Only regulators can clear up Credit Suisse’s Archegos mess

Editor’s note: Reports published by the UK Prudential Regulation Authority and US Federal Reserve in 2023 found that Credit Suisse’s New York-based prime services and risk management staff were responsible for overseeing and risk managing its derivatives transactions with Archegos – not the London-based team that was led by Ryan Nelson. The PRA also found that Credit Suisse’s London-based prime services executives discharged their responsibilities under the UK’s Senior Managers and Certification Regime (SMCR) by entering into a service level agreement with their US counterparts. As with the Paul Weiss investigation, both the PRA and Fed reports were sharply critical of the way the prime services division was run and the lack of oversight of risk booked in London.

After losing $5.5 billion in the collapse of Archegos Capital Management, Credit Suisse dusted off the standard playbook on banking blow-ups. It fired several high-ranking executives and pledged accountability, which in practice meant paying a law firm to investigate. A report published by Paul Weiss last July largely validated the bank’s initial response.

That wasn’t enough for the bank’s shareholders, who voted against discharging top executives and directors of legal liability for the scandal at its annual general meeting last week. Nor should it be.

Independent reports into corporate misconduct should be taken with a pinch of salt. Law firms and consultants hired by banks to investigate wrongdoing within their ranks face inherent conflicts of interest. Between 2013 and 2015, consulting firms Deloitte, Promontory and PwC paid a combined $50 million to settle claims they watered down reports commissioned by banks.

There is no indication that Paul Weiss pulled its punches, but that doesn’t mean the report is perfect, either. In an article published late last month, Risk.net identified three specific gaps in the firm’s account of the losses, raising new questions about the breadth of the investigation and whether the right people have been held accountable. What’s more, two of those omissions concern regulations implemented after the 2008 global financial crisis to ensure senior-level accountability for banking failures.

US swap dealer rules require a governing body – defined as a board of directors or chief executive officer of the unit – to review quarterly risk exposure reports that are filed with regulators. The Paul Weiss report is silent about these obligations. It is not known who was responsible for the reports at Credit Suisse, but the bank’s chief financial officer, David Mathers, was also CEO of Credit Suisse Securities Europe and Credit Suisse International – the swap dealer entities that housed the trades with Archegos – and sits on their respective boards.

If Mathers had reviewed those reports, he might have raised Archegos’s persistent breaches of risk limits with the bank’s capital allocation and risk management committee (CARMC), of which he was a member. It was the committee’s job to funnel important risk information up from Credit Suisse’s divisions to the risk oversight forum of the executive board – we don’t know why it failed in this task, because CARMC isn’t mentioned in the Paul Weiss report.

Not qualified

Another gap relates to its claims that some senior executives failed to competently perform their roles – notably, this included Ryan Nelson, the London-based co-head of prime services. The UK’s Senior Managers and Certification Regime (SMCR), implemented in 2016, puts the onus on banks to ensure business heads are fit and proper to perform their roles. A senior executive would have been required to approve Nelson’s appointment. The Paul Weiss report raises serious questions about Nelson’s suitability for the role, but doesn’t say who signed off on it, or mention the SMCR.

The day after Risk.net published the article, Credit Suisse announced Mathers was stepping down from his roles, after indicating “his wish to seek alternative opportunities outside of Credit Suisse”.

Regulators may still have something to say on the matter. The US Commodity Futures Trading Commission has been aggressive in enforcing its swap dealer rules, but it can take years to file charges. HSBC was fined in 2019 for various violations – including failing to properly review quarterly risk exposure reports – that dated back to 2013. The UK’s Financial Conduct Authority has an even spottier record of enforcing the SMCR. Research from consulting firm Bovill found that nearly two-thirds of the SMCR investigations opened since the regime came into force in 2016 had not been resolved as of last November.

The CFTC and FCA declined to comment when asked if they were investigating a possible breach of their rules. But shareholders deserve some clarity – they cannot be expected to absolve the bank of liability without having all the facts. Independent investigations – no matter how thorough – are no substitute for a regulatory verdict.

Correction, September 5, 2024: An earlier version of this article stated that Ryan Nelson, Credit Suisse’s London-based co-head of prime services, oversaw the bank’s delta-one desk and was responsible for supervising its swap trades with Archegos. Reports published by the UK Prudential Regulation Authority and US Federal Reserve in 2023 found Credit Suisse’s transactions with Archegos were managed by prime services executives in New York. The original version of this article also misstated one of the Paul Weiss report’s findings. The report questioned Nelson’s competence, not his qualifications.