PRA and FCA conclude investigations for HBOS failure
Xcina Blog

PRA and FCA conclude investigations of Senior Managers involved in HBOS failure


The PRA and FCA recently concluded their joint investigations into the performance of senior managers at HBOS plc (“HBOS”) in the years leading to its failure. The investigations considered whether or not those individuals should be prohibited from performing specific roles within financial services. The regulators conducted ‘rigorous and forensic investigations’ to assess whether these individuals lacked fitness and propriety.

Both regulators decided not to take further action against these former HBOS senior managers.

This was the final chapter of a series of investigations following the demise of HBOS in 2008.


HBOS, which operated as Halifax and Bank of Scotland and was at one point the UK’s largest mortgage lender, became insolvent in 2008 during the financial crisis. Lloyds Banking Group plc rescued HBOS in a government-engineered takeover.


Notable Milestones



HBOS was formed by the merger of Halifax plc and the Bank of Scotland plc, becoming the UK’s largest mortgage lender and a company of comparable size and stature to the established Big Four UK retail banks.




The Financial Services Authority (FSA) examined the bank and warned about failings in its control infrastructure.




The HBOS head of Group Regulatory Risk warned its senior directors about excessive risk-taking. He was dismissed, and his concerns were not acted upon.




Amidst the credit crunch, HBOS became insolvent and was taken over by Lloyds Banking Group plc. This led to a £20bn taxpayer bailout for the acquirer. HM Government acquired, through HM Treasury, approximately 43.4% of the enlarged ordinary share capital of Lloyds Banking Group plc.




The FSA issued Final Notices and fined:

  • The Chief Executive of HBOS, for failing to comply with Statements of Principle and the Code of Practice for Approved Persons, prohibiting him from performing any significant influence function in an authorised firm on the grounds of competence and capability.
  • The Bank of Scotland plc for its failure to take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems.


  • The Parliamentary Standard on Banking Standards (PCBS) examined HBOS’s failure and published a report titled ‘An accident waiting to happen’.
  • The FCA and PRA were established, taking over from the FSA.


  • The FCA and PRA published a report into HBOS’s failure and the FSA’s actions, concluding that ‘ultimate responsibility for the failure of HBOS rests with the board and senior management’ who ‘failed to set an appropriate strategy for the firm’s business and failed to challenge a flawed business model which placed inappropriate reliance on continuous growth without due regard to the risks involved’.
  • Andrew Green QC’s report titled ‘Report into the FSA’s enforcement actions following the failure of HBOS’, known as ‘the Green Report’.


  • The Treasury Select Committee published its ‘Review of the reports into the failure of HBOS’
  • Following the above, particularly the Green Report, the PRA and FCA decided to open joint investigations into certain former HBOS senior managers.


  • The PRA and FCA determined that no enforcement action should be taken against these former senior managers.


Takeaways and Conclusions

There are many lessons to be gleaned from this historical case study.

  • Weaknesses in the management, governance and culture were the primary causes behind HBOS’s financial issues.
  • The board failed to provide an effective challenge to executive management.
  • The Non-Executive Directors lacked sufficient experience and knowledge of banking.
  • The firm’s ‘weak risk culture was evident at all levels of the firm, with the Board-approved emphasis on growth setting the tone for the rest of the organisation’.
  • Internal controls were ineffective and did not keep up with the rapid growth.

The UK regulators’ decision not to take further action against the senior managers has been met with some outrage. Some perceive it as yet another indicator that regulators fail to take to task those who mismanage financial institutions appropriately. Iceland remains the only country which sentenced bankers to imprisonment after the financial crisis.  Other recent examples cited in the UK are the AML process deficiencies at HSBC and NatWest, where significant financial penalties were imposed without any senior managers facing regulatory action.

Way forward

The Senior Managers & Certification Regime (SM&CR) was introduced as part of the regulatory response to restore trust and confidence in the financial services industry. It is at the core of the FCA’s and PRA’s culture and conduct agenda.  It has been viewed as a catalyst for change in financial services to strengthen healthy cultures and effective governance in firms through promoting greater individual accountability and enhanced standards of personal conduct.

SM&CR came into force in 2016 for banks and did not apply to HBOS.  However, in light of the regulators’ latest conclusions about the fitness and propriety of the senior managers involved, it is not inconceivable that, on paper, the governance arrangements in place at HBOS might have complied with SM&CR requirements.  Therefore, it is paramount that firms comply with the substance and spirit of these requirements, not just the letter. This being said, conduct rule notifications and senior manager enforcement actions under SM&CR remain scarce, raising questions about the effectiveness of the regime in practice.  Xcina Consulting published a survey report in Q1 2021 taking stock of SM&CR practices and their effectiveness at financial services firms.

To what extent do you consider that SM&CR has been achieving its objectives and positively affecting governance and behaviour across financial services?  Please join Xcina Consulting to discuss this topical issue and many others on 22 September at the City of London Club.

We’d love to hear from you

To discuss how the areas highlighted in this post, or any other aspect of risk management, information governance or compliance impact your business, speak with our team, tell us what matters to you and find out how we can help you navigate complex issues to help you deliver long term value.

If you have any questions or comments, or if there’s anything you would like to see covered, please get in touch by emailing Xcina Consulting at We’d love to hear from you.

Peter Lane

Information Security Consultant

Speak to me directly by Email, or
Telephone: +44 (020) 3745 7820

Subscribe to Updates

Receive regular updates from our expert consultants as they provide clarification and guidance on issues impacting your organisation.

Subscribe >>