Banking staff who monitor risk should be senior enough to confront anyone in the company under a revised UK code to avoid more of the banking failures seen in the credit crunch.
Britain’s Chartered Institute for Internal Auditors published revisions to its code of conduct to meet criticisms they failed to spot or warn about a huge build-up of risks at banks that ended with taxpayer bailouts.
Five internal audits over five years had failed to spot the rigging of the London interbank offered rate (LIBOR) interest rate benchmark at UBS bank.
Internal auditors, along with compliance and risk officers, are employees of the company and one of its three lines of defense to ensure stability.
Britain’s parliamentary commission on banking standards said last month that heads of internal audit at banks should report directly to the board as they have lacked the status to challenge front-line staff properly.
The revised code reflects these recommendations, saying the scope of internal audits at banks should be unrestricted, with identifying key risks a top priority.
The status of the chief internal auditor should normally be at executive committee level, the code says.
Internal audits should also include a bank’s capital and cashflow risks.
Andrew Bailey, chief executive of the Prudential Regulation Authority, which supervises banks, said the code raises the bar for internal auditors by spelling out that their main role is to protect the assets, reputation and sustainability of the bank.
Financial Conduct Authority chief executive Martin Wheatley said internal auditors must have the power and confidence to check if products and services are in line with the interests of the customers.
“This will play a vital part in restoring the confidence and faith of consumers and the market alike,” Wheatley said.
Internal auditors have privately welcomed public intervention to bolster their role though some say the test will come when strong economic growth returns and companies want to exploit it to the hilt with more risk taking.