Banking Exchange Magazine Logo

Do we believe in our internal controls?

Impatience with perceived lack of enforcement can be turned into organizational introspection

There’s really not much that indicates we’ve learned anything new over the last several cycles,” says veteran lender and CEO Ed O’Leary. Each week in his blog he strives to fix that. There’s really not much that indicates we’ve learned anything new over the last several cycles,” says veteran lender and CEO Ed O’Leary. Each week in his blog he strives to fix that.

Actions have consequences.

Most adults understand this concept—although it seems that we as a society experience amnesia on the concept now and then. In fact, organizations, banks included, may sometimes have their own bouts of amnesia, or worse.

In the credit business, amnesia frequently isn’t a luxury that we have. Lenders know that short cuts on the basics, concentrations of credit, or lax procedures can lead to grief. Said trouble will impact bank performance in various ways and could even culminate in bank failure and closure.

All credit people understand the role of internal controls. These include such factors as an independent loan review process, credit policy, centralized underwriting for quality control purposes, credit committees, and internal audits.

Yet a realization is developing that accountability is seriously lacking for many participants in our system.

Accountability: Do we have it? Do we want it?

We have all experienced frustration at the level of reputation damage visited on the banking industry due to the carelessness, misfeasance, and malfeasance of some bankers. Unfortunately, many if not most of these people were agents of very large institutions. Their offenses ranged from abetting income tax evasion by customers; Bank Secrecy Act violations benefiting terrorist and circumventing economic sanctions of rogue political regimes; rate fixing; and more, all chronicled in the media in recent years.

These actions have also resulted in fines and penalties assessed against these same institutions. Of more than $22 billion in fines paid by corporate America in the years since the failure of Lehman Brothers, 80 banking institutions paid approximately 80% of the total. And there have been remarkably few prosecutions of either institutions or the officers and agents of these institutions—to the point where the absence of litigation activity is becoming a political issue.

Defenders of the present system note with some justification the difficulty of successfully prosecuting of bank officials. They point to constitutional protections and the inherent challenge of proving fraudulent intent under many criminal statutes.

Just this week the details of the negotiations between DOJ and HSBC, the enormous London-based banking company, came to light. Source of the issues: Bank Secrecy Act violations in the years leading up to the deferred prosecution agreement signed in 2012.

In addition to a $1.9 billion fine, HSBC agreed to a five-year period of independent monitoring of BSA compliance and a number of specific actions designed to strengthen the internal administration of the bank’s level of BSA compliance.

In exchange, DOJ agreed to defer prosecution of the infractions during the monitoring period and, in the absence of any non-compliance with the agreement during this period, dropping any further charges.

To many, this sounds like a government capitulation to “Wall Street interests.” This camp sees the deferred arrangement deflecting any substantive responsibility for its actions away from the bank.

Others would counter that a nearly $2 billion fine is a substantial sanction.

Still, it protects the bank from a much worse outcome—the loss of the bank’s U.S. charter in the event of a conviction on the charges of aiding and abetting terrorists through deliberate non-compliance with BSA.

Is there some reason in deferred prosecutions?

What I’ve not seen discussed at all in this context is a historical reflection on what can happen when a deferred arrangement is not considered.

I find myself thinking back on the conviction of Arthur Andersen, Enron’s auditor, of fraudulent activity relating to the audit and presentation of Enron’s financial performance in the years before the energy company imploded.

In 1992, Arthur Andersen was found guilty of criminal activity in connection with the Enron audit. This immediately disqualified the firm from engaging in auditing activities of any publicly traded company pursuant to rules of the Securities and Exchange Commission.

With its business model destroyed, Arthur collapsed. Over 10,000 persons lost their jobs. Very few of these people had any connection with Enron. Yet these persons lost their livelihoods and many—including many retired partners—lost substantial equity in the firm.

Several months later, a federal judge threw out the conviction on appeal. But the destruction was done. There was no putting Humpty Dumpty back together again.

Many cry out for “an eye for an eye” sort of justice. However, the costs along the way to such outcomes is fraught with risks related to safety and soundness of the system and the potential for the infliction of serious injustice on otherwise innocent parties.

The damage to large numbers of people and to the confidence in the financial system is spared by the adoption of deferred prosecution agreements.

In the interest of justice…

Yet I’m not defending the use of deferred prosecution settlements. Rather, I’d like to understand how and when they are used and whether they further the objective of reducing bank related crimes.

The absence of a rough sort of justice is a valid observation and many observers are deeply disturbed by its absence. Very few individuals have been confined to prison and a disturbingly large number of employees seem to avoid any significant consequences for their actions.

We’re also seeing this clearly in Secretary Clinton’s issues with her unauthorized email server. If actions have consequences, what should they be?

What do we practice within our own walls?

But let’s turn the mirror on ourselves.

Personally, I believe that the issue of few if any consequences to perpetrators of financial sorts of crimes or malfeasance is linked to an enterprise’s attitude toward internal controls. Without a firm response to detected violations of internal controls, violations of a willing and deliberate nature continue.

This is not a matter of training. It’s a matter of enforcement.

Bankers craft comprehensive policies across a wide range of activity, but then fail to enforce their terms. How many of HSBC’s issues with BSA compliance might be traced back to a wink in the direction of internal controls? How does one effectively and summarily stop the tendency of workers anywhere to take “short cuts” with the rules?

I’ve done two stints in my career as credit administrator at what were, for their time, large regional banks. Writing of policy and training of staff in its use and application is easy. The will to enforce it by the entire management structure of the institution is quite another.

What do we tolerate internally?

The issue of actions having consequences is coming to a head with potentially significant political involvement and implications for public policy.

We can—and should—get ahead of this rush to justice by reaffirming “zero tolerance” toward internal control infractions.

Our reputations as bankers have been systematically shredded by a relatively few and I’m not aware of any other sure means to undo the damage except for each bank, each banker, to get it right.

Ed O’Leary

Banking Exchange Contributing Editor Ed O'Leary, a veteran lender and workout expert, spent nearly 50 years in bank commercial credit and related functions, working with both major banks as well as community banking institutions. His last job before retiring was as the CEO of a regional bank headquartered in Alburquerque, N.M. He earned his workout spurs in the dark days of the 1980s and early 1990s in both oil patch and commercial real estate lending. O'Leary began his banking career at The Bank of New York in 1964, and worked at banks in Florida, Texas, Oklahoma, and New Mexico. He served as a faculty member and thesis advisor at ABA's Stonier Graduate School of Banking for more than two decades, and served as long as a faculty member for ABA's undergraduate and graduate commercial lending schools. Today he works as a consultant and expert witness, and serves as instructor for ABA e-learning courses. You can e-mail him at [email protected]. O'Leary's website can be found at

In mid-2016 O'Leary's "Talking Credit" blog received a bronze excellence award for the Northeastern Region from the American Society of Business Publication Editors.

back to top


About Us

Connect With Us