Daily Bulletin


The Conversation

  • Written by Pat McConnell, Visiting Fellow, Macquarie University Applied Finance Centre, Macquarie University

Something appears to be very wrong with risk management at the Commonwealth Bank (CBA), that cuts right across the bank. There have been risk management problems in the retail (money laundering), institutional banking (foreign exchange and bank bill swap rate benchmark manipulation) and wealth management (Comminsure scandal) arms of the bank.

This tsunami of scandals helped to trigger the Financial Services Royal Commission which will examine banking misconduct.

And the responsibility, the accountability for risk management stops, and starts, with the bank’s board.

Read more: There's no evidence behind the strategies banks are using to police behaviour and pay

In presenting its 2018 half yearly profits, the CBA board announced that the bank had set aside provisions of A$375 million in anticipation of a penalty resulting from failures to properly implement anti-money laundering controls.

In the media conference following the appointment of Matt Comyn as the new CEO of CBA, the chair of the banks’ board Catherine Livingstone, admitted, while it was:

…entirely appropriate to share a collective accountability for the issues that we have had… [that] the processes around operational risk management and compliance risk management…is where we have not performed as we should have.

In his first media conference as CEO, Mr Comyn, not surprisingly, concurred with his new boss.

And it became unanimous, when a few days later the progress report of the Australian Prudential Regulation Authority’s Prudential Inquiry Panel into the culture at CBA, reported that investigations were being focused on “capabilities and accountabilities for risk management in the organisation, particularly for operational, compliance and reputational risk”.

CBA’s latest annual report describes in some detail the risk management framework that is supposed to direct risk management across the bank. The framework, which incorporates the requirements of APRA’s prudential standard for risk management, comprises three main components: a risk appetite statement (which describes the types and maximum levels of risk that the board is willing to accept), a three year rolling group business plan and a risk management strategy.

The bank’s risk appetite is formulated by the Board Risk Committee, approved by the board, and dictates the levels of risk-taking in each business line.

In practise the bank actually follows what is called a Three Lines of Defence model. The so-called first line of defence is business management, which is responsible for the effective implementation of the board-approved risk management framework.

The second line is a separate group of staff with specific risk management skills to develop and monitor the risk management process. The third and last line is an independent group that acts as an internal audit function.

CBA's board needs to take ultimate responsibility for the bank's failings The Commonwealth Bank’s board is responsible for the bank’s risk management and oversight. AAP

CBA is a large and complex organisation, and naturally there is a large, complex risk bureaucracy. This is detailed in the bank’s latest risk report.

However, APRA is clear that the board should take ultimate responsibility.

The lines of defence are clearly broken. If there had been one single, or maybe two, risk management failures at CBA, you could put it down to complexity, teething problems or just bad luck. But over the last decade, there has been a catalogue of bad risk decisions affecting the bank’s customers, shareholders and the Australian financial system.

After the first few times, surely the effectiveness of the risk framework and the three lines of defence should have been questioned and remedial action taken? But apparently it was not, and there is now frantic action by the people responsible – the CBA board - to do something (anything) about it.

In the media conference, Catherine Livingstone and the new CEO repeatedly talked about “collective accountability” and tried to diffuse the severity of the situation by talking about “organisation wide” and “culture” issues, as if even the staff in the bank’s branches were somehow to blame.

In fact, in the case of money laundering through ATMs that has drawn the ire of AUSTRAC, it was the first line business staff in the branches who raised the alarm. Their warnings were not taken seriously. To claim that the lower-level staff are somehow “collectively accountable” is bordering on the bizarre.

Read more: Australia's financial regulators need policing

The accountability for the risk management failures is indeed spread far and wide but by far and away it is the joint responsibility of the board and executive committee. The knee-jerk reaction to cut a few bonuses is insufficient.

Someone in the board of the bank has to resign or be fired. Where failures are detected, bonuses already paid out, for example to recently retired board members, should be retrieved.

And going forward, the three lines of defence must become a real protection for customers rather than a convenient pretence, and APRA must ensure, for customers’ sakes, that the three lines are operating effectively in all large financial institutions.

Authors: Pat McConnell, Visiting Fellow, Macquarie University Applied Finance Centre, Macquarie University

Read more http://theconversation.com/cbas-board-needs-to-take-ultimate-responsibility-for-the-banks-failings-91485

Writers Wanted

How the stunning abstract art of Hilma af Klint opens our eyes to new ways of seeing

arrow_forward

Home quarantine for vaccinated returned travellers is extremely low risk, and won't damage their mental health

arrow_forward

Boom in Aussies buying up restaurants, pubs, hotels and bars in regional centres

arrow_forward

The Conversation
INTERWEBS DIGITAL AGENCY

Politics

Prime Minister interview with Karl Stefanovic and Allison Langdon

Karl Stefanovic: PM, good morning to you. Do you have blood on your hands?   PRIME MINISTER: No, it's obviously absurd. What we're doing here is we've got a temporary pause in place because we'v...

Karl Stefanovic and Allison Langdon - avatar Karl Stefanovic and Allison Langdon

Prime Minister Scott Morrison delivered Keynote Address at AFR Business Summit

Well, thank you all for the opportunity to come and be with you here today. Can I also acknowledge the Gadigal people, the Eora Nation, the elders past and present and future. Can I also acknowled...

Scott Morrison - avatar Scott Morrison

Morrison Government commits record $9B to social security safety net

The Morrison Government is enhancing our social security safety net by increasing support for unemployed Australians while strengthening their obligations to search for work.   From March the ...

Scott Morrison - avatar Scott Morrison

Business News

Boom in Aussies buying up restaurants, pubs, hotels and bars in regional centres

With international borders closed, regional Australia is seeing a dramatic surge in popularity as people move out of the cities and into their quaint communities. City slickers are looking for new...

Tess Sanders Lazarus - avatar Tess Sanders Lazarus

5 Signs Your Business Needs Onboarding Software

Onboarding software is the technology that automates a smooth transition for new hires from before the interview to the first day on the job. High-quality onboarding platforms feature a digital da...

Onboarded - avatar Onboarded

What Is COVID 19 Risk Assessment for Vulnerable Workers and Why Your Business Needs it

During the height of the COVID-19 pandemic, governments strongly advised people to just stay at home as a critical effort to stop the spread of the virus. This led to many businesses temporarily s...

NewsServices.com - avatar NewsServices.com