OPINION: The most interesting aspect of the United Kingdom’s Financial Service Authority’s exhaustive review of the failure of the Royal Bank of Scotland (RBS) is contained in the foreword, penned by the organisation’s chairman, Lord Adair Turner.

“Quite reasonably people want to know why RBS failed,” he writes. “And they want to understand whether failure resulted from a level of incompetence, a lack of integrity, or dishonesty which can be subject to legal sanction.” The short answer provided is “no”. Current legal frameworks in the UK make it impossible to launch proceedings that have no reasonable prospect of success.

The report provides clear evidence that the bank was exceptionally badly run. The cavalier approach to risk management is detailed in the evaluation of the scant due diligence conducted in advance of its disastrous acquisition of Dutch bank ABN-AMRO in April 2007.

As Lord Turner points out, many “will be startled” to read that the RBS board voted to proceed with such an “extremely risky deal” based on information provided by the target in “two-lever arch files and a CD”. Incomplete due diligence however, could not form the basis of a credible prosecution, “given that there are no codes or standards against which to judge whether due diligence is adequate, and given that the limited due diligence which RBS conducted was typical of contested takeovers”.

Moreover, “errors of commercial judgment are not in themselves sanctionable … an investigation can identify evidence of numerous poor decisions and imperfect processes, without that establishing a case for enforcement action, which has reasonable prospects of success in Tribunal or court proceedings”.

The concern over the limitations of current legal frameworks is also evident in the United States, where President Obama has promised to introduce higher penalties “so that firms don’t see punishment for breaking the law as just the price of doing business”. This comes in the aftermath of judicial rejection of a proposed $US225 million settlement between Citigroup and the Securities and Exchange Commission (SEC).

In a Manhattan court last month, Judge Jed Rakoff ruled that endorsing the settlement was “neither fair nor reasonable nor in the public interest” precisely because it contained no admission of wrongdoing from a corporation he described as a “recidivist”. This judicial criticism calls into question the tactical and strategic efficacy of enforcement as a mechanism to effect change. It also reflects deep-seated concern about the purpose of financial regulation itself, a concern shared by Lord Turner.

The call for strengthened legal frameworks is accompanied by a very public rejection of the FSA’s prior approach to its purpose, which, according to Lord Turner “reflected widely held but mistaken assumptions about the stability of financial systems and responded to political pressures for a ‘light touch’ regulatory regime”.

This was compounded by practical and conceptual errors. Markets are not, he now contends, inherently stable. The integration of market conduct and prudential regulatory functions meant that “apparent calm” beguiled regulators within the FSA to become ever responsive to frequent political demands for it to avoid imposing “unnecessary” burdens which could undermine the competitiveness of UK financial firms.

Lord Turner suggests this is unsustainable. He calls for a broader public debate to embed higher standards of accountability. Two principal approaches are canvassed.

The first is to introduce a strict liability offence, which, he contends, raises “complex legal issues relating to the burden of proof and human rights”. The second is to adopt a system of automatic sanctions. These could include banning “senior executives and directors of failing banks from future positions of responsibility in financial services unless they could positively demonstrate that they were active in identifying, arguing against and seeking to rectify the causes of failure”. A more intrusive proposal suggests expanding the proportion, time and range of deferred compensation arrangements. While laudable, they provide little room for confidence.

Other jurisdictions have gone much further, most notably Ireland, which has introduced a fitness and probity regime governing the appointment of banking executives in state-controlled entities. This requires appointees to be “competent and capable, act honestly, ethically and with integrity and be financially sound”. Outlining the rationale for more invasive supervision in a speech earlier this month in Dublin, the Deputy Governor of the Central Bank, Mathew Elderfield, castigated prior approaches that “relied excessively on a regulatory philosophy that emphasises process over outcomes, supervisory practice focused on verifying governance and risk management models rather than attempting an independent assessment of risk”. This had fostered a “degree of complacency about the likely performance of well-governed banks that proved unwarranted” Elderfield argued, a position that finds echoes in Lord Turner’s forward to the report on the failure of RBS and the culpability of the FSA.

Ireland has combined the fitness and probity approach with the development of what the Central Bank has termed a Probability Risk and Impact System (PRISM). This evaluates ongoing performance according to a range of metrics, including governance, business model, credit, operational, and liquidity risk. The focus on governance is deliberate.

According to Elderfield, “the calibre, skills and experience of key members of the leadership team will provide us with some assurance that in this important area skilled managers within the firm and non-executives directors are actively digesting issues, challenging one another and continually assessing the business model as the firms make key decisions, react to events and plan future growth”.

The key innovation associated with the PRISM model is that it provides multi-faceted metrics to assess corporate performance, which is then subjected to evaluation by a risk governance panel drawn from senior personnel across the Central Bank. Regulated firms have the capacity but not the right to comment on risk mitigation strategies prior to implementation. This leaves unresolved how to design more effective mechanisms to measure and evaluate the performance of the regulatory agency in effecting change in the marketplace.

As with the social and political systems in which they are nested, effective and efficient financial markets depend on integrity. Disclosure, transparency and accountability means little if understood in formal mechanistic fashion. Identifying and repositioning the precise intersection between law and ethics requires the design and implementation of an integrated set of carefully nuanced strategies than that envisaged in the PRISM framework or used in cost-benefit analysis.

A holistic approach needs to extend the determination of the value of intervention beyond reduction of a financial compliance burden, the primary metric associated with cost-benefit analysis and the one most used in evaluating regulatory performance. Specifically, regulatory performance must be measured and evaluated on its effectiveness not simply on its short-term efficiency. It needs to incorporate permissibility, responsibility and legitimacy criteria and be linked to the articulation of regulatory purpose (that is, the maintenance of ethically informed markets governed by high and specified standards of integrity).

Effectiveness requires evaluation across five key domains – compliance, ethics, deterrence, accountability and risk (CEDAR). This framework allows for a granular mapping of the complex interaction of rules, principles and social norms governing market conduct. Measuring and evaluating performance of both the regulator and the regulated within and across each dimension allows for an integrated approach to assessing the extent and value of intervention.

It has the potential to lead to more substantive compliance, warranted commitment to ethical behaviour, more effective deterrence, enhanced accountability and reduced risk. It is a task that is long overdue.

Professor Justin O'Brien leads UNSW's Centre for Law, Markets and Regulation.

This piece first appeared in The Conversation.