APRA – Page 20 – Digital Finance Analytics (DFA) Blog

APRA Says Financial System Is Just Fine

In his opening statement to the Senate Economics Legislation Committee, Wayne Byres, APRA Chairman said that Australians can be reassured that the industry is financially sound, and that the financial system is stable.

So that’s OK then!

When I last addressed this Committee, I outlined some of the many ways APRA is accountable to both the Parliament and the Australian people. These measures are crucial for APRA to maintain the trust of industry and the public as we aim to fulfil our mandate as a prudential regulator, promoting financial safety and thereby protecting the interests of bank depositors, insurance policyholders and superannuation members.

The core of APRA’s mission is safety and soundness. Clearly, some of the revelations emerging from the Royal Commission have been disturbing and go to the heart of whether financial institutions treat their customers fairly. However, while institutions have a great deal of work to do to restore trust, I want to emphasise that Australians can be reassured that the industry is financially sound, and that the financial system is stable. That reflects considerable policy reform and hands-on supervision, over a long period of time, designed to build strength and resilience. We don’t know when the next period of adversity will arrive or what will trigger it, but when it does arrive we need to have done what we could to strengthen the financial system so that it can continue to provide its essential services to the Australian community when they are needed most.

The importance of accountability has been one of our key themes this year, and was front and centre with the release in April of our review of executive remuneration practices in large financial institutions. Incentives and accountability can play an important role in driving positive outcomes such as growth, innovation and productivity, and also in deterring behaviours or decisions that produce poor risk-taking and damaging results. Our review found that while policies and processes existed within institutions to align remuneration with sound risk outcomes, their practical application was often weak. We have indicated that we are minded to strengthen the prudential framework to give better effect to the principles we want to see followed – less rewards based on narrow and mechanical shareholder metrics, and greater exercise of Board discretion to judge senior executive performance more holistically. But we have also urged institutions to push ahead with their own improvements, notwithstanding some investor opposition, in light of the long-term commercial benefits that can flow from better remuneration practices.

A lack of accountability for poor outcomes was a theme that also emerged in the Final Report of the Prudential Inquiry into the Commonwealth Bank of Australia, which was released earlier this month. The Report is clear and comprehensive, and provides a strong message – not just to CBA but to the entire financial services industry – about the importance of cultivating a robust risk culture, especially when it comes to non-financial risks. We are keen that the Report will be seen not just a road map for CBA, but a useful guide for all institutions in relation to strengthening governance, culture and accountability.

Residential mortgage lending is another area where APRA has been lifting industry standards. Although there remains more to do before we are ready to significantly dial back our supervisory intensity, there has been a lift in industry lending practices. As a result, last month we announced we would remove the 10 per cent investor growth benchmark for those lenders who could provide a range of assurances as to the quality of their lending standards and practices now and into the future.

Superannuation is an area where APRA consistently emphasises the need for trustees, regardless of size or ownership structure, to go beyond compliance with minimum regulatory requirements and aim to deliver the best possible outcomes for members. In this vein, we have just released the results of two thematic reviews of superannuation licensees; on board governance and the management of related parties. Both reviews noted improvements in industry practices in recent years, but also found more work was needed to address some longstanding weaknesses, including finding ways to bring fresh ideas, perspectives and skills onto trustee boards. Our post-implementation review of 2013’s Stronger Super reforms, launched last week, should also provide us additional insights on how the prudential framework is performing, and whether any adjustments would help to better achieve our objectives. Many of the findings in the Productivity Commission report into superannuation released this week are consistent with APRA’s approach to supervising RSE licensees. In particular, they align with APRA’s focus on enhancing the delivery of member outcomes through our engagement with trustees with “outlier” underperforming funds and products.

Technology is rapidly changing the way financial institutions operate. In all likelihood, the financial system will look very different in five years’ time relative to the way it looks today. Much of that change will bring benefits to the community, in the form of new competitors, products and ways of access. But it will also bring risks, and the accelerating threat of cyber-attacks to regulated entities has prompted APRA to recently propose its first prudential standard on information security. Industry consultation is ongoing, but we hope to implement the new cross-industry standard from 1 July next year. This is an issue which is only going to grow in importance.

Continuing to look ahead, APRA’s preparations are well advanced for the commencement of the Banking Executive Accountability Regime (BEAR), which will begin in just over a month. The BEAR largely strengthens APRA’s existing powers to identify and address the prudential risks arising from poor governance, weak culture, or ineffective risk management. However, I have made the point previously that while important, the BEAR alone will not remedy perceived weakness in financial sector accountability, and we have encouraged all regulated entities – not just ADIs – to use the new regime as a trigger to genuinely improve systems of governance, responsibility and accountability.

Finally, APRA is continuing to provide relevant information to the Royal Commission to help it in its inquiries. In addition, APRA and the Australian financial system more broadly, will be subject to intensive scrutiny from the International Monetary Fund in the weeks ahead as part of its 2018 Financial Sector Assessment Program (FSAP). The FSAP will examine in quite some detail financial sector vulnerabilities and the quality of regulatory oversight arrangements in Australia. As ever, APRA will fully cooperate with our international reviewers, and look forward to their report card, including any recommendations on how we could perform our role more effectively in the future.

With those opening remarks, we would now be happy to answer the Committee’s questions.

ADI’s Now Permitted to Use “Bank” Without Restriction

APRA has written to ADI’s saying that from the 5 May 2018, authorised deposit-taking institutions (ADIs) will be permitted to use the word ‘bank’ without restriction under the Banking Act.

Given the flack around the behaviour of the banks, and the Royal Commission, some may think twice about choosing to start using the term!

This is when changes to section 66 of the Banking Act 1959 , made as part of the Treasury Laws Amendment (Banking Measures No. 1) Act 2018, will take effect.

The terms ‘credit union’, ‘credit society’, credit co-operative’ and ‘building society’ will continue to be restricted terms. ADIs that are credit unions or building societies may continue to use those terms, as well as the restricted words bank, banker and banking, including as part of a corporate or business name.

The changes to the Banking Act also allow APRA to make a determination under section 66AA that an ADI or class of ADIs is not permitted to use the word bank (which would also apply to the words banker and banking). APRA will consider using this power in respect of ADIs that do not have the ordinary characteristics of banks (for example, purchased payment facilities), or otherwise in serious or unusual circumstances that warrant the making of a determination. We will consult any affected ADIs prior to making such a determination under section 66AA.

APRA will be revising its Guidelines for the Implementation of Section 66 of the Banking Act to reflect the recent legislative changes, and expects to publish these by mid-2018.

Many reporting standards make distinctions between bank and non-bank ADIs for reporting purposes. With the changes to section 66, this distinction may no longer be appropriate. APRA is currently considering this matter and will consult with industry on any proposed changes to reporting standards. In the interim, ADIs should continue to complete their reporting obligations as usual.

While an ADI will no longer need APRA approval to use the word bank, an ADI that intends to change its corporate or business name should notify its responsible supervisor of such changes.

Regulator’s governance concerns at Commonwealth Bank of Australia are credit negative

From Moody’s.

On Tuesday, the Australian Prudential Regulation Authority (APRA) released the results of its prudential inquiry into Commonwealth Bank of Australia, which cited its concerns about the bank’s management of non-financial risks and made recommendations to address those issues. APRA also will apply a capital adjustment by adding AUD1 billion to CBA’s operational risk capital requirement until it is satisfied that CBA has addressed the recommendations. APRA’s inquiry results are credit negative for CBA because it exposes the bank to reputational damage and costs associated with addressing its shortcomings. Additionally, the capital adjustment will lower CBA’s Common Equity Tier 1 ratio to a pro forma 10.1% as of year-end 2017 from an actual 10.4%.

APRA’s report noted that CBA’s continued financial success negatively affected the bank’s ability to manage its operational, compliance and conduct risks. In particular, the report highlighted the board and its committees’ inadequate oversight of emerging non-financial risks; unclear accountabilities, starting with a lack of ownership of key risks; weaknesses in how issues, incidents and risks were identified and escalated and overly complex and bureaucratic decision-making processes. The report cited an operational risk-management framework that worked better on paper than in practice, supported by an immature and under-resourced compliance function. In addition, APRA criticized the bank’s remuneration framework, which before the prudential inquiry began in August 2017, had few consequences for senior management for poor risk management and compliance performance.

The report made 35 recommendations to strengthen the bank’s governance, accountability and culture, and gave the bank 60 days to provide a remedial action plan to APRA. An independent reviewer will be appointed to provide quarterly updates to APRA on CBA’s progress. The recommendations are focused on five key areas: more rigorous board- and executive-committee-level governance of non-financial risks; exacting accountability standards reinforced by remuneration practices; a substantial upgrade of the authority and capability of the operational risk management and compliance functions; questioning the appropriateness of all dealings with and decisions on customers; and cultural changes that aim for best practices in risk identification and remediation.

APRA began the inquiry after a number of incidents that have negatively affected the bank’s reputation. In August 2017, the Australian Transaction Reports and Analysis Centre began proceedings against CBA for non-compliance of the Anti-Money Laundering and Counter-Terrorism Financing Act. The same month, the Australian Securities and Investments Commission (ASIC) announced that CBA would refund more than 65,000 customers a total of approximately AUD10 million after selling them unsuitable consumer credit insurance. In March 2016, the bank’s life insurance business, CommInsure, was accused of deliberately avoiding or delaying paying claims to its customers (ASIC cleared CommInsure of any breaches of the law in March 2017). In 2014, CBA announced a review into the poor quality of advice and compliance breaches by its financial planning businesses.

The report comes against a backdrop of the ongoing Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, which has identified conduct and culture challenges at some of Australia’s largest financial institutions. We note that the franchise dominance of Australia’s major banks and their exceptionally low credit costs during an extended period of low interest rates may have elevated the risk of complacency in their approach to operational and governance risks.

After damning the Commonwealth Bank’s management, regulators want the bank to fix itself

From The Conversation.

A report on the Commonwealth Bank’s governance, culture and accountability has stripped away the bank’s delusion that it is well run and a model of good governance.

The report by the Australian Prudential Regulation Authority (APRA) is a damning indictment of every aspect of CBA management, from the board of directors to executive management and even the lower levels of the bank. However, APRA has done little more than rap CBA on the knuckles.

Responsibility for fixing up CBA has been turned over to the bank itself. More could have been done, including placing conditions on CBA’s banking licence and removing board members and executives.

APRA has applied a A$1 billion add-on to CBA’s minimum capital requirement. These are the financial assets that the Commonwealth Bank is required to hold to ensure a stable banking system.

APRA has also accepted an enforceable undertaking from the CBA. This is essentially an agreement under which CBA accepts the report’s findings (but does not expressly agree with them) and promises to prepare a plan to respond to its recommendations.

There are indications in the APRA report that there will be further investigations of the conduct of bank employees.

What penalties?

The A$1 billion add-on to CBA’s capital requirements is not a penalty, despite commentary to that effect. APRA can and does require top-ups of this kind from time to time under the Banking Act to ensure security and confidence in the banking sector.

Given the Commonwealth Bank’s size and leading role in the sector, the additional capital requirement is prudent but hardly controversial. The funds will be returned to CBA when it completes the actions proposed by the enforceable undertaking.

At best, the capital requirement is a temporary but not significant inconvenience for CBA. It represents a mere 0.103% of its total assets as of the last financial year

That leaves the CBA enforceable undertaking as the principal outcome from the APRA report.

The enforceable undertaking is mostly a procedural document. For instance, CBA must submit its remedial action plan by June 30 2018.

It must have a clear and measurable set of responses and a timetable for each response, and must nominate a person responsible from the CBA executive team. CBA must also appoint an independent reviewer, approved by APRA, to report to APRA on compliance with the enforceable undertaking and the completion of items in the plan. CBA must report separately on executive pay issues.

In essence APRA has handed over the responsibility for cleaning up the management mess found at the CBA to the bank itself, despite finding that it is culturally unfit to properly manage itself.

Why should anyone take comfort from that arrangement?

APRA’s report also makes clear that the problems at the Commonwealth Bank do not stem from one specific issue. The problems affect the whole organisation of more than 45,000 employees with A$967 billion in assets.

An independent reviewer will vet what is being done and report on its success or otherwise to APRA. But that report will be made to APRA, not to the general public. We may never know what measures the bank implements as APRA has no obligation to disclose anything.

What else could have been done?

An enforceable undertaking can save the regulator the time, cost and uncertainty of taking legal action, as well as enable it to craft specific remedial actions to fit the circumstances.

But there is very little tailoring in the Commonwealth Bank’s enforceable undertaking. APRA has opted to wait and see what remedial action the bank comes up with. The regulatory touch is so light that even describing it as featherweight would be an exaggeration.

APRA could have done much more than it did. Banks require a licence and APRA is empowered by Banking Act to place conditions on these licences that restrict or limit how banks can operate.

APRA could have used this power to place immediate restrictions on CBA’s business practices, including on the size and calculation of executive compensation. One of the major findings of APRA’s report is that CBA executive compensation schemes did not provide sufficient incentives for senior executives to account for risk in their decision-making. Certainly, the criticisms of CBA management in the APRA report are sufficient to warrant this kind of action.

APRA has the power to remove a bank director or senior manager if the person does not meet one or more of the criteria for fitness and propriety. That APRA did not do this may be because there have already been resignations and new directors at the Commonwealth Bank.

APRA should have queried whether these changes were sufficient. Perhaps this is part of the wait-and-see approach implied in the enforceable undertaking.

The APRA report highlights systemic problems in Australia’s leading company and premier bank, including a culture of complacency, defensiveness, insularity and overconfidence. But for all of that, and despite the financial and emotional costs borne by the Australia community, APRA’s response appears to be no more than “wait and see”.

Author: Helen Bird, Course Director, Master of Corporate Governance & Research Fellow, Swinburne Law School, Swinburne University of Technology

Trust In Financial Services, And The BEAR

Wayne Byers, APRA Chairman spoke on ‘Beyond the BEAR Necessities‘ at the UNSW Centre for Law Markets and Regulation Seminar in Sydney. Timely, given recent events. He looks at the BEAR, which is due to commence formally from 1 July 2018. He also touched on the relative roles of APRA and ASIC, and potential overlap.

But note BEAR is NARROW – it applies only to ADI groups, and deals primarily with matters related to the prudential standing and reputation of the ADI. So the broader customer issues are off radar! This will not be sufficient to deal with the issues at hand.

He argued that trust is the corner stone of a financial business, that the Australian financial system is “financially sound” but are far less trusted to “do the right thing”. He regards this a less fatal flaw than lack of financial soundness (which tells you something about APRA’s DNA)!

Financial institutions operate in a privileged position in society, and yet consumers have difficulty in assessing financial products which are often require long term commitments, and consumers are forced to use them, – for example super.

So, he says, “That combination of compulsion, opacity and materiality generates, as a quid pro quo, a heightened expectation that financial institutions will exhibit high standards of behaviour in the way they operate.”

The community will be far more likely to maintain its trust that the sector will do the right thing if it is evident there is accountability when it does not.

APRA has had an increasing interest in the risk culture of financial institutions (and admits there is some cross-over with ASIC).

ASIC, reflecting its own mandate, will take an interest in shortcomings that lead to damaging outcomes for consumers and markets. APRA, on the other hand, has an interest in failings in governance, culture and accountability that indicate a lax attitude to risk-taking, which might ultimately impact the soundness of the financial institution itself (and thereby jeopardise the interests of depositors, policyholders and superannuation fund members).

Which brings me to the BEAR, which imposes substantially strengthened requirements in relation to accountability within banking organisations. In its design, the BEAR draws its inspiration from the Senior Manager Regime (SMR) in the UK. However, the BEAR is narrower in coverage: the BEAR applies only to ADI groups, and deals primarily with matters related to the prudential standing and reputation of the ADI. For this reason, the BEAR is naturally administered by APRA. The joint administration between the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) that occurs the UK reflects the wider range of institutions and behaviours that are covered by the SMR. Were the BEAR to be broadened at some stage in the future, a similar joint administration might well be appropriate in Australia. Until then, it is framed with a prudential focus and hence administered by a prudential regulator.

Bringing the BEAR to life

The BEAR formally comes into effect very shortly: 1 July 2018. In practice though, implementation occurs over time. The new regime applies to the largest banks from day one; other ADIs have a further year before they are subject to the BEAR. There are also additional transitional provisions within the legislation: from a requirement that allows ADIs three months to register their accountable persons, to allowing until the end of 2019 to accommodate the remuneration requirements in pre-existing executive employment contracts. So it will be some time before the BEAR is in full force.

Broadly, there are five main elements to the BEAR and I’d like to say a few words about each: registration, obligations, accountabilities, remuneration and sanctions. In each case, I’ll talk about the new requirements, and what’s changing from the regime in place today.

The first element is registration.

The BEAR prescribes a set of ‘accountable persons’. These are essentially the directors and senior executives responsible for an ADI’s overall health and well-being. The BEAR requires accountable persons to be registered with APRA before they can perform their duties.

Accountable persons are deemed registered 14 days after they have lodged their registration. Unlike the UK SMR, there is no scope for regulatory approval of appointments, nor any process of interviews. That is a deliberate choice: it maintains accountability for senior appointments where it rightly belongs – with the Boards and senior executive teams that are making the appointments. However, unlike the current process which only requires an ADI to notify APRA after an appointment, the BEAR requires an executive to be registered prior to taking up duties. While APRA will not be vetting all appointments, the pre-appointment registration does provide an opportunity, should we be aware of information that might make an appointee unsuitable, to discuss any concerns with the individual or the employing ADI.

The second element of the BEAR is obligations.

New statutory obligations apply to both accountable persons, and ADIs. These obligations require each to (i) act with honesty and integrity, (ii) with due skill, care and diligence, and (iii) deal with APRA in an open, constructive and cooperative way. In doing so, they must also take reasonable steps to prevent matters arising which would undermine the ADI’s prudential standing and prudential reputation.

Are these new obligations onerous? I personally don’t think they are notably more onerous than the existing requirements in our Prudential Standards, which requires that ‘responsible persons’ possess the competence and character to perform their roles.⁶ Of course, there’s no explicit obligation at present to be open and cooperative with APRA, or any formal obligation to prevent matters arising that would undermine the ADI’s prudential standing and reputation. But I hope no one wants to claim they require senior executives to do something they shouldn’t naturally do!

The third element of the BEAR is the requirement for accountability maps and statements.

Each accountable person needs to have an accountability statement, setting out the aspects of an ADI’s operations for which they are accountable. Each ADI must have an accountability map, showing how the statements come together to cover the totality of an ADI’s business and risks. Together, the map and accompanying statements establish clarity on the allocation of accountability across the executive team within an ADI.

To the person in the street, this wouldn’t seem particularly difficult. After all, all executives have some kind of role statement that sets out their broad responsibilities, and they have staff reporting to them that undertake various functions and that they oversee. But this is probably the most important element of the BEAR. In many ADIs, there is often collective responsibility for various aspects of its business: for any given process or product, there are often hand-offs of responsibility (including, at times, to external partners and suppliers). But this creates the risk of collective responsibility leading to no individual accountability. Clarity of accountability – the foundation of the BEAR – goes to the heart of a strong risk culture.

In speaking with some executives and directors in the largest ADIs – not all of whom, I must admit, were fans of the BEAR – they acknowledge the benefits that the accountability statements and maps can bring them from a business perspective. The complexity of organisational structures, with the separation of product manufacturing, distribution, and operations, makes it challenging to ensure it is clear who is responsible when things are not as they should be. Clearer accountabilities can only be beneficial.

Clearer accountabilities can also improve remuneration outcomes. As we noted recently, it is not uncommon for performance metrics within executive scorecards to be weighted more heavily to the performance of the institution rather than the individual. On a positive note, this promotes a collegiate whole-of-organisation focus but, on the other hand, can also permit poor risk outcomes in a particular business line to be ‘averaged out’ across the business as a whole, reducing the impact on the executive(s) most accountable and potentially undermining effective risk management. Clearer accountabilities should allow for more targeted scorecards, and thereby greater alignment between the outcomes an individual delivers and the rewards he or she receives.

Which brings me to the fourth element: the remuneration requirements.

The BEAR requires ADIs to defer a minimum proportion of an accountable person’s variable remuneration – generally 40 per cent for executives, or 60 per cent for the CEO, of a large bank – for a minimum of four years. It also requires ADIs to have remuneration policies that provide for the reduction in variable remuneration should an accountable person fail to comply with their obligations, and to exercise the provision should circumstances warrant it. Contrary to some beliefs, however, the BEAR does not grant APRA any power to determine what amount of remuneration an individual should receive.

The basic requirements of the BEAR – a remuneration policy, and provision for the reduction of variable remuneration when warranted – are in place today. But compared to today, the BEAR introduces the prescribed minimum deferral amounts and terms, and creates a stronger link to the statutory obligations I referred to earlier.

The BEAR will therefore mean accountable persons have more skin in the game for a longer period of time than is typically the case now and will place greater pressure on ADIs, when adverse prudential outcomes occur, to explain how that has been factored into remuneration outcomes. As a result, the BEAR will require many ADIs to restructure their remuneration frameworks. As I did a few weeks ago, I’d encourage all ADIs to think more holistically about the right structure for performance-based remuneration – the BEAR’s ’40 per cent for four years’ formula is not necessarily the right mix for all. Alongside our recent remuneration review, the BEAR provides an opportunity to fundamentally rethink remuneration frameworks and achieve a stronger alignment with long-term financial safety and a strong risk culture. It will be a lost opportunity if everyone just defaults to the minimum.

The fifth and final element of BEAR are the sanctions.

These apply at two levels: the ADI and the individual. For ADIs, the BEAR provides a penalty regime in instances where the ADI has failed to meet its obligations under the legislation – put simply, failing to operate with integrity, skill, care and diligence, or preventing the prudential standing or reputation of the ADI from being materially undermined.

I’d like to point out here, in response to some misunderstandings that seem to exist, that APRA cannot impose the fines unilaterally: APRA must make a successful case before the Courts. That will require APRA to have a belief as to its reasonable grounds for success, and that the offence is material.

For individuals, the financial sanctions for any failure to fulfil their obligations will be addressed via the ADI’s remuneration policy. APRA’s sanction is a disqualification power – the power to remove an accountable person from their role, and in the most extreme cases, prevent them for taking on any similar role in the industry in the future. This is obviously not a power that will be used lightly, but appropriate and useful where necessary to eliminate known poor behaviour endangering prudential safety.

APRA’s role

I want to finish by noting another concern that some have raised about the BEAR: that it somehow changes APRA’s role. I hope I’ve been able to point out today that that’s not the case. Many aspects of the BEAR are already present in APRA’s prudential framework, and the BEAR has been framed from a prudential perspective. In that sense, the BEAR should be viewed as a major strengthening of APRA’s prudential framework, not an expansion of its mandate. And the BEAR is not dissimilar to a number of other management responsibility/fitness and propriety regimes that are administered by APRA’s prudential peers in other jurisdictions.

The BEAR certainly provides for a strengthening of after-the-event sanctions that could apply if things go seriously wrong in an ADI. But its real value, I hope, will be to support APRA’s preventative role by promoting strong and clear accountability, and ensuring directors and executives who have the primary responsibility for the safe and sound operation of an ADI stay focussed on that task. Indeed, that has been the experience in the UK: despite the SMR’s extensive penalty regime, the UK authorities have only needed to use it sparingly because the industry itself has lifted its game.

APRA and ASIC have the legal power to sack bank heads, but they need willpower

From The Conversation.

The chairwoman and CEO of AMP have resigned after the company admitted to charging for advice never provided and lying to clients and regulators. But no banking CEOs have been toppled despite the Financial Services Royal Commission unearthing instances of fraud, bribery, impersonating customers, failures to report misconduct to regulators and other poor behaviour.

Similar conduct in the United States has resulted in bank executives and directors being forced to resign. That this is not happening in Australia shows how the Australian Securities and Investments Commission (ASIC) and the Australian Prudential Regulation Authority (APRA) aren’t using their full powers to take action on the banks’ bad behaviour.

APRA already has the power under the Banking Act to remove someone from a bank board and install its own nominee. The recently enacted Banking Executive Accountability Regime has given APRA more power to remove directors and install new ones.

So ASIC and APRA are not bedevilled by a lack of power, but by a lack of willpower.

In 1998 the Wallis Inquiry hived off the consumer protection and market conduct functions from the Australian Competition and Consumer Commission (ACCC) and gave these to ASIC. Professor Ian Harper, a member of the inquiry, now concedes that may have been an error.

The ACCC is an excellent regulator, with a long history of being a tough cop. Handing the consumer protection and market conduct function back to the ACCC is a step that federal Treasurer Scott Morrison should take now.

The royal commission heard that a Commonwealth Bank subsidiary was billing customers for ongoing service after their deaths. But no executives have been sacked for this.

Indeed, Matt Comyn, who was responsible for this division from 2012 onwards, has been promoted to Commonwealth Bank CEO. Former CEO Ian Narev has been permitted to sail off into the sunset with bonuses intact.

This shows ASIC is the same, or worse, than what it was in 2014: a timid, hesitant regulator, too quick to accept the assurances of regulated entities.

Despite United States authorities being widely regarded as weak in standing up to their banks, American CEOs are being held accountable.

Take the example of John Stumpf, chairman and CEO of Wells Fargo, the biggest retail bank in the US. Under his direction Wells Fargo staff had been opening multiple accounts for clients, with neither their knowledge nor their consent, and then charged account-keeping fees.

When the scandal hit, Stumpf was hauled before the US Senate. He performed so disastrously that the board told him he needed to go straight away.

No one is suggesting Stumpf knew about the fraud, or that Comyn knew that CBA was charging fees for advice to dead people. But Stumpf’s misstep caused his departure. Why is no one suggesting Comyn must go?

This is the true state of the Australian financial sector: bank executives and CEOs who could be facing criminal charges, and should have resigned, don’t even acknowledge the buck stops with them.

Regulatory failure

And if there is any doubt about the need to get cracking, here is the knockout blow: UBS has downgraded Westpac shares because the royal commission revealed that the percentage of “liar loans” in the bank’s A$400 billion loan book may be much higher than stated, or even than Westpac itself is aware of.

This is the culmination of ten years of cowboy behaviour in a financial system that now resembles the Wild West.

This is what happens when compliance culture breaks down, which in turn is a function of regulatory oversight and enforcement. Put differently, our regulators have failed to act for so long that the problem is assuming systemic proportions.

What will be interesting to see is whether the APRA inquiry is another whitewash. I half suspect that if it failed to excoriate CBA it would look pretty silly.

Let’s hope the panellists understand that. But if they don’t, then they must be called out.

Author: Andrew Schmulow, Senior Lecturer, Faculty of Law, University of Western Australia

CBA To Implement All Recommendations From Prudential Inquiry

Commonwealth Bank of Australia (CBA) today confirmed it will implement all the recommendations contained in the Report of the Prudential Inquiry released this morning by the Australian Prudential Regulation Authority (APRA).

The Capital “hit” is 29 basis points, and reduces CBA’s 31 December 2017 CET1 ratio from 10.4% to 10.1%.

CBA Chairman Catherine Livingstone said: “Addressing the findings of the Report is a key focus for the Board and management to ensure that our governance, culture and accountability frameworks and practices are significantly improved and meet the high standards expected of us.

“Changes have been underway throughout 2017 at Board and operational levels, and have continued this year, helping to rebuild customer and community trust. This includes the process of Board renewal. Together they represent a significant change program and the APRA Report provides us with a clear roadmap for the hard work still ahead of us.

“The Board will now oversee a comprehensive response to APRA, using the Report to assess the adequacy of steps already underway, and to address the additional improvements needed to implement all its recommendations. We will also appoint an agreed, independent reviewer to report to APRA on our progress.

“We understand the scale of change which is necessary and its seriousness in order for us to become a better, stronger bank for our customers, staff, regulators and shareholders.”

CBA Chief Executive Officer Matt Comyn said: “We have embraced the Report as a critical but fair assessment of the issues facing us and we will act on its recommendations, and the requirements of the Enforceable Undertaking, in an open, transparent and timely way.

“Our current change priorities are consistent with the Report’s recommendations. We now have a detailed roadmap for ongoing change and we will work with APRA to ensure we implement all of the Report’s 35 recommendations.”

APRA Prudential Inquiry into CBA: Overview of Recommendations and CBA Change Priorities

APRA Levers of Change* CBA Change Priorities

·         More rigorous Board, Executive Committee level governance of non-financial risks.

·         Development of exacting accountability standards reinforced by remuneration practices.

·         Undertaking a substantial upgrading of authority and capability of the operational risk management and compliance functions.

·         Injection into CBA’s DNA of the “should we” question in relation to all dealings with and decisions on customers.

·         Cultural change that moves the dial from reactive and complacent to empowered, challenging, striving for best practice in risk identification and remediation.
·       Strengthening the governance and management of non-financial risks at the Board and executive level.

·       Changes to remuneration policies and practices to ensure greater accountability for risk, compliance and customer outcomes.

·       Strengthening capability in operational risk and compliance throughout the Group supported by positive, transparent regulatory relationships.

·       Renewed focus on listening to customers and improved systems and procedures for reporting and resolving customer complaints.

·       Empowering staff with the tools and processes they need to manage risk better including embedding three lines of accountability as a consistent operating model.

* APRA Prudential Inquiry into CBA, p4. The full APRA Prudential Inquiry Report can be found at www.apra.gov.au.

In response to the Report, Commonwealth Bank has also entered into an Enforceable Undertaking (EU) with APRA. The key terms of the EU involve:

1.     Remedial Action Plan

·         Establishing an APRA-agreed remedial action plan within 60 days with clear and measurable responses to each of the Report’s recommendations supported by a timeline and executive accountabilities for completing each remedial action.

·         Appointing an independent reviewer, approved by APRA, to report to APRA every three months commencing 30 September 2018, on compliance with the EU and on those items in the remedial action plan that CBA considers are nearing completion.

2.     Remuneration

·         Reporting to APRA by 30 June 2018 on how the findings of the Report have been reflected in remuneration outcomes for current and past executives.

·         Ensuring accountability for completing items in the remedial action plan is given significant weight in the performance scorecards of the senior executive team and other staff as relevant.

3.     Capital Adjustment

·         APRA will apply a capital adjustment to CBA’s minimum capital requirement by adding $1 billion to the Bank’s operational risk capital requirement. The effect of this adjustment equates to 29 basis points of Common Equity Tier 1 capital and reduces CBA’s 31 December 2017 CET1 ratio from 10.4% to 10.1%.

·         CBA may apply for removal of all or part of the capital adjustment when it believes it can demonstrate compliance, to APRA’s satisfaction, with the specific EU undertakings and the commitments in the remedial action plan.

Mr Comyn said: “Change starts with acknowledging mistakes. I apologise to the Bank’s customers and staff, our regulators, our shareholders and the Australian community for letting them down.

“We will make the necessary changes to become a better bank and we will be transparent about our progress. This includes establishing a much higher level of accountability and consequence for our actions and the impact we have on customers. This starts with me.”

CBA will release its Third Quarter Trading Update on 9 May 2018. In early July, subject to finalisation with APRA, CBA will provide a public update on its agreed remediation plan. An estimate of the expected financial cost of this program for the 2019 financial year will be disclosed as part of CBA’s Annual Results announcement on 8 August 2018.

CBA will report on its progress in addressing the recommendations of the Prudential Inquiry’s report. The form of this public reporting is subject to agreement with APRA on reporting mechanisms.

Commonwealth Bank remains in a strong financial position as acknowledged by the APRA Report which notes: “the undoubted financial strength and acumen of CBA, its global standing and avowed commitment of staff to servicing customers.”

Since it was announced in August 2017, APRA’s Prudential Inquiry into CBA has received the Bank’s full co-operation and active support.

See the transcript of the CEO’s Interview. The top 500 in CBA have copies of the report!

CBA Complacent, Missed Risks, $1Bn Capital Add-in From APRA

The Australian Prudential Regulation Authority (APRA) today released the Final Report of the Prudential Inquiry into the Commonwealth Bank of Australia (CBA).

The report says CBA’s continued financial success dulled the institution’s senses to signals that might have otherwise alerted the Board and senior executives to a deterioration in CBA’s risk profile. APRA has applied a $1 billion add-on to CBA’s minimum capital requirement.

APRA announced the Prudential Inquiry on 28 August 2017 to examine the frameworks and practices in relation to the governance, culture and accountability within the CBA group, following a number of incidents that damaged the reputation and public standing of the bank. A Panel to conduct the inquiry – comprising Dr John Laker AO, Chairman of the Banking and Finance Oath, company director Jillian Broadbent AO and Professor Graeme Samuel AC, Professorial Fellow in the Monash Business School – was appointed on 8 September 2017 and the Inquiry’s investigative work began the following month. A Progress Report was released on 1 February 2018.

The Final Report is comprehensive and contains a large number of findings and recommendations. Its overarching conclusion is that “CBA’s continued financial success dulled the senses of the institution”, particularly in relation to the management of non-financial risks.

The Report also found a number of prominent cultural themes such as a widespread sense of complacency, a reactive stance in dealing with risks, being insular and not learning from experiences and mistakes, and an overly collegial and collaborative working environment which lessened the opportunity for constructive criticism, timely decision-making and a focus on outcomes.

The Report raises a number of matters of prudential concern. In response, CBA has acknowledged APRA’s concerns and has offered an Enforceable Undertaking (EU) under which CBA’s remedial action in response to the report will be monitored. APRA has also applied a $1 billion add-on to CBA’s minimum capital requirement.

As some of the recommendations deal with the way in which CBA interacts with customers, APRA will work closely with the Australian Securities and Investments Commission (ASIC) to ensure that the recommendations are addressed in full.

The Final Report’s findings

Over the past six months, the Panel examined the underlying reasons behind a series of incidents at CBA that have significantly damaged its reputation and public standing.

It found there was a complex interplay of organisational and cultural factors at work, but that a common theme from the Panel’s analysis and review was that CBA’s continued financial success dulled the institution’s senses to signals that might have otherwise alerted the Board and senior executives to a deterioration in CBA’s risk profile. This dulling was particularly apparent in CBA’s management of non-financial risks, i.e. its operational, compliance and conduct risks.

“These risks were neither clearly understood nor owned, the frameworks for managing them were cumbersome and incomplete, and senior leadership was slow to recognise, and address, emerging threats to CBA’s reputation. The consequences of this slowness were not grasped,” the Report stated.

The Panel identified:

inadequate oversight and challenge by the Board and its committees of emerging non-financial risks;

unclear accountabilities, starting with a lack of ownership of key risks at the Executive Committee level;

weaknesses in how issues, incidents and risks were identified and escalated through the institution and a lack of urgency in their subsequent management and resolution;

overly complex and bureaucratic decision-making processes that favoured collaboration over timely and effective outcomes and slowed the detection of risk failings;

an operational risk management framework that worked better on paper than in practice, supported by an immature and under-resourced compliance function; and

a remuneration framework that, at least until the AUSTRAC action, had little sting for senior managers and above when poor risk or customer outcomes materialised (and, until recently, provided incentives to staff that did not necessarily produce good customer outcomes).

The Final Report includes numerous recommendations for addressing these issues within CBA, focusing on five key levers:

more rigorous Board and Executive Committee level governance of non-financial risks;

exacting accountability standards reinforced by remuneration practices;

a substantial upgrading of the authority and capability of the operational risk management and compliance functions;

injection into CBA’s DNA of the “should we” question in relation to all dealings with and decisions on customers; and

cultural change that moves the dial from reactive and complacent to empowered, challenging and striving for best practice in risk identification and remediation.

APRA Chairman Wayne Byres said the Inquiry Panel’s findings show CBA’s governance, culture and accountability frameworks and practices are in need of considerable improvement.

“As the Panel notes, CBA has itself identified and begun taking steps to address many of these issues, but there is much to do and a risk that the same issues which have led to the need for the Inquiry undermine the bank’s efforts to comprehensively and effectively respond to the recommendations of the Panel.

“As a result, CBA has given to APRA an Enforceable Undertaking which establishes a framework by which CBA will demonstrate it is addressing the full set of recommendations made by the Panel in a timely manner. Until such times as these recommendations are addressed to APRA’s satisfaction, an add-on to CBA’s operational risk capital requirement will continue to apply.

“CBA is a well-capitalised and financially sound institution but CBA itself had acknowledged shortcomings in governance, culture and accountability ahead of this Inquiry. The comprehensive review, and set of recommendations set out by the Panel, provides CBA with a clear path towards restoring its public standing,” Mr Byres said.

Mr Byres thanked the panel members for their thorough Report. “The Panel, and those who supported them in undertaking the Inquiry, have delivered a comprehensive and high quality report that goes to the heart of the issues that led to the damage to CBA’s reputation. More importantly, the Report’s recommendations provide a roadmap for the CBA Board and executive team to deliver organisational and cultural change across the CBA group.

“The Panel notes in its Report that regaining community trust will require time, hard work and an undistracted risk and customer focus and that its recommendations should assist the CBA Board and staff in translating CBA’s undoubted financial strength and good intent into better meeting the community’s needs and expectations,” he said.

Mr Byres also said: “the findings of the Report provide important insight for all financial institutions, particularly about the need to maintain a broad focus on all aspects of risk and stakeholder interest and not allow financial success to mask or detract from other important measures of an institution’s performance and risk profile.”

Given the nature of the issues identified in the Report, all regulated financial institutions will benefit from conducting a self-assessment to gauge whether similar issues might exist in their institutions. APRA supervisors will also be using the Report to aid their supervision activities, and will expect institutions to be able to demonstrate how they have considered the issues within the Report.

For the largest financial institutions, APRA will be seeking written assessments that have been reviewed and endorsed by their Boards.

Non Bank Mortgage Lending Accelerates

The RBA have released their credit aggregates to March 2018. Looking at the month on month movements, total owner occupied lending rose 0.6%, or $6.89 billion to $1,157.8 billion and investor mortgage lending rose 0.17% or $1.03 billion to $590.2 billion. So overall mortgage lending rose 0.46% in the month, up $7.92 billion (all seasonally adjusted) to $1.75 trillion. A record.

Personal credit fell 0.12%, down $0.18 to $152 billion. Business credit rose 0.88%, or $7.99 billion to $913 billion.

The trends show that the share of investment loans fell a little on the total portfolio to 33.8%, while business lending was 32.5% of all lending, up just a little.

The 12 month average growth rates show that owner occupied loans rose 8.1%, while investment loans grew 2.5%. Business rose 4.2%, and personal credit fell again. Overall growth rates of credit for housing slide just a little to 6.1%. This is 3 times the rate of inflation and wage growth! Household debt therefore is still rising.

The noisy monthly data highlights how volatile the business lending trends are.

They also reported that the switching between investor and owner occupied loans continues to run at similar levels, after the hiatus in 2015.

Now, we can also make comparisons between the total loan pool, and those loans written by the banks (ADS’s) by combining the APRA bank data and the RBA data. There are a few catches, and the ABS suggests that not all the non-banks are captured.

But set that aside, we have plotted the relative value of the mortgage pools at the total level, and the ADI level (not seasonally adjusted). The trend shows around 7% of lending is non-bank, up from 5.7% in 2017. In value terms this equates to $124 billion, up from $90 billion in 2016.

Another way to show the data is to look at the rolling 12 month growth trend. This shows that non-bank lending has been growing at up to 30% and significantly higher than the market at 5.94%.

This is highly relevant given Bluestone’s recent announcement and Peppers recent $1 billion securitisation issue.

So this is all playing out as expected. As the majors throttle back on new mortgage lending under tighter controls, the non-bank sector continues to pick up the slack. This is a concern as the regulatory environment for these lenders is weaker, with both ASIC and APRA now involved, ASIC from a responsible lending perspective and APRA from new supervision on the non-bank sector, despite their failure in the core banking sector. So we expect to see significant non-bank lending growth, ahead, which will stoke the current massively high household debts even higher.

The total loan mortgage growth is still significantly higher than income growth. This is not sustainable, and will lift mortgage stress higher again – our new data will be out in a few days.

Mortgage Growth Still Continues

Lets be clear, all this talk about mortgage tightening has only had marginal impact on overall mortgage lending growth, judging by the APRA monthly stats, released today to end March 2018. These of course do not include the non-bank sector which we think has been quite active – and the RBA data, out later today, will help to triangulate this.

Anyhow, according to the APRA stats the ADI mortgage book rose 0.46% over the month, to $1.62 trillion, up $7.9 billion in the month. Within that owner occupied loans were worth $1.06 trillion, up 0.63% compared with last month, and investment loans rose 0.15% to $554.8 billion. Investment loans were 34.3% of all loans. The annual growth rate on the book would equate to 5.6% which is still well above inflation and wage growth (~2%) which means that in absolute terms household debt is still rising.

The monthly trends show the relative movements nicely with owner occupied loans still above investment loans, and just a slight fall in growth rates, but nothing to write home about. Investor lending was up a little.

We continue to see significant variations across lenders as to how they have managed their portfolio growth, with Westpac continuing to stand out (that’s the bank which UBS suggested last week had issues with their portfolio, was a risk!), while CBA and ANZ appear to be reducing their Investor Loan book. Macquarie is also growing their book, as is Bendigo and Adelaide Bank.

Overall loan shares are pretty static, with CBA the largest owner occupied lender and Westpac the biggest investor loan provider (and recently we found out that 50% of their loans were interest only).

Whilst APRA has removed the 10% speed limit, we will continue to to report the annual movements by lender. A number of the smaller players are still growing quite fast.

We still think the over reliance on mortgage debt to grow the economy will create significant problems ahead. We need to see credit start to shrink, because incomes won’t catch up anytime soon.