08 Jan 2020
The prudential regulator has described the risk and compliance functions of the nation’s largest financial institutions as in need of urgent overhaul, as it completes a deep dive of the systems that permitted banks to break money laundering laws millions of times and wrongly charge customers billions in fees.
Early findings from the Australian Prudential Regulation Authority’s onsite reviews of the banks’ governance, culture, risk and accountability frameworks were disappointing, said chairman Wayne Byres, and institutions found wanting could expect significant penalties.
“It’s pretty clear that an upgrade in compliance functions across the industry is needed,” Mr Byres said.
APRA’s onsite inspections are part of a strategy to strengthen and sharpen governance, culture, remuneration and accountability frameworks across the industry following widespread opinion that it needed to take a tougher line.
As the prudential regulator expands its inspections beyond the big four banks, smaller institutions are on notice that no quarter will be given when it comes to ensuring their systems are up to scratch.
“What we’ve done is set a very clear signal, and banks should expect if they have similar issues they should expect a similar response,” Mr Byres said.
APRA hit both Commonwealth Bank of Australia and Westpac with billion-dollar capital penalties in the wake of systemic failures that allowed criminals, including drug traffickers, terrorists and paedophiles, to make transactions virtually unmonitored.
Rival banks ANZ and National Australia Bank were forced to put aside an extra half a billion dollars each after conducting their own self-assessments of governance, accountability and culture in July 2018.
Reflecting on the $500 million penalty given to Westpac by APRA in July following its self-assessment and the additional $500 million handed down in December after the AUSTRAC matter emerged, Mr Byres said the right decisions were made at the time.
“We have increased it because we have new information that came to light and now we will investigate that further, as we have already announced, and see what further action is needed there.”
In addition to capital penalties, the regulator may impose licence conditions, issue infringement notices and disqualify individuals depending on the infringement. APRA says it is important the punishment fits the crime, but notes that capital penalties are an important deterrent.
“It depends on the nature of the issues you are grappling with and if there are other tools that are better placed to deal with an issue,” Mr Byres said. “In this case we thought that was the right thing to do. We wouldn’t want to rule anything out or in.”
The smallest capital penalty handed out under the new regime was a $250 million impost dished out to insurer Allianz in August last year after it was ordered to “strengthen risk management and close gaps identified in its self-assessment”.
“There is inevitably an element of judgment involved,” Mr Byres said. “You could spend a lot of time arguing whether it should be $500 million, $480 million or whether they should all be calculated more precisely, but I don’t think that really is the point.
“The point is that those quantums are sufficiently large enough to incentivise the banks to fix the problem.”
“They all have similar problems. We wanted to apply capital add-ons that gave them very clear incentives that said: ‘You have serious work to do here and we want to make sure you get on and get it done as quickly as possible’”.
Prudential standard sharpened
Behind the scenes, APRA is revising the Cross prudential standard that polices the risk management function, known as CPS 220, at banks, super funds and insurers.
APRA believes CPS 220 needs more teeth, and will begin testing the waters with a much sharper set of guidelines later in 2020.
“That standard at present has some pretty high level and fairly weak requirements, to be honest, in relation to compliance functions. There are only a couple of paragraphs about what institutions need to have by way of an effective compliance function,” Mr Byres said.
“There is a lot of scope for us to reinforce that and be clearer about the importance of having a stronger audit and compliance function. It’s essential really. It’s not just about consumer outcomes, but also our core prudential outcomes to make sure organisations stay financially sound.”
As APRA pushes ahead with its package of reforms aimed at lifting governance, culture, risk and accountability standards to a world-leading standard, chief risk officers and compliance executives can expect another testing year in 2020.
By James Frost, The Australian Financial Review, 8 January 2020
Read more at The Australian Financial Review
RiskScreen: Eliminating Financial Crime with Smart Technology
You can claim CPD minutes for this content, by signing up to our CPD WalletFREE CPD Wallet