On 4 March 2024, the National Audit Office (NAO) published a report examining whether the Bank of England (BoE) has efficient and effective systems and processes to manage risks of non-compliance with legal, ethical and staff policy requirements (referred to as ‘compliance risks’ in the report). The report focuses on compliance risks within these areas that relate to how the BoE functions as an organisation and that could affect its credibility and effectiveness if not managed well.

The report covers:

  • The BoE’s overall approach to managing compliance risks, and how it has developed this since 2017.
  • Whether the BoE has the processes and information it needs to identify, assess and monitor compliance risks effectively.
  • Whether the BoE responds to compliance risks in a way that supports timely and effective decisions, and uses lessons to improve its approach.

Key findings

The NAO’s key findings set out in the report include:

  • Following two high-profile incidents, the BoE overhauled its approach to managing non-financial risks, including creating a new Risk Directorate to establish clear lines of reporting and accountability and a more consistent approach to assessing risks, simplifying the internal policies staff must comply with, and taking actions aimed at promoting and embedding a culture of risk awareness and raising concerns among its staff.  
  • Whilst the BoE has made good progress in developing new and improved systems to understand and manage compliance risks, it recognises that there is more work to be done and plans to make further improvements. For example, planned work for 2024-25 includes improvements to the quality and consistency of information recorded in risk registers, linking risk management activities to business plans and budgets, and a more consistent process for responding to reported incidents.

The NAO recommends that the BoE reviews whether there are material differences in the understanding and perceptions of risks among its staff, noting that greater evaluation will also help the BoE to understand how well changes to risk management processes are working.

Gareth Davies, Head of the NAO, stated that as it takes forward its work to develop new and improved systems to understand and manage compliance risks, the BoE should ensure it continues to improve the quality and consistency of its risk information, and awareness and confidence among staff to raise concerns.