Banking royal commission: CBA admits risk management failures
CBA’s chief risk officer concedes the bank’s risk management is not up to scratch, and it did not properly log misconduct.
The Commonwealth Bank’s chief risk officer, David Cohen, has admitted the bank’s risk management is not up to scratch, telling the financial services royal commission that the bank lacked compliance policies, had substandard control of non-financial risks and was not able to properly log misconduct.
Mr Cohen made the admissions under questioning from commissioner Kenneth Hayne, who wanted to know why the bank found it so difficult to produce details of misconduct that he demanded from it at the start of the year.
The bank earned Mr Hayne’s wrath for failing to meet a deadline to hand over the confession file, and for producing a series of difficult-to-read spreadsheets.
Mr Hayne asked: “What if anything does that course of events tell me about Commonwealth Bank’s capacity at the start of this calendar year to identify events, including breaches of law, in the immediately preceding five or perhaps 10 years?”
“I think it tells you the state of our systems that record and aggregate instances of misconduct … were not particularly advanced, they were not particularly well connected,” Mr Cohen responded.
He said the bank logged different instances of misconduct in different systems in different business units.
The risk management division had a risk insight tool that generated the spreadsheets provided to the commission that was supposed to be a central repository of misconduct data, he said.
“However the great difficulty we had is the ability to use that tool to search … is extremely limited.
He said this inability to aggregate also reflected on CBA’s ability to manage compliance and reputational risk.
“The governance forums, whether it be at management or board level for bringing to attention and escalating the conduct issues, have not been strong enough,” he said.
“One of the issues at the executive management level that we have lacked — and this has been pointed out by APRA — is that we have lacked an executive non-financial risk forum.”
The company was quite good at managing financial risks but “the same emphasis has not been placed on non-financial risk such as conduct and reputational issues”, he said.
Mr Cohen said the bank was now developing a compliance register for every one of its businesses.
“I don’t think it quite leads to, yet, a simplification of policy,” he said.
“It it is fair to say, commissioner, that we have lacked compliance policies, to some degree.”
Mr Hayne suggested that underneath the “very large raft” of regulations covering banking there were four or five readily grasped ideas.
These were don’t mislead or deceive, don’t act unconscionably — “or, be fair” — use “due skill and care” and obey responsible lending obligations.
Mr Hayne asked: “Strip a lot of the detail of the legislation and you won’t capture all the nuances in those four or five ideas but for the bank officer on the ground, is that something that the bank officer needs to be told are the informing principles that lie behind compliance?”
Mr Cohen agreed.
He said that in the past there had been “clouding through multiplicity” of basic principles as more layers of regulation were added.
“It is sometimes difficult to distil the fundamental essence of all the obligations out of all that,” he said.
Add your comment to this story
ASIC to pursue fiscal rogues
ASIC has vowed to test the law to its fullest in tackling financial crime and deterring future misconduct within the fiscal sector.
Bligh urges legal action to build trust
ABA chief Anna Bligh is urging the next government to introduce an industry reform bill within 100 days.
To join the conversation, please log in. Don't have an account? Register
Join the conversation, you are commenting as Logout