Interview with Sam Theodore, team leader, financial institutions, Scope Ratings.

What were you doing 10 years ago?

I was in London working as a regulator at the UK’s Financial Services Authority.

How did you react when you heard the news about the collapse of Lehman Brothers?

I didn’t have any immediate reaction because as a bank analyst I was expecting it. Bear Stearns had collapsed six months earlier and had been taken over by JP Morgan for next to nothing. Market sentiment was very fragile.

I recall people saying that Lehman Brothers was ten times more important so let’s hope the same fate doesn’t befall it. When Lehman did run into trouble, we initially expected some sort of Bear Stearns #2. But AIG had run into serious trouble at the same time and needed a bailout and it quickly dawned that Lehman was doomed, that there would be no takeover of last resort and that it was going to be left hanging. It was a dramatic moment but not a huge surprise.

What were the stand-out moments for you as the global financial crisis broke?

The first thing I and the team I was working with did was to look very closely at the most vulnerable banks we were responsible for in the UK. Northern Rock had been forced to seek liquidity support from the Bank of England a year before Lehman’s bankruptcy and Bradford & Bingley was looking vulnerable just as Lehman collapsed. But in that final quarter of 2008 the most vulnerable banks turned out to be HBOS (which was taken over by Lloyds Bank), RBS (which was nationalised and is still majority owned by the UK government) and Barclays.

In the ensuing 10 years, what has fundamentally changed?

The prudential environment has totally changed and is considerably tighter in terms of capital ratios, liquidity ratios, leverage ratios, funding ratios, large exposure concentrations and the supervisory focus on banks’ business models. Before the crisis, supervisors focused only on capital; banks could do anything as long as they had enough capital.

That approach has changed dramatically. Supervisors now look at the entire range of a bank’s activities; how they generate money and their business models. That’s quite a sea-change. At the same time, banks’ own risk appetites have diminished; they’re more subdued. In terms of banking culture, however, I’m not sure much has really changed. Bankers still want to make money and still expect big bonuses.

What are the key risks today as you scan the horizon?

Outside the banking sector, the situation we find ourselves in today is very worrying. Corporates and sovereigns have huge levels of indebtedness, yet few people seem to have any sense that this is a source of a huge amount of potential risk.

Then there’s geopolitical risk and the butterfly wing element of chaos theory, where something that happens in one place can have far-reaching consequences elsewhere; Turkey sneezing and European banks catching a cold, for example.

I’m concerned about cyber risk. As banks invest huge amounts of money in artificial intelligence and in the digitisation and automation of processes and products across retail, consumer finance and corporate banking, and in online and mobile solutions, there are two certainties. One is that as that process deepens, cyber risk almost by definition grows. The second is you can’t measure it.

Banks are taking steps to protect themselves but when all’s said and done they just have to hope and pray that they’re not targeted by cyber criminals or suffer major IT outages. They are exposed to huge vulnerabilities as technology advances faster than people can catch up and hackers are among the most astute technologists in the world.

I’d also point to misconduct risk. Banks are putting a line under legacy litigation stemming from the global financial crisis, but they continue to be beset by new instances of wrongdoing and lax controls. A key difference between 10 years ago and now is that customers and investors are much less tolerant.

Portfolio managers now take action to avoid banks with poor records on ESG matters, or with past histories of money laundering, or misconduct vis-à-vis clients, tax cheats etc. Millennials have higher moral criteria than previous generations. They want to make money and want that money to be safe but at the same time they want to know that their bank is conducting business in a way that lies within their own ethical constraints.

Finally, there’s the potential for deregulation risk. Since the financial crisis, regulators are much more in the saddle than they were 10 years ago. At same time, if banks really want to run rings around them they still can as they have bigger budgets.

Right now, because of high compliance walls, banks are fearful of engaging in anything that is not vetted by supervisors. But talk of deregulation is upon us. If the deregulatory process gathers pace and banks start to feel that regulators are looking over the shoulders less and less, it might lead bankers back into riskier territory and back to their old habits.