Legal-Risk-Guidance-Note

Legal Risk Guidance Note for Banks

Senior bank executives - indeed all those involved with banking - manage operational risk on a daily basis and have been doing so since banking began. In recent years, operational risk has attracted significant attention due to the emergence of a series of major losses by banks – and due to the increasing need to provide better customer service in a competitive banking environment. Accordingly operational risk has been the subject of widespread discussion, including the application of enhanced risk management approaches. However, legal risk –as a subset of operational risk – continues to be an area where discussions about its definition and application are still on-going. This Guidance Note is intended as a contribution to that discussion, with particular reference to the legal risks that face banks in Guernsey.

In Guernsey, legal risk is of some importance for banks given that (a) lending is often collateralised and (b) banks draw significant income from fees and commissions where credit and market risk is limited but where operational risk – including legal risk – can be high. Accordingly, the Commission is issuing this Note to help ensure that banks address some of the key legal risks in the jurisdiction. The Guernsey banking community is made up of several different sorts of banks and some of the legal risks outlined below may not align with the particular business model of some banks. The list should also not be seen as exhaustive. It does not, for example, deal with issues of tax law or anti-money laundering requirements. Each firm therefore should identify and consider the issues (both as to substantive risks and the management of them) that are relevant to its own business and take its own legal advice, as appropriate.

This Note has been prepared with the assistance of Mr. Roger McCormick, a Visiting Professor and Senior Research Fellow at London School of Economics and Political Science and the author of “Legal Risk in the Financial Markets” (Ox ford University Press 2006). Mr McCormick was able to discuss the issues in this Note with several bankers and other parties in Guernsey. The Commission is grateful to all parties, especially Mr McCormick, for their support in developing this Note. This Note, however, expresses the views of the Commission alone.

The Commission defines legal risk, in this context, by adopting the definition of the International Bar Association which is attached to this Note. The Commission does not require firms to use the same definition but it is suggested that they would find it helpful – if only for the purpose of effective allocation of responsibility – to have some clearly accepted definition used throughout their business and appropriately documented as such.

If no definition is used, the Commission would, at least, expect this to be the result of a conscious, reasoned decision taken at an appropriate level.

Specific legal risk issues to which the Commission wishes to draw attention at this stage are set out below.

Mis-selling risk, cross-border risk and other related risks

Firms should pay particular attention to the pre-contractual discussions that take place with customers, how the content of those discussions is recorded and which individuals and entities within a corporate group organisation are responsible for them. Particular care will be needed where the law of another jurisdiction may be relevant, where there may be scope for confusion as to agent and principal roles and where complex contractual relationships are intended (for example, where the Guernsey firm is intended to act on an “execution-only” basis and investment advice is provided from another group entity). Firms should ensure that appropriate legal advice, and clear guidance and training on relevant legal risks (including the potential impact of changes in law in other relevant jurisdictions), are available to Guernsey management and other personnel. Where practical, steps should be taken intra-group to ensure that firms are not exposed to legal risks as a result of acts or omissions of individuals in other parts of a group structure outside Guernsey.

Basic documentation issues

Firms should have a clear understanding of when and why standardised documentation is to be used, when, how (and by whom) it may be amended or varied (formally or informally) and when it is appropriate to use “bespoke” documents. The authors of legal documentation should be clearly identified to Guernsey personnel and be easily accessible for queries and explanations.

Generally, it might be expected that documentation would be governed by Guernsey or English law (with the parties submitting to the jurisdiction of the courts of those countries respectively) but, in circumstances where this is not appropriate (for example, where security documents are needed for real property located elsewhere), the decision to use another law (and/or venue for dispute resolution) should be clearly recorded and understood.

Standard documentation should be reviewed by appropriately qualified persons and updated as appropriate at reasonably frequent intervals.

Where a firm relies on a formal legal opinion, it should check that the opinion is addressed to it or that it otherwise may rely on it (and that it is not likely to have become out of date). Whether or not the issues are covered in an opinion, firms should check that counterparties are legally authorised to enter into documentation and that any appropriate filings or registrations in a relevant jurisdiction are effected.

Guernsey personnel should have access (if the need should arise) to legal advice (not merely formal legal opinions) from persons qualified under the relevant governing law at appropriate stages in any transaction.

Independence and other organisational issues

Notwithstanding that customer relationships may be regarded as an issue of group-wide significance, firms should have in place procedures that result in relevant legal risks being assessed independently by the Guernsey entity (albeit in reliance on advice sourced from another part of the group). Responsibility for the management of legal risk should be clearly established, with appropriate periodic reporting to the board of directors of the firm (or for example the executive committee for branches). Policies and procedures that are related to the management of legal risk should also be clearly documented in reasonable detail. Firms should consider the use of stress testing exercises to assess the adequacy of such policies and procedures. Firms should assume that intra-group service level agreements should be as legally binding as with a third party unless there are convincing reasons to the contrary.

Relationship with group credit risks

Recent global events have shown that even the most sophisticated market participants have tended to take legal risks in documentation that may have seemed appropriate where a very robust view has been taken of the creditworthiness of the counterparty, particularly if it was thought to be “too big to fail”, but which, in retrospect, appear to have been ill-judged. Firms should review, in the light of the financial crisis, whether this rationale for legal risk acceptance is still justified and, if so, appropriately priced in.

The risks associated with assuming that a counterparty is too big to fail may be exacerbated where the counterparty is the firm’s parent or another group company. Taking a “relaxed view” of legal risk in such situations may turn out to be unjustified and prejudice the interest of depositors in Guernsey. Firms should, in particular, consider carefully the legal basis of “upstream” payments or other transfers of assets they make to parents or other group companies. They should periodically review the terms of such payments or transfers (including any relevant intra-group guarantees or similar arrangements) and what their position would be –and the effect on their business and customers – if a payee or transferee (or any guarantor) became insolvent or otherwise got into financial difficulties. The documentation and surrounding legal circumstances (for example, the jurisdiction of incorporation of the payee or transferee or any guarantor) should not result in the firm being in any worse position than any other unsecured creditor unless this risk has been clearly understood and accepted by the firm. They should not result in property rights in any assets being modified unless as a result of a conscious, documented decision. Where money that is transferred is to be held as client money, the firm should verify that the necessary steps (which may include segregation) are taken to ensure that any applicable statutory trust or comparable protective arrangement comes into effect. Generally, the arrangements should be such that, as far as possible, a repayment of funds to the firm (and/or any closing out or netting of positions)

can be made swiftly, without undue delay or formality, and without being open to challenge by an insolvency officer.

Where appropriate, independent legal advice should be taken by the firm on its position. The documentation should be clear and easily accessible in the event of problems arising. Particular issues may arise where a group company sub-participates a loan (that it has made to a third party) to a firm. The firm should be clear, on the basis of the documentation and legal advice, as to whether it is taking credit risk on the third party alone or on the group company as well. It should have the benefit of any relevant legal advice and due diligence that is done in relation to the third party and the underlying transaction and, if appropriate, carry out its own due diligence.

Conclusion

In this Note the Commission has highlighted a number of known key issues for Guernsey banks. They are:

Mis-selling, cross border risk and other related risks –as a result of the cross-border nature of much of the banking business in Guernsey;

Basic Documentation issues – touching on the need for due diligence in particular around non-standard documentation;

Independence and other organisation issues – relating to the need to assess risks independently; and

Relationship and other risks – noting in particular legal risks during an insolvency of the counterparty

There may of course be other key legal risks that bankers will be aware of; especially for their particular firm. Nevertheless, it is expected that this Note, together with the attached definition of legal risks, will be of use to bankers as part of the process of mitigating the attendant risks.

Attachment

IBA WORKING PARTY ON LEGAL RISK

SUGGESTED DEFINITION OF LEGAL RISK

(NB: This definition needs to be read with the accompanying notes, which affect how it should be interpreted).

Legal risk is the risk of loss to an institution which is primarily caused by:-

(a) a defective transaction; or

(b) a claim (including a defence to a claim or a counterclaim) being made or some

other event occurring which results in a liability for the institution or other loss (for example, as a result of the termination of a contract) or;

(c) failing to take appropriate measures to protect assets (for example, intellectual

property) owned by the institution; or

(d) change in law.

The reference to a defective transaction in (a) above includes:-

(i) entering into a transaction which does not allocate rights and obligations

and associated risks in the manner intended;

(ii) entering into a transaction which is or may be determined to be void or unenforceable in whole or with respect to a material part (for whatever

reason);

(iii) entering into a transaction on the basis of representations or investigations which are shown to be misleading or false or which fail to disclose

material facts or circumstances;

(iv) misunderstanding the effect of one or more transactions (for example, believing that a right of set-off exists when it does not or that certain rights

will be available on the insolvency of a party when they will not);

(v) entering into a contract which does not, or may not, have an effective or fair dispute resolution procedure (or procedures for enforcement of

judgements/arbitral decisions) applicable to it;

(vi) entering into a contract inadvertently;

(vii) security arrangements that are, or may be, defective (for whatever reason). All references above to a transaction shall include a trust, any kind of transfer or creation of interests in assets of any kind, any kind of insurance, any kind of debt or equity instrument and any kind of negotiable instrument.

All references to entering into a transaction include taking an assignment of a contract or entering into a transaction in reliance upon a contract which is itself a defective transaction.

NOTES:

1.The consultation paper of 1 July 2003 issued by the EU Commission Services

contains a “Working Document” setting out proposed risk-based capital requirements for financial institutions. Article 106 of that document states:- “Operational risk is the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events, including legal risk.”

It is arguable therefore that a legal risk which has been deliberately and prudently taken would not fall within the concept of legal risk described in Article 106 (since it would not result from inadequate or failed internal processes, people or systems) unless it can in some sense be a ttributed to an “external event”.

2.The document referred to in note 1 above does not offer any definition of “legal risk”.

3.The attached definition should not be regarded as prescriptive. Each institution may

wish to adapt the definition for its own particular purposes and, especially, to reflect any allocation of responsibility within that institution (for example, to the legal department) which may not be consistent with the definition as it stands. Any specific views of regulators, as they become known, will also, obviously, need to be taken into account.

4.With regard to paragraph (b) of the definition, institutions may wish to make a

distinction between claims which reflect a risk that has been anticipated (but nevertheless deliberately taken) and cla ims which come as a genuine “surprise”. It is not thought necessary to make any distinction between contractual, tortious or other claims in this context (but see 5 below). However, the prevailing view (and, it is submitted, best practice) is that risks which arise from willful or reckless behavior (including fraud) - although they are operational risks - should not properly be regarded as legal risks.

5.It is suggested that the risk of loss caused by contractual commitments to pay money

(e.g. indemnities or guarantees) entered into voluntarily should not be regarded as

legal risk. The risk of loss caused by a breach of contract is a more difficult question.

It is suggested that each institution is likely to have its own procedures for ensuring that clear contractual commitments (e.g. to pay a sum due on a due date) are properly

complied with, and may take the view that failure to follow those procedures is primarily a non-legal operational risk. However, it is arguable that extremely complex contractual arrangements might give rise to a more technical risk of breach simply on the grounds that the requirements of the contract have not been fully appreciated. Institutions may, in appropriate cases, regard such situations as an example of legal risk.

6.Situations may arise in the context of paragraphs (a), (b) or (d) which have strong

political overtones and may more properly be regarded as examples of political risk or at least a combination of legal risk and political risk. Whether or not any such situation is to be treated as legal risk will largely reflect the allocation of responsibility within any given institution and may also reflect how that institution perceives political risk in any particular country. It is suggested, for example, that outright confiscation of assets by a governmental authority is, generally, pure political risk and not legal risk. On the other hand, some institutions might regard political interference with the judicial process as a form of legal risk. (See also paragraph (v) of the definition). How responsibility is allocated will no doubt reflect the institution’s own judgment as to which departments or officers are best placed to provide advice on such risk situations.

7.“Change in law” has been added as paragraph (d) in order to cover situations where

such a change (whether as a result of statute or case law) does not also lead on to a loss under paragraph (a) or (b). It should be noted that, in certain contexts, a change in law may be more properly regarded as a political risk event rather than true legal risk (see 6 above).