By Guest Columnist: Donna Boehme

Principal at Compliance Strategists LLC and editor of the weekly CS Newsflash (and former chief compliance and ethics officer at two leading multinationals). Named by ComplianceX to “Who Compliance Professionals Should Follow in 2013.” So follow her on Twitter @DonnaCBoehme.




It’s a terrible story that should be told, and told often, if we are to make any progress for chief compliance officers (CCOs) and the companies that need them to do their jobs well.

Earlier this year, the U.K. Parliamentary Commission on Banking Standards finally weighed in on the blame for the implosion of HBOS bank after “catastrophic failures of management, governance and regulatory oversight” led to bad lending losses of nearly £50 billion and a taxpayer bailout of £20billion.[1] The report placed primary blame directly on the doorstep of three former executives whom the report calls to be banned forever from the finance industry. Sir James Crosby, former HBOS CEO has already resigned two outside board positions and agreed to give up his knighthood. Pressure is on two other former Directors Andy Hornby, CEO and Lord Dennis Stevenson, Chairman, to face similar consequences. But enough about those guys.

This story is about Paul Moore, the former chief risk and compliance officer for HBOS, fired in 2004 for his warnings to the bank’s C-Suite and Board of its excessive risk taking culture. Paul says the release of the Parliamentary report, plainly called “An Accident Waiting to Happen,” was like the “parting of the Red Sea” for him.    Paul is Exhibit A for why former federal prosecutor Michael Volkov called the CCOs the “Person of the Year” in 2011 and has described this difficult role as the “unsung hero” of the corporate landscape.[2]

In 2004 (four years before the HBOS meltdown),  Paul delivered a detailed report to the HBOS C-Suite and Board raising strong warnings about a sales culture that was “markedly out of balance with the banks systems and controls ” and issues of a “cultural indisposition to challenge” and “inappropriate behaviors.”  He warned that the bank was a serious risk to financial stability and consumer protection. For his trouble, he was summarily sacked.   Fast forward to 2013, to the Parliamentary committee’s report finding that “The risk function in HBOS was a cardinal area of weakness in the bank…The degradation   of the risk function (i.e. Paul being fired) was an important factor in explaining why the high-risk activities of the Corporate, International and Treasury Divisions were not properly analyzed or checked at the highest levels within the bank.”      

I happened to be in London when this story broke, and saw the fallout firsthand. The connection to the nearly verbatim warning that Paul gave back in 2004 was stunning. One journalist pointed out the big discrepancy between the lives of the two men at the heart of the HBOS story: Paul stepped outside the bank and wept, wondering how he would tell his wife that he had lost his job.   James Cosby went on to receive a knighthood and, in an ironic plot twist that would have made Hitchcock proud, become the deputy chairman  of now defunct Financial Services Authority, the very UK regulator tasked with ensuring that no further HBOS like disasters ever again occur! (an embarrassment eventually remedied by Parliament as the truth began to trickle out).  There’s also plot twist #2: the former Chairman of big four accountant KPMG, which failed to find anything wrong with HBOS’ dangerous risk profile, and also investigated and exonerated HBOS in its firing of Paul Moore,  is…. wait for it… the current head of the brand new Financial Conduct Agency (successor to defunct FSA). You can’t really make this stuff up.

Make no mistake: for every known Paul Moore, there are dozens of CCOs and other control officers who every year are fired, retired, marginalized, shunned, and otherwise suffer retaliation for doing their jobs well. A recent cross-industry survey of 1000 whistleblowers by the UK nonprofit Public Concern at Work and law firm Slater & Gordon offers timely validation of this problem: 77% of whistleblowers in the financial services industry were ignored and 42% fired outright – higher percentages than in any other industry.[3] ‘’This survey throws up few surprises,” says Slater & Gordon partner Clive Howard. “It confirms banks and other organizations fail whistleblowers. Those individuals who are prepared to raise serious concerns do so with little or no support from their employer.  It is depressing that nothing seems to change.’’

Red flags like these should both alarm and motivate regulators, prosecutors, boards, C-suites, investors, NGOs and any other stakeholder group that cares about robust controls and the ability of organizations to self-police. If companies really want to receive the full benefits of this nearly thankless role, to prevent and detect misconduct and otherwise support a culture of ethical leadership, they will find ways to empower and position them for success so that it is not so easy –so very easy – for executives in positions of entrenched power to silence them when their messages become inconvenient. They need empowerment, positioning, seat at the table, line of sight and direct reporting access to the non-executive directors of the board (who need to step up). [4] There are other Paul Moore’s out there who need independence and protection to do their jobs well, for the benefit of the companies and the investors they serve.   And it shouldn’t take a Parliamentary commission to figure that out.