Date post: | 18-Jan-2016 |
Category: |
Documents |
Upload: | alan-baker |
View: | 226 times |
Download: | 0 times |
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
1
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
1Working draft
Review by Group Regulatory Risk - December 2003
Draft summary report for discussion and agreement
Mortgage endowment complaints handling
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
2
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
2Working draft
Contents Introduction and context
Terms of reference for the review
The review team
What we did
What we found in summary
Processes
People
Case review
Management systems and controls
Key conclusions
Key recommendations
Appendices containing further detail
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
3
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
3Working draft
HBOS Retail Division asked Group Regulatory Risk (“GRR”) in mid
November 2003 to carry out a review of its MEC handling.
Following this request, the Board of Directors received a letter
containing the risk assessment by the FSA of the Retail Division. The
letter was dated 1 December 2003 and in its Risk Mitigation Programme
on page 8, the FSA stated its formal intention to review “the adequacy
of the processes and standards in place for reviewing MECs…”. In
addition, the FSA stated that it would commence its thematic work
relating to Treating Customers Fairly with the same review.
Therefore, the review has been carried out to cover both the original
requirements of the Retail Division as well as in preparation for and to
assist the FSA in its review which is due to commence on 5th January.
It has been agreed to provide the FSA with a copy of this document in
advance of their visit.
Introduction and context for the review
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
4
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
4Working draft
Our terms of reference for the review required an assessment of the following
areas:-
The design and documentation of all the processes relating to the handling of MECs
including the standards applied to decision making.
The “people” issues associated with handling MECs. This covered:-
Recruitment and selection
Training and competence from day one through to competence and its ongoing
maintenance for case handlers and those carrying out supervisory / management
roles and responsibilities.
A detailed substantive review of an agreed sample of actual cases which covered all the
key categories of complaints. The design of the sample was agreed with GIA as being
appropriate. GIA’s opinion on the GRR work conducted can be found in Appendix 3.
All aspects of the management systems and controls that were applied to the handling
of MEC to ensure that it achieved the required results and compliance with FOS, FSA
and HBOS internal requirements.
Terms of reference
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
5
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
5Working draft
The review team was selected for its in depth knowledge and
understanding of the mortgage endowment review, the regulatory
requirements which apply to it as well experience in conducting reviews
of this nature.
Key personnel in the team were:-
Paul Moore, the new Head of GRR lead the review.
Susannah Hammond, the GRR Divisional Liaison Officer for Retail since the
merger managed the work on a day to day basis and was supported by Mike
Gardener and James Davies from IID Risk (now in GRR). She lead an internal
team of four, 2 from GRR and 2 seconded from RRR.
David Homewood from GIA was fully involved from the start of the review.
Three highly experienced E&Y staff lead by a senior manager were seconded
to the team as well as a senior manager from KPMG. These individuals have
been involved in other major MEC work across the industry and were able to
provide the internal team with advice as to the benchmark across the
industry.
The team who carried out the review
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
6
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
6Working draft
We carried out our evidence gathering in the standard way by:-
Reviewing all key procedural and other documentation relevant to our terms of
reference – a list of the key documents reviewed is attached as Appendix 1.
Reviewing the full complaint handling files in the agreed sample. We reviewed
a total of 224 cases. GIA approved the sample selection and methodology.
Holding meetings with key management personnel and a small number of case
handlers.
We analysed and challenged the evidence we gathered in numerous
detailed meetings both with the entire review team as well with
management.
The Head of GRR, in particular, carried out a detailed challenge process
during the review including discussions with the Head of Retail Risk, the
Head of Retail Regulatory Risk and Andy Hornby, the CEO of the Retail
Division.
Therefore, the findings, conclusions and recommendations set out in this
document represent the consensus view of the HBOS Group.
What we did
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
7
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
7Working draft
Important preliminary points
At all times the review team was given unfettered access to all personnel
and documentation required to carry out its work and management has
cooperated fully and proactively in the review.
In order to provide the FSA with the report in advance of its visit in January, it
should be noted that the review team carried out the work in a short period
of time between 24th November, 2003 and 18th December, 2003. In these
circumstances, it is not surprising that the team identified further work which
it would like to carry out to corroborate its initial findings. Details of
recommendations leading to further work are set out in Appendix 4.
GRR are, of course, happy to work along side the FSA when they make their
visit if that would be helpful.
What we found in summary
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
8
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
8Working draft
Our key findings in relation to the processes and standards in place for
reviewing MEC’s are as follows:-
In relation to Halifax MECs which represent the vast majority of complaints
(about 95%), we are of the opinion that the procedures and standards are, in
all material respects, fit for purpose and are in line with, and have altered
with, the prevailing guidance from FOS, FSA and HBOS internal standards
across all categories of complaint.
This means that we believe that they are designed, documented and
understood in such a way that they would ensure, in all material respects,
complaints have been and are investigated and determined in accordance
with our understanding of the requisite prevailing standards.
However, management accept that the procedures could be enhanced by
adding further detail in relation to the standards to be applied by case
handlers and supervisors in arriving at individual decisions.
What we found – case handling processes
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
9
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
9Working draft
In relation to Birmingham Midshires (“BM”) MECs which only represent 4% of
HBOS’s MEC the procedures are mostly appropriate but we are of the opinion
that as BM were unaware of the “Tiner Letter” their complaint handling
processes do not cover all the Tiner requirements and are, therefore, not
wholly fit for purpose. However, now that the issue of BM’s non-receipt of the
“Tiner Letter” has come to light a wholesale retrospective review of all cases
effected has been agreed with management and all BM complaint handling
procedures will be appropriately updated.
In relation to BOS MECs which only represent 1% of HBOS’s MEC the
procedures appear to be fit for purpose though specific case sampling has
not been carried out. Consideration will be given to sampling the BOS
category of MECs in the New Year.
What we found – case handling processes
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
10
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
10Working draft
In our view, the quality of the people recruited to investigate and
determine MECs is the fundamental control in a project of this kind.
The recruitment process is adequate and 350 additional customer
relations staff were recruited in 2003.
What is clear from our review and what is accepted by management
and staff is that the T&C scheme, although fit for purpose, has not
always been recorded as having been carried out. However we believe
that this has not had an impact due to the use of 100% file checking for
all new starters until deemed competent.
What we found - people
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
11
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
11Working draft
The span of control between complaint file reviewers and team leaders
averages 11 and has a maximum of 16. Management are aware of the
issues surrounding the current higher management span of control (i.e.
between team leaders and the next level up of management) which is
currently nineteen to one. Whilst initial priority had been given to
recruitment of file reviewers to ensure that both the terms of the waiver
could be met and the increasing MEC volumes handled, senior
management have active plans in place for the recruitment of
additional appropriate management.
From conversations with management, the unprecedented speed of
expansion of the MEC team has been undertaken with a clear sight on
underpinning safeguards to the customer at all times. It would be true
to say, however, that such an explosion of activity has naturally
stretched and tested the wider Customer Relations department to its
limits on occasions.
What we found - people
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
12
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
12Working draft
Notwithstanding the weaknesses in relation to the T&C scheme, there are some important mitigating factors:-
Only those staff who have had sufficient cases 100% checked (and passed) to be confident of their competence do not have 100% of their cases checked. CRT advised that in November 62% of all cases checked by first line handlers were 100% checked by their supervisors. Whilst the review team has not fully corroborated the substantive quality of the supervisory checking (and associated MI) the strong quality of the decision making found in the case files reviewed provides key supporting evidence.
We have evidence from the MI system being used that the 100% checks have been carried out and the supervisory oversight is graded into Pass, Pass with Development and Fail. From sight of MI spreadsheets maintained by team leaders, one hub since 1st September on post-FSA cases had 283 supervisory checks, 97 were classified as Pass, 178 Pass with Development and 8 Failed.
Additional evidence of supervisory checks themselves was found on the complaint files sampled. However, there is no initial evidence of trend or thematic analysis carried out as a result of the supervisory checks.
What we found - people
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
13
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
13Working draft
In relation to the 6 of Post A day cases where the review team disagreed with the case handler and the customer relations department, it is important to note that 3 of the cases were such that the judgements involved were “fine”, that is to say difficult to call one way or the other. Consequently, the fact that the review team disagreed in the final analysis is not sufficient evidence of any systemic issues.
What we found - Case Review
Case Type/Result Total Halifax
Population
Halifax Cases
Sampled(% of total population)
GRR agree with original
CRT assessment
GRR Overturn
original CRT assessment
Post FSA Decline 832 45 (5.4%) 39 (86.7%) 6 (13.3%)
Pre FSA Decline 9,500 144 (1.5%) 141 (97.9%) 3 (2.1%)
Pre FSA Decline Retrospective
Review Overturn
Unknown(manualsample)
4 4 (100%) 0
Uphold 843 8 (1%) 8 (100%) 0
Withdrawn 124 2 (1.6%) 2 (100%) 0
Not Halifax Advice
1,940 6 (0.3%) 6 (100%) 0
Total 13,239 209 (1.6%) 200 (95.7%) 9 (4.3%)
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
14
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
14Working draft
What we found - Case Review
Whilst the decision making process includes the assessment of suitability, duty of care, balance of probabilities and taking the wider picture into consideration, the criteria on which individual decisions were made were not always apparent or fully documented on each complaint file.
It is not unlikely that FSA would have come to similar conclusions on the above and may have found the occasional lack of full audit trail containing all reasoning and evidence considered for decisions taken of initial concern. However we remain of the opinion that the decisions taken are robust.
Birmingham Midshires Cases 15 BM cases were reviewed. As has been noted earlier the procedures were found not to be
clearly fit for purpose in all respects therefore a wholesale retrospective review of those cases effected will be undertaken.
BM uphold rates have been steady between 40% - 50% which demonstrates that the BM case handlers have, despite lack of knowledge of the “Tiner Letter”, been similar to Halifax in a customer focussed approach to decision making.
BM management estimate that the total number of complaints which were initially declined but potentially could have been upheld on Tiner grounds is between 200 and 250.
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
15
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
15Working draft
When we reviewed management systems and controls, we concentrated
on finding evidence to answer the following key questions:-
Were all accountabilities clear?
Did those with accountability consider the whole question of systems and
controls holistically?
What were the key control mechanisms (internal and, where appropriate,
independent) to ensure that the procedures and standards were designed
properly, signed off as such and kept up to date?
What were the key control mechanisms (internal and, where appropriate,
independent) in place to ensure the case handlers followed the procedures,
investigated complaints fully and applied the standards in a way that was
likely to make the appropriate decision?
Was the management information adequate to enable the management team
to identify, review, manage and follow up key issues?
What we found – systems and controls
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
16
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
16Working draft
Key findings were:-
Given the high-level of importance attached to this issue a SG was formed of very senior people from
the business. Even though the SG’s terms of reference made clear that it was a policy formation body
and was therefore not accountable for MEC governance it is clear that the SG did in a very detailed
way consider the line & policy which should be taken in relation to MECs, in particular:
SG met monthly and Andy Hornby attended every one;
Each SG considered a detailed analysis of MI including numbers of complaints, uphold rates by
category, comparisons of uphold rate with FOS, ageing of complaints;
Helen Roberts (Head of Customer Relations) was responsible for reporting details on resourcing,
T&C status and backlogs, recruitment and budgetary issues. Andy Hornby was on occasion asked
to both approve extra budget and also to exercise his influence to encourage appropriate
secondments;
Philip Hanson (Head of Mortgages and Secured Lending) and Arthur Selman (formerly Head of
Group Regulatory Risk) were responsible for the rationale for the waiver, policy changes and
advising on new FOS rulings and the resulting impact on the procedures and standards;
SG reviewed individual complaint cases to ensure that they were comfortable with the decisions
being taken, and
Andy Hornby kept James Crosby and Mike Ellis informed both of progress and any material issues
arising.
What we found – systems and controls
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
17
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
17Working draft
Key findings were:-
Direct accountability of the MEC team was through the usual management
line in Customer Relations. The management line has recently changed so
that Helen Roberts now reports directly to David Walkden.
The control mechanisms in place to ensure the appropriate design, sign off
and continuous review of procedures and standards were part of an
expanded business as usual for Customer Relations though for MEC
procedures and processes these were also agreed with the FOS and sent to
the SG. There was a constant effort to make the right decision as to how
different types of complaint should be handled. This included updating
procedures in discussion with the SG to ensure that they remained in line
with both Tiner and changing FOS requirements.
The key internal control mechanism to ensure complaints were investigated
and determined appropriately was the implementation of 100% supervisory
review of all cases handled by an individual until they had met the T&C
requirements to become a competent reviewer.
What we found – systems and controls
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
18
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
18Working draft
Key findings were:-
Retail Regulatory Risk (“RRR”) carried out independent monitoring of the
project and Arthur Selman, the previous head of GRR sat on the Steering
Group. In the opinion of the review team, the work carried out by RRR was of
high quality and was part of a suite of work assessing the adequacy of
complaints handling across the Retail Division. The findings of the RRR
monitoring work were reported to both SG and Retail Risk Committee, are
consistent with those of this GRR review and RRR action points identified
have already been taken forward.
BM MECs were not part of the business as usual accountability for Customer
Relations but reported functionally through their own management line.
However, going forward BM will be represented on the SG to ensure
consistency of approach.
What we found – systems and controls
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
19
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
19Working draft
The waiver conditions imposed by FSA have been complied with in terms of
the length of the waiver (6 months to 17th December, 2003) and in terms of
resourcing levels where a compliment of 330 was reached and maintained.
The correspondence with complainants during the waiver period was in line
with the revised requirements for holdings letters and referral rights to the
FOS given at 20 weeks.
What we found – Waiver
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
20
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
20Working draft
On the basis of the sample of Halifax cases reviewed by the team, a compliance rate of 95.7% in our opinion demonstrates that complaints are and were being investigated and determined in line with our understanding of the prevailing FOS, FSA and HBOS internal standards. Further in our opinion there was no evidence of any systemic issues arising.
However, there are certain weaknesses of which management are aware, which need to be remedied. These generally relate to record keeping and management systems & controls but have not, in our view, had any material impact on the actual case handling. The key recommendations follow and Appendix 4 has the detailed recommendations.
As previously noted, BM will conduct a full review in line with Tiner and all other relevant guidance to reconsider c200-250 cases which may have been defended inappropriately.
In our opinion, management have at all times and in all material respects complied with the requirements of the FOS, FSA and HBOS internal standards and we found no evidence of any negative cultural issues.
Key conclusions
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
21
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
21Working draft
The key recommendations of the review can be summarised into five
areas where developments are required:
Management systems & controls
Record keeping
Enhancements to procedures
The production and use of MI
The handling of BM complaints.
Further details are supplied in Appendix 4.
Key recommendations
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
22
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
22Working draft
Appendix 1 – List of documents reviewed
Appendix 2 – List of people interviewed
Appendix 3 - Group Internal Audit work and opinion
Appendix 4 - Detailed recommendations
Appendices
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
23
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
23Working draft
o Structure charts
o Copies of CVs for key staff
o A breakdown of the resourcing of the team detailing the staffing numbers in place each month during 2003
o Copies of all training materials
o Details of the ongoing training and competency scheme
o A full responsibility map, detailing all businesses covered by each unit
o Original Jupiter Project Plan, including an assessment of the scale of the potential issue
o Amendments to the Project Plan
o Minutes of all Steering Group meetings including any papers circulated for the meeting
o Copies of all written procedures and confirmation of amendment dates
o Copies of all regulatory and FOS guidance detailing the process for inclusion within ongoing case handling procedures
o The rationale for the application for the FSA waiver
o Copies of information supplied to the FSA (not already included)
o The Tiner letter and subsequent correspondence
Appendix 1 – List of documents reviewed
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
24
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
24Working draft
o Copies of management information produced, including owner, circulation list, production
times
o Details of all complaints received by month, complaints resolved, upheld, declined and costs
of cases settled
o Minutes of team meetings
o Numbers of all cases dealt with by FOS including final cases assessment
o Details of any outsourcing relationships
o Details of relationships with tied reviews
o Details of how external influences are factored into planning, for example FSA initiatives,
the issue of re-projection letters from key insurers, etc
Appendix 1 – List of documents reviewed
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
25
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
25Working draft
Appendix 2 – People Interviewed
Andy Hornby
David Walkden
Philip Hanson
Dan Watkins
Arthur Selman
Helen Roberts
Andy Giles
Richard Graves
Dave Cockerill
Mark Nixon
Jenny Cartwright (T&C only)
Paul Dean (T&C only)
Alison Clegg (T&C only)
Andy Luce
Berni Downes
Sue Meredith
Stephen Millington
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
26
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
26Working draft
Appendix 3 – GIA work and opinion
GIA assessment.
Based on our work and joint discussions with GRR, RRR and CR we are
satisfied that the opinion/findings stated by GRR in their report are valid
and accurate.
GIA have reviewed the process followed by GRR in this review and in
our opinion the process followed to review Customer Relations handling
of Mortgage Endowment complaints is robust. The review included the
following:-
Sample selection and methodology
Walkthrough of sample of review cases
Records and evidence held by GRR
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
27
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
27Working draft
Appendix 4
Detailed Recommendations (all of which will be discussed and agreed in
further detail with management and RRR):
Management systems and controls:
Complete the recruitment for the new team structure to address spans of control issues
Quality testing of key internal standards to continue to be undertaken on an ongoing
basis by a combination of internal and independent monitoring
Consider updating the SG terms of reference and minutes arising to reflect its active
role in control, oversight and input into MEC handling
Record Keeping:
Ensure documentary evidence is retained to support adherence to all internal
procedures
Records to be kept of all internal and external meetings to form audit trail of changes to
and cascade of procedures
Full documentary, stand alone audit trail to be enhanced on each complaint file
containing all reasoning and evidence considered for decisions taken
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
28
Group Regulatory RiskGroup Regulatory RiskA New Force in Regulatory Risk Management
28Working draft
Appendix 4 - cont
Enhancements to Procedures:
Procedures to be enhanced to include further detail, examples, case studies and known internal factors to aid case handlers reference documentation and consistency of understanding
Procedures to be benchmarked against those to be considered “best in class”
Production and Use of Management Information:
Quality checking of CHAMP source data
Quality data indicators, including T&C data to be developed to allow enhanced reporting to SG, Risk and other Committees
Development of centralised T&C MI to support CRT in managing the remote hubs
Handling of BM complaints:
Holistic review of all post FSA declined mortgage endowment complaints
Closer working relationship to be developed with Halifax CRT
Revise BM complaint handling procedures in line with those developed in Halifax and consider wider impact on all complaints handled within BM
BM representation on the SG