Lessons for all in APRA report on CBA’s culture

By

15/05/2018

Institutional investors need to be wary of the cultural shortcomings of companies in which they invest, given the findings of the Australian Prudential Regulation Authority’s recently completed Prudential Inquiry into the Commonwealth Bank of Australia.

APRA describes culture as a system of shared values and norms that shape behaviour and mindsets within an institution, and once established, these are difficult to shift.

The inquiry’s report mentions cultural issues at CBA related to a widespread sense of complacency, a reactive stance in dealing with risks, being insular and not learning from experiences and mistakes. These things have taken on greater importance in the current corporate climate, as institutional investors begin to review the characteristics of companies, well beyond financial performance.

The various incidents at CBA over the years, coupled with increased public and regulatory scrutiny, place the bank at an important juncture where it must focus on improving its culture.

Years of problems

APRA’s inquiry focused on a series of incidents at the bank that date back to 2008 and include mis-selling of margin loans, misconduct by financial advisers, fees-for-no-service in financial advice, an outdated insurance definition, anti-money laundering breaches and mis-selling of credit-card insurance.

The inquiry also examined the bank’s frameworks and practices in relation to governance, culture and accountability and concluded that the financial success of the company “dulled the senses of the institution” in relation to the management of non-financial risks.

The regulator’s report noted that the bank’s overly collegial and collaborative working environment lessened constructive criticism, timely decision-making and the focus on outcomes.

“These risks were neither clearly understood nor owned, the frameworks for managing them were cumbersome and incomplete, and senior leadership was slow to recognise, and address, emerging threats to CBA’s reputation. The consequences of this slowness were not grasped,” the report states.

CBA’s operational risk and compliance functions have had a heavy procedural bias, too, APRA added. In particular, the bank’s rules-based policies contain detailed, step-by-step processes that favour form over substance in risk management. Furthermore, it’s had a tendency to react to losses and incidents that had already occurred, rather than proactively identifying, measuring and managing risks.

The bank has acknowledged that its risk functions have not been adequately resourced and that there is scope to improve staff capabilities. The bank also recently developed a new operational and compliance risk taxonomy and is looking to update the analytical tools used for risk management.

Matter of trust

While the financial crisis exposed a series of corporate scandals in banks around the globe, banks in Australia were mostly resilient, though their conduct is far from unblemished, APRA states. In fact, the regulator asserts, recent failings have undermined community trust.

“Trust is the currency of banks, and improper conduct that undermines confidence or causes harm to customers devalues that currency,” it states in this month’s report.

APRA chairman Wayne Byres adds “that regaining community trust will require time, hard work and an undistracted risk and customer focus”.

“The findings of the report provide important insight for all financial institutions, particularly about the need to maintain a broad focus on all aspects of risk and stakeholder interest and not allow financial success to mask or detract from other important measures of an institution’s performance and risk profile,” Byres said.

Given the nature of the issues identified, all regulated financial institutions would benefit from conducting a self-assessment to gauge whether similar issues might exist in their institutions, APRA has advised.

Sponsored content