Daily Bulletin


The Conversation

  • Written by Pat McConnell, Visiting Fellow, Macquarie University Applied Finance Centre, Macquarie University

Something appears to be very wrong with risk management at the Commonwealth Bank (CBA), that cuts right across the bank. There have been risk management problems in the retail (money laundering), institutional banking (foreign exchange and bank bill swap rate benchmark manipulation) and wealth management (Comminsure scandal) arms of the bank.

This tsunami of scandals helped to trigger the Financial Services Royal Commission which will examine banking misconduct.

And the responsibility, the accountability for risk management stops, and starts, with the bank’s board.

Read more: There's no evidence behind the strategies banks are using to police behaviour and pay

In presenting its 2018 half yearly profits, the CBA board announced that the bank had set aside provisions of A$375 million in anticipation of a penalty resulting from failures to properly implement anti-money laundering controls.

In the media conference following the appointment of Matt Comyn as the new CEO of CBA, the chair of the banks’ board Catherine Livingstone, admitted, while it was:

…entirely appropriate to share a collective accountability for the issues that we have had… [that] the processes around operational risk management and compliance risk management…is where we have not performed as we should have.

In his first media conference as CEO, Mr Comyn, not surprisingly, concurred with his new boss.

And it became unanimous, when a few days later the progress report of the Australian Prudential Regulation Authority’s Prudential Inquiry Panel into the culture at CBA, reported that investigations were being focused on “capabilities and accountabilities for risk management in the organisation, particularly for operational, compliance and reputational risk”.

CBA’s latest annual report describes in some detail the risk management framework that is supposed to direct risk management across the bank. The framework, which incorporates the requirements of APRA’s prudential standard for risk management, comprises three main components: a risk appetite statement (which describes the types and maximum levels of risk that the board is willing to accept), a three year rolling group business plan and a risk management strategy.

The bank’s risk appetite is formulated by the Board Risk Committee, approved by the board, and dictates the levels of risk-taking in each business line.

In practise the bank actually follows what is called a Three Lines of Defence model. The so-called first line of defence is business management, which is responsible for the effective implementation of the board-approved risk management framework.

The second line is a separate group of staff with specific risk management skills to develop and monitor the risk management process. The third and last line is an independent group that acts as an internal audit function.

CBA's board needs to take ultimate responsibility for the bank's failings The Commonwealth Bank’s board is responsible for the bank’s risk management and oversight. AAP

CBA is a large and complex organisation, and naturally there is a large, complex risk bureaucracy. This is detailed in the bank’s latest risk report.

However, APRA is clear that the board should take ultimate responsibility.

The lines of defence are clearly broken. If there had been one single, or maybe two, risk management failures at CBA, you could put it down to complexity, teething problems or just bad luck. But over the last decade, there has been a catalogue of bad risk decisions affecting the bank’s customers, shareholders and the Australian financial system.

After the first few times, surely the effectiveness of the risk framework and the three lines of defence should have been questioned and remedial action taken? But apparently it was not, and there is now frantic action by the people responsible – the CBA board - to do something (anything) about it.

In the media conference, Catherine Livingstone and the new CEO repeatedly talked about “collective accountability” and tried to diffuse the severity of the situation by talking about “organisation wide” and “culture” issues, as if even the staff in the bank’s branches were somehow to blame.

In fact, in the case of money laundering through ATMs that has drawn the ire of AUSTRAC, it was the first line business staff in the branches who raised the alarm. Their warnings were not taken seriously. To claim that the lower-level staff are somehow “collectively accountable” is bordering on the bizarre.

Read more: Australia's financial regulators need policing

The accountability for the risk management failures is indeed spread far and wide but by far and away it is the joint responsibility of the board and executive committee. The knee-jerk reaction to cut a few bonuses is insufficient.

Someone in the board of the bank has to resign or be fired. Where failures are detected, bonuses already paid out, for example to recently retired board members, should be retrieved.

And going forward, the three lines of defence must become a real protection for customers rather than a convenient pretence, and APRA must ensure, for customers’ sakes, that the three lines are operating effectively in all large financial institutions.

Authors: Pat McConnell, Visiting Fellow, Macquarie University Applied Finance Centre, Macquarie University

Read more http://theconversation.com/cbas-board-needs-to-take-ultimate-responsibility-for-the-banks-failings-91485

Writers Wanted

Victorian Health Minister Jenny Mikakos quits, lashing out at Daniel Andrews

arrow_forward

What would Amy Coney Barrett, Trump's pick for the Supreme Court, mean for abortion rights in the US?

arrow_forward

Body fat deep below the surface is a toxic risk, especially for your heart

arrow_forward

The Conversation
INTERWEBS DIGITAL AGENCY

Politics

Did BLM Really Change the US Police Work?

The Black Lives Matter (BLM) movement has proven that the power of the state rests in the hands of the people it governs. Following the death of 46-year-old black American George Floyd in a case of ...

a Guest Writer - avatar a Guest Writer

Scott Morrison: the right man at the right time

Australia is not at war with another nation or ideology in August 2020 but the nation is in conflict. There are serious threats from China and there are many challenges flowing from the pandemic tha...

Greg Rogers - avatar Greg Rogers

Prime Minister National Cabinet Statement

The National Cabinet met today to discuss Australia’s COVID-19 response, the Victoria outbreak, easing restrictions, helping Australians prepare to go back to work in a COVID-safe environment an...

Scott Morrison - avatar Scott Morrison

Business News

5 Ways a Printed Marquee Can Help You Sell More at Markets

If you’re a local business owner, you probably already know that outdoor markets are a great way to reach customers and sell your product. If you already have permanent premises, they allow you ...

News Company - avatar News Company

5 Essential Tools for Working Remotely in 2020

The average, modern office worker spends 8 hours a day, 5 days a week in a company building. Since the start of COVID, however, many of these companies have allowed workers to work from home due...

News Company - avatar News Company

What happens to all those pallets?

Pallets — they're not something everyday people often give much thought to. But they're an integral part of any business which receives or distributes large quantities of goods. But once the goo...

News Company - avatar News Company



News Company Media Core

Content & Technology Connecting Global Audiences

More Information - Less Opinion