ABSTRACT
8.1 The attention given to risk management and internal control systems in banking organisations by the financial and regulatory community has increased tremendously in recent years. This reflects concerns which have arisen from a series of events during the 1990s that revealed severe deficiencies in institutional risk management structures and supervisory arrangements and allowed problems to develop and grow undetected. The most prominent of these events included the closure of the fraudulent Bank of Credit and Commerce International (BCCI) in 1991, and the sudden failure of the UK merchant banking firm Barings plc in 1995 following losses in excess of US$1 billion from unauthorised derivatives trading. There have certainly been instances of similar distress not necessarily involving billions of dollars in trading losses in a number of other major banking organisations. The recently uncovered yet massive money-laundering operations conducted through US and European banking institutions by Russian organised crime is a similar example of such deficiencies. The banking débâcles experienced in the 1990s, as well as the losses suffered during the Asian and Russian financial crises, raise significant issues concerning the strength of risk management and internal control systems and the ability of banking authorities to provide adequate supervisory oversight of banking institutions. These events underscore the importance of banking institutions and banking authorities to recognise inadequate risk management, and particularly internal controls, within banking institutions and to prevent or detect systemic fraudulent conduct within the institution. Notably, the sheer speed of the Barings insolvency challenged implicit assumptions about the time that management, financial market participants and counterparties and banking authorities have to respond to “outlier” or “stress” events in the financial markets generated by one or more financial institutions.
