When we talk about controls at Fastpath, people often think about fraud prevention. If the company is publicly traded, the conversation may center around ensuring the accuracy of the financial statements. But there are some very public scenarios where significant screw-ups could have been prevented by functioning internal controls. Now I have a new example. Buckle up, it’s a doozy.
The long version is here: https://www.bloomberg.com/opinion/articles/2022-10-04/barclays-lost-track-of-its-notes#xj4y7vzkg (subscription may be required). A non-subscription description is here: https://www.nationandstate.com/2022/08/01/barclays-faces-billion-dollar-loss-from-structured-note-paperwork-error/
The short version is Barclays bank wanted to issue about $20 billion in securities in 2019. Because of past transgressions, they had to register these securities with the SEC and include an upper limit. As they approached the $20 bn deadline, they would need to register to issue additional securities above that amount. No big deal, just paperwork. Financial institutions have lots of analysts and lawyers who can do paperwork.
The expectation was that someone, somewhere in Barclays would track the issuance of these securities and raise their hand when they got near the $20 bn limit even if that tracking process was just a spreadsheet. Anyone who has ever used a spreadsheet to track stuff over multiple years knows that this idea is fraught with problems. We all see where this is going…except we’d all be wrong. They didn’t use a spreadsheet to track issuances. They didn’t use a database. They didn’t even use a piece of paper. This is not the case of a failed internal control that failed, but of a non-existent internal control. No one tracked the issuance of these securities.
“Over the course of these efforts, it became clear to all involved that there was no internal control in place to track in real time the amount of securities offered and sold against the amount of securities registered.”
Instead, Barclays issued $36.4 bn of securities, about 80% more than authorized. This is technically securities fraud because Barclays sold unregistered securities. There was no intent to defraud. It was simply a paperwork mistake. A very expensive mistake. Barclays is being fined $200 million. Everyone who bought these securities above the initial $20 bn limit has an option to unwind their transaction. If they made money, they have an option to keep it. If they lost money, they can ask for it back. This was less of a problem when the stock market was roaring, but as the market has fallen, Barclays has received requests to unwind $7.7 bn, a little under half of the excess, and they are looking at estimated losses of £1.7 bn.
Not every company has this specific risk. But every company has important things that need to be managed where, failing that, very bad things happen. The nature of managing risk is that those items need controls too.