Australian banking seemed to have escaped the disasters of the banks in most of the rest of the developed world in 2008, but though it avoided the liquidity crises which did so much damage to those institutions, it appears that it wasn’t immune to the same temptations to cheat their customers for which the rest of the banking industry has been rightly slated and fined.
Banking Culture Review 2015
In 2015, the Group of Thirty global banking body issued a report entitled Banking Conduct and Culture – A Call for Sustained and Comprehensive Reform. This came in the aftermath of the banking scandals which caused the financial crash of 2008, and was an attempt to draw lessons and improve banking culture. It was their third report, and it acknowledged how disappointingly little progress had been made.
We wrote about this two years ago in an article in which we described it as a worthy but doomed effort. Apart from the limited number of participants, which we felt called into question its statistical validity, our major criticism was not the broad conclusions, but the recommendations. Specifically, we felt that its focus on creating a good culture, while correct, was not underpinned by robust measures to define and achieve this objective.
It relied upon the banks “working to fully embed the desired culture” through what it called “ongoing monitoring and perseverance”, drawn from four key areas:
- senior accountability and governance
- performance management and incentives
- staff development and promotion
- an effective three lines of defence
- Staff and management in the business
- Compliance or Risk Management
Its three mechanisms for achieving the desired cultural transformation were:
- Enforcement of black letter law
- Board- and Management-led sustained embedding of substantially improved culture and values, with supervisory monitoring
- A competitive effect that should – in time – create competitive advantage for firms that have demonstrably better cultures and conduct
Our main criticism was that although the report acknowledged the need for metrics, it made no attempt to provide a definition of the key elements of culture, or the ways in which these might be measured. Hence our reference to the old adage that “if you can’t measure it, you can’t manage it”. Hence, therefore, our conclusion that the effort, while worthy, was doomed, and we referred the reader to our practical approach to measuring ethical performance as a better way forward.
The Royal Commission into current Australian banking scandals
Now we move on three years to look at the embarrassing events which have unfolded in that time in the Australian banking and financial world, and see what effect the 2015 recommendations have had over that time. Particularly we can look at the four areas identified for embedding cultural improvements and the three mechanisms for achieving these.
The oligopoly of the four big Australian banks, Commonwealth Bank (CBA), ANZ, NAB and Westpac, had come through the 2008 financial crash apparently relatively unscathed. However, for the customers and the regulators, things were not as benign as they appeared. In recent years there has been a succession of complaints building up and pressure for a Royal Commission to examine the financial sector.
Following allegations of interest rate fixing at Westpac and the other banks, the regulator, the Australian Securities and Investment Commission (ASIC), has spent over six years investigating, resulting in expensive settlements with ASIC, by ANZ and NAB, and recently with CBA.
In 2015, the chairman of ASIC, Geoff Medcraft, complained of difficulty in getting responses from the wealth management industry in his investigations into wrong practices in that part of the financial sector. And in 2016, a scandal erupted in relation to Commonwealth Bank’s insurance arm over non-payouts.
The growing concern led to attempts by the parliamentary opposition for a Royal Commission to be set up to investigate financial services generally. The government had, in mid-2017, set up a parliamentary enquiry into competition in the financial services industry, recognising that something had to be seen to be done, but it resisted a Royal Commission on the grounds that would be an unnecessary distraction (and probably that it might show the flourishing Australian banking industry in a bad light internationally); and it was resisted by the banks on similar grounds of unnecessary distraction (and probably a threat to their reputation and hence share prices with global investors). However, the farming community strongly endorsed a Royal Commission to look into the ways they felt they were being exploited by the banks. And surprisingly, in 2017, Vaughn Richtor, the outgoing head of ING expressed his support for a Royal Commission, qualified by a plea that they should avoid recommending more regulation. Interestingly, he proposed that the banks should make use of social media to get customers’ views of their services.
By mid-2017, another scandal blew up at CBA when it was put to them by the financial intelligence agency, AUSTRAC, that the bank had broken the law up to 54,000 times in regard to money laundering requirements by not immediately reporting suspicious transactions in the roll-out of a new cash depositing system. The response of its CEO didn’t impress politicians, and matters were not helped by the revelations of a whistle-blower, a former employee, Jeff Morris, who had been trying to get top management and the regulator to address what he saw as wrong practices for several years, with no success.
Eventually, near the end of 2017, the government bowed to the inevitable, and agreed to set up the Royal Commission. From that point on, the scandals drip-fed into the public domain, and none of the banks was spared, but also the financial planning industry came into the spotlight as the iconic AMP was pilloried. A short list gives the flavour:
- 15% of mortgages had a policy waiver so didn’t fulfil the full criteria for lending
- a whistle-blower revealed a cash for loans bribery scheme in 5 branches: fraud, fake payslips etc
- an expensive car loan and credit card were issued to a 22 year old just starting a job ($35K loan would cost $60K to pay back over 7 years)
- loans were made by Westpac and others, up to $3m, to a 71 year old nurse to finance property investments; they went wrong and cost her all her savings; Westpac lent $360K to her at age 67 when she already owed nearly $1m
- the head of financial advice told the banking royal commission it would be difficult to unwind the inherent conflict between sales and advice because the first bank to do it would be at significant disadvantage.
- aggressively selling credit card insurance to unemployed people who probably wouldn’t be able to claim
- raising the credit card limit for a self-confessed gambler
- a customer still being charged 10 years after his death for planning advice
- breaking responsible lending laws by not checking borrowers’ expenses
- granting a 30 year house loan to a 71 year old pensioner
- excessive late payment fees
- overcharging borrowers on their home loans
- fees charged to thousands of people who didn’t receive promised advice
- misleading ASIC countless times over the fee charging complaints
So it looks as if the advocates for a public enquiry were justified in pressing the government to change its mind.
CBA Prudential Enquiry – a regulator driven investigation
Just prior to the setting up of the Royal Commission, the Australian Prudential Regulation Authority (APRA), had commenced its own Prudential Enquiry into CBA, following “a number of incidents in recent years that have damaged the reputation and public standing of the CBA group”, as it put it. It is interesting to read the report of this enquiry, as it may give an indication of the aspects to watch out for in the report of the Royal Commission when it emerges, scheduled for early next year.
APRA’s 109 page report has four main sections:
- Remediation initiatives and panel recommendations
We have picked out some comments that seemed of particular interest in relation to the problems they highlight or the nature of the conclusions drawn and actions recommended, and discuss these below.
Role of the Board
- the board has historically deferred to the CEO for internal and external communication
- gaps in reporting
- lack of candour from management
- degree of trust by the board in management needs to be validated through appropriate metrics
- board intimidated by highly intelligent executive team
- Regulatory and Operational Risk report … dominated by regulatory matters
- neither board nor Risk Committee received metrics or analysis on customer complaints
- Audit Committee … exhibited a lack of rigour and urgency … closing out audit issues
- emerging practices globally use technology to enable directors to click through high level dashboards to more granular metrics and data
- overdependence on CRO to determine risks to be reported to directors
- strengths highly oriented towards financial risks … less so on operational compliance
- problems communicating between committees leading to unintended consequences resulting from delegation to sub-committees
- “good news messaging”
Our comment: A strong and respected CEO has a compliant board which has been fed carefully filtered information reflecting positive results, which it doesn’t appear to challenge. The sub-committees operate in silos, reflecting the decentralised group structure.
Senior Leadership Oversight
- Executive Committee seen as advisory to the CEO and relatively ineffectual in challenging on group-wide issues
Our comment: The strong CEO has an intellectually powerful but subservient Executive Committee whose members don’t challenge their fellow business heads
Risk Management and Compliance
- 3 lines of defence model has not worked well in the decentralised group
- Operational Risk Management Framework for Line 1 is 119 pp long and has detailed operational instructions
- Focus on process … missing the forest for the trees
- Selective use of “deep dive” reviews by Line 2 (recommended by the panel for wider application)
Our comment: The trusted 3 lines of defence didn’t work here, and how could anyone operate under this weight of bureaucracy? The answer is that they didn’t, and no-one was looking at the big picture.
Issue identification and Escalation
- an elaborate system in place addressing the range of categories: whistleblowers, customers, regulators etc
- difficulty in identifying broad, systemic issues
- difficulty in resolving issues – low senior level involvement and poor execution
- eg overall positive customer satisfaction statistics overwhelming some serious negatives
- hence internal view that customer is paramount and happy, but the reality is that not dealing with customer complaints damages public image
Our comment: The approach was not holistic and there was no methodical process to measure and monitor improvements.
Financial Objectives and Prioritisation
- financial objectives prioritised over all others
- “can we…should we” and “can” won out too often, resulting in the customer being sold inappropriate service which left them worse off
Our comment: So much for the hopes of the Banking Review that a good culture would be created by big banks globally and that good practice would drive out bad. The comment of the Westpac executive to the Royal Commission about the commercial disadvantages of disentangling sales incentives from the process of giving impartial advice is revealing.
- poor access across business lines
- not well linked to remuneration, so bad practices not punished
- Line 1 (front line) thinks wrongly that Line 2 (oversight, internal audit etc) should be held accountable
Our comment: Accountability is one of the four pillars of the Banking Review’s “on-going monitoring and perseverance” on which the three lines of defence rely. And it clearly failed miserably.
- Remuneration: incentive payments not really tied down to performance
Our comment: Accountability failing again, and probably inadequate measurement also, so another of the Banking Review’s plans failed
Culture and Leadership
- complacency and reactivity
- failure of leadership to “walk the talk”
- comparison with risk culture in other industries (oil & gas, aviation): three phases:
- goal zero: safety taken seriously at all levels, including processes ad measurements
- chronic unease: walking the talk, safety embedded in the organisation’s DNA
- do I care: all aspects from physical safety and health to moral dimension
- reliance on process – lack of ownership of outcomes – tick box approach
- staff’s poor view of leadership’s perceived lack of commitment to upholding values and turning a blind eye to indiscretions
- blaming collegiate culture (compensating for the previous very competitive culture) for lack of challenge to bad behaviour
Our comment: The Banking Review’s “board- and management-led embedding of improved values with supervisory monitoring” wasn’t reflected in the failure of the leaders to walk the talk and the lack of adequate monitoring. Also the APRA report’s allusion to risk culture in other industries where life and death are involved may be difficult to translate into the financial service sector.
- Board effectiveness:
- more strategy at board meetings
- more deep dives
- review of quality of information
- roles and responsibilities of committees
- Big Rocks programme
- Make risk function more responsive to business needs
- Simplify policies and processes
- Focus on underlying responsibilities
Our comment: These would address many of the detail level criticisms raised in the report, but surely they don’t really address the fundamental cultural issues which led to the immoral behaviour which triggered the enquiry.
APRA Report Recommendations
- more rigorous Board and Executive Committee governance of non-financial risks
- exacting accountability standards reinforced by remuneration practices
- upgrading operational risk and compliance functions
- injecting “could we/should we” into the DNA re customer dealings
- move reactive/complacent culture to empowered and challenging.
Our comment: The report views everything in terms of risk management and correctly criticises CBA for being primarily focused on financial risk, and paying insufficient attention to what it classifies as operational risk and compliance risk. But if we compare this summary of its recommendations – governance, accountability and cultural DNA – with those of the Banking Review three years earlier, we find very similar words appearing in the earlier document. And the key missing elements are the same: definitions and measurable metrics.
So our conclusion is that, notwithstanding good intentions, the report will lead to more bureaucracy in CBA and more care on the part of managers and staff not to be caught too obviously ripping off the customers while continuing to strive to beat the competition and make their revenue and profit targets.
Similarly, the Royal Commission review is likely to produce a report full of good intentions which won’t lead to significant changes in behaviour.
Interestingly, some of those in banking understand the importance of connecting directly with customers via social media, and in an earlier article, we quoted William Dudley, President of the Federal Reserve Bank of New York in that context, and above we mention the comments of Vaughn Richtor, ex CEO of ING in Australia.
But as we have stressed again and again, to install an effective system to improve corporate governance the fundamentals are as follows:
- an holistic approach is needed which takes account of all the major stakeholders
- clarity and definitions are required of what are going to be measured as elements collectively constituting good governance
- then a practical measurement system must be installed which connects directly with the stakeholders and is operated independently of the company to avoid “capture”
- the chairman and the board should then receive reports directly without intervention by management, in a consistent form and on a regular basis such that the directors can monitor performance and progress in improving corporate governance.
Sadly, the ASAP report seems to us to bury itself in operational detail while missing the central point – the same failing as the Banking Review. What a pity.