I have reviewed in my blog enforcement notices mainly from the UK Financial Conduct Authority (FCA) to extract practical lessons for the design and implementation of risk management.
1. Incentive properties of remuneration schemes for sales staff appear not be well understood sometimes; posted on 15 February 2014; here.
2. Anti-bribery and corruption are challenging, trying is important but outcomes matter; posted on 14 March 2014; here.
3. A quick reaction to a technical error on mortgage payments can avert a fine; posted on 27 March 2014; here.
4. But the reaction to a different technical error on mortgage payments can make matters worse; posted on 24 April 2014; here.
5. Banks need to take into account probabilities to make financial promotions ‘clear, fair and not misleading’ even if they are only acting as distributor; posted on 10 July 2014; here.
6. The requirements about adequate systems and controls applies to the entire entity, including entities outside the UK, and more significant voluntary measures applied in addition to the fines; posted on 23 January 2015; here.
7. Fines may become less important as voluntary measures and enhanced supervision are applied; posted on 1 February 2015; here.
8. First enforcement case articulated around the three lines of defence; posted on 27 February 2015; here.
9. Risk management failures leading to the demise of the Co-op Bank; posted on 16 November 2015; here.
10. Consequences of failures in internal outsourcing; posted on 21 December 2015; here.
11. Conflicts of interests that are inherent in a business; posted on 4 April 2018; here.
12. An enforcement case that represents evidence of Board maturity; posted on 25 May 2018; here.
An alternative approach to understand FCA enforcement is to consider the overall trends in fines. You can read about that in this post.
Note also that the line between supervision and enforcement is becoming blurred with the possibility of "enhanced supervision". You can read about this regulatory tool in this post.
Finally, don't let these posts about the breakdown of risk management affect you too much. Here is a post on two case studies about the success of risk management.