On Tuesday, the Australian Prudential Regulation Authority (APRA) released the results of its prudential inquiry into Commonwealth Bank of Australia, which cited its concerns about the bank’s management of non-financial risks and made recommendations to address those issues. APRA also will apply a capital adjustment by adding AUD1 billion to CBA’s operational risk capital requirement until it is satisfied that CBA has addressed the recommendations. APRA’s inquiry results are credit negative for CBA because it exposes the bank to reputational damage and costs associated with addressing its shortcomings. Additionally, the capital adjustment will lower CBA’s Common Equity Tier 1 ratio to a pro forma 10.1% as of year-end 2017 from an actual 10.4%.
APRA’s report noted that CBA’s continued financial success negatively affected the bank’s ability to manage its operational, compliance and conduct risks. In particular, the report highlighted the board and its committees’ inadequate oversight of emerging non-financial risks; unclear accountabilities, starting with a lack of ownership of key risks; weaknesses in how issues, incidents and risks were identified and escalated and overly complex and bureaucratic decision-making processes. The report cited an operational risk-management framework that worked better on paper than in practice, supported by an immature and under-resourced compliance function. In addition, APRA criticized the bank’s remuneration framework, which before the prudential inquiry began in August 2017, had few consequences for senior management for poor risk management and compliance performance.
The report made 35 recommendations to strengthen the bank’s governance, accountability and culture, and gave the bank 60 days to provide a remedial action plan to APRA. An independent reviewer will be appointed to provide quarterly updates to APRA on CBA’s progress. The recommendations are focused on five key areas: more rigorous board- and executive-committee-level governance of non-financial risks; exacting accountability standards reinforced by remuneration practices; a substantial upgrade of the authority and capability of the operational risk management and compliance functions; questioning the appropriateness of all dealings with and decisions on customers; and cultural changes that aim for best practices in risk identification and remediation.
APRA began the inquiry after a number of incidents that have negatively affected the bank’s reputation. In August 2017, the Australian Transaction Reports and Analysis Centre began proceedings against CBA for non-compliance of the Anti-Money Laundering and Counter-Terrorism Financing Act. The same month, the Australian Securities and Investments Commission (ASIC) announced that CBA would refund more than 65,000 customers a total of approximately AUD10 million after selling them unsuitable consumer credit insurance. In March 2016, the bank’s life insurance business, CommInsure, was accused of deliberately avoiding or delaying paying claims to its customers (ASIC cleared CommInsure of any breaches of the law in March 2017). In 2014, CBA announced a review into the poor quality of advice and compliance breaches by its financial planning businesses.
The report comes against a backdrop of the ongoing Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, which has identified conduct and culture challenges at some of Australia’s largest financial institutions. We note that the franchise dominance of Australia’s major banks and their exceptionally low credit costs during an extended period of low interest rates may have elevated the risk of complacency in their approach to operational and governance risks.