Regaining trust – regulators help banks to help themselves

By Heather McKenzie

When Sibos touches down in Sydney next month, it will do so while the Australian financial services industry is awaiting the final results of a Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry. An interim report will be published by 30 September, with the final report scheduled for 1 February 2019.

The Commission was established following allegations of aggressive, sales-driven cultures within the banking industry that emphasised profit at all costs. Other allegations include bank officers forging signatures, overcharging fees and creating unauthorised investment accounts for customers. An Australian Senate inquiry in 2014 recommended a Royal Commission. The Australian Government, which initially resisted calls for an inquiry, finally agreed to set up the Commission in December 2017.

According to the Australian state broadcaster, the ABC, Australian banks have paid out more than $1 billion in fines and compensation for customers since the financial crisis.

On 20 April 2018, the chief executive of National Australia Bank, Andrew Thorburn, issued a statement about the Royal Commission. He said: “The Australian community has heard confronting evidence that is unacceptable… It is now clear to me that the Royal Commission is necessary and justified. Customers and their concerns are being heard through this process, and it is important that as an industry we learn from what we hear, and that this intervention becomes the catalyst for the industry to restore the trust and respect of the community.”

At a January 2018 press conference to announce the appointment of Ian Narev as new chief executive of Commonwealth Bank of Australia, chair of the bank, Catherine Livingstone, said: “… the bank currently faces a range of reputational, regulatory and legal issues which have overshadowed what has otherwise been a very strong progress and performance. The equally pressing strategic challenges involve rapidly-changing competitive and regulatory environments, and the accelerating evolution of the technology, which is both a threat and an opportunity.

“In short, the candidate we were seeking was someone who could restore the bank’s reputation in areas where trust has been damaged, maintain the current operating momentum and continue to deliver strong performance and attractive returns to shareholders, transform the business to adapt and capitalise on innovations and technology, renew and cultivate the right culture, and achieve all of the above by focusing first and foremost on customers.”

A decade after the financial crisis of 2007-8, financial institutions and regulators around the world are still talking about the need for banks to regain trust and restore reputations. Australia’s banks seemed to have escaped the ravages of subprime lending and its fallout. But the Royal Commission has uncovered some practices that haven’t reflected well on the industry as a whole.

At the annual Risk Management Association chief risk officer conference in Sydney in early September, Wayne Byres, chairman of the Australian Prudential Regulation Authority (Apra) said the conference theme, ‘regaining the trust’ was both timely and important. “The broader community has lost confidence that the financial sector understands and acknowledges the privileged position that it holds in society, and the obligations that come with it.” Apra is an independent statutory authority that supervises institutions across banking, insurance and superannuation and promotes financial system stability in Australia.

Byres believes that the heart of many of the issues uncovered by the Commission is a miscalculation of the trade-off between risk and return. “Reputation and trust have been undervalued in that calculation, and therefore squandered.”

It is not the regulators’ job, said Byres, to regain trust for financial institutions. The industry needs to earn and sustain the community’s trust “through its own actions”. Regulators and supervisors can, however, take measures to support and reinforce the efforts by the industry. Byres outlined a few of these measures in his speech. They included:

Risk culture

Byres believes an institution’s risk culture is a critical, but under-appreciated component of the response to the financial crisis. “Understanding attitudes to risk – the risk culture – are fundamental to gaining confidence that an institution has robust risk management and is likely to remain in a sound financial position. Traditional prudential requirements for adequate financial resources may not be sufficient if faced with poor governance, weak culture, or ineffective risk management. Documented frameworks, policies and procedures aren’t much value if the risk culture doesn’t reinforce them.”

Apra’s focus in this respect is on the potential for a poor risk culture to produce bad outcomes for the bank (and hence depositors). Other regulatory bodies in Australia, such as the Australian Securities and Investments Commission (Asic), are focused on the potential bad outcomes for the borrower. These perspectives are, however, complementary and the two organisations work closely together on them.

A challenge for risk managers (and prudential supervisors) is not only creating a sound infrastructure of limits and controls to guard against financial risks, but also to instil a culture of risk awareness and stewardship across the entire business, including for behavioural and reputational risks, said Byres.

Apra is creating a risk culture assessment program that it hopes will be scalable and applicable across the industry. Byres said Apra will not seek to prescribe a risk culture but expects executives and their boards to establish and maintain the risk culture that they consider appropriate to their organisations, given their strategy and risk appetite.

In terms of risk culture, Byres thinks there is still “much to do”, but he pointed out that not everything that the Australian community regarded as having gone wrong in the financial sector was a product of poor culture or bad intent. “In some cases it has been unwieldy infrastructure, cumbersome bureaucracy and blind adherence to process that has been at fault. But those factors can’t explain everything. Risk and risk culture have too narrowly been looked at through a financial lens (‘what will it cost our bottom line?’), without regard to reputational impacts (‘what will it cost our good name and standing?’). The latter has been materially underestimated. This will need to change if the industry is to regain the trust, but it will challenge the risk (and regulatory) profession because it will require skills, expertise and insights that may not be in the domain of a traditional risk manager.”

Bank executive accountability

On 1 July 2018, Australia’s Banking Executive Accountability Regime (Bear) came into effect for the largest banks. Other authorised deposit taking institutions (ADIs) have until mid-2019 to adhere to the Regime.

Bear requires banks to identify and register their accountable persons, develop detailed accountability statements, and from these put together accountability maps for their organisations. By early September, 85 individuals across the four largest banks had been registered.

Apra will review how the allocated responsibilities work in practice and is open to revisiting these as it “learns from experience”. It will also examine how the accountable persons understand and oversee their areas of accountability.

Byres said the Regime would not necessarily directly help the financial industry to regain the community’s trust. Use of its provisions would, however, demonstrate that there are going to be clear and material consequences for poor prudential outcomes. But it will only come after some event that has damaged the trust and standing of the industry in the first place, so at best the Bear might help square the ledger ex post, said Byres. “Where I hope the Bear will have a positive impact – albeit indirectly, and over time – is through forcing the industry to hold itself to account much more firmly and quickly than has been the case to date.”


Among the components of Bear are remuneration requirements, which will come fully into effect in 2019. ADIs will be required to defer a minimum proportion of an accountable person’s variable remuneration – generally 40 per cent for executives, or 60 per cent for the chief executive, of a large bank – for a minimum of four years. It also requires ADIs to have remuneration policies that provide for the reduction in variable remuneration should an accountable person fail to comply with their obligations, and to exercise the provision should circumstances warrant it.

Apra is meeting with industry groups and has found that remuneration frameworks and practices “did not consistently and effectively meet our objective of sufficiently encouraging behaviour that supports risk management frameworks and long-term financial soundness”, said Byres. Though all institutions had remuneration structures that satisfied minimum requirements, implementation was often some way from best practice, he added.

He flagged three key areas that he believes will aid financial institutions in regaining trust: outcomes, metrics and oversight. Apra discovered that in terms of renumeration, senior executives seemed “somewhat insulated” from the consequences of poor risk outcomes; this must change, said Byres. One of the reasons for the misalignment between outcomes and remuneration was that measures by which performance was judged are too focused on shareholder metrics such as return on equity and total shareholder return. “The current structure of long-term incentives in Australia is particularly problematic in this regard and is out of step with how best practices in remuneration are evolving internationally. This will also have to change,” said Byres. Finally, on oversight, Byres said Apra found shortcomings in the oversight by board remuneration committees of remuneration practices and framework. From insufficient challenge to insufficient documentation, it was clear that stronger governance of executive remuneration was needed. To provide a proper risk lens to any performance assessment, a more structured and systemic contribution from the risk functions within banks would be needed.

Apra intends to strengthen its prudential requirements in the three areas but has made clear that boards and senior executives shouldn’t wait to act themselves to improve the design and implementation of their remuneration frameworks.

Concluding, Byres questioned whether the quantification of risk management via concepts such as value at risk, probability of default, Monte Carlo simulations, etc, had created a blind spot for the types of risk that are difficult to quantify. “The finance industry, and the risk profession that serves it, has a natural affinity for measuring things in dollars and cents, percentages and basis points. But that means the conventional risk management frameworks and processes find it difficult to grapple with difficult to quantify risks, such as those relating to behaviour and reputation. If what gets measured gets managed, then I suspect that has played some role in bringing the industry to where it is today.”

Byres also cited former president of the New York Fed, Bill Dudley, who said increased regulation was an insufficient substitute for trust. “As much as we might help, you will have to do the heavy lifting. It will ultimately be the industry’s collective behaviour that determines the extent to which the trust and confidence of the community is regained,” Byres concluded.

During Sibos, Club@Sibos will publish an overview of the regulatory response to the global financial crisis, ten years on.