On 1 May, the Federal Treasurer issued a severe warning for directors and senior executives of financial institutions. He said that APRA’s Report into breaches by the Commonwealth Bank is “required reading” for all financial institutions – not just bank boards and they need to:
“read it very closely and ask themselves the hard questions at the next meeting. I expect them to do so. And their shareholders should expect them to do so and their customers should expect them to do so or take their business elsewhere.”
The Report can be accessed here. It followed allegations that the Commonwealth Bank failed to prevent money laundering and terrorism financing. The 110 page Report slams the Bank’s board, senior management and culture for widespread complacency, overconfidence, excessive complexity and insularity.
According to the Report, the focus on financial success meant that the Board and senior executives were not alerted to the deteriorating risk profile. This was particularly apparent in the management of its operational, compliance and conduct risks (ie non-financial risks).
In addition to significantly damaging its reputation and public standing,the Bank now must have an additional $1 billion in regulatory capital and there is a recommended reduction of millions in executive bonuses.
Senior leadership came in for special criticism, with the Report finding they were slow to recognise and address emerging threats to the Bank’s reputation.
What lessons are there for super funds?
The concerns raised by the Report are of general application to financial institutions. It means that superannuation funds’ boards and senior management should ask the primary question: Is profitability pursued at the expense of risk management?
The questions that directors and senior management should also ask include the following:
- Is there adequate oversight and challenge by the Board and its committees of emerging non-financial risks?
- Are there clear accountabilities, starting with key risks at the Executive Committee level?
- Are there weaknesses in how issues, incidents and risks are identified and escalated or a lack of urgency in their subsequent management and resolution?
- Is the decision-making process overly complex and bureaucratic? Does it favour collaboration over timely and effective outcomes? Does it slow the detection of risk failings?
- Does the operational risk management framework work as well in practice as on paper? Is it supported by a mature and well-resourced compliance function?
- Does the remuneration framework have implications for senior managers and above when poor risk or customer outcomes arise? Are staff incentives designed to produce good customer outcomes?
- What is the culture of the organisation? Is there a sense of complacency? Is there a reactive stance in dealing with risks? Is it insular? Does it learn from experiences and mistakes? Is there an overly collegial and collaborative working environment that reduces the opportunity for constructive criticism, timely decision-making and a focus on outcomes?
Useful tools to consider
The message for super funds includes the following 5 key tools for addressing these issues:
- Ensuring there is more rigorous Board and Executive Committee level governance of non-financial risks.
- Having exacting accountability standards, reinforced by remuneration practices.
- Substantially upgrading the authority and capability of the operational risk management and compliance functions.
- Injecting into the fund’s culture a “should we” question in relation to all dealings with members and decisions relating to them.
- Instigating cultural change that moves from reactive and complacent to empowered, challenging and striving for best practice in risk identification and remediation.
APRA recommends/requires a self-assessment
Wayne Byres (the Chairman of APRA) said that the Report provides:
“important insight for all financial institutions, particularly about the need to maintain a broad focus on all aspects of risk and stakeholder interest and not allow financial success to mask or detract from other important measures of an institution’s performance and risk profile.”
APRA made the following statements of note arising out of the Report:
- All regulated financial institutions will benefit from conducting a self-assessment, to gauge whether similar issues might exist in their institutions.
- APRA supervisors will be using the Report to aid their supervision activities.
- APRA will expect institutions to be able to demonstrate how they have considered the issues within the Report.
- For the largest financial institutions, APRA will be seeking written assessments that have been reviewed and endorsed by their Boards.