A scathing Australian Prudential Regulation Authority report into the prudential controls of the Commonwealth Bank should be a wake-up call for every board member in the country, Treasurer Scott Morrison said today.
The report was commissioned by APRA last August after a string of revelations surrounding the nation’s largest bank, and before the four major banks agreed to the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry. The CBA was previously a government-owned bank and was finally privatised in the mid 1990s.
The APRA panel was chaired by former APRA chair John Laker, who examined CBA’s culture with former ACCC chairman Graeme Samuel (an editorial advisor to The Mandarin) and company director Jillian Broadbent.
“This [report] should be a wake-up call for every board member in the country, particularly those who are the custodians of the savings shareholdings of millions of Australians, they expected better those shareholders of board members and they have been let down, terribly,” Morrison said.
“In all of these institutions, it’s the boards that I hold accountable for what happens in each of these organisations,” he said. “They employ the executives, they set the tone, they’re the custodians of the companies or the institutions’ culture and values.”
Financial drive ‘dulled the senses’
The report makes a large number of findings and recommendations, with an overarching conclusion that “CBA’s continued financial success dulled the senses of the institution”, particularly in relation to the management of non-financial risks.
It also found a number of prominent cultural themes such as a widespread sense of complacency, a reactive stance in dealing with risks, being insular and not learning from experiences and mistakes, and an overly collegial and collaborative working environment which lessened the opportunity for constructive criticism, timely decision-making and a focus on outcomes.
APRA said the report raises a number of matters of prudential concern.
“In response, CBA has acknowledged APRA’s concerns and has offered an Enforceable Undertaking under which CBA’s remedial action in response to the report will be monitored. APRA has also applied a $1 billion add-on to CBA’s minimum capital requirement,” APRA chair Wayne Byres said.
CBA’s chief executive Matt Comyn said the bank’s top 500 executives will be given a printed copy of the report and required to read and respond to it within the next week.
The APRA Panel examined the underlying reasons behind a series of incidents at CBA that have significantly damaged its reputation and public standing.
It found there was a complex interplay of organisational and cultural factors at work, but that a common theme from the Panel’s analysis and review was that CBA’s continued financial success dulled the institution’s senses to signals that might have otherwise alerted the board and senior executives to a deterioration in CBA’s risk profile. This dulling was particularly apparent in CBA’s management of non-financial risks, i.e. its operational, compliance and conduct risks.
“These risks were neither clearly understood nor owned, the frameworks for managing them were cumbersome and incomplete, and senior leadership was slow to recognise, and address, emerging threats to CBA’s reputation. The consequences of this slowness were not grasped,” the report stated.
Triggers and vulnerabilities
The Panel identified:
- inadequate oversight and challenge by the Board and its committees of emerging non-financial risks;
- unclear accountabilities, starting with a lack of ownership of key risks at the Executive Committee level;
- weaknesses in how issues, incidents and risks were identified and escalated through the institution and a lack of urgency in their subsequent management and resolution;
- overly complex and bureaucratic decision-making processes that favoured collaboration over timely and effective outcomes and slowed the detection of risk failings;
- an operational risk management framework that worked better on paper than in practice, supported by an immature and under-resourced compliance function; and
- a remuneration framework that, at least until the AUSTRAC action, had little sting for senior managers and above when poor risk or customer outcomes materialised (and, until recently, provided incentives to staff that did not necessarily produce good customer outcomes).
The Final Report focused on five key levers for the CBA to improve:
- more rigorous Board and Executive Committee level governance of non-financial risks;
- exacting accountability standards reinforced by remuneration practices;
- a substantial upgrading of the authority and capability of the operational risk management and compliance functions;
- injection into CBA’s DNA of the “should we” question in relation to all dealings with and decisions on customers; and
- cultural change that moves the dial from reactive and complacent to empowered, challenging and striving for best practice in risk identification and remediation.
A roadmap for cultural change
Byres said the Inquiry Panel’s findings show CBA’s governance, culture and accountability frameworks and practices are in need of considerable improvement.
“As the Panel notes, CBA has itself identified and begun taking steps to address many of these issues, but there is much to do and a risk that the same issues which have led to the need for the Inquiry undermine the bank’s efforts to comprehensively and effectively respond to the recommendations of the Panel.
“As a result, CBA has given to APRA an Enforceable Undertaking which establishes a framework by which CBA will demonstrate it is addressing the full set of recommendations made by the panel in a timely manner. Until such times as these recommendations are addressed to APRA’s satisfaction, an add-on to CBA’s operational risk capital requirement will continue to apply.
“CBA is a well-capitalised and financially sound institution but CBA itself had acknowledged shortcomings in governance, culture and accountability ahead of this Inquiry. The comprehensive review, and set of recommendations set out by the panel, provides CBA with a clear path towards restoring its public standing,” Byres said.
“The report’s recommendations provide a roadmap for the CBA board and executive team to deliver organisational and cultural change across the CBA group.”
“The panel notes in its report that regaining community trust will require time, hard work and an undistracted risk and customer focus and that its recommendations should assist the CBA board and staff in translating CBA’s undoubted financial strength and good intent into better meeting the community’s needs and expectations,” he said.
Byres also said: “the findings of the Report provide important insight for all financial institutions, particularly about the need to maintain a broad focus on all aspects of risk and stakeholder interest and not allow financial success to mask or detract from other important measures of an institution’s performance and risk profile.”
Given the nature of the issues identified in the report, all regulated financial institutions will benefit from conducting a self-assessment to gauge whether similar issues might exist in their institutions. APRA supervisors will also be using the report to aid their supervision activities, and will expect institutions to be able to demonstrate how they have considered the issues within the report.