In the wake of the 2008 financial crisis and revelations concerning Wells Fargo’s sales practices, numerous reviews have been launched by regulators in Canada and around the world to examine financial institutions’ practices and procedures (we previously detailed reviews by Canadian regulators here). One of the banks under scrutiny was the Commonwealth Bank of Australia (“CBA”), which was subject to an inquiry by the Australian Prudential Regulation Authority (“APRA”). APRA’s final report, released on April 30, 2018 (the “Report”), emphasized the importance of regulatory inquiry into CBA’s affairs, since the past few years have seen an erosion of trust in banks: “‘Conduct risk’ has entered the lexicon of bank Boards and regulators as a clear and present danger”, the Report pronounced.
On August 28, 2017, APRA announced that it would establish a prudential inquiry into governance, culture, and accountability within the CBA, with a mandate to identify any “shortcomings in the frameworks and practices” in those areas and make any recommendations about how to address them.
As noted by the Report, the inquiry “followed a number of incidents in recent years that have damaged the reputation and public standing of the CBA group”, including: misconduct by financial advisors; fees for no service of financial advice; anti-money laundering breaches; and mis-selling of margin loans to retail customers and of credit card insurance. The Report concluded that the bank’s governance, culture, and accountability practices required substantial improvement.
The Report critically examines the CBA’s management of operational, compliance and conduct risks, and concludes that the CBA has demonstrated inadequate oversight of and accountability for non-financial risks, weak responsiveness, and an ineffective risk management framework.
While the Report notes that the CBA has undertaken a number of initiatives to strengthen its risk management capabilities, and improve the effectiveness of its Board and committees, it identified a number of significant issues, including:
- A lack of ownership over key risks at the Executive Committee level, and inadequate oversight and challenge of emerging non-financial risks;
- An overconfidence in the operation of the Board and its committees, as well as a lack of benchmarking to assess effectiveness;
- Weaknesses in the escalation and resolution of issues, incidents and risks;
- Inadequate reporting of customer complaints to the Executive Committee and the Board;
- Overly complex and bureaucratic decision making processes, including a flawed operational risk management framework;
- An emphasis on process rather than outcomes in operational risk and compliance; and
- A flawed remuneration framework (wherein there are few disincentives for poor risk or customer outcomes and conversely few incentives to produce positive customer outcomes).
The Report identified these deficiencies as symptoms of the CBA’s ailing culture. In Particular, the Report found that the bank suffered from “organizational complacency”, with a reactive (instead of proactive) approach to risk, and that it had become insular and reluctant to generate or heed constructive criticism. In short, the Report found that the CBA neglected to focus on outcomes.
The Report sets out specific recommendations aimed at strengthening governance, accountability, culture, and remediation efforts within the CBA, calling for: more rigorous Board and Executive Committee governance over non-financial risks; scrupulous accountability standards (reinforced by remuneration practices); improved efficacy for operational risk management and compliance functions; and a shift in culture, intended to engender caution in customer dealings and a heightened awareness of risk identification and remediation.
“The report, I think, is required reading not only for every financial institution in this country but, frankly, it should be the next item on the agenda of every single board meeting in this country regardless of whether you’re a bank or not. It goes to the heart of what responsibilities of board directors are.”
Implications for Canadian financial institutions
The findings and recommendations flowing from APRA’s review of the CBA can serve as a useful point of reflection for financial institutions around the world. The Report emphasizes the importance of accountability and delivers a number of tools to vigilantly combat non-financial risks and ensure compliance. Regulated entities should consider whether their own culture, governance, and accountability practices sufficiently meet fast changing regulatory and consumer expectations identified in the Report, and assess the robustness of their own organization’s culture of compliance.