- The Bank of England overhauled its approach to managing non-financial risks following two high-profile incidents.
- The Bank has made good progress, but recognises it has more to do and plans further improvements.
- NAO recommends Bank reviews whether there are material differences in risk awareness and perception among its staff to identify potential further improvements.
The Bank of England (the Bank) has made good progress in overhauling its approach to managing non-financial risks following two high profile incidents – but the Bank recognises there is more work to be done, a new National Audit Office (NAO) report says.
In 2017, one of the Bank’s deputy governors resigned after failing to formally declare to the Bank a senior level conflict of interest within the banking industry. Then, in 2019, the Bank identified that weaknesses in its procurement and technology practices had not detected a third-party supplier intentionally streaming market-sensitive press conferences faster than other sources, giving its subscribers a potential market advantage.
The independent public spending watchdog’s report, Bank of England: Managing legal, ethical and staff compliance risks, covers the Bank’s overall approach tomanaging compliance risks since 2017, and whether there are processes in place to monitor compliance risks effectively and respond with timely decisions, building on lessons learned.
Following the 2017 incident, the Bank began making major changes to how it manages risks to its operations or reputation.
Actions include creating a new Risk Directorate, establishing clear lines of reporting and accountability, and a more consistent approach to assessing risks. The Bank also simplified the internal policies staff have to comply with, reducing the number from 393 policies in 2020 to 78 in 2023.
The Bank has also acted to promote and embed a culture of risk awareness and raising concerns among its staff, including simplifying language within key internal documents, including to its annual code of conduct – which all staff are required to complete.
But a staff survey in 2021 found that only 51% of respondents felt that any concerns raised would be appropriately addressed, compared with 76% in central government bodies who answered a similar question in the 2021 Civil Service People Survey.
In response, the Bank expanded its training and workshops on risk awareness and speaking up, and has aimed to create an open culture where staff are more likely to report incidents or concerns.
However, the Bank recognises it still has more do. The Bank’s 2023 staff survey found that 59% felt they were free to speak their mind without fear of negative consequences. Around 1,400 staff – about a quarter of its workforce – had joined in the two years to February 2023, and the Bank recognises it will take time to fully embed its approach.
The Bank has developed clear metrics to track compliance, which it monitors and reports regularly to key decision makers. In total there were 628 minor and 28 major compliance breaches of staff policies in the year to August 2023, most of which were self-reported. The Bank is acting to reduce the number of compliance breaches, which currently stands above what the Bank considers an acceptable level.1
Bank officials plan to continue improving how it manages compliance risks. For example, planned work for 2024-25 includes improvements to the quality and consistency of information recorded in risk registers, linking risk management activities to business plans and budgets, and a more consistent process for responding to reported incidents.
The NAO recommends the Bank reviews whether there are material differences in the understanding and perceptions of risks among its staff. Greater evaluation will also help the Bank to understand how well changes to risk management processes are working.
“The Bank of England has made good progress in developing new and improved systems to understand and manage compliance risks.
“As it takes forward this work, the Bank should ensure it continues to improve the quality and consistency of its risk information, and awareness and confidence among staff to raise concerns.”
Gareth Davies, head of the NAO
Read the full report
Bank of England: Managing legal, ethical and staff compliance risks
Notes for editors
- An acceptable level would mean that the number of breaches is below a pre-defined threshold which is approved by the Bank’s Audit and Risk Committee. The number of actual breaches relative to the threshold number dictates whether it is within, just outside, or materially outside of acceptable levels (green, amber and red rated respectively). In the case of minor staff breaches, the Bank gave a rating of ‘red’ – more than 100 breaches within a three-month period.