for the “next big thing” (FOS (2011)).
In July 2008, the FOS sent a letter to the FSA as part of its “wider implications
process” pointing out that “consumer complaints were not the appropriate way to deal
with such a problem” and that further regulation was needed. In considering the rapid
rise in complaints, Merricks (2008) also argued that “malpractice and detriment have
clearly not been confined to those particular firms [that had already been fined]. So
we could see a widespread systemic problem”.
Only a few months later the FSA went even further, announcing25 that it had
written to all firms still selling single-premium Payment Protection Insurance with
unsecured personal loans (SP PPI UPL) asking them to withdraw the product as soon
as possible, and by no later than 29 May.
FSA (2009)
In addition to its proscription of single-premium PPI policies, the FSA became increas-
ingly active in prosecuting firms for general transgression of PPI rules such as fining
one of the medium-sized UK banks, Alliance & Leicester, £7 million for failing to
inform customers of the full cost of PPI (FSA (2008b)).
Cognizant of the growing backlog of unresolved PPI complaints clogging up the
FOS, after industry consultation the FSA issued a new policy statement on assessing
25 It should be noted that, by the time of this “CEO letter”, a number of the major PPI distributors
had already announced that they were planning to move from single payment to regular monthly
payments for this product (FSA (2009)).
and redressing PPI complaints (FSA (2010a)). The industry’s reaction to the new
FSA rules was strong, arguing that the FSA had overreacted and contending that the
FSA had not made out a case that there were “widespread PPI problems” nor was
there a proven link between PPI selling practices and the number of complaints. Nor,
they argued, was there adequate evidence of complaint handling problems (British
Bankers’ Association (BBA) (2011)).
The Principles are the overarching framework for regulation, for good reason. The
FSA has clearly not promulgated, and has chosen not to promulgate, a detailed all-
embracing comprehensive code of regulations to be interpreted as covering all possi-
ble circumstances. The industry had not wanted such a code either.… The Principles
are best understood as the ever-present substrata to which the specific rules are added.
The Principles always have to be complied with. The specific rules do not supplant
them and cannot be used to contradict them. They are but specific applications of
them to the particular requirements they cover.
Ouseley (2011)
The implications of the judge’s finding are quite far-reaching in that they imply that
banks must design and sell products that are compliant with general principles of
ethical behavior, ie, bankers must do the right thing whether told to or not!
The judge’s statements were so clear and unequivocal that the BBA announced
in May 2011 that it would not appeal against the High Court ruling. Following this
statement, the FSA urged banks to speed up the process of resolving PPI claims and
the major UK banks announced that they had set aside substantial provisions26 to
cover costs related to the mis-selling of PPI policies (Reuters (2011)).
As far back as 1976, Turner argued that “disasters” (in this case “scandals”) do not
happen overnight but are the result of organizational failures over a long period of
time. Turner (1976) argues that disasters build up gradually over time and that the
signs should be apparent to management, but instead go unnoticed or ignored because
of “cultural rigidity” that manifests itself in erroneous assumptions and reluctance to
face unpalatable outcomes.
In terms of Turner’s model of the six stages of the development of disasters, the
industry could, after accepting the inevitable, now move onto the final stage of “full
cultural adjustment” (Turner (1976)). However, it is dangerous to adjust to a new
business model without understanding the root causes of the problems that generated
the scandal in the first place. In its report into the derivatives losses at National Aus-
tralia Bank, the Australian Prudential Regulatory Authority highlights the importance
of in-depth analysis of organizational failures: “the wisdom of hindsight provides a
valuable platform from which to learn lessons for the future” (Australian Pruden-
tial Regulatory Authority (2004)). This paper is part of the effort to understand and
explain the factors that helped to create the problem.
26
Both Barclays and RBS announced provisions of over £1 billion, Lloyds some £3.2 billion, with
HSBC announcing a smaller hit of £440 million (Evans (2011)).
protective action in the face of a risk [such as buying insurance] depends on both the
cognitive appraisal of the risk and emotional considerations” (OFT (2007, Annex C)).
In particular, borrowers may decide to purchase PPI “driven more by worry than a
rational appraisal of the options, and … in anticipation of the reduction of worry, or
peace of mind, that it could bring” (OFT (2007, Annex C)). Note that the “Protection
Racket” report found that these are the sentiments actively targeted by advertisements
for PPI, pointing out that
prominent references to “peace of mind” and “repayments taken care of” suggest a
guarantee to meet the borrower’s commitments under the credit agreement should
anything go wrong. Not just a product, payment protection evokes the idea of a
relationship of trust, mutual support and value between lender and borrower.
CAB (2005, p. 13)
In other words, lenders (typically the customers’ bank) were, in the eyes of borrowers,
selling a “relationship” rather than a mere product.
Ford and Kempson (1997) also found
a strong correlation between the views people have of insurance and the likelihood of
them taking an MPPI policy. Those insuring were also more heavily insured overall,
sometimes covering the same eventuality more than once, indicating a relationship
between insurance and a risk averse stance.
Rayner (OFT (2007, Annex C)) noted that a survey of PPI purchasers suggested that
“PPI was seen as expensive by most purchasers, but they also recognized its emotional
benefits”. By selling expensive products to people who are overinsured or worried,
banks can expect little public sympathy if they are found not to keep their side of the
bargain.
Before considering the lessons that can be learned from analyzing systemic people
risk within the PPI market, the next section considers the regulation of operational
risk.
(2004) and Federal Reserve (2006)). These so-called Basel II proposals are designed
to strengthen risk controls in international banks and to ensure that they set aside
sufficient capital to cover large losses resulting from operational problems. As history
will attest, these proposals clearly failed in the run up to the GFC in some jurisdictions,
not least because they were not applied in a uniform manner, such as the United States.
(McConnell and Blacker (2011)).
While Basel II applies only to banks,27 it does provide a general definition of
operational risk that looks to identify some major “root causes” of operational risk
losses, specifically
the risk of loss resulting from inadequate or failed internal processes, people and
systems or from external events. This definition includes legal risk but not strategic
or reputational risk.
BCBS (2004)
The four dimensions of operational risk in this definition are: people, processes, IT sys-
tems and external events. The Basel framework also identifies a series of “operational
risk event types”, several of which are specific to people risk, in particular: fiduciary
breaches, flawed products, improper business practices, etc (BCBS (2004, Annex 7)).
This paper uses the Basel II definition as a “lens” for analyzing operational risks
within the processes that contributed to the PPI scandal. It does so not at the level of
the individual firm, as proposed by Basel II, but at the “systemic level”.
Individual: how an individual (or a small group of individuals) behave with respect
to their responsibilities.
Institution: how the firm behaves with respect to the behavior of the individuals that
it employs and with whom it deals.
27 The Basel II equivalent for insurance companies in the United Kingdom is Solvency 2. The
Solvency 2 approach to regulation is currently being implemented in the United Kingdom and is
similar to Basel II in that it takes a three-pillar approach: pillar 1 focuses on capital requirements
and modeling, pillar 2 focuses on supervisory activities over firms’ risk management activities and
pillar 3 focuses on disclosure requirements by regulated firms.
Frequency Severity
of loss of loss
events events
Industry
Institution
Institution
Individual
Individual
Incident
Incident
High Low
Figure 2 shows this “four Is” framework with respect to the frequency and severity
of operational losses arising from the four areas of people risk identified above. In
this model, the frequency of losses increases as we descend the hierarchy, whereas
the severity of losses rises as we expand from incident to industry.
Incident. While many loss-making incidents will occur in any firm, the magnitude/
severity of each incident tends to be limited, by the very nature of standard operating
controls within a mature operation.
Individual. Inevitably, some individuals in a firm will break its rules and precipitate
losses, either by fraud or by incurring regulatory fines. However, the size of such
losses will not typically be very large: sometimes, but rarely, in the millions of
dollars.28
Institution. History has shown that some institutions are dysfunctional, displaying
scant regard for their responsibilities to their customers and employees, usually
in pursuit of large profits. While rare, the severity of the losses occasioned by the
28Examples of individual losses in the millions would be rogue trader incidents (McConnell (1998,
2003, 2005)).
unethical behavior of individuals at all levels of such a firm can be massive (for
example, the collapse of Enron).
Industry. Periodically, the banking industry loses its ethical compass and, as with
the subprime and PPI scandals, very significant losses occur, often in the form
of regulatory fines (Blacker (2001); Securities and Exchange Commission (SEC)
(2005); and McConnell (2006)).
An example of significant industry losses are fines such as the US$400 million
levied against the brokerage arm of Citigroup, in April 2003, by the US securities
regulator, the SEC. Citicorp was just one of ten firms fined more than US$1.4 billion
for breaches related to “undue influence of investment banking interests on securities
research at brokerage firms” (SEC (2005)). These fines, which were part of the fallout
from the stock market scandal of the early 2000s, are examples of the “low-frequency,
high-severity” losses that firms are required to include in their assessment of oper-
ational risk capital under Basel II (Jobst (2007)). Fines of this magnitude are levied
not because of the unethical/illegal activities of one individual, or a small group of
individuals, or even a single institution, but because of an across-the-board failure
of ethical standards across the industry. Blame is spread across many firms to send
a message to boards, executives and staff that such behavior will not be tolerated in
future.
Since Basel II concentrates on ensuring that firms maintain capital to cover “unex-
pected losses” from “low-frequency, high-severity” events (BCBS (2004)) it would
appear that the greatest losses may not occur within a firm but at the industry level.
On the other hand, while important, banks and regulators have tended to concentrate
on the higher-frequency, lower-severity areas of individual and incident risk; that is,
Basel II does not address operational risk at the more dangerous systemic level.
McConnell (2008) and McConnell and Blacker (2011) argue that, for either the
individual or the institution, risky activities may be classified as intentional, with
the individual or group being fully aware of the consequences of their actions, or
unintentional, where adverse outcomes can result from ignorance or inexperience. In
turn, adverse consequences can result from intentional risks that are
illegal (clearly against the law),
unethical (within the bounds of the law but unacceptable in normal business,
such as failing to provide all information upon which to make an insurance
purchasing decision),
inappropriate (unacceptable behavior such as aggressive sales techniques).
For example, a lender may sell a borrower a bundled PPI policy that is not appropriate
to their financial circumstances. This may happen because a salesperson makes a
mistake resulting from the failure of the institution to train and/or monitor its staff
properly. Alternatively, a salesperson, perhaps to meet a sales target, will cross the
line between advising and not advising the customer on a policy that does not meet
their circumstances (FSA (2007)). Regardless of how this circumstance arose, the
impact is the same: a PPI policy was sold that was not appropriate for the needs of
the customer.
The next section considers such people risk within the PPI model.
29Indeed, this risk may have been considered by providers but rejected because of the potential for
a higher incidence of claims, which in turn would have increased premiums even further.
on the customer to fully read the small print in the terms and conditions to make sure
that they know and understand the contract that they are signing up to.30
It is apparent that the “end to end” PPI process, from sale to resolution of claims, was
not always efficient. In particular, the “back end” process of settling claims has been
widely criticized (CAB (2005); FSA (2005a); and FOS (2008a)). It appears, however,
that problems were concentrated in certain types of claims, such as unemployment and
illness (CAB (2005)), rather than the overall resolution process itself. One important
aspect of any insurance claims process is the inherent “emotional” tension that is built
into the process because, on the one hand, the insurer wants to minimize their losses
whilst, on the other, the claimant wants to ensure that they are paid. All processes will
break down at times through, for example, lack of staff knowledge, but it appears that
breakdowns in the overall PPI process per se were intermittent and localized rather
than systemic. Contrast this situation with the breakdown in the securities ratings
process that occurred prior to the GFC (McConnell and Blacker (2011)), which was
systemic, causing investors, who relied on such ratings, to purchase securities that
were “overrated”.
The price of PPI products versus the coverage provided has been widely criticized
(see CAB (2005) and FSA (2007)). While it appears that PPI was indeed a profitable
“cash cow” that was milked by large and small companies (OFT (2007)), it was not
the price of coverage per se but the greed of the distributors that precipitated the PPI
crisis. PPI premiums, although large for the coverage provided and in many cases
adding to borrowers’ indebtedness (OFT (2007)), were not in themselves sufficient
to cause borrowers to default. It was, however, the lack of effective competition in
the PPI market that caused the OFT to refer consideration of the market to the UK
Competition Commission (OFT (2007); Competition Commission (2008a); and BBA
(2011)), which ultimately brought the PPI issue to a head in the UK courts.
While product, process and price were all factors in creating a market in which
inappropriate products were sold to individual borrowers, it was the breakdown in
due diligence in the face-to-face selling process that appears to have caused the failure
of the market across credit sectors and across institutions. Lack of due diligence is a
people-related issue and, in this case, a systemic people31 issue as it was inappropriate
selling in one link of the PPI process that caused problems later in the chain, when
claims were made against policies that should never have been sold in the first place.
30 Small print in policy documents is notorious for being jargonistic and difficult for the average
consumer to understand. Plain English would certainly help to mitigate this problem (see www.
plainenglish.co.uk for further information).
31 Note that there are “people” other than market participants who may have exhibited “risky behav-
ior”, such as regulators and auditors, but they are outside of the PPI process itself and are not
discussed here.
Inappropriate product for the customer: borrowers were sold PPI insurance that was
not appropriate to their circumstances and when claims were made were rejected,
often because of inappropriate exclusions.
Inappropriate exclusions: overly onerous exclusions that were often hidden in the
small print of the documentation provided and not explained properly to buyers.
Inappropriate bundling: for borrowers interested in obtaining a loan, often the sec-
ondary PPI policy was added as an afterthought into a “bundle” in such a manner
that it was difficult to understand the true costs involved.
Inappropriate sales practices: although the FSA (2005a) found no evidence of the
pressure selling detected by others (CAB (2005)), the FSA (2005a, 2006a, 2007)
nonetheless found that sales staff were not completely sure of what was appropriate,
particularly the line between “advised” and “nonadvised” sales.
Inappropriate incentives: the FSA (2005a, 2006a) found that sales incentives were
not aligned with good sales practices, sometimes leading to “adverse selection”.
The people risk listed above can be mapped directly onto Basel II loss event type
classification mainly in the category of “clients, products and business practices”. For
example, inappropriate product, which is covered by the level 2 category “selection,
sponsorship and exposure” or “fiduciary breach”; inappropriate exclusions, which is
covered by “product flaws”; and so on (BCBS (2004, Annex 7)).
Note that there are several other people-related risks that are apparent in the actions
of various parties in the PPI process, in particular the following.
Conflict of interest. When parties are rewarded for completing transactions, there are,
as identified in some cases of single-premium PPI sales (FSA (2006a)), conflicts
of interest between increasing income and maintaining reputation.
Staff knowledge. It takes time for staff at all levels of an organization to understand
new products and processes (the so-called learning curve). Until staff are deemed
competent with new procedures, they should be closely supervised, otherwise there
will be a risk that such staff will inadvertently make mistakes that may not be
picked up.
Lack of due diligence. It is difficult, time consuming and expensive for financial pro-
fessionals to determine the needs of another party. Where there is pressure to
increase volumes of sales, individuals and firms may short circuit product evalu-
ation processes, either intentionally, by misleading, or inadvertently, by not using
research forums where appropriate questions can be put to customers.
Adverse selection. When parties have options with regard to which products to sell,
there is a tendency to select those that provide the highest return to the seller without
fully considering additional risks that would be implied by the higher return.
Anti-selection. From the buyers’ perspective, they may select a product (to the detri-
ment of the insurance provider) because they anticipate making a claim on the
policy.
Moral hazard: when lenders have less incentive to perform full diligence on sales
because they know that claims will be met by the insurer (Competition Commission
(2008a)).
Adverse selection: when sales staff have incentives to sell one type of policy rather
than another (for example, single-premium PPI policies (FSA (2006a))).
In the Basel II definition of operational risk, losses resulting from instances of moral
hazard and adverse selection would be classified as people risk, specifically under
the event type category of “clients, products and business practices” (BCBS (2004)).
However, the Basel definition covers people risk beyond these “intentional” illegal,
unethical or inappropriate actions (McConnell (2008)), including the following.
Incompetence: actions that fall below the levels expected of a particular role, such
as delaying the resolution of a claim on a PPI.
Lack of knowledge: actions that are based upon lack of requisite knowledge, such as
improperly trained telesales staff selling PPI (FSA (2005a)).
While illegal activities should obviously always be identified and countered, it is often
the softer, more difficult to detect risks than can precipitate large aggregate losses. A
good example of the latter is inadequate staff training, which is cited frequently as a
cause when things go wrong (see, for example, FSA (2011a)). Unfortunately, the lines
between these risks are often blurred and, in many situations, identical behavior by
one individual (usually a junior) can result in dismissal but be tolerated if perpetrated
by another, more senior, individual. The Barings, Allied Irish Bank, National Australia
Bank, Daiwa and Nomura Securities and, more recently, the UBS cases all illustrate
how inappropriate behavior can lead to unethical actions that, if tolerated, can lead
to illegal activities and can, in extreme circumstances, result in serious losses to the
firm (Zhang (1995); Cruz (2002); McConnell and Blacker (2011); and UBS (2011)).
During the inquiries and investigations into the causes of the PPI scandal, numer-
ous examples of people-related risks were documented. We now investigate how the
selling practices that were eventually deemed inappropriate became so widespread
and acceptable.
5.4 Systemsthink
Janis (1971) first documented the phenomenon of “groupthink” where managers and
staff suspend their natural skepticism in the face of “group pressure”. This same
phenomenon has been identified by Gleick (1992) in documenting the findings of the
official inquiry into the space shuttle Challenger disaster, and by Augustine (1995)
on the problems that beset the Hubble Space Telescope. Similar groupthink has been
identified, on a much broader scale, by the US Senate report into intelligence failures
in Iraq (US Senate (2004)), which found that there was “a collective presumption” in
the international intelligence community that Iraq had an active and growing weapons
of mass destruction program. The Senate committee concluded that this groupthink
led analysts and their managers to play up ambiguous evidence that supported this
thesis and play down anything that seemed to undermine it.
In looking at the failures of Irish financial institutions in the GFC, the Nyberg
commission of inquiry found frequent evidence of
Nyberg (2011) distinguishes between “herding” where, driven by the need to achieve
similar profitability to the rest of the industry, firms pursue almost identical strategies.
On the other hand, “groupthink” occurs within a firm, where a consensus forms
“without serious consideration of consequences or alternatives, often under overt or
imaginary social pressure” (Nyberg (2011, p. 8)). Nyberg also noted that groupthink
often
feeds a tendency among staff to suggest and support proposals that their superiors
are known to prefer, hoping to gain a favorable reputation.… Those challenging
their superiors’ proposals may risk sanctions and would thus need to feel particularly
confident in their preferred alternative.
Nyberg (2011, p. 9)
The tendency of firms to sanction naysayers is evident in the dismissal of risk managers
who disagreed with the actions of their superiors during the GFC, as at Lehman
Brothers (McConnell and Blacker (2011)).
Groupthink may occur within a firm but not necessarily across the industry. For
example, take the arrogance exhibited by National Australia Bank in the face of indus-
try criticisms of its trading practices before its derivatives losses (McConnell (2005)).
Likewise, “herding” may occur at the industry level but be opposed by many staff
internally, as is the case, for example, with an industry-wide move toward outsourc-
ing of staff. However, where herding and groupthink coincide as “systemsthink”, a
challenge to the prevailing thinking can only come from outside of the industry, such
as from consumer bodies, such as the CAB or FOS, or market regulators, such as the
Competition Commission.
This paper argues that the financial services industry must proactively guard against
systemsthink, by structured operational risk management at both the firm and systemic
level, as the consequences of not doing so can be serious, and even catastrophic.
32It should be noted that “universal banking” has been prevalent in jurisdictions such as Germany
for over 100 years (Molyneux et al (1996, p. 70)).
These problems may give rise to a situation where profits of universal banks are better
than average in good times, because of economies of scale, but losses could be worse
because of the same effect. The final report of the ICB noted that
the risks of unrestricted universal banking are in general greater for larger banks. The
impact of failure, and thus the importance of resolution and of reducing contagion,
is greater the more customers and creditors are affected.
ICB (2011a, p. 39)
The ICB also queried the underlying assumptions of economies of scope in the uni-
versal banking model, questioning
the belief that functionally universal banks offer diversification benefits [which] is
held by a number of market participants, including some universal UK banks, but
the available quantitative evidence is limited and mixed.
ICB (2011a, p. 274)
This paper does not address the issue of ring fencing for banks nor the economic
benefits and risks that arise from integrated banking models but discusses the specific
issue of the “operational risks” that may be present in a bancassurance model where
insurance is sold through branch banking networks, as was the case in the PPI scandal.
Benoist (2002) describes three generic risks that are present in the bancassurance
model.
Image risk: the risk that the bank/insurer suffers by the failings of the other party.
Qualifications/staff risk: the different skills and qualifications needed to sell different
types of financial products.
Network risk: or the difficulties of managing overlaps in related banking and insur-
ance businesses.
Whilst Brown (1992) argues that these types of risks may be mitigated by having the
right structural arrangements in place, the point remains that the effective operation
of the model depends upon the people involved and how they interact and commu-
nicate. Nyberg (2004) identified two particular “conflicts of interest” that arise in
the universal banking model, specifically, the risk that sellers promotes their own
interests over the customers’ needs (moral hazard), and incentives to deviate from
correct “internal pricing”, such as the unwarranted splitting of commissions to reduce
taxation.
A particular area of concern is a point raised by Benoist (2002), who suggested
that there might be “certain fundamental differences in culture [between banking and
insurance] that cannot be overcome, even by investing heavily in training”. If this
hypothesis is even partially true, then it imposes a heavy responsibility on operational
risk management functions to ensure that such cultural differences are identified and
that risk mitigation strategies are put in place by business units to reduce the impact of
these people-related risks. Note that it also places a duty on risk managers to recognize
any potential deficiencies in their own knowledge, approach and culture that might
preclude them from identifying potentially large risks in a multiproduct operation.
In practice, this would imply that operational risk functions should be staffed by
professionals experienced in a number of businesses not just by those with a narrow
banking focus.
Before tackling the issue of how to address people-related risks, it should be noted
that the problems do not relate merely to the banking–insurance interface or to the
narrow PPI product, but are much wider. Examples of problems in the past include
the mis-selling of pensions, the interface between banking and wealth/investment
management (Blacker (2001)) and the mis-selling of mortgage endowment policies,
the banking–insurance interface (FOS (2011)).
As an example of problems potentially being stored up for the future, the equity
release product is a case in point. Equity release products, sometimes called reverse
mortgages (Financial Crisis Inquiry Commission (FCIC) (2011, p. 11)), are financial
mechanisms whereby an “asset rich/cash poor” senior citizen can draw regular income
or lump sums against the value of their home (Age Concern (2010)). Like PPI, these
are hybrid banking/insurance products that are designed to repay a loan usually when
the borrower dies or “downsizes”. Often the customer buying the product is vulnerable
(for example, needing money to pay for repairs or to supplement pension income).
The potential for mis-selling problems in such cases were identified by the FOS
(2008b, p. 72), which upheld a complaint against a bank for mis-selling a “shared
appreciation” mortgage, probably due to a staff misunderstanding of what a complex
product is.
This is not to suggest that UK banks are unethical in their handling of equity
release products at present, but evidence from the United States has shown growing
problems in this area (Twomey (2009)). This paper does suggest, however, that with
the baby boomer generation retiring over the next twenty years and, especially where
defined contribution retirement pensions have experienced shortfalls in investment
appreciation, such “lifestyle” products will become increasingly popular (Twomey
(2009, p. 6)), and may be subject to the types of people-related risks evidenced
elsewhere. Wainer et al (2010) have documented a growing incidence of “financial
abuse” of the elderly, though perpetrators tend to be family members or carers rather
than financial institutions. Although banks may recognize the potential for abuse in
such cases, they may feel constrained by privacy concerns. This is a position in which
banks may act perfectly ethically, within their own policies, but may be seen by the
public as accessories to abuse, ie, reputational risk.
Since operational risk is defined, within Basel II at least, solely at the level of
the regulated firm, there is a need to consider mechanisms for addressing systemic
operational risk that impact not only regulated institutions but also individuals.
However, the ICB does not explicitly prohibit products such as PPI, although such
products do not fall within the narrow definition of “mandated services”, but it appears
that such products will in future be viewed from a “competition” perspective:
A distinction is needed between “good competition” to serve customers well, and
“bad competition” that exploits customer unawareness or, for example, creates a
race to the bottom on lending standards.
ICB (2011a, p. 153)
This means, for example, that in future the relationship between a distributor and
related insurer in the PPI market, such as with sharing of commissions, would need
to be treated as a third-party contract. However, evidence from the GFC in the United
States demonstrated that conflicts of interest can occur just as easily on an arm’s length
basis as on a related one (McConnell and Blacker (2011)).
using its new powers of intervention and enforcement [to] promote good outcomes
for consumers; be more outward-looking; intervene earlier to tackle potential risks to
consumers; and be tougher and bolder, building on and enhancing the FSA’s credible
deterrence strategy.
FCA (2011, p. 7)
All in all, a very much more proactive regulatory approach than what had been in
place prior to the changes, “aiming to intervene earlier in retail markets to protect
consumers before they suffer direct effects as a result of failures in these markets”
(FCA (2011, p. 17)).
The responsibilities of the new FCA are wide-ranging, covering not only the con-
duct of regulated firms with respect to retail customers, but also a wide range of
“wholesale” customers and also providers of “market infrastructure” such as stock
exchanges (FCA (2011, p. 16)). The FCA will also have a major role in addressing
“financial crime”, giving “priority to the protection of consumers as potential victims
of financial crime, and to the use of firms as a conduit for financial crime, than to the
protection of firms themselves as potential victims” (FCA (2011, p. 38)). Note that
these are all issues that fall within the definition of operational risk of Basel II.
With respect to the problems with PPI discussed in this paper, the FSA recognized
that “its response to the mis-selling of PPI should have been stronger” and outlined
the FCA’s new approach to
spot issues earlier; be willing to intervene early to improve standards either in spe-
cific firms or wider; take robust action designed to address weaknesses in competition
revealed by economic analysis; give greater recognition, sooner, to the importance of
securing redress (and not leave this solely to the ombudsman service); and, improve
cooperation and working arrangements with the ombudsman service to ensure regu-
latory issues which complaints are revealing are dealt with sooner.
FCA (2011, p. 34)
A recent example of how the FSA will be changing their approach can be found
in the joint guidance with the OFT on PPI which has been issued following recent
developments and emerging concerns about new products and practices (FSA and
OFT (2011)). This guidance that firms should ensure that product features reflect the
needs of the consumers that they are targeting and they identify
33It should be noted that, at this stage, the FCA was operating under the umbrella of the FSA and
had not yet been broken up.
four key areas of concern that providers should think about carefully:
firms not properly identifying the target market for the protection product;
the protection not reflecting the needs of the intended consumers;
the benefit of a successful claim not matching the needs of the claimant;
product features or pricing structures creating barriers to comparing products,
exiting a policy or switching cover.
FSA and OFT (2011)
34Note that, although independent, the Money Advice Service is funded though industry levies
collected by the FSA, which also controls board appointments.
to supply product information or not but if the MAS initiative (or similar efforts
by other regulators) is successful, then nonparticipation may be seen, potentially
incorrectly, as noncompliance, ie, there is both a reputation risk and also an operational
risk if problems are subsequently detected in the product by consumer advocates.
In July 2011, the Consumer Financial Protection Bureau (CFPB), which is similar
to the UK MAS, began work initially focusing on contentious areas of consumer
finance, such as mortgages, student loans and credit cards, with an initial objective of
creating a simplified mortgage disclosure form, called “Know before you owe” (CFPB
(2011)). At the time of writing this paper, the CFPB had just come into existence as
an independent body working to create the organizations and information technology
infrastructure to create a “consumer finance market place” where
customers can see prices and risks up front and where they can easily make product
comparisons; in which no one can build a business model around unfair, deceptive,
or abusive practices; that works for American consumers, responsible providers, and
the economy as a whole.
CFPB (2011)
It is difficult to guess precisely when the new regulator will be fully engaged with
banks and other financial institutions but the intention is clear: the elimination of
“unfair, deceptive, or abusive practices” (CFPB 2011).
conduct; product specialists will have to ensure that products are designed to “treat
the customer fairly”; compliance specialists will have to ensure that new rules are
understood and adhered to by staff; treasury managers and accountants will have to
adapt to new realities regarding arm’s length funding and profit allocation; and many
more effects.
It should also be remembered that operational risk managers are not themselves
responsible for designing, developing or selling products, although the recent pro-
nouncement by the FSA and OFT may cast doubt on this: “a firm’s control functions
should be involved in the firm’s product design and oversight arrangements” (FSA and
OFT (2011, Section 1.39)). Nor are they responsible for training staff or monitoring
selling practices: these are all business line responsibilities. Operational risk man-
agers are responsible for ensuring that all operational risks are identified, assessed,
mitigated and monitored within the stated risk appetite of the firm,35 in this case, the
people-related risks that should be identified and managed appropriately.
Although the legislation and the various newly created regulatory bodies are dif-
ferent in each jurisdiction, there are a number of common themes that are relevant to
this paper.
There will be a set of new regulations that must be understood and translated into
risk management actions. It should be noted that, for banks with international
operations, there will be multiple sets of rules that must be understood within
the context of risk management for the full firm.
There will be multiple channels for customer complaints which must be mon-
itored for emerging problems.
35 This also implies, of course, that there is a stated operational risk appetite for the firm.
Though not specifically chartered to do so, firms will have to ensure that finan-
cial literacy is improved across the industry, since “an informed consumer is
the first line of defense against abusive practices” (CFPB (2011)).
Firms will be required to collect, analyze and provide to regulatory bodies new
information on volumes, commissions, complaints, etc.
Last, and most important, the onus of proof will now be on the firm to demon-
strate that it is behaving ethically within overall principles rather than on a
regulator to show that a firm has transgressed specific rules.
The implications of the change in burden of proof are quite far-reaching. For exam-
ple, if one bank is found to have behaved improperly in the sale of a popular product
and a ban on the (family of) product is being considered, other banks will inevitably
be questioned as to their compliance with regulatory principles. Failure to provide
good answers in the new regimes will be viewed as unacceptable. What better way
to demonstrate compliance with general principles than being able to provide on-
demand, detailed, up-to-date and fully operational risk management policies, frame-
works, processes, actions, outcomes and improvement plans? A comprehensive and
proactive approach to people risk management will be one of the key defenses against
banks losing their licenses to operate in certain markets and products.
“bad apple” who can be caught and punished, although some individuals, such as the
boards and CEOs of large “universal banks”, appear to be more culpable than others.
Some people behaved unethically, even illegally, and many others who should have
known better just went along with it out of fear (of losing their job), ambition (to
improve their job prospects), greed (to improve their salaries/bonuses), loyalty (to the
firm), apathy (“above my pay grade”), and other very human emotions.
Because the reasons why people did not behave wholly ethically are so varied, no
single solution, such as regulation of remuneration, will ensure that similar events do
not happen in future.
It is obvious that, where people are at fault and cause real losses to customers, there
should be some sanction, although, in practice, it has proved extremely difficult to
convict individuals in cases of “white collar crime” (Coleman (2001)). Because such
legal cases tend to be long and expensive, they are often resolved by the payment
of (sometimes quite hefty) fines, but frequently without admission or denial of any
wrongdoing (McConnell and Blacker (2011)). While, sometimes, fines are imposed
on individuals in addition to firms, the final irony is that it is the shareholder who
often picks up the tab for the crimes of individuals in the firm in which they invest.
Another element of people risk that cannot be overlooked is that of fading memories.
Whilst the PPI scandal remains firmly implanted in people’s minds, the passage of time
will see it fade in people’s memories, much as happened with the pension mis-selling
scandal in the early 1990s. Complacency and fatigue vis-à-vis risk management will
set in and people will go about their daily routines much as they were doing during the
development phase of the PPI crisis. All that this will do is to increase the likelihood
of something similar happening again, although the scale and nature may be different.
The history of rogue trader incidents over the last twenty years bears witness to this
(McConnell (2008)).
law – all these things are necessary. But they are not, and cannot be, sufficient without
a culture of values. As individuals, we do not govern our behavior simply by what is
allowed by law or regulation. We have our own codes of conduct, and hold ourselves
accountable. We take responsibility for our actions.
All organizations are driven by a set of values that, if they are to be effective, must be
nurtured and shared throughout the organization. Barrett (1998) describes an approach
for auditing such values as a basis for establishing whether the board’s expectations
of its own value set are understood and agreed with throughout the business. Gaps
can be identified using this approach and action can be taken to reaffirm what the
organization really stands for and how it expects business to be done. One such value,
fairness, is a theme analyzed in depth by Hutton (2010). The FSA emphasis on treating
customers fairly and the UK coalition’s approach to treating fairness as a core value
in its government programme (UK Government (2010)) are clear indications of the
morality expected when business decisions are being made. In other words, what a
business stands for is just as important as what a business sells.
Garratt (1997) discusses culture as part of the governance framework and reminds
boards that they need to decide which corporate culture or, more likely, range of
cultures is appropriate for their needs. He states that “a single, dominant culture need
not be imposed on all parts of the enterprise – provided that the purpose, visions and
values are clear to all and committed to”. Once these values have been articulated,
then they can be turned into a series of recognizable behaviors which become the
accepted norm and, in turn, form the basis upon which an appraisal system can be
built.
It is not clear to what extent the FSA will look at organizational culture and the
values that drive a business in their new supervisory roles. The management of people
risk, however, is part of the internal control system and the effectiveness of the internal
control system is influenced by the organizational culture. The FSA are also in a
unique position to look across the banking and insurance industries and assess cultural
characteristics which are good and bad both for the industry and, in turn, for the
customer. For example, following the GFC, there have been calls to increase the
presence of females in the boardroom (see, for example, Hancock and Zahawi (2011,
p. 237)) in order to bring a better balance to decision making and to improve board
effectiveness.
People risk is an operational risk as defined by Basel II and, within regulated banks,
therefore falls under the responsibilities of the operational risk management function.
However the management of people risk, per se, is not well-developed, concentrating
on identifying and mitigating illegal activities, such as fraud, rather than actively
engaging, for example, on ethical issues or personnel issues such as training and
remuneration, ie, addressing the “unintentional acts” of people.
The PPI scandal has highlighted the need for improved people risk management
and McConnell and Blacker (2011) argue that the role of people risk management be
formally recognized by regulators as an independent skilled function within the risk
management function, with well-defined responsibilities and protections. This does
not, of course, obviate the need for line management to understand the role that they
have on the front line of people risk management.
Such a people risk management function would explicitly and independently cover
issues across the firm, such as the following.
Developing and gaining approval from the board for formal “people risk poli-
cies”.
Developing a specific people risk framework (within the overall risk framework
of the firm) that specifies how people risk are to be identified, measured, treated
and monitored.
Establishing key risk indicators for people risk based on the firm’s risk appetite.
Working with the board to undertake a values/culture audit across the organi-
zation.
Performing scenario analysis of people risk and stress testing the results.
Establishing formal lines of communication with marketing and the sales force
to ensure that products are being marketed appropriately and customers are
being treated fairly.
Developing education and induction programs for people risk and ethical issues.
Educating and training business line managers in the application of the people
risk framework.
Developing processes and systems for the formal identification of people risk
with all departments of the firm with a particular focus on the people risk within
control functions.
36 Note that the people risk policy and framework would have to clearly identify the specific roles
and responsibilities of the people risk management, and other functions such as human resources,
compliance and fraud.
Contributing to the new product process for issues related to people risk and for
each new product to ensure that there is a monitoring and complaints handling
component integrated into all new processes.
Assisting in the development of appropriate people risk metrics that would drive
executive remuneration packages.
These are similar to functions and processes that already exist in other risk functions
(eg, credit and market risk) and within existing operational risk management functions
as generic activities. This paper argues that, because the impact of losses resulting from
people’s actions/behavior can be so great, there should be a specific and dedicated
focus on people risk management within the firm.
It is also acknowledged that some of these concepts may be difficult to implement in
practice, not least because they require extensive engagement with internal functions,
such as human resources, with whom operational risk management has traditionally
not been closely involved. Furthermore, operational risk managers would have to
become trained in areas in which they are unfamiliar and which do not lend themselves
to easy quantification, such as ethics.
8 SUMMARY
The ramifications of the PPI scandal continue to work their way through the UK finan-
cial system as politicians and regulators consider new rules for financial institutions.
Regulators have begun to create new bodies to consider and regulate “systemic risks”
across the UK financial sector. One of the systemic risks identified by regulators and
competition authorities was the failure of UK banks to properly manage the selling
of PPI products to their customers. This was not one bank at fault but, as the paper
demonstrates, a profitable business that grew into a cash cow that was enthusiastically
milked by all major UK banks without proper attention to their customers’ needs for
these particular products.
After describing the PPI business model, this paper traces the growth of the
PPI scandal from relatively minor grumbles to consumer advocate groups to a whole-
sale attack on UK banks by competition and industry regulators, eventually resulting
in those major banks having to reimburse millions of customers for mis-sold products.
The paper argues that it was the operational risks inherent in the systemic separation
of the PPI sales process from the insurance claims process that went unidentified and
unmanaged as profits grew, but eventually emerged to cause losses to the major
banks. In particular, the paper describes the people risk, as identified by Basel II,
which proliferated throughout the PPI process. The paper then describes some of the
proposed changes to the UK banking system to tackle systemic risks such as those
identified in the selling of PPI products. Finally, the paper makes practical suggestions
as to how firms, and the industry as a whole, may address such people-related risks
to avoid, or at least attempt to minimize, similar scandals in future.
People are at the heart of every business and it is their behavior, both individually
and collectively, that produces organizational results, whether those results are good
or bad. How people go about their daily tasks and routines can be influenced by a
myriad of factors, not least of which is the culture in which they operate both within
the firm and within the markets in which the firm operates. This was a theme picked
up by George Soros ten years before the dark clouds of the GFC storm appeared on
the horizon (Soros (1997)):
Too much competition and too little cooperation can cause intolerable inequities and
instability. Insofar as there is a dominant belief in our society today, it is a belief in
the magic of the marketplace. The doctrine of laissez-faire capitalism holds that the
common good is best served by the uninhibited pursuit of self-interest. Unless it is
tempered by the recognition of a common interest that ought to take precedence over
particular interests, our present system is liable to break down.
REFERENCES
Akerlof, G. A. (1970). Market for “lemons”: quality uncertainty and the market mechanism.
Quarterly Journal of Economics 84(3), 488–500.
Age Concern (2010). Fact sheet 65: equity release. Age UK, London (October). URL:
www.ageuk.org.uk.
An, L., Subramanian, D., King, A. T., and Ashcraft, A. B. (2009). Modeling some essential
dynamics of the subprime mortgage crisis. Paper presented at the 27th International
Conference of the System Dynamics Society 2009, Albuquerque, New Mexico. URL:
www.systemdynamics.org/conferences/2009/proceed/papers/P1232.pdf.
Ariely, D. (2008). Predictably Irrational: The Hidden Forces that Shape Our Decisions.
Harper Collins, London.
Ashby, S. (2010). The 2007–2009 financial crisis: learning the risk management lessons.
Financial Services Research Forum, Nottingham.
Association of British Insurers (2009). ABI: Competition Commission has ignored wors-
ening economic conditions to the detriment of consumers (29 January). URL: www.abi.
org.uk.
Augustine, N. R. (1995). Managing the crisis you tried to prevent. Harvard Business Review
(November), pp. 147–158.
Australian Prudential Regulatory Authority (2004). Report into irregular currency options
trading at the National Australia Bank (March 24).
Bank for International Settlements (2010).Triennial central bank survey of foreign exchange
and derivatives market activity in 2010: final results. Bank for International Settlements,
Basel (December). URL: www.bis.org/publ/rpfxf10t.htm.
Barrett, R. (1998). Liberating the Corporate Soul. Butterworth–Heinemann, Woburn, MA.
Basel Committee on Banking Supervision (2004). International convergence of capital
measurement and capital standards: a revised framework. Bank for International Settle-
ments, Basel Committee on Banking Supervision. URL: www.bis.org.
Basel Committee on Banking Supervision (2011). BCBS: 195 principles for sound man-
agement of operational risk. Bank for International Settlements, Basel Committee on
Banking Supervision (June). URL: www.bis.org.
Benoist, G. (2002). Bancassurance: the new challenges. Geneva Papers on Risk and Insur-
ance 27(3), 295–303.
Blacker, K. (2001). An investigation into operational risk mitigation in UK retail banks. DBA
Thesis, Brunel University.
Blacker, K., Mills, R. W., and Weinstein, W. (2004). People risk in the financial services
industry. Working Paper, Henley Management College.
British Bankers’ Association (2011). PPI fact sheet: why the BBA brought a judicial
review. British Bankers’ Association, London (9 May). URL: www.bba.org.uk/media/
article/ppi-factsheet.
Brown, B. M. J. (1992). Allfinanz without Limits. Lafferty, Dublin.
Cecchetti, S. G, Disyatat, P., and Kohler, M. (2009). Integrating financial stability: new mod-
els for a new challenge. Bank for International Settlements, Basel (September). URL:
www.bis.org/publ/othp06.htm.
Citizens Advice Bureau (2005). Protection racket. Report, Citizens Advice Bureau, London
(September).
Citizens Advice Bureau (2009). Annual report and accounts. Report, Citizens Advice
Bureau, London. URL: www.citizensadvice.org.uk/index/aboutus/publications/annualrep
orts/ar_10.htm.
Coleman, J. W. (2001). The Criminal Elite: Understanding White Collar Crime, 5th edition.
Worth, New York.
Competition Commission (2008a). Market investigation into payment protection insurance
provisional findings report. Competition Commission, London (June). URL: www.compet
ition-commission.org.uk.
Competition Commission (2008b).The profitability of PPI working paper. Competition Com-
mission, London. URL: www.competition-commission.org.uk.
Consumer Financial Protection Bureau (2011). Building the CFPB. Consumer Financial
Protection Bureau, Washington (July). URL: www.consumerfinance.gov.
Financial Services Authority (2007). The sale of payment protection insurance: thematic
update. Financial Services Authority, London (September). URL: www.fsa.gov.uk.
Financial Services Authority (2008a). FSA update on its review of the sale of PPI. Financial
Services Authority, London (September). URL: www.fsa.gov.uk.
Financial Services Authority (2008b). Alliance & Leicester to pay £7 million fine for PPI
failings. Financial Services Authority, London (2008). URL: www.fsa.gov.uk.
Financial Services Authority (2009). FSA wants all firms to stop selling single premium
PPI. Financial Services Authority, London (February). URL: www.fsa.gov.uk.
Financial Services Authority (2010a). The assessment and redress of payment protection
insurance complaints: on the further consultation in CP10/6 and final handbook text.
Financial Services Authority, London (August). URL: www.fsa.gov.uk.
Financial Services Authority (2010b). FSA announces CFEB chairman. Financial Services
Authority, London (September). URL: www.fsa.gov.uk.
Financial Services Authority (2011). FSA fines Barclays £7.7 million for investment
advice failings and secures as much as £60 million in redress for customers. Finan-
cial Services Authority, London. URL: www.fsa.gov.uk/pages/Library/Communication/
PR/2011/006.shtml.
Financial Services Authority (2011b). Packaged bank accounts: ICOBS rules for the sale
of non-investment insurance contracts. CP11/20, Financial Services Authority, London
(October). URL: www.fsa.gov.uk.
Financial Services Authority and Office of Fair Trading (2011). Guidance consultation: pay-
ment protection products. GC11/26/OFT1385, Financial Services Authority and Office
of Fair Trading (November). URL: www.fsa.gov.uk//
Ford, J. (2000). MPPI take-up and retention: the current evidence. Finance 45 (February),
University of York Centre for Housing Policy.
Ford, J., and Kempson, E. (1997). Bridging the gap? Safety nets for mortgage borrowers.
University of York Centre for Housing Policy.
Garratt, B. (1998). The Fish Rots from the Head. Harper Collins, London.
Gleick, J. (1992). Genius: Richard Feynman and Modern Physics. Abacus, London.
Green, S. (2009). Good Value: Reflections on Money, Morality and an Uncertain World.
Penguin, London.
Haldane, A. G. (2009). Rethinking the financial network. Speech delivered at the Financial
Student Association, Amsterdam (April). Bank of England, London. URL: www.bankof
england.co.uk.
Hancock, M., and Zahawi, N. (2011). Masters of Nothing. Biteback, London,
Hutton, W. (2010). Them and Us: Changing Britain: Why We Need a Fair Society. Little
Brown, London.
Independent Commission on Banking (2010). Issues paper: call for evidence. Indepen-
dent Commission on Banking, London (September). URL: http://bankingcommission.
independent.gov.uk.
Independent Commission on Banking (2011a). Final report: recommendations. Inde-
pendent Commission on Banking, London (September). http://bankingcommission.
independent.gov.uk.
Independent Commission on Banking (2011b). Interim report: consultation on reform
options. Independent Commission on Banking, London (April). http://bankingcommi
ssion.independent.gov.uk.
International Monetary Fund (2010). Global financial stability report: meeting new chal-
lenges to stability and building a safer system. International Monetary Fund (April). URL:
www.imf.org.
Janis, I. (1971). Groupthink: the desperate drive for consensus at any cost. In The Classics
of Organisational Theory, Shafritz J. M., and Ott, J. S. (eds). Wadsworth, Belmont, CA.
Jobst, A. (2007). Constraints of consistent operational risk measurement and regulation:
data collection and loss reporting. Journal of Financial Regulation and Compliance 15(4),
423–449.
Kahneman, D., and Tversky, A. (1979). Prospect theory: analysis of decision under risk.
Econometrica 47, 263–291.
Krugman, P. (2009). The Return of Depression Economics and the Crisis of 2008. W. W.
Norton, New York.
Levin, C., and Coburn, T. (2011). Wall Street and the financial crisis: anatomy of a
financial collapse. Subcommittee On Investigations: United States Senate, Washington
(April). URL: www.hsgac.senate.gov/public/index.cfm?FuseAction=Press.MajorityNews
&ContentRecord_id=51bf2c79-5056-8059-76a0-6674916e133d.
McConnell, P. J. (1998). Barings: development of a disaster. International Journal of Project
and Business Risk 2(1), 59–74.
McConnell, P. J. (2003). AIB/Allfirst: development of another disaster. Working Paper, Hen-
ley Management College.
McConnell, P. J. (2005). NAB: learning from disaster. Working Paper, Henley Management
College.
McConnell, P. J. (2006). A perfect storm: why are some operational losses larger than
others? Continuity Central Paper. URL: www.continuitycentral.com/Perfect_Basel.pdf.
McConnell, P. J. (2008). People risk: where are the boundaries? Journal of Risk Manage-
ment in Financial Institutions 1(4), 370–381.
McConnell, P. J., and Blacker, K. (2011). The role of systemic people risk in the global
financial crisis. Journal of Operational Risk 6(3), 65–123.
Merricks, W. (2008).The future of banking regulation: speech to the BBA seminar. Financial
Ombudsman Service, London (October). URL: www.financial-ombudsman.org.uk.
Molyneux, P., Altunbas, Y., and Gardener, E. (1996). Efficiency in European Banking. John
Wiley & Sons, Chichester, UK.
Money Advice Service (2011). 2011/2012 business plan. Money Advice Service, London
(April). URL: www.moneyadviceservice.org.uk.
Nyberg, L. (2004). How do conflicts of interest in universal banking emerge and what are the
arguments for a separation of commercial and investment banking? Speech, Swedish
Central Bank, Stockholm.
Nyberg, L. (2011). Misjudging risk: causes of the systemic banking crisis in Ireland. Ministry
of Finance, Dublin (March). URL: www.bankinginquiry.gov.ie/Documents/Misjuding%20
Risk%20-%20Causes%20of%20the%20Systemic%20Banking%20Crisis%20in%20
Ireland.pdf
Office of Fair Trading (2006). Payment protection insurance: report on the market study
and proposed decision to make a market investigation reference. Office of Fair Trading,
London (October). URL: www.oft.gov.uk.
Office of Fair Trading (2007). Payment protection insurance: OFT’s reasons for making a
market investigation reference to the Competition Commission. Office of Fair Trading,
London (February). URL: www.oft.gov.uk.
Ouseley, D. B. W. (2011). Judgement in the judicial review brought by the British Banking
Association against the Financial Services Authority and the Financial Ombudsman Ser-
vice. Mr. Justice Ouseley, High Court of Justice Queens Bench Division, Administrative
Court, London (May).
PriceWaterhouseCoopers (2004). PriceWaterhouseCoopers UK economic outlook. Lon-
don (July).
Reuters (2011). Trio of British banks take $3 bln mis-selling hit. Thomson Reuters,
London (9 May). http://uk.reuters.com/article/2011/05/09/britain-banks-idUKLDE74805
E20110509.
Schiller, R. J. (2008). The Subprime Solution. Princeton University Press.
Schwarcz, S. (2008). Systemic risk. Paper 1632008, Duke Law School. URL: http://ssrn.
com/abstract=1008326.
Securities and Exchange Commission (2005). Global research analysts settlements. Secu-
rities and Exchange Commission, Washington (March). URL www.sec.gov/news/studies/
2008/craexamination070808.pdf.
Sergeant, C. (2003). A strategic approach to treating customers fairly. Speech to Retail
Financial Services Forum (October). Financial Services Authority, London. URL: www.
fsa.gov.uk/Pages/Library/Communication/Speeches/2003/sp1.
Simon, H. A. (1990). Invariants of human behavior. Annual Review of Psychology 41, 1–19.
Soros, G. (1997). The capitalist threat. Atlantic Monthly 2, 45–58.
Taleb, N. (2007). The Black Swan: The Impact of the Highly Improbable. Penguin, London.
Turner, B. (1976). The organisational and interorganisational development of disasters.
Administrative Science Quarterly 21, 387–397.
Twomey, T. (2009). Subprime revisited: reverse mortgage lenders put older homeowners’
equity at risk. National Consumer Law Center, Boston (October).
UBS (2011). UBS provides more details of unauthorized trading. Media Release, Union
Bank of Switzerland, Zurich (September 18). URL: www.ubs.com.
UK Government (2010). The coalition: our programme for government: freedom, fairness,
responsibility. London (May). URL: www.direct.gov.uk.
UK Treasury (2011). A new approach to financial regulation. HM Treasury, London (Febru-
ary). URL: www.official-documents.gov.uk/document/cm80/8012/8012.asp.
UK Treasury Subcommittee (2005). Special report of session 2004–05. Treasury Sub-
Committee, House of Commons, London (April). URL: www.publications.parliament.uk/
pa/cm200405/cmselect/cmtreasy/508/508.pdf.
US Congress (2010). Wall Street Reform and Consumer Protection Act. US Congress,
Washington (July). URL: www.gpo.gov/fdsys/pkg/PLAW-111publ203/pdf/PLAW-111publ
203.pdf.
US Senate (2004). Report on the US intelligence community’s pre-war intelligence assess-
ments on Iraq. Sates Senate, Select Committee on Intelligence (July).
Wainer, J., Darzins, P., and Owada, K. (2010). Prevalence of financial elder abuse in Victoria.
State Trustees of Victoria, Melbourne (May). URL: www.statetrustees.com.au/uploads/
content/199-170-Prevalence-of-Financial-Elder-Abuse-in-Victoria_black-and-white.pdf.