The core problem is the CEO is in charge of all the day to day processes in the bank and the Board have to fix pay to the problem which happend on her watch.
She is an approved person by the FCA, as someone who should be trustworthy to carry out her duty to make sure everybody else in the bank followed the law eg. AML is a core competency requirement for senior decision makers. PEP would be a more niche AML core competency but all at risk accounts should be supervised by a specialised team.
The NF's wealth management team need to be PEP specialists who had the basic ethos to follow the NW Rules (At best that team went rogue and added their own rules this one time).
^That is why she is paid a salary.
She gets paid additional money (bonus and share options etc) if and as the bank makes money/profit
The bank have 3 (contigent) liability to knock off the profit number
Fines from breach of fair dealing with a customer
Fines from the data breach
Financial costs of compensation to NF
The bank have admitted to the facts but are not yet sure of the total cost
but there will be additional costs
With this one decision she as CEO, has caused an FCA investigation, which like any investigation, will find some problems and cost in fines.
Firstly by failing to manage the wealth committees decision making process; Q are the NW Rules unlawful (this is a very expensive bit to check) or did NW (staff) management systems fail to detect the rogue employees (in this instance there was no aML but how often are they or other teams not following the NW Rules)
Then by failing to have a process to spot the error; it got signed off by someone she employed (senior manager(s) who should have "whistleblowed" up to the CEO/ Board)
Then she was made aware of the decision; Q did she read the report and not see a problem or how many other second senior members read or should have read the report.
Then she told the newspapers ....
So the Board have to look at what all the senior staff knew or should have known.
Throw in the external data breach investigation here.
The Board are going to be firefighting to prove they as a bank are fit for purpose rather than planning for the future and senior staff are in investigation meeting not looking after the day to day business.
The financial markets will price this into the value of NW shares and the interest NW will have to pay to borrow money.
And both investigation will result in "recomendations" which will cost money to implement (eg. 1 hour extra training per 38 employees results needing an extra employee to finish the same volume of work).
They may loose ( rich) account income if people dont want to risk having their business splashed over the papers or told to business rivals or being locked out of their account.
They may loose business income as deals moved to other providers if client's business partners who dont bank at NW dont want the AML checks result in their deal ending up in the papers etc.
Loads of fun and games 🤷 in managing reputation risk.