Do we believe in our internal controls?

Actions have consequences.

Most adults understand this concept—although it seems that we as a society experience amnesia on the concept now and then. In fact, organizations, banks included, may sometimes have their own bouts of amnesia, or worse.

In the credit business, amnesia frequently isn’t a luxury that we have. Lenders know that short cuts on the basics, concentrations of credit, or lax procedures can lead to grief. Said trouble will impact bank performance in various ways and could even culminate in bank failure and closure.

All credit people understand the role of internal controls. These include such factors as an independent loan review process, credit policy, centralized underwriting for quality control purposes, credit committees, and internal audits.

Yet a realization is developing that accountability is seriously lacking for many participants in our system.

Accountability: Do we have it? Do we want it?

We have all experienced frustration at the level of reputation damage visited on the banking industry due to the carelessness, misfeasance, and malfeasance of some bankers. Unfortunately, many if not most of these people were agents of very large institutions. Their offenses ranged from abetting income tax evasion by customers; Bank Secrecy Act violations benefiting terrorist and circumventing economic sanctions of rogue political regimes; rate fixing; and more, all chronicled in the media in recent years.

These actions have also resulted in fines and penalties assessed against these same institutions. Of more than $22 billion in fines paid by corporate America in the years since the failure of Lehman Brothers, 80 banking institutions paid approximately 80% of the total. And there have been remarkably few prosecutions of either institutions or the officers and agents of these institutions—to the point where the absence of litigation activity is becoming a political issue.

Defenders of the present system note with some justification the difficulty of successfully prosecuting of bank officials. They point to constitutional protections and the inherent challenge of proving fraudulent intent under many criminal statutes.

Just this week the details of the negotiations between DOJ and HSBC, the enormous London-based banking company, came to light. Source of the issues: Bank Secrecy Act violations in the years leading up to the deferred prosecution agreement signed in 2012.

In addition to a $1.9 billion fine, HSBC agreed to a five-year period of independent monitoring of BSA compliance and a number of specific actions designed to strengthen the internal administration of the bank’s level of BSA compliance.

In exchange, DOJ agreed to defer prosecution of the infractions during the monitoring period and, in the absence of any non-compliance with the agreement during this period, dropping any further charges.

To many, this sounds like a government capitulation to “Wall Street interests.” This camp sees the deferred arrangement deflecting any substantive responsibility for its actions away from the bank.

Others would counter that a nearly $2 billion fine is a substantial sanction.

Still, it protects the bank from a much worse outcome—the loss of the bank’s U.S. charter in the event of a conviction on the charges of aiding and abetting terrorists through deliberate non-compliance with BSA.

Is there some reason in deferred prosecutions?

What I’ve not seen discussed at all in this context is a historical reflection on what can happen when a deferred arrangement is not considered.

I find myself thinking back on the conviction of Arthur Andersen, Enron’s auditor, of fraudulent activity relating to the audit and presentation of Enron’s financial performance in the years before the energy company imploded.

In 1992, Arthur Andersen was found guilty of criminal activity in connection with the Enron audit. This immediately disqualified the firm from engaging in auditing activities of any publicly traded company pursuant to rules of the Securities and Exchange Commission.

With its business model destroyed, Arthur collapsed. Over 10,000 persons lost their jobs. Very few of these people had any connection with Enron. Yet these persons lost their livelihoods and many—including many retired partners—lost substantial equity in the firm.

Several months later, a federal judge threw out the conviction on appeal. But the destruction was done. There was no putting Humpty Dumpty back together again.

Many cry out for “an eye for an eye” sort of justice. However, the costs along the way to such outcomes is fraught with risks related to safety and soundness of the system and the potential for the infliction of serious injustice on otherwise innocent parties.

The damage to large numbers of people and to the confidence in the financial system is spared by the adoption of deferred prosecution agreements.

In the interest of justice…

Yet I’m not defending the use of deferred prosecution settlements. Rather, I’d like to understand how and when they are used and whether they further the objective of reducing bank related crimes.

The absence of a rough sort of justice is a valid observation and many observers are deeply disturbed by its absence. Very few individuals have been confined to prison and a disturbingly large number of employees seem to avoid any significant consequences for their actions.

We’re also seeing this clearly in Secretary Clinton’s issues with her unauthorized email server. If actions have consequences, what should they be?

What do we practice within our own walls?

But let’s turn the mirror on ourselves.

Personally, I believe that the issue of few if any consequences to perpetrators of financial sorts of crimes or malfeasance is linked to an enterprise’s attitude toward internal controls. Without a firm response to detected violations of internal controls, violations of a willing and deliberate nature continue.

This is not a matter of training. It’s a matter of enforcement.

Bankers craft comprehensive policies across a wide range of activity, but then fail to enforce their terms. How many of HSBC’s issues with BSA compliance might be traced back to a wink in the direction of internal controls? How does one effectively and summarily stop the tendency of workers anywhere to take “short cuts” with the rules?

I’ve done two stints in my career as credit administrator at what were, for their time, large regional banks. Writing of policy and training of staff in its use and application is easy. The will to enforce it by the entire management structure of the institution is quite another.

What do we tolerate internally?

The issue of actions having consequences is coming to a head with potentially significant political involvement and implications for public policy.

We can—and should—get ahead of this rush to justice by reaffirming “zero tolerance” toward internal control infractions.

Our reputations as bankers have been systematically shredded by a relatively few and I’m not aware of any other sure means to undo the damage except for each bank, each banker, to get it right.