BoE has ‘more to do’ after compliance breaches

The UK’s central bank knows it needs to go further in developing its compliance culture after two high-profile breaches and issues identified in staff surveys, a report by the country’s National Audit Office (NAO) says.

The report, published today (March 4), highlights how the Bank of England (BoE) sought to make changes following the breaches, but was only partially successful.

The first, in 2017, involved newly promoted deputy governor Charlotte Hogg failing to declare a conflict of interest and then having to resign. The second, in 2019, involved a third-party supplier allowing its customers to access live streams of BoE press conferences more quickly than the rest of the market, thereby giving them a potential trading advantage.

The central bank developed a new approach to managing compliance risks after reviews in 2017 and 2018, the NAO says. It created a dedicated risk directorate, set clearer lines of reporting, and sought to create consistent terminology to improve risk reporting. 

However, many staff still appear reticent about raising concerns. The NAO notes that an internal survey by the BoE in 2021 found only 51% of staff “felt that any concerns they raised would be addressed”. Following a change of wording in the 2023 survey, 59% of staff said they “felt they were free to speak their mind without fear of negative consequences”.

Minor compliance breaches by staff are also above the level the BoE deems acceptable. The bank marked the rate of minor breaches as “red” on a traffic-light scale. This was defined by its own audit and risk committee as more than 100 incidents during a three-month period. There were 628 minor compliance breaches and 28 major breaches in the 12 months to August 2023.

The BoE has directed its “risk custodians” to create action plans to bring breaches back within acceptable levels. 

The report acknowledges that the BoE is making progress: “The bank has acted to promote and embed a risk awareness culture, but recognises it has more to do.”

The Bank of England has made good progress in developing new and improved systems to understand and manage compliance risks

Gareth Davies, NAO

It says the bank has made “good progress” in improving the management of compliance risks and is planning further improvements. The BoE, the report says, draws on internal and external risk experts, regularly assesses compliance risk using a consistent approach, and has a “clear set of relevant key metrics” for each type of compliance risk.

However, the report also recommends improvements in several areas. The BoE should review whether there are “material differences” in the awareness of risks among different groups of staff. It should work with business areas on more consistent reporting of changes in assessed levels of risk. It should also examine the “completeness” of controls in place, and develop a programme of regular evaluations.

David Roberts, chair of the BoE’s court of directors, said in a statement: “We welcome the National Audit Office’s report on the bank’s management of legal, ethical and staff compliance risks. The bank is committed to promoting the highest standards of integrity and ethics and will carefully consider the NAO’s recommendations.”

Gareth Davies, head of the NAO, said: “The Bank of England has made good progress in developing new and improved systems to understand and manage compliance risks. 

“As it takes forward this work, the bank should ensure it continues to improve the quality and consistency of its risk information, and awareness and confidence among staff to raise concerns.”