Op risk data: regulator fines tumble by $5bn in 2019

By ORX News | Opinion | 16 January 2020

Also: Julius Baer hit with $150m Cold War-era claim, Barclays pays $87m for bond rigging. Data by ORX News

Jump to In focus: bank fines | Spotlight: UBS defamation case

In December’s largest loss, the Zurich Court of Appeal ordered Swiss private bank Julius Baer to pay Sfr153 million ($154.6 million) to the German government over alleged unauthorised withdrawals made from an account at its subsidiary, Cantrade Bank, dating back to the fall of the Berlin Wall.

In 2014, Bundesanstalt für vereinigungsbedingte Sonderaufgaben – a government body that seeks to track down assets previously held by the former East German state – filed a claim alleging that, between 1990 and 1992, withdrawals totalling Sfr97 million were made from an account owned by a foreign trade company established in what was then the German Democratic Republic. The funds were moved into Swiss banks after the fall of the Berlin Wall and were never recovered.

BvS alleges the transfers were unauthorised, and that Cantrade – which Julius Baer subsequently acquired from UBS in 2005 – was negligent in its duty of care to the account holders, and for failing to flag suspicious transactions and payments. It is now seeking to reclaim the amount plus interest.

Julius Baer said that it would appeal the decision to the Swiss Federal Supreme Court but would preventatively provision for the amount. The bank said it would seek to claim any final amount it would have to pay from UBS under the terms of a related transaction agreement of 2005, which, if it is successful, may result in a lower net loss to the private bank.

 

In second place, the French Competition Authority fined Natixis Intertitres – a unit of French banking group BPCE, which issues meal vouchers to employers in France, a common employee benefit – €83.3 million ($92.9 million) for conspiring with other providers of restaurant vouchers to prevent rivals from entering the market for almost two decades.

According to the Authority, between 2002 and 2018, Natixis Intertitres and three other providers collectively agreed not to issue restaurant vouchers in the form of a card or mobile app, something it argues damaged competition and restricted the development of technological innovation in the sector. Between 2010 and 2015, the issuers exchanged confidential information concerning their respective market shares each month through the lunch vouchers payment department. Natixis refuted all claims against it and said it would appeal the fine.

The third loss saw Barclays preliminarily agree to pay $87 million to settle claims it conspired to rig the prices of bonds issued by mortgage companies Fannie Mae and Freddie Mac. Investors, including pension funds, alleged that Barclays and 15 others had used their unique position as bond sellers for the government-sponsored entities (GSEs) to conspire to increase the prices of bonds, which consequently harmed investors. The 16 firms underwrote $3.97 trillion of Fannie Mae and Freddie Mac bonds between 2009 and 2016. Barclays underwrote more of these bonds than other firms.

In a separate settlement, 12 other firms – including Citi, HSBC and UBS – preliminarily agreed to pay a total of $250 million. Individual loss amounts have not been reported. The settlements include significant GSE market-specific antitrust compliance measures, including “rigorous” employee training; the establishment of a culture of compliance; dedicated resources for oversight; and periodic assessments by the Pennsylvania Treasury. As of December, the banks denied any wrongdoing.

Fourth, Russia’s central bank announced that unidentified individuals had stolen cash and securities totalling 3 billion rubles ($47.6 million) from Nevsky Bank. This amount significantly exceeds the bank's total assets. Consequently, the central bank revoked Nevsky Bank’s licence and installed temporary management before appointing a bankruptcy trustee or liquidator.

It is thought the bank converted funds from its correspondent account into cash and attracted client funds before the theft. The theft reportedly occurred in the first 10 days of December. The Deposit Insurance Agency of Russia will reimburse Nevsky Bank account-holders. The central bank also found that Nevsky Bank had repeatedly broken federal banking laws.

Finally, a Berkshire Hathaway subsidiary, Government Employees Insurance Company, preliminarily agreed to pay $33.1 million to settle class action claims that it wrongly withheld unavoidable title transfer fees and other replacement costs for covered total loss vehicles in Florida. In July, a federal judge found that the actual cash value of a vehicle should include these fees.

The class comprises over 250,000 Geico customers who had filed claims for totalled cars since 2012. Geico agreed to pay $27.5 million in cash available for the class to cover the cost of the fees and $5.6 million in attorneys’ fees. Geico will also amend its practices to include transfer fees on all first-party total loss claims upon approval of the settlement. This change is estimated to save Florida drivers $28 million over five years. As of December, the settlement required approval.

 

 

Spotlight: UBS employee wins $11m defamation claim

An arbitration panel of the US Financial Industry Regulatory Authority (Finra) ordered UBS to pay $11.2 million in damages, costs and fees in December following a defamation claim first filed in June 2018 by former employee Mark Munizzi.

UBS reportedly fired Munizzi from his position as a market operations supervisor in April 2018 after two accounts he oversaw lost value during a steep market decline two months earlier. UBS claimed that Munizzi had failed to act on margin calls and lied during an internal review of the incident. UBS also claimed that Munizzi had failed to properly supervise the risks of an uncovered options strategy.

However, Munizzi said that he was not notified about the margin calls on the two accounts and that when he did become aware of the issues, he took immediate steps to cover the unsecured positions.

Munizzi alleged that UBS had defamed him through the description provided in his Form U5 and that this prevented him from finding a new job in the industry. Munizzi also said that he was owed severance from UBS and that UBS had violated the Illinois wage Payment and Collection Act.

The panel ordered UBS to pay $11.2 million to Munizzi and $39,000 in Finra fees, and recommended amendments to Munizzi’s Form U5. As of December 2019, UBS denied all allegations.

 

In focus: Regulatory fines fall sharply in 2019

The total loss severity of large regulatory fines – those over $1 million – halved from $10.20 billion in 2018, to $4.98 billion in 2019, ORX News data shows. While the severity of losses plummeted by 49%, total loss frequency decreased by only 10%, from 202 to 182 events.

 

Unsurprisingly, loss severity in relation to regulatory fines remains highest in North America, where regulators continue to impose more penalties than their counterparts elsewhere. This is despite a significant decrease in both frequency and severity in the region since 2018.

 

The UK’s Financial Conduct Authority upped its fines dramatically in 2019 however, imposing almost twice as many penalties on financial institutions than the previous year, costing banks £258.4 million ($332.8 million) and insurers £53 million. This is up from £53.1 million and £5.3 million in 2018.

One possible explanation for the overall decrease in fines is alternative actions taken by regulators. For example, the US Securities and Exchange Commission’s share class initiative saw 96 firms return over $135 million to investors last year. The firms had failed to disclose conflicts of interest related to the sale of mutual fund share classes. All but one self-reported to the SEC, which saw them avoid financial penalties.

Editing by Alex Krohn

All information included in this report and held in ORX News comes from public sources only. It does not include any information from other services run by ORX, and we have not confirmed any of the information shown with any member of ORX.

While ORX endeavours to provide accurate, complete and up-to-date information, ORX makes no representation as to the accuracy, reliability or completeness of this information.

Legal woes dent Wells Fargo’s earnings

By Abdool Fawzee Bhollah | Data | 14 January 2020

Wells Fargo set aside $1.5 billion of legal reserves relating to its ‘ghost account’ scandal and other dubious sales practices in the fourth quarter of 2019. Operating losses over the previous two quarters, including these legal costs, have been the highest going back to Q4 2017.

Total operating losses for Q4 2019 were $1.9 billion, the same as in Q3. Legal provisions made up $1.6 billion of these losses in Q3 and $1.5 billion in Q4.

Prior to these last two quarters, the highest operating loss, of $3.5 billion, was disclosed for Q4 2017, which included litigation costs concerning mortgage-related regulatory investigations, shoddy sales practices and other consumer-facing scandals. 

The Q4 hit to earnings pushed net income down to $2.9 billion, a 38% decrease on the quarter and 53% on the year.

 

What is it?

Wells Fargo is alleged to have opened about two million deposit and credit card accounts without customers’ permission. In 2016, US regulators found the bank’s aggressive sales targets were to blame, which pushed employees to commit fraud. 

In February 2018, the US Federal Reserve imposed a cease-and-desist order on the bank in response to consumer abuse and risk management failings that led to the scandals. This prevents the bank growing its balance sheet above its end-2017 amount of $1.952 trillion. The bank's managers anticipate operating under the cap through 2020.

Why it matters

Wells Fargo is still paying the price for a series of mis-selling scandals, which have already cost the firm billions in losses and probably contributed to its operational risk capital requirement spiralling higher.

The bank expects the most troublesome of its punishments – the asset cap imposed by the Fed – to be lifted only when the regulator, and a third-party review, concludes a plan to enhance governance and operational risk management has been implemented correctly.

Until it has cleared this hurdle, the beleaguered lender cannot increase its assets, and therefore is at a disadvantage to its rivals in terms of gaining market share and generating the profits it needs to make up for the amount put aside as legal reserves.

Get in touch

Sign up to the Risk Quantum daily newsletter to receive the latest data insights.

Let us know your thoughts on our latest analysis. You can drop us a line at abdool.bhollah@risk.net or send a tweet to @RiskQuantum.

Tell me more

Top 10 operational risk losses of 2019

Constrained by Fed cap, RWA density rises at Wells Fargo

View all bank stories

Cyber risk tops EBA poll of operational risks

By Abdool Fawzee Bhollah | Data | 9 January 2020

European banks say cyber risk and data security are their greatest operational challenges, with 90% of respondents to a European Banking Authority (EBA) survey saying so.

This is up from 50% of respondents to the same survey in spring 2019, but the same proportion as in autumn 2018.

In contrast, just over 40% of banking analysts polled said cyber risk was a key driver of increased operational risk. Seventy percent of respondents said money laundering and terrorist financing and legal and conduct risk would be the main sources.

 

The share of bank and analyst respondents saying they expected an increase in operational risk were both at 55%, similar to the results from the spring 2019 survey. 

What is it?

The EBA conducts a semi-annual risk assessment survey among banks and market analysts. The latest questionnaire covered 65 banks and 13 market analysts.

The operational risk questions included: “Do you see an increase in operational risk in your bank?”; and “If applicable, the main driver for increasing operational risk is ...”.

Why it matters

That cyber risk and data security are a pressing concern of bankers is small surprise. Data compromise was cited as the top operational risk for 2019 in Risk.net’s annual survey, as the costs of hacking and other cyber attacks have become exponentially greater with the advent of tough data protection regulation in the European Union.

The saliency of cyber security may stoke efforts by regulators and industry associations to push banks to share data on cyber attacks. This could help identify patterns in causes and effects, which in turn could help firms protect themselves. 

Get in touch

Sign up to the Risk Quantum daily newsletter to receive the latest data insights.

Let us know your thoughts on our latest analysis. You can drop us a line at abdool.bhollah@risk.net or send a tweet to @RiskQuantum.

Tell me more

Top 10 operational risks for 2019

Industry-led op risk taxonomy launches

Basel set to update op risk and resilience principles

View all regulator stories

Cyber risk tops EBA poll of operational risks

By Abdool Fawzee Bhollah | Data | 9 January 2020

European banks say cyber risk and data security are their greatest operational challenges, with 90% of respondents to a European Banking Authority (EBA) survey saying so.

This is up from 50% of respondents to the same survey in spring 2019, but the same proportion as in autumn 2018.

In contrast, just over 40% of banking analysts polled said cyber risk was a key driver of increased operational risk. Seventy percent of respondents said money laundering and terrorist financing and legal and conduct risk would be the main sources.

 

The share of bank and analyst respondents saying they expected an increase in operational risk were both at 55%, similar to the results from the spring 2019 survey. 

What is it?

The EBA conducts a semi-annual risk assessment survey among banks and market analysts. The latest questionnaire covered 65 banks and 13 market analysts.

The operational risk questions included: “Do you see an increase in operational risk in your bank?”; and “If applicable, the main driver for increasing operational risk is ...”.

Why it matters

That cyber risk and data security are a pressing concern of bankers is small surprise. Data compromise was cited as the top operational risk for 2019 in Risk.net’s annual survey, as the costs of hacking and other cyber attacks have become exponentially greater with the advent of tough data protection regulation in the European Union.

The saliency of cyber security may stoke efforts by regulators and industry associations to push banks to share data on cyber attacks. This could help identify patterns in causes and effects, which in turn could help firms protect themselves. 

Get in touch

Sign up to the Risk Quantum daily newsletter to receive the latest data insights.

Let us know your thoughts on our latest analysis. You can drop us a line at abdool.bhollah@risk.net or send a tweet to @RiskQuantum.

Tell me more

Top 10 operational risks for 2019

Industry-led op risk taxonomy launches

Basel set to update op risk and resilience principles

View all regulator stories

Top 10 operational risk losses of 2019

By ORX News and Jamie Ryder | News | 8 January 2020

Fraud, embezzlement, tax evasion, subprime (still) and rogue trading – and Citi crops up twice. Data by ORX News

By operational risk standards, 2019 was a modest year. Its $17.4 billion in losses look almost cursory next to the behemoth amounts of the recent past: $42.1 billion in 2018, $28.2 billion in 2017 and the astounding $56.9 billion of 2016.

Should anything be read into this? Has the industry turned a leaf? Will a virtuous cycle see op risk losses drop to negligible amounts over the next decade?

Judging by 2019, risk managers have little reason to fear redundancy any time soon: theft, tax evasion and embezzlement all remained prominent in the rundown, even if the losses were not as gargantuan as in the past. The year’s wounds were largely self-inflicted – only two were caused by troubled borrowers. All the casualties were in the financial services, mostly banks. Citigroup managed to show up on the list twice.

The biggest hit on the 2019 list was the $1.5 billion GE paid to settle US Department of Justice charges that it knowingly packaged flimsy subprime mortgages for resale during the financial crisis. But that was pocket change compared with the biggest loss of 2018, Chinese insurer Anbang’s $12 billion loss to fraud and embezzlement, a figure that warped the year’s total higher. Apart from GE, all of 2019’s losses were below $1 billion.

Banks in India took three slots this year. The sector is believed to be so dysfunctional it is holding back the country’s economy. The Indian government is seeking to merge weaker publicly owned banks – among them, the Punjab National Bank, which appeared on both this year’s and last year’s lists. The two other Indian banks are from the lightly supervised co-operative sector.

 

With its $1.5 billion settlement agreed in January, GE took the largest op risk thrashing of 2019 for concealing the blight in its subprime mortgages when packaging them for resale over a decade ago. The mortgages were created by a now-defunct subsidiary, WMC Mortgage. In the settlement, the US Department of Justice quoted a WMC quality control manager in 2005, calling his department a “toothless tiger”, unable to stop defective or fraudulent mortgages from being made or from being sold on.

The $1.5 billion settlement equals the amount Citi set aside in April 2018 to resolve the deception, which took place in 2005–07. GE admitted no wrongdoing in the settlement.

Fraudulent loans landed the Punjab and Maharashtra Co-operative Bank in second place, with losses of 66.7 billion rupees ($928.8 million). The loans were made to Housing Development and Infrastructure Limited, a shanty town developer, using over 21,000 dummy accounts in what authorities called a “criminal conspiracy” involving the bank’s officials. When HDIL defaulted, the bank did not classify the loans as non-performing, nor did it disclose them to India’s central bank. The co-operative bank’s managing director later confessed that the loans to HDIL made up over 70% of the bank’s assets.

The fraud goes back to 2008, authorities said, and so far 12 people have been arrested. The central bank took over in September, and withdrawals were at first limited to 1,000 rupees. That has since been increased to 50,000 rupees.

In November, Itaú Unibanco earned the number three place, as it faced a 3.8 billion real ($935.5 million) fine for allegedly using phony addresses in order to evade taxes. Based in Brazil’s business capital of São Paulo, Banco Itaú registered around 50 corporate identities at various locales in the small, lower-tax cities of Poá and Barueri from 2014 and 2018, according to Brazilian magazine Exame. But only a few people ever worked at those sites – one was above a supermarket – and the premises were practically empty, according to local press reports. Investigators also said bank employees whose names appeared in minutes for meetings supposedly held in Poá had never set foot there.

Itaú has contested the allegations, saying it “rigorously” complies with tax law and that its operations in Poá were properly headquartered there.

 

 

The Punjab National Bank – a standout in 2018’s top 10 op risk list – was back on the roster for 38.1 billion rupees in exposure to the scandal-ridden and bankrupt Bhushan Power & Steel Limited, 2019's fourth-largest loss. In a July report, Indian authorities accused BPSL of borrowing from 33 different banks and diverting the money to various other companies, some no more than shell entities. Nittin Johari, BPSL’s former chief financial officer, was arrested in May for various forms of fraud. Punjab National, a state-owned giant, has said it was hopeful of a “good recovery” of assets, but the process has been mired in a jurisdictional dispute between Indian authorities. The bank has set aside 19.3 billion rupees.

In January 2018, authorities said Bhushan had defaulted on 472 billion rupees of debt. It is unclear whether Punjab National’s exposure is part of this figure.

Still, the bank is heading in the right direction. Last year, it was number three on the op risk list, with $2.23 billion in losses.

Nota Bank took the fifth spot on the op risk list when Russian authorities charged Timur Iskhakov, a former corporate director and member of the credit committee, with embezzling 25 billion rubles ($404.2 million) along with other employees, according to Russian press reports in May. The executives allegedly made loans to 55 shell corporations between 2014 and 2015, even as the bank was in increasingly delicate condition – its licence had been revoked in November 2015. To ensure the loans appeared authentic, the bank executives allegedly concocted sham guarantees from people portrayed as directors of the borrowing companies. In reality, these individuals had no managerial role or authority to pay back the money, according to press reports.

Iskhakov was arrested, and is fighting the charges.

 

In the sixth-largest loss of 2019, Citigroup saw $370 million evaporate on a loan related to South African global retail group Steinhoff International. Citi, along with Goldman Sachs, HSBC and Nomura, arranged a $1.8 billion margin loan in September 2016 to Steinhoff chairman Christo Wiese to fund the company’s purchase of Mattress Firm in the US. The loan was backed by 628 million shares of Wiese’s Steinhoff stock, worth $3.5 billion at the time.

Then came December 2017. Steinhoff announced it was looking into accounting irregularities and its chief executive had resigned. The news sent its shares spiralling down by 63% in a single session.

It has been estimated that four banks – Bank of America, Citi, Goldman and JP Morgan – took a combined $1 billion loss on the Wiese loan.

ORX deemed losses on the margin loan to be an op risk loss event in March 2019, when a report from UK auditor PwC confirmed fraud had taken place.

In seventh place, the Maharashtra State Co-operative Bank lost 25 billion rupees over a 10-year period on tainted loans by the bank’s directors to companies with which they had ties. An inspection by the National Bank for Agriculture and Rural Development, which supervises India’s state co-operative banks, said that between 2001 and 2011, the bank had made loans that benefited only its directors – most of whom are political operatives – defrauding both the bank and its shareholders. Bank officials allegedly approved unsecured loans to directors of co-operative sugar mills, spinning mills and other processing units, as well as to fellow executives of the bank. Loans were granted to sugar factories despite poor finances, negative net worth and, in many cases, no collateral, say authorities.

In September, authorities filed suit for money laundering against current and former executives of the bank.

 

 

In eighth place, the European Commission fined Citigroup €310.8 million ($347.5 million) in May for being part of a cartel that swapped information and co-ordinated bets on foreign exchange spot trades with other banks. The traders communicated through three chat rooms on their Bloomberg terminals: the ‘Three-way banana split’, ‘Two-and-a-half men’ and ‘Only Marge’. The information exchanged included outstanding customer orders, bid/ask spreads applicable to specific transactions, open risk positions and other details. The traders could then make calculated decisions on whether to buy or sell, and when. Also in the group were traders from Barclays, JP Morgan, the Royal Bank of Scotland and UBS, trading 11 different currencies from 2007 to 2013.

Citigroup received a 20% reduction in its fine for its co-operation in the investigation. But of the five banks involved, Citi was only fourth in fine forgiveness: UBS was granted complete immunity, Barclays received a 50% discount and RBS 30%, while JP Morgan trailed with a 10% discount. All the banks additionally received a 10% reduction for admitting their participation in the scheme.

An alleged rogue trader at Petro-Diamond Singapore, Wang Xingchen, racked up $320 million in losses on unauthorised crude oil derivatives, according to parent firm Mitsubishi Corporation – 2019’s ninth-largest loss. The trader, also known as Jack Wang, has denied the allegations. The trades began in January, and were disguised as hedges, the firm said. Petro-Diamond discovered the alleged fraud during Wang’s absence in mid-August, and closed out his positions. The loss followed the drop in the price of crude during July, said Mitsubishi.

In November, Mitsubishi said it was closing the Singapore unit. “Since it booked such a big loss, we could not reinvest in the same company, and it’s better to reinforce our management system,” said Kazuki Masu, Mitsubishi chief financial officer.

The Abraaj Group, a now collapsed private equity group in Dubai, winds up the list in 10th spot, with a $314.6 million fine for allegedly hoodwinking investors from its two outposts in the Cayman Islands. A July report by the emirate’s regulator found the subsidiaries funnelled investor money to operating expenses and their group’s own executives, then hid the subterfuge with misleading statements to investors and authorities. Regulators said the units would borrow money to fatten accounts just ahead of reporting dates. As far back as 2009, Dubai’s financial authorities had made inquiries about unauthorised services at Abraaj, but they were ignored.

In their July statement, authorities said they would prosecute those responsible. They may have to join the queue. Arif Naqvi, the company’s founder, is under house arrest in London, pending extradition hearings to the US, where he has been indicted for fraud and racketeering, according to press reports. He has denied the charges.

Legacy losses in 2019

Legacy losses continued to plague banks during 2019. The losses were accrued last year, but recorded in the year in which the first loss relating to the event was reported, and therefore do not feature in 2019’s ledger.

February: A French court ordered UBS to pay €4.5 billion ($5.0 billion) in fines and bail charges for helping clients evade taxes.

April: UniCredit agreed to pay $1.3 billion to US authorities for moving funds through the US financial system for companies in sanctioned countries including Iran, Libya and Cuba.

Standard Chartered agreed to pay $947 million for poor money laundering controls and violations to US sanctions against Myanmar, Sudan, Zimbabwe and others.

July: In its half-year results, TSB announced additional charges of £36.2 million ($47.5 million) for service disruptions caused by a bungled IT systems migration in 2018, reaching a total of £366.4 million.

August: HSBC agreed to pay €294 million to settle allegations in Belgium that it helped clients dodge taxes, prosecutors announced. That brought its total settlements with French and Belgian authorities to €594.4 million.

September: Lloyds Banking Group took added charges, this time of £1.8 billion, to cover payment protection insurance (PPI) compensation claims. Large UK banks pushed the insurance on many who had no use for it, and some who didn’t even know they were buying it. If all the claims were all paid out, the bank’s losses could total £21.9 billion.

In the same vein, Barclays also said it would take provisions of up to £1.6 billion for the PPI scandal, bringing its total damage to £11.2 billion.

Not to be left behind, RBS took £900 million in additional provisions, for a total loss of £6.23 billion.

October: Wells Fargo set aside another $1.6 billion for legal expenses relating to its fake account scandal and shoddy sales practices, bringing total costs to $3 billion.

Top 10 operational risk losses of 2019

By ORX News and Jamie Ryder | News | 8 January 2020

Fraud, embezzlement, tax evasion, subprime (still) and rogue trading – and Citi crops up twice. Data by ORX News

By operational risk standards, 2019 was a modest year. Its $17.4 billion in losses look almost cursory next to the behemoth amounts of the recent past: $42.1 billion in 2018, $28.2 billion in 2017 and the astounding $56.9 billion of 2016.

Should anything be read into this? Has the industry turned a leaf? Will a virtuous cycle see op risk losses drop to negligible amounts over the next decade?

Judging by 2019, risk managers have little reason to fear redundancy any time soon: theft, tax evasion and embezzlement all remained prominent in the rundown, even if the losses were not as gargantuan as in the past. The year’s wounds were largely self-inflicted – only two were caused by troubled borrowers. All the casualties were in the financial services, mostly banks. Citigroup managed to show up on the list twice.

The biggest hit on the 2019 list was the $1.5 billion GE paid to settle US Department of Justice charges that it knowingly packaged flimsy subprime mortgages for resale during the financial crisis. But that was pocket change compared with the biggest loss of 2018, Chinese insurer Anbang’s $12 billion loss to fraud and embezzlement, a figure that warped the year’s total higher. Apart from GE, all of 2019’s losses were below $1 billion.

Banks in India took three slots this year. The sector is believed to be so dysfunctional it is holding back the country’s economy. The Indian government is seeking to merge weaker publicly owned banks – among them, the Punjab National Bank, which appeared on both this year’s and last year’s lists. The two other Indian banks are from the lightly supervised co-operative sector.

 

With its $1.5 billion settlement agreed in January, GE took the largest op risk thrashing of 2019 for concealing the blight in its subprime mortgages when packaging them for resale over a decade ago. The mortgages were created by a now-defunct subsidiary, WMC Mortgage. In the settlement, the US Department of Justice quoted a WMC quality control manager in 2005, calling his department a “toothless tiger”, unable to stop defective or fraudulent mortgages from being made or from being sold on.

The $1.5 billion settlement equals the amount Citi set aside in April 2018 to resolve the deception, which took place in 2005–07. GE admitted no wrongdoing in the settlement.

Fraudulent loans landed the Punjab and Maharashtra Co-operative Bank in second place, with losses of 66.7 billion rupees ($928.8 million). The loans were made to Housing Development and Infrastructure Limited, a shanty town developer, using over 21,000 dummy accounts in what authorities called a “criminal conspiracy” involving the bank’s officials. When HDIL defaulted, the bank did not classify the loans as non-performing, nor did it disclose them to India’s central bank. The co-operative bank’s managing director later confessed that the loans to HDIL made up over 70% of the bank’s assets.

The fraud goes back to 2008, authorities said, and so far 12 people have been arrested. The central bank took over in September, and withdrawals were at first limited to 1,000 rupees. That has since been increased to 50,000 rupees.

In November, Itaú Unibanco earned the number three place, as it faced a 3.8 billion real ($935.5 million) fine for allegedly using phony addresses in order to evade taxes. Based in Brazil’s business capital of São Paulo, Banco Itaú registered around 50 corporate identities at various locales in the small, lower-tax cities of Poá and Barueri from 2014 and 2018, according to Brazilian magazine Exame. But only a few people ever worked at those sites – one was above a supermarket – and the premises were practically empty, according to local press reports. Investigators also said bank employees whose names appeared in minutes for meetings supposedly held in Poá had never set foot there.

Itaú has contested the allegations, saying it “rigorously” complies with tax law and that its operations in Poá were properly headquartered there.

 

 

The Punjab National Bank – a standout in 2018’s top 10 op risk list – was back on the roster for 38.1 billion rupees in exposure to the scandal-ridden and bankrupt Bhushan Power & Steel Limited, 2019's fourth-largest loss. In a July report, Indian authorities accused BPSL of borrowing from 33 different banks and diverting the money to various other companies, some no more than shell entities. Nittin Johari, BPSL’s former chief financial officer, was arrested in May for various forms of fraud. Punjab National, a state-owned giant, has said it was hopeful of a “good recovery” of assets, but the process has been mired in a jurisdictional dispute between Indian authorities. The bank has set aside 19.3 billion rupees.

In January 2018, authorities said Bhushan had defaulted on 472 billion rupees of debt. It is unclear whether Punjab National’s exposure is part of this figure.

Still, the bank is heading in the right direction. Last year, it was number three on the op risk list, with $2.23 billion in losses.

Nota Bank took the fifth spot on the op risk list when Russian authorities charged Timur Iskhakov, a former corporate director and member of the credit committee, with embezzling 25 billion rubles ($404.2 million) along with other employees, according to Russian press reports in May. The executives allegedly made loans to 55 shell corporations between 2014 and 2015, even as the bank was in increasingly delicate condition – its licence had been revoked in November 2015. To ensure the loans appeared authentic, the bank executives allegedly concocted sham guarantees from people portrayed as directors of the borrowing companies. In reality, these individuals had no managerial role or authority to pay back the money, according to press reports.

Iskhakov was arrested, and is fighting the charges.

 

In the sixth-largest loss of 2019, Citigroup saw $370 million evaporate on a loan related to South African global retail group Steinhoff International. Citi, along with Goldman Sachs, HSBC and Nomura, arranged a $1.8 billion margin loan in September 2016 to Steinhoff chairman Christo Wiese to fund the company’s purchase of Mattress Firm in the US. The loan was backed by 628 million shares of Wiese’s Steinhoff stock, worth $3.5 billion at the time.

Then came December 2017. Steinhoff announced it was looking into accounting irregularities and its chief executive had resigned. The news sent its shares spiralling down by 63% in a single session.

It has been estimated that four banks – Bank of America, Citi, Goldman and JP Morgan – took a combined $1 billion loss on the Wiese loan.

ORX deemed losses on the margin loan to be an op risk loss event in March 2019, when a report from UK auditor PwC confirmed fraud had taken place.

In seventh place, the Maharashtra State Co-operative Bank lost 25 billion rupees over a 10-year period on tainted loans by the bank’s directors to companies with which they had ties. An inspection by the National Bank for Agriculture and Rural Development, which supervises India’s state co-operative banks, said that between 2001 and 2011, the bank had made loans that benefited only its directors – most of whom are political operatives – defrauding both the bank and its shareholders. Bank officials allegedly approved unsecured loans to directors of co-operative sugar mills, spinning mills and other processing units, as well as to fellow executives of the bank. Loans were granted to sugar factories despite poor finances, negative net worth and, in many cases, no collateral, say authorities.

In September, authorities filed suit for money laundering against current and former executives of the bank.

 

 

In eighth place, the European Commission fined Citigroup €310.8 million ($347.5 million) in May for being part of a cartel that swapped information and co-ordinated bets on foreign exchange spot trades with other banks. The traders communicated through three chat rooms on their Bloomberg terminals: the ‘Three-way banana split’, ‘Two-and-a-half men’ and ‘Only Marge’. The information exchanged included outstanding customer orders, bid/ask spreads applicable to specific transactions, open risk positions and other details. The traders could then make calculated decisions on whether to buy or sell, and when. Also in the group were traders from Barclays, JP Morgan, the Royal Bank of Scotland and UBS, trading 11 different currencies from 2007 to 2013.

Citigroup received a 20% reduction in its fine for its co-operation in the investigation. But of the five banks involved, Citi was only fourth in fine forgiveness: UBS was granted complete immunity, Barclays received a 50% discount and RBS 30%, while JP Morgan trailed with a 10% discount. All the banks additionally received a 10% reduction for admitting their participation in the scheme.

An alleged rogue trader at Petro-Diamond Singapore, Wang Xingchen, racked up $320 million in losses on unauthorised crude oil derivatives, according to parent firm Mitsubishi Corporation – 2019’s ninth-largest loss. The trader, also known as Jack Wang, has denied the allegations. The trades began in January, and were disguised as hedges, the firm said. Petro-Diamond discovered the alleged fraud during Wang’s absence in mid-August, and closed out his positions. The loss followed the drop in the price of crude during July, said Mitsubishi.

In November, Mitsubishi said it was closing the Singapore unit. “Since it booked such a big loss, we could not reinvest in the same company, and it’s better to reinforce our management system,” said Kazuki Masu, Mitsubishi chief financial officer.

The Abraaj Group, a now collapsed private equity group in Dubai, winds up the list in 10th spot, with a $314.6 million fine for allegedly hoodwinking investors from its two outposts in the Cayman Islands. A July report by the emirate’s regulator found the subsidiaries funnelled investor money to operating expenses and their group’s own executives, then hid the subterfuge with misleading statements to investors and authorities. Regulators said the units would borrow money to fatten accounts just ahead of reporting dates. As far back as 2009, Dubai’s financial authorities had made inquiries about unauthorised services at Abraaj, but they were ignored.

In their July statement, authorities said they would prosecute those responsible. They may have to join the queue. Arif Naqvi, the company’s founder, is under house arrest in London, pending extradition hearings to the US, where he has been indicted for fraud and racketeering, according to press reports. He has denied the charges.

Legacy losses in 2019

Legacy losses continued to plague banks during 2019. The losses were accrued last year, but recorded in the year in which the first loss relating to the event was reported, and therefore do not feature in 2019’s ledger.

February: A French court ordered UBS to pay €4.5 billion ($5.0 billion) in fines and bail charges for helping clients evade taxes.

April: UniCredit agreed to pay $1.3 billion to US authorities for moving funds through the US financial system for companies in sanctioned countries including Iran, Libya and Cuba.

Standard Chartered agreed to pay $947 million for poor money laundering controls and violations to US sanctions against Myanmar, Sudan, Zimbabwe and others.

July: In its half-year results, TSB announced additional charges of £36.2 million ($47.5 million) for service disruptions caused by a bungled IT systems migration in 2018, reaching a total of £366.4 million.

August: HSBC agreed to pay €294 million to settle allegations in Belgium that it helped clients dodge taxes, prosecutors announced. That brought its total settlements with French and Belgian authorities to €594.4 million.

September: Lloyds Banking Group took added charges, this time of £1.8 billion, to cover payment protection insurance (PPI) compensation claims. Large UK banks pushed the insurance on many who had no use for it, and some who didn’t even know they were buying it. If all the claims were all paid out, the bank’s losses could total £21.9 billion.

In the same vein, Barclays also said it would take provisions of up to £1.6 billion for the PPI scandal, bringing its total damage to £11.2 billion.

Not to be left behind, RBS took £900 million in additional provisions, for a total loss of £6.23 billion.

October: Wells Fargo set aside another $1.6 billion for legal expenses relating to its fake account scandal and shoddy sales practices, bringing total costs to $3 billion.

Op risk modelling limited to largest EU banks

By Louie Woodall, Abdool Fawzee Bhollah | Data | 18 December 2019

Operational risk models are used almost exclusively by the very largest banks in the European Union, data from the EU-wide transparency exercise shows.

In a sample of 131 banks, those in the upper (fourth) quartile by revenue used the advanced measurement approach (AMA), which employs op risk models, to calculate 47.9% of their total op risk capital as of end-June. Of the remainder, 49.6% was calculated using the standardised approach (SA) and 2.5% using the basic indicator approach (BIA).

In contrast, banks in the other three quartiles had only a small amount of their total op risk capital set using the AMA.

 

Those banks in the third quartile by revenue had 14.8% of their op risk capital calculated using the AMA, 15.5% using the BIA and 69.7% using the SA.

Those in the second quartile had 11% set using the AMA, 24.8% by the BIA and 64.2% by the the SA.

First-quartile banks had none of their op risk capital set using the AMA, 39% by the BIA and 61% by the SA.

Those banks in the first and fourth quartiles had the highest op risk capital charges as a share of their total risk-based requirements, at 12.6% and 12.4%, respectively. Those in the second quartile had 7.2% and those in the third 8.4%.

What is it?

Basel II rules lay out three methods by which banks can calculate their capital requirements for operational risk – the BIA, the SA and the AMA. The first two use bank data inputs and regulator-set formulas to generate the required capital, while the AMA allows banks to use their own models to produce the outputs.   

The finalised Basel III framework, published in December 2017, will replace these three with a revised standardised approach. This uses a simple accounting measurement of bank total income – known as the business indicator – to divide firms into three size buckets. A separate business indicator multiplier is then applied to each bucket to produce the business indicator component. The product is then subject to an internal loss multiplier, a scaling factor based on a bank’s average historical losses and business indicator component.  

The Basel Committee has set member jurisdictions a deadline of January 2022 to implement the revised standardised approach.

Why it matters

It’s no surprise that big banks use the AMA while smaller banks steer clear.

Why? Because op risk models are complex, expensive and require large teams to operate. Therefore only the big beasts have the necessary heft to make using the models economically sensible. 

Furthermore, large banks are subject to a wider range of operational risks than their smaller peers, risks that may be better capitalised for using models than cookie-cutter regulatory formulas. Smaller lenders with simple business models may not think the expense of an AMA model worth it.

But for all banks, the transition to the revised standardised approach under Basel III represents a sea change in terms of how they measure their op risk, and will likely lead to increased capital charges across the board.

The EBA’s latest Basel III monitoring exercise suggests that group 2 banks, those with Tier 1 capital of less than €3 billion ($3.3 billion), will be hit the hardest following the transition, as they face a 46.9% to their Tier 1 minimum capital requirements for op risk. Group 1 banks, those with Tier 1 capital of more than €3 billion, will see an uplift of 38.7%, and of those, global systemically important banks will see an increase in minimum requirements of 40.6%.

Get in touch

Sign up to the Risk Quantum daily newsletter to receive the latest data insights.

Let us know your thoughts on our latest analysis. You can drop us a line at abdool.bhollah@risk.net or send a tweet to @RiskQuantum.

Tell me more

European banks set for 18.6% capital hike under Basel III

Basel III op risk method a stronger guard against losses – EBA

European banks junk op risk modelling

View all regulator stories

Op risk modelling limited to largest EU banks

By Louie Woodall, Abdool Fawzee Bhollah | Data | 18 December 2019

Operational risk models are used almost exclusively by the very largest banks in the European Union, data from the EU-wide transparency exercise shows.

In a sample of 131 banks, those in the upper (fourth) quartile by revenue used the advanced measurement approach (AMA), which employs op risk models, to calculate 47.9% of their total op risk capital as of end-June. Of the remainder, 49.6% was calculated using the standardised approach (SA) and 2.5% using the basic indicator approach (BIA).

In contrast, banks in the other three quartiles had only a small amount of their total op risk capital set using the AMA.

 

Those banks in the third quartile by revenue had 14.8% of their op risk capital calculated using the AMA, 15.5% using the BIA and 69.7% using the SA.

Those in the second quartile had 11% set using the AMA, 24.8% by the BIA and 64.2% by the the SA.

First-quartile banks had none of their op risk capital set using the AMA, 39% by the BIA and 61% by the SA.

Those banks in the first and fourth quartiles had the highest op risk capital charges as a share of their total risk-based requirements, at 12.6% and 12.4%, respectively. Those in the second quartile had 7.2% and those in the third 8.4%.

What is it?

Basel II rules lay out three methods by which banks can calculate their capital requirements for operational risk – the BIA, the SA and the AMA. The first two use bank data inputs and regulator-set formulas to generate the required capital, while the AMA allows banks to use their own models to produce the outputs.   

The finalised Basel III framework, published in December 2017, will replace these three with a revised standardised approach. This uses a simple accounting measurement of bank total income – known as the business indicator – to divide firms into three size buckets. A separate business indicator multiplier is then applied to each bucket to produce the business indicator component. The product is then subject to an internal loss multiplier, a scaling factor based on a bank’s average historical losses and business indicator component.  

The Basel Committee has set member jurisdictions a deadline of January 2022 to implement the revised standardised approach.

Why it matters

It’s no surprise that big banks use the AMA while smaller banks steer clear.

Why? Because op risk models are complex, expensive and require large teams to operate. Therefore only the big beasts have the necessary heft to make using the models economically sensible. 

Furthermore, large banks are subject to a wider range of operational risks than their smaller peers, risks that may be better capitalised for using models than cookie-cutter regulatory formulas. Smaller lenders with simple business models may not think the expense of an AMA model worth it.

But for all banks, the transition to the revised standardised approach under Basel III represents a sea change in terms of how they measure their op risk, and will likely lead to increased capital charges across the board.

The EBA’s latest Basel III monitoring exercise suggests that group 2 banks, those with Tier 1 capital of less than €3 billion ($3.3 billion), will be hit the hardest following the transition, as they face a 46.9% to their Tier 1 minimum capital requirements for op risk. Group 1 banks, those with Tier 1 capital of more than €3 billion, will see an uplift of 38.7%, and of those, global systemically important banks will see an increase in minimum requirements of 40.6%.

Get in touch

Sign up to the Risk Quantum daily newsletter to receive the latest data insights.

Let us know your thoughts on our latest analysis. You can drop us a line at abdool.bhollah@risk.net or send a tweet to @RiskQuantum.

Tell me more

European banks set for 18.6% capital hike under Basel III

Basel III op risk method a stronger guard against losses – EBA

European banks junk op risk modelling

View all regulator stories

Five eurozone G-Sibs cut op RWAs in Q3

By Alessandro Aimone | Data | 11 December 2019

Five of the eight global systemically important banks (G-Sibs) in the eurozone reduced their operational risk-weighted assets (RWAs) in the third quarter, with Deutsche Bank shedding the most. 

In aggregate, the eight lenders cut op RWAs by a net €7.2 billion ($7.9 billion) quarter on quarter. 

Deutsche Bank cut €5.7 billion (7%) to €78.5 billion; BNP Paribas €2.1 billion (3%) to €70.5 billion; ING Bank €695 million (2%) to €41 billion; Banco Santander €100 million (0.2%) to €60.3 billion; and Societe Generale by €78 million (0.2%) to €49.2 billion.

 

Three G-Sibs increased op RWAs over the quarter: Groupe BPCE by €810 million (2%) to €37.4 billion; Crédit Agricole by €531 million (1%) to €57 billion; and UniCredit by €92 million (0.3%) to €32.4 billion.

What is it?

Existing Basel Committee rules allow op RWAs to be calculated under the advanced measurement approach (AMA), which uses banks’ own internal models. A standardised approach and basic indicator approach are available for banks unable or unwilling to use the AMA.

At end-2017, the committee scrapped the AMA and replaced it with a revised standardised approach, under which firms must calculate their operational risk using the standard-setter’s own formulae. 

Why it matters

Four eurozone G-Sibs solely or mainly use the AMA to calculate their op risk capital – Deutsche Bank, Societe Generale, Crédit Agricole and UniCredit – whereas the other four rely on the standardised approach.

The latter approach breaks out a bank’s activities into eight business lines and uses the gross income for each as a proxy for the scale of their operational risk exposures. This being the case, standardised approach RWAs generally fluctuate in line with a bank’s size. 

In contrast, a bank using the AMA could expand gross income, but still see its op RWAs fall if its model outputs said so.

When all banks adopt the revised standardised approach mandated by Basel III, size will be the key determinant of op RWAs for everyone. The European Banking Authority estimates that the switch will increase op risk capital for the G-Sibs by 53.5% in aggregate.

Interestingly, those moving to the revised standardised approach from the AMA are expected to see their RWAs increase by 40.6%, and those moving from the other approaches by 75.1%. This may have to do with the sample selected by the EBA, but it seems strange that those firms forced off their models would not see capital surge by a greater degree than estimated.

Get in touch

Sign up to the Risk Quantum daily newsletter to receive the latest data insights.

You can drop us a line at alessandro.aimone@risk.net, send a tweet to @aimoneale, or get in touch on LinkedIn

Keep up with the Risk Quantum team by checking @RiskQuantum for the latest updates.

Tell me more

Deutsche’s op RWAs fall 7% in Q3

European banks junk op risk modelling

View all bank stories

Five eurozone G-Sibs cut op RWAs in Q3

By Alessandro Aimone | Data | 11 December 2019

Five of the eight global systemically important banks (G-Sibs) in the eurozone reduced their operational risk-weighted assets (RWAs) in the third quarter, with Deutsche Bank shedding the most. 

In aggregate, the eight lenders cut op RWAs by a net €7.2 billion ($7.9 billion) quarter on quarter. 

Deutsche Bank cut €5.7 billion (7%) to €78.5 billion; BNP Paribas €2.1 billion (3%) to €70.5 billion; ING Bank €695 million (2%) to €41 billion; Banco Santander €100 million (0.2%) to €60.3 billion; and Societe Generale by €78 million (0.2%) to €49.2 billion.

 

Three G-Sibs increased op RWAs over the quarter: Groupe BPCE by €810 million (2%) to €37.4 billion; Crédit Agricole by €531 million (1%) to €57 billion; and UniCredit by €92 million (0.3%) to €32.4 billion.

What is it?

Existing Basel Committee rules allow op RWAs to be calculated under the advanced measurement approach (AMA), which uses banks’ own internal models. A standardised approach and basic indicator approach are available for banks unable or unwilling to use the AMA.

At end-2017, the committee scrapped the AMA and replaced it with a revised standardised approach, under which firms must calculate their operational risk using the standard-setter’s own formulae. 

Why it matters

Four eurozone G-Sibs solely or mainly use the AMA to calculate their op risk capital – Deutsche Bank, Societe Generale, Crédit Agricole and UniCredit – whereas the other four rely on the standardised approach.

The latter approach breaks out a bank’s activities into eight business lines and uses the gross income for each as a proxy for the scale of their operational risk exposures. This being the case, standardised approach RWAs generally fluctuate in line with a bank’s size. 

In contrast, a bank using the AMA could expand gross income, but still see its op RWAs fall if its model outputs said so.

When all banks adopt the revised standardised approach mandated by Basel III, size will be the key determinant of op RWAs for everyone. The European Banking Authority estimates that the switch will increase op risk capital for the G-Sibs by 53.5% in aggregate.

Interestingly, those moving to the revised standardised approach from the AMA are expected to see their RWAs increase by 40.6%, and those moving from the other approaches by 75.1%. This may have to do with the sample selected by the EBA, but it seems strange that those firms forced off their models would not see capital surge by a greater degree than estimated.

Get in touch

Sign up to the Risk Quantum daily newsletter to receive the latest data insights.

You can drop us a line at alessandro.aimone@risk.net, send a tweet to @aimoneale, or get in touch on LinkedIn

Keep up with the Risk Quantum team by checking @RiskQuantum for the latest updates.

Tell me more

Deutsche’s op RWAs fall 7% in Q3

European banks junk op risk modelling

View all bank stories