Having learnt the hard way the HBOS whistleblower explains how you can try to communicate with the board. But it may all be in vain if they're not willing to listen
Bringing an unpopular message to the board is tough. Nowhere is this more clearly demonstrated than in the case of Paul Moore, the HBOS whistleblower. HBOS, one of Britain’s biggest banks, had to be rescued by a government backed bid in October 2008 at the height of the credit crisis because it was sinking beneath huge subprime debts. Moore was the bank’s head of risk and he claimed to have seen the problems coming years earlier. But, according to his claims, his warnings went un-headed. In fact, he was spectacularly given the shove.
Airmic has asked Moore to present at this year’s conference because the association feels his message could resonate with other risk managers and it feels there are important lessons to learn about the challenges of communicating risks with the board. Clearly, in tricky circumstances, such as Moore found himself in, it is important to make a convincing case to the board. But Moore argues that is exactly what he did. “You can have the best governance processes in the world but if they are carried out in a culture of greed, unethical behaviour and an indisposition to challenge they will fail,” he says.
Moore joined HBOS in 2002 to head regulatory risk. As far back as 2003 the Financial Services Authority (FSA) was worried about the banks internal risk management systems. HBOS’s chief, James Crosby, asked Moore to head an internal inquiry. At that stage, Moore, who’s been a partner with KPMG and worked for Marsh for a short time before joining HBOS, says that he made it clear to the board that if he was to lead the investigation he wanted to do it thoroughly and forensically. His investigation unearthed some disturbing signs. In particular Moore raised concerns about the potential for the bank’s sales staff to miss-sell consumer investment products and payment protection insurance. As Moore reported about reckless lending at the bank he was severely reprimanded by his bosses and eventually he was fired. Moore claims to have been severely let down by the bank’s non-executives, who failed to offer him the support or protection he needed.
StrategicRISK quizzed Moore about his experience. Did he have good relations with the board prior to his investigation and credibility at a senior level? “If I’d been in the perfect world I would not have walked into HBOS and walked into a tornado,” he says. “I would have had several years to build relationships. But I didn’t. I was promote into the job 14 or 15 months after I’d arrived to deal with a situation because the regulator had turned the thumb screws on.” Lots of risk managers probably find themselves in a similar situation because it is often the case that a new person is promoted to deal with a difficult set of circumstances, he says.
Moore felt compelled, and legally obliged, to disclose his serious concerns to the FSA. HBOS’s reply to the warnings was to commission KPMG to do an independent inquiry. Meanwhile, Moore was reportedly given a six figure sum for his silence. He feels the regulator should have done more. It was not until his fear’s manifested themselves at the height of the banking crisis that Moore broke his silence and gave evidence to a government inquiry into the failure Britain’s biggest banks.
Moore thinks the role of risk manager needs to be strengthened and they should be given protection against being fired if they present hazards to the board. He is pleased that some of these considerations have been taken into account in regulatory inquires, such as the Walker review, into the causes of the financial crisis. “You shouldn’t have to rely purely on the emotional aspect when you’re doing the risk managers job. It should be based on evidence. If the evidence demonstrates something, then it shouldn’t be permitted for a CEO on their own to dismiss somebody. It’s absolutely wrong. The decision should be overseen by the FSA because that means that the board will not take a decision lightly, they will think closely.”
Risk managers are fundamentally challenged by the fact that their work to protect companies from disaster is often seen as meddling and an obstacle to business. “A large percentage of people who are subjected to any type of review don’t like the person whose done the review,” says Moore. “It’s only natural but the culture should be that it’s a good thing to have one’s tyres kicked.
“I’m not the kind of risk manager who say: ‘The answers no now what’s the question?’ My mantra is cars have better brakes so they can go faster.”
Moore believes he did everything he could to present his case properly and make sure the bank’s senior managers took the message on board. “I am absolutely satisfied that technically I did the job outstandingly well and I took every step that I could possibly think of to lay the groundwork so that it was accepted.” The problem, he says, was that senior boss took the negative message as a “personal affront” and weren’t prepared to take the necessary steps to rectify the situation.