UK Retail BankingNewsletter* - pwc.com · pose the greatest risks to the reliability of their...

INDUSTRY VIEWS

UK Retail Banking Newsletter*

Editor: Anne Obey,Director, Retail and Mortgage Banking GroupTel: 0117 928 1251Email: [email protected]

Distribution: If you would like toreceive this newsletter by email or youwould like to add your colleagues tothe mailing list, please contact CarlyTaylor on [email protected]

Inside this issue

03 Taking the grind out

of Sarbox

06 Banking Banana Skins 2006:

A challenge for the regulators

10 Covered bonds –

a new source of funding for

UK lenders

14 Internal Audit – top of

the agenda

17 Leading the pack: Managing

effective multi-sourcing

OCTOBER 2006

Driving benefits from regulation is a theme which will resonatefor many executives in the retail banking industry, and itfeatures in several topics in this fourth edition of thePricewaterhouseCoopers ‘UK Retail Banking Newsletter’.A number of the articles in this edition touch on the drive for efficiency which iscommanding the attention of most organisations in the sector today. Our firstarticle, ‘Taking the grind out of Sarbox’, examines how banks can learn from theUS experience in s404 compliance to achieve a focused, risk-based approach,reducing the compliance burden and establishing a framework which will deliverbenefits going forward. The subject of ‘making compliance work for you’ also runsthrough our article on ‘Internal Audit – top of the agenda’ in which David Lukemanconsiders the rise in profile of internal audit, and challenges internal audit functionsto work effectively with compliance departments to deliver real value.

The results of the CSFI’s annual ‘Banking Banana Skins’ survey are discussed in oursecond article, where regulation again emerges as a key theme, this time highlighted bybankers as the top risk faced by today’s institutions, particularly in the costs to the banksand the management time and attention taken by the constant flow of new regulations.

In the article ‘Covered bonds – a new source of funding for UK lenders’,Mark Davis and Dave Haley of our Structured Finance Group examine the potentialbenefits to lenders of using a covered bond structure as an alternative tosecuritisations, and finally, in ‘Leading the pack: Managing effective multi-sourcing’,members of our advisory practice share their experience of the practical challengesin making multi-sourcing arrangements work to deliver a cost-efficient andstreamlined operation.

I hope you enjoy this edition. We welcome any feedback on topics and issues youwould like to see covered in future editions.

John Hitchins, UK Banking Leader 020 7804 2497 [email protected]

The member firms of the PricewaterhouseCoopers network (www.pwc.com) provide industry-focused assurance,tax and advisory services to build public trust and enhance value for its clients and their stakeholders. More than130,000 people in 148 countries share their thinking, experience and solutions to develop fresh perspectives andpractical advice.

(Unless otherwise indicated, “PricewaterhouseCoopers” refers to PricewaterhouseCoopers LLP a limited liabilitypartnership incorporated in England. PricewaterhouseCoopers LLP is a member firm of PricewaterhouseCoopersInternational Limited.)

© 2006 PricewaterhouseCoopers LLP. All rights reserved. “PricewaterhouseCoopers” refers toPricewaterhouseCoopers LLP (a limited liability partnership in the United Kingdom) or, as the context requires,other member firms of PricewaterhouseCoopers International Limited, each of which is a separate and independentlegal entity.

Designed by Court Three 1006.

In August 2006, the Securities andExchange Commission (SEC)announced plans to ‘minimise theburden’ of Section 404 on smallerFPIs by delaying and/or staggeringthe deadline for compliance.However, large ‘accelerated filers’(market value of more than $700million) whose financial year ends onor after 15 July 2006 still need toprovide Section 404-compliantmanagement and auditor reports aspart of their next annual filing to theSEC. Although smaller ‘acceleratedfilers’ (market value $75 million to$700 million) still need to providemanagement reports as part of theirnext SEC returns, they have an extrayear to enter their auditor reports.

Experience in the US, where largercompanies have now completedtheir second year of Sarbox filings,has underlined the scale, complexityand, not least, the cost ofcompliance. The original architects

of the reforms believed that even thebiggest firms would not need tospend more than $600,000 to bringtheir internal controls up to speed.In reality, however, the bill forassessing controls, mapping audittrails and drawing up the necessarydocumentation has run into tens ofmillions of dollars in many largeorganisations. A number of UKbanks are known to be spendingupwards of £30 million.

The good news from our researchis that the proportion of US firmsreceiving adverse reports identifyingmaterial weaknesses fell from15% in 2004 to 6% in 2005.The results for banks are especiallyencouraging, with the proportion ofadverse reports decreasing from12% to just 4%.

The improvements would suggestthat much of the initial hard work isnow bearing fruit. The interpretationof the rules has also become a little

Larger UK banks listed in the US now face the full weightof Sarbanes-Oxley (‘Sarbox’) and the exacting Section404 in particular. Yet, experience in the US suggests thata more streamlined and risk-based approach to thedemands of Section 404 could greatly reduce the burdenand help provide a platform for sustainable compliance.

By Nicola Shield and Chuck Teixeira

Taking the grind out of Sarbox

less zealous over time. However, thecosts and diversion of managementresources are still needlessly high withinmany organisations. In particular, it wouldappear that many companies and theirauditors are identifying and testing morecontrols than may be necessary.The documentation of internal controlsis also often excessive and may bedifficult to maintain on an ongoing basis.More generally, Sarbox still appears tobe a ‘one-off’ project within manyorganisations and more effort may beneeded to develop a sustainableframework for compliance.

Less is more

The first and in many ways mostimportant step towards smart complianceis simply allowing enough time.From judging what are the ‘key’controls through to verification anddocumentation has taken US firms farlonger than most originally envisaged.Ironing out any problems can also oftentake more time than expected. It is tellingthat 40% of the adverse opinions in yeartwo related to weaknesses that had yetto be corrected from year one.

Effective scoping and direction fromthe top can help to define priorities andensure that resources are targeted wherethey are needed most. This includesenabling institutions to avoid needlessduplication by establishing whatmonitoring is already being carried

out as part of their existing riskmanagement framework.

Risk-based approach

In setting their priorities, banks need toascertain what aspects of their businesspose the greatest risks to the reliabilityof their financial reporting. Year-endreconciliations are likely to be a particularfocus as the most frequent materialweaknesses within financial institutionsin the US have related to auditadjustments or restatements. As suchweaknesses are often pinpointed afterthe year-end, there is also littleopportunity to remediate them beforethey generate adverse reports.

At the other end of the risk spectrum,areas such as accounts payable orpremises have little impact on financialreporting and are therefore likely torequire limited assessment ordocumentary evidence. Indeed, it may bepossible to use the work of others as thebasis for the assessment of less riskyand more straightforward controls.

Certain considerations are unique toFPIs. This includes whether to use localGAAP financial statements and/or USGAAP figures as the basis for theirinternal control of financial reportingevaluation. While the general view is thatthe local reporting should be the focus,institutions will also still need to lookclosely at the design and operationaleffectiveness of their US GAAP

4 PricewaterhouseCoopers UK Retail Banking Newsletter October 2006

The first and in many ways most importantstep towards smart compliance is simplyallowing enough time. From judging what arethe ‘key’ controls through to verification anddocumentation has taken US firms far longerthan most originally envisaged.

reconciliations. They will also needto decide what should be includedin the scope, such as whether theyneed to include FIN 46 entities, jointventures or associates.

Dialogue with external auditors can proveparticularly helpful in identifying andprioritising the most serious risks.Banks may also want their auditors toreview draft financial statements beforefinalisation to help identify anydeficiencies. Some institutions may bewary of consulting their auditors aboutthe application of accounting standardsfor fear of compromising independence.However, such interaction is appropriateas long as management has reasonablecontrols to interpret accounting rules, thefinal say over the accounting used andthe auditors are not part ofmanagement’s control process.

Control framework

We believe that a more systematic risk-based approach to Sarbox could help toreduce the cost and effort of complianceby up to 30%. It could also provide thefoundations for an integrated controlframework that not only streamlines andsustains the verification of financialreporting but also contributes to otherkey aspects of compliance and riskmanagement such as the Basel IIAdvanced Measurement Approaches.The essential features of the frameworkinclude timely and reliable managementinformation, a robust technology

infrastructure and appropriatestandardisation of testing anddocumentation. Underpinningthis is investment in staff trainingand competence.

The overall objective is the elimination ofmaterial weaknesses. If a bank is facingan adverse report, however, it should becompletely open about setting out thenature, implications and plans forremediation. The market reaction tomaterial weaknesses in the US hastended to be reasonably muted as longas there was plenty of advanced warningand explanation. The rating agencyMoody’s categorises weaknesses aseither specific, which auditors can workaround, or pervasive, which may triggera downgrade. Around a third have falleninto the latter category.

Reaching the summit

Many banks may feel that they havea mountain to climb as they seek tocomply with Sarbox. Yet more attentionto defining the most important prioritiesincluding the most serious risks couldhelp to take the grind out of the process.While many firms in the US initially foundthemselves looking at the full gamut oftheir internal controls, it is those that arekey for relate to financial reporting thatrequire detailed attention. Of these,experience indicates that the year-endprocesses present the greatest risks.The ultimate aim is a framework ofinternal control that not only sustains

compliance and can be embedded intothe day-to-day operations of the bank,but can also provide greater assuranceand improved management informationfor the business.

Contact us

Nicola ShieldDirector, Financial ServicesTel: 020 7804 9315Email: [email protected]

Chuck TeixeiraDirector, Financial ServicesTel: 020 7213 2731Email: [email protected]

PricewaterhouseCoopers UK Retail Banking Newsletter October 2006 5

The Banana Skins survey is carriedout annually by the Centre for theStudy of Financial Innovation inassociation with PwC, and attractsrespondents from a wide range ofinstitutions in an increasing numberof countries – this year 468respondents from 60 countries.The survey asks respondents todescribe their main concerns aboutthe financial system over the next2-3 years, to rate a list of potentialrisks and also to rate thepreparedness of financial institutionsto deal with those risks. The resultsgive a fascinating picture of theconcerns of the banking industry.

The top three

There has been little movement inthe top three risks, with the top twounchanged from 2005 and the third,derivatives, only moving up oneplace. For the second year running,

too much regulation comes out asthe top banana skin. The mostfrequently mentioned risk was thecost of regulation, particularly sincefew bankers saw a compensatingbenefit. Other concerns were thedistractions caused by a constantflow of new regulations, and theanti-competitive aspects ofregulation, especially for smallerbanks. In some instances regulationwas criticised for beinginappropriate, for example focusingon micro-regulation at the expenseof the big picture and big risks.

The prescriptive nature of regulation,removing judgement and potentiallybreeding a box-ticking attitude andreluctance to give customers advice,were quoted as sources of concern,and there is growing concern aboutthe politicisation of regulation andinterference by governments.

‘Banking Banana Skins 2006’ provides a thought-provoking insight into the concerns and priorities ofbankers, regulators and observers of the banking industryacross the globe, from the emerging markets as well asfrom leading players in the developed world.

By David Lascelles andJohn Hitchins

Banking Banana Skins 2006:A challenge for the regulators

Banana skins 2006 (2005 ranking in brackets)


Other concerns were the distractionscaused by a constant flow of new regulations,and the anti-competitive aspects of regulation,especially for smaller banks.

Too much regulation1 (1)

Derivatives3 (4)

Interest rates5 (12)

Hedge funds7 (5)

Emerging markets9 (15)

Fraud11 (6)

Currencies13 (7)

Political shocks15 (22)

Banking market overcapacity17 (20)

Merger mania19 (27)

Business continuation21 (19)

Insurance sector problems23 (11)

Environmental risk25 (28)

Rogue trader27 (24)

Payment systems 29 (25)

Credit risk2 (2)

Commodities4 (14)

High dependence on technology6 (8)

Corporate governance8 (3)

Risk management techniques10 (9)

Equities12 (18)

Macro-economic trends14 (10)

Conflicts of interest16 (-)

Money laundering18 (13)

Legal risk20 (17)

Retail sales practices22 (23)

Back office24 (26)

Management incentives26 (21)

Competition from new entrants28 (29)

Too little regulation30 (30)

Nationality of institution

Asiapac

C&S America

Europe

Middle East

North America

Africa

20%23%

50%

2%

2%

3%

Source: CSFI

Source: CSFI

Brussels was widely blamed for much ofthe burden and cost, with respondentsciting the new directive on markets infinancial instruments (MiFID). Basel II alsocame in for criticism, although manyrespondents from emerging markets feltthat Basel II is encouraging bettermanagement practices and controls.

Unsurprisingly, banks and bankerswere the most vociferous in highlightingover-regulation as a risk, and particularlyso in Europe, although this was alsohighlighted by non-banking businesses(who placed it second), and it camein the top 10 (at number 9) even fromthe regulators.

Credit risk remains the number 2concern, coupled with rising interestrates (up from number 12 to number 5).Particular aspects of credit riskhighlighted were over-borrowing in theconsumer debt market, with consequentreputational damage over irresponsiblelending, and housing bubbles in themortgage industry. Credit risk concernswere not confined to the consumersector, however: leverage in privateequity firms and hedge funds, and theextent to which businesses are fullygeared, were also highlighted.Conversely, a number of respondents feltthat credit risk was over-emphasised,and some felt that the banks weremanaging credit exposure well.

Derivatives continue to be a strongsource of concern, and in particularcredit derivatives. Bankers wereconscious of the potential for volatilityin the event of an economic downturn,and the possibility of a default by a largeissuer, investment bank or hedge fundwith a knock-on effect on liquidity in themarkets. The complexity of derivativeproducts, leading to difficulty inunderstanding the market and even inproperly understanding and managingrisk from the Board, were also citedas factors increasing risk.

The big movers

Although the top few risks are relativelyunchanged, there have been somesignificant moves in the risk rankings.The risks moving up the list were:

Commodities – price volatility drivingthe risk up 10 places to number 4,with concerns largely stemming from theenergy sector (high oil prices, terrorism,political unrest in the Middle East, andChina’s voracious appetite for oil)and particularly strongly voiced by theG7 countries;

Merger mania – worries coming backrelating to increasing marketconcentration and stretch onmanagement structures, the creation ofuncontrollable entities and the eliminationof smaller players;


Unsurprisingly, banks and bankerswere the most vociferous in highlightingover-regulation as a risk, and particularly so inEurope, although this was also highlighted bynon-banking businesses (who placed it second),and it came in the top 10 (at number 9) evenfrom the regulators.

Emerging markets – concerns aboutstability are again rising, with heavyexposures at fine prices, and particularconcerns over Russia and China;

Political shocks – the political tensionin the Middle East, continued violencein Iraq, the Iranian nuclear questionand North Korea were all quoted ina widespread concern that thebanking industry could suffer fromunexpected shocks;

Equities – the recent good performancein equities has led to some nervousnessthat there could be a correction in themarket, with a particular effect on theprivate equity sector.

The decreasing concerns were in anumber of the perennial risks where it isfelt that procedures and controls aresucceeding in managing risk: fraud,which, while it will always feature in theindustry, has received a great deal ofattention; money laundering, which isgenerally considered to be an over-ratedproblem; management incentives, wherebetter governance is reducing concern;currencies, a market which is betterunderstood and where the US dollar isnow less of a concern; and the insurancesector, where problems highlightedpreviously are felt to be being addressed.

So what does this mean forthe banks?

Banks were seen this year as betterplaced to handle shocks in the system –64% of respondents felt that institutionswere moderately well prepared or betterable to handle the risks, up from 57%last year. Confidence was particularlystrong among bankers (73%) but alsoamong regulators – 63% compared with39% last year, although outsiders weremore sceptical, with only 44% thinkingthat banks were well prepared.

It is clear that, while many of the riskshighlighted in the past are now felt to beincreasingly under control, there is stillplenty of scope for volatility – whether inthe commodity market, the emergingmarkets or in domestic credit losses,compounded by increases in interestrates. The key message from the banks,however, is a challenge to the regulatorsto show that their regulatory processesare delivering not only a robust regulatoryframework but the right balance of costand benefit.


Contact us

David LascellesCo-director, Centre for the Study ofFinancial InnovationTel: 020 7493 0173Email: [email protected]

John HitchinsPricewaterhouseCoopersUK Banking LeaderTel: 020 7804 2497Email: [email protected]

Copies of the Banking Banana Skins 2006report can be purchased through theCSFI website atwww.bookstore.csfi.org.uk or by callingthe Centre on 020 7493 0173

The continental market is dominatedby the German Pfandbrief, withother countries also havingintroduced legislation to governcovered bond structures. While theUK has no such specific legislation,the market is less developed but,particularly with the expectedintroduction of an EU-compliantcovered bond regime by the FSA,is growing fast.

HBOS pioneered the use ofcommon law to establish a UKcovered bond programme in 2003,and since then Northern Rock,Abbey, Bradford and Bingley andNationwide have all followed.

Covered bonds vsmortgage backedsecurities

Covered bond programmes sharesome structural similarities with

securitisations. An outline of atypical structure, compared witha securitisation, is shown in thediagram overleaf.

As with a securitisation structure,the over-collateralisation of the poolof assets means that there may bea higher rating for the bonds thanfor other debt of the originator.Furthermore, the ring-fencing of theassets transferred to the specialpurpose entity (SPE) means thatinvestors in the bonds have priorityover other creditors of the lender inthe event of an insolvency. The mostsignificant difference in structure isthat the lender itself issues the debtin a covered bond issue, the interestand capital on which is guaranteedby the SPE. In a securitisation thenotes are issued by the SPE itself.

Covered bonds look set to become a popular low-costfunding alternative to Mortgage-Backed Securities(‘MBS’) in the UK, following in the footsteps of otherEuropean countries where they have been usedcommonly as a source of funding, in some cases sincethe early 1900s.

By Mark Davis and Dave Haley

Covered bonds – a new source offunding for UK lenders?

SPELender

Mortgage Assets

Guarantee

Not

es

Cas

h

Cash


As with a securitisation structure,the over-collateralisation of the pool of assetsmeans that there may be a higher rating for thebonds than for other debt of the originator.

Securitisation

Covered Bond

Note Holders

SPELender

Mortgage Assets

Not

es

Cas

h

Cash

Note Holders

Source: PricewaterhouseCoopers

There is also an obligation on the part of the lender to repurchase defaultingassets, which is not the case in a securitisation.

The more important difference forthe lender, however, is in the capitaltreatment of the structure. In mostinstances, the principal reason for asecuritisation was the capital treatmentfor the lender, with additionalconsiderations being access to morediverse funding sources and a widerinvestor base. There is no such capitalbenefit with a covered bond issue, sothe commercial reasons for entering intosuch a structure are funding and liquidityconsiderations, in particular the pricing offunding, and also the prospect of a widerinvestor base as the market develops.The bonds are attractive to investors whowant a greater yield than similarly ratedgovernment bonds, while maintaining aliquid investment.

Regulatory considerations

There are two key aspects of regulatorytreatment which make covered bonds anattractive proposition for the lender.

Firstly, the FSA has, in letters to theBritish Bankers Association and Councilof Mortgage Lenders, issued guidance onindicative limits on issuance for lenders.These are:

- A monitoring threshold: where issuancereaches 4% of total assets, supervisorsshould be informed;

- An upper benchmark where issuancereaches 20% of total assets, abovewhich the FSA would require anincrease in most banks’ IndividualCapital Ratios (ICR).

This guidance has allayed concernsthat the FSA was likely to adjust banks’ICRs to reflect the potential disadvantageto other creditors, particularly depositors,of the covered bond structure.

Under the new approach each issuerwill effectively have its own individualmateriality threshold, between 4% and20% of total assets. This threshold willvary and be assessed on a bank-by-bankbasis, taking into account issuer-specificfactors such as the size of the coveredbond, level of issuance relative to sizeand growth of total assets and mortgageassets, total level of the bank’s assetsthat are encumbered (including anyover-collateralisation associated with thecovered bond) and the bank’s overallfunding and liquidity profile.

Secondly, in February 2006 the FSAannounced its intention to consultwith the Treasury and the industry onimplementing an EU UCITS-compliantcovered bond regime to the UK.

If implemented this will allow investors incovered bonds to benefit from a 10% riskweighting instead of the 20% currentweighting. This has positive implicationsfor the pricing of bonds, and is alsolikely to widen the investor base forUK covered bonds as they would


more commonly meet asset managers’investment policy criteria for coveredbonds rather than highly ratedcorporate bonds.

Practical considerations

As with a securitisation, lendersconsidering using a covered bondstructure need to take into accounta number of important considerations:

- Reports will be required for investors.The data needed for these reports maytake time to collate, and early planningis essential;

- Similarly, it is important that the issueprocess, and the expectations of thelead managers in such a deal, areproperly understood and can beplanned for at an early stage;

- The lender needs to understand theasset portfolio in details. Data onhistoric performance will be required,with cash-flow analysis for producttypes, showing both historic andexpected cash flows, and the degreeof variability in those cash flows.The focus on product characteristicsby rating agencies may mean that onlycertain products are eligible to beincluded in the asset pool (there mayfor example be concerns aboutdiscounted products which carry asignificant prepayment risk at the endof the discount period);

- There are a number of accountingcomplexities, both for the lender andfor the SPE, which must be fullyunderstood. These relate in particularto the fact that the asset transfer willnot meet the criteria in IAS 39 forderecognition from the lender’s balancesheet, and the treatment of interestrate swaps used as hedges;

- The tax position should be evaluatedcarefully at an early stage.

The recent developments in the market,and in particular in the regulatorytreatment of covered bond structures,mean that this is fast becoming a realalternative source of funding for UKlenders, widening the investor base andcomplementing mortgage-backedsecurities and other funding sources.


The recent developments in the market, and inparticular in the regulatory treatment of coveredbond structures, mean that this is fast becominga real alternative source of funding for UKlenders, widening the investor base andcomplementing mortgage-backed securitiesand other funding sources.

Contact us

Mark DavisDirector, Structured Finance GroupTel: 020 7212 4011Email: [email protected]

Dave HaleySenior Manager,Structured Finance GroupTel: 0161 245 2364Email: [email protected]

In the spotlight

Recent developments in internalaudit are for the most part highlypositive and, increasingly, there isa better-informed debate on the roleof internal audit, its quality,effectiveness and cost within theretail banking sector. This is creatingan environment where the true valueof internal audit is becomingrecognised and Heads of internalaudit should now have greaterinfluence than ever before.

There is inevitably another sideto this coin, as with increasedrecognition and understandingcomes increased transparency –and therefore potential challenge.The drivers here are substantial andinclude the Combined Code andSarbanes-Oxley; but it is theregulator who is driving the mostsignificant change in internal audit.

As a result, CF15s (the FSA termfor Approved Persons with oversightaccountability for internal audit)need heightened awareness of

regulatory obligations and alsoof the challenges they face tomaintain the effectiveness of theirfunction in a rapidly changing retailbanking market.

The FSA is increasing its focus onthe effectiveness of internal audit.This is evidenced by the emphasison internal audit within the ARROWsupervisory approach, as well asthe scope of recent Section 166reviews. John Tiner’s profile speechat the Institute of Internal Auditors inSeptember last year also indicatedthat the FSA is seeking to “rely onthe oversight of internal audit ratherthan requiring a prolongedsupervisory visit” going forward.

With its ability to influence thereduction of risk and thestrengthening of internal control,internal audit is clearly a vitalelement of the ARROW assessmentand can directly contribute to lowerlevels of regulatory intervention.

This emphasis is maintained in theFSA’s Consulting Paper (CP) 06/9 on

Internal audit has reached a prominence in the retailbanks and building societies that reflects both the profileof the profession and the importance placed upon it byAudit Committees, management and the regulator.

By David Lukeman

Internal Audit – top of the agenda

‘Organisational Systems and Controls’,which promotes the role of internal auditas an “important control”. Significantly,CP06/9 broadens this debate across allcontrol functions and is likely to be thestart of a more rounded discussionon how internal audit, risk andcompliance combine to identify, measure and monitor risks.

Internal auditors have been pushed intothe spotlight. Some will be betterprepared for this than others!

Building confidence

The bar has been firmly raised and thereare new expectations relating to thequality of internal audit. In the light ofthis, Audit Committees, and indeed thefull Board, should be re-evaluatingwhether they are getting the right qualityof internal audit service for the risk profileof the institution and at the right cost.

Far from being a compliance exercise,Boards are extracting real businessbenefit from challenging the purposeand performance of internal audit withinthe context of the institution’s assuranceneeds, including:

• deep and frequent interaction betweeninternal audit and Audit Committee,thereby improving the Committee’sunderstanding of the risks of theinstitution, internal audit’s coverage ofthese risks (and any gaps in coverage)and approach;

• the remediation of shortfalls incapability through investing in the rightskills to provide assurance over the realrisks of the bank, including the lesstraditional areas of reputational andstrategic risk; and

• improved confidence of the regulatorin the function and greater recognitionby management as to the valuea high performing internal auditfunction provides.

It is this value agenda that has providedthe CF15’s elevation on both thegovernance and regulatory agenda.

Integrating assurance

For leading functions this renewedappreciation is, in part, providing someinsulation against the pressures of costconstraints which are beginning to bewielded elsewhere in the bank or society.However, the overall ‘assurance’ cost iscoming under greater focus, including the activities of risk management and compliance.

Internal audit improvements may alsobring into sharper focus the effectivenessof other control functions and how theywork together to meet the assuranceneeds of the bank.

These are not insignificant challengesand to progress there is a need forcontrol functions to set aside artisticdifferences that can occur. Internal auditshould be playing a lead role in this; not


The bar has been firmly raised and there are newexpectations relating to the quality of internalaudit. In the light of this, Audit Committees, andindeed the full Board, should be re-evaluatingwhether they are getting the right quality ofinternal audit service for the risk profile of theinstitution and at the right cost.

least in sharing their own professionaldevelopment experiences, but also inseeking opportunities for greatercollaboration and integration of theassurance being provided to theAudit Committee.

While regulators seek greaterindependence of control functions, thesediffering reporting lines, mandates andobligations should not be an inhibitorto effectively combining:

• views and assessments on risk;

• planning and co-ordination ofcoverage; and

• frameworks for reporting andcommunications.

For successful organisations, the prizesare cost efficiency, an amplificationof the comfort being received by theBoard and Audit Committee and lessintrusiveness from the regulator.

Contact us:

David LukemanDirector, Banking & Capital MarketsInternal Audit PracticeTel: 020 7804 7104Email: [email protected]


Key questions oninternal audit value:

n Has internal audit been properlyassessed against good practiceand regulatory expectation?

n Is the benefit of internal auditbeing communicated sufficientlyto the regulator?

n Do the Board and AuditCommittee receive an integratedview of internal audit, risk andcompliance activities?

n Is the combined investmentin the bank’s Control Functionscost effective?

Every year, dozens of intrepidadventurers seek to emulate thefeats of Amundsen, Shackleton andother great polar explorers by drivingdog sleds across the frozen wastes.The less experienced soon learn thatwhile their huskies possessawesome strength and endurance,they can also be highly recalcitrantand prone to squabbling amongthemselves unless shown a firmlead. At every stop, Amundsenused to make a point of picking outthe most defiant dog and scolding itto ensure that it and the rest ofthe pack knew who was boss.Although the environment may beless extreme, many banks now findthemselves seeking to marshal adiffuse pack of outsource providers,each of whom may want to pullin different directions or vie to betop dog.

Selecting the best

The move to multi-sourcing is anatural progression as banks seek toemploy the most efficient andappropriate provider within eachaspect of business processes HR,IT, finance and other multifacetedoperations. Last year, for example,ABN Amro hired five separatesuppliers to help run its IT. IBM istaking care of the infrastructure;while various aspects ofdevelopment and applicationsupport are being shared by Infosys,Accenture, Patni Computer Servicesand Tata Consultancy Services. INGrecently followed suit in what is setto be an accelerating trend acrossthe banking sector.

Many UK banks are entering into multiple outsourcingcontracts (‘multisourcing’) as they seek to engagebest-in-class specialists in each particular facet of theiroperations. Yet, more suppliers heightens the complexityof delivery and relationship management, while adding tothe potential points of failure. How can banks take bettercontrol of multi-sourcing?

By Amanda Frear, Monica Ottenand Sonny Sonnenstein

Leading the pack:Managing effective multi-sourcing

Although each supplier may be abest-of-breed in its own right,multi-sourcing can multiply the risksand complexities of outsourcingmanagement. Within finance, forexample, different providers may behandling a series of interdependentoperations such as general ledger journalentries, payroll, accounts payable andtax. The links in the chain may includein-sourced local and offshore servicecentres, in addition to the outsourcedoperations. Managing each separatecomponent can be a juggling act in itself.Moreover, if the processing chain orsupply of information between thedifferent providers is delayed or breaksdown, this could disrupt or hold up vitalrequirements such as year-end returns.Any lapses in customer-facing operationscould be especially damaging to thereputation and revenues of the institution.

Exerting control

Effective multi-sourcing thereforedemands consistent and clearly definedroles, governance structures andproblem-solving procedures bothbetween client and individual providerand, just as crucially, across the networkof suppliers. Indeed, the need forpreparation and control of multi-sourcingcould be likened to the due diligencerequired in a merger and acquisition.

The ideal foundation for the governancestructure is an integrated set of roles andaccountabilities – across all serviceproviders. This needs to be supported bya single set of service standards,monitoring and appraisal processes andremediation procedures that apply acrossall operations, including all internal andexternal dimensions of the processesbeing outsourced. Clients need to defineclear ownership and accountability foreach link in the service chain and ensurethat each provider understands and isproactive in working with the othersuppliers within the network. Thisoperational framework is underpinned by clear escalation triggers related toincidents and issues that occur anywherein the process. This ensures that theoutsource providers do not waste timepointing fingers at each other and instead work together to focus on fixingthe problem.

A key objective is the creation ofseamless peer-to-peer relationshipsbetween the different suppliers, ratherthan each provider referring back tothe client every time there is a delayor complication. If there are changes totax rules, for example, it should be theresponsibility of the provider managingtaxation to inform all the other suppliersabout the nature of the changes, theirimplications and how they should beaddressed by each of the operations.Similarly, different aspects of a multi-sourced IT environment can be at odds


The ideal foundation for the governancestructure is an integrated set of roles andaccountabilities – across all service providers.

over the cause of an incident – forexample, a production system failureoccurs and the IT infrastructure providerblames the application coding for theissue whereas the IT developmentprovider blames hardware configurationissues. They could waste precious timearguing back and forth on this, whereaswith a clear incident management andescalation between the two, the focuswill be on fixing the problem first andperforming an integrated post mortemafter the problem has been fixed.Clearly some suppliers may bedirect competitors, yet this shouldnot be allowed to conflict with theirprimary obligation to their joint clientespecially if their working relationshipsare clearly defined at the start of theirrespective contracts.

Everything in order

Splitting out outsourced services canensure that each link in the value chainis managed by dedicated specialists atthe right cost. However, if multi-sourcingis poorly and reactively managed thisadds to the risks and complicates therelationships between outsourced

vendors. Effective multi-sourcingtherefore requires the design andimplementation of a clear and consistentgovernance structure that exertsappropriate control, while limiting the riskof failure and demands on client time.As Amundsen said ‘Success awaits thosewho have everything in order’.

Contact us:

Sonny SonnensteinDirector, Performance ImprovementConsultingTel: 020 7212 3643Email: [email protected]

Amanda FrearPerformance Improvement ConsultingTel: 020 7213 5593Email: [email protected]

Monica OttenPerformance Improvement ConsultingTel: 020 7804 1678Email: [email protected]


www.pwc.com

UK Retail BankingNewsletter* - pwc.com · pose the greatest risks to the reliability of their...

Documents

Transcript of UK Retail BankingNewsletter* - pwc.com · pose the greatest risks to the reliability of their...