Released in April, the APRA report into CBA’s culture gives a nuanced explanation of how the bank, a financial icon with innovative customer facing technology, could have engaged in systemic misconduct.

This report concluded the financial success of CBA led to inadequate management of the non-financial risks (operational, compliance and conduct risks) which was a failure of corporate governance (oversight) at the board and executive level. The lessons these corporations and their directors need to recognise, and in many cases remedy, are:

Don’t blame bad apples

The fact generally similar conduct occurred in all of the major entities suggests the conduct cannot be explained as a “few bad apples”.

That characterisation serves to contain allegations of misconduct and distance the entity from responsibility. It ignores the root causes of conduct, which often lie with the systems, processes and culture cultivated by the entity.

It does not contribute to rebuilding public trust in the financial advice industry.

The misconduct acknowledged by the major entities gives rise to broader questions than those answered by the few-bad-apples response.

Most chairmen and CEOs of financial entities whose misconduct has been identified accept that high-level expressions of sorrow and regret are no longer sufficient. They now need to acknowledge:

● That misconduct identified prior to and by the royal commission was systemic;

● That they failed to introduce new cultural norms required to comply with legislation regulating responsible lending and financial advice;

● That they now approach their customers through the lens of commercial morality; and

● That they accept they failed to prevent, detect and appropriately punish misconduct because they failed to identify the material conduct risks which they faced.

Finally, they are now committed to a comprehensive overhaul of their corporate governance and risk management and timely remediation for customers where it is required.

Primary causes

The royal commission in its interim report last September was correct in stating there was failure of culture and corporate governance in financial entities which led to systemic misconduct.

I disagree that greed, profit and remuneration were the primary factors for the failure to prevent, detect and remedy the misconduct. However, the APRA CBA report more accurately identifies the reasons.

Ultimately, it is the board of a bank which is responsible for its prudent risk management. The board provides direction to senior management by identifying the principal risks facing the bank and by setting its risk appetite.

The board delegates to the chief executive and senior management primary ownership for implementing sound risk management practices and controls in line with the risk appetite.

It is management’s job to provide leadership and direction to the employees in respect of risk management and to control the institution’s overall risk-taking activities in relation to the agreed appetite for risk.

Thereafter, the board assures itself on an ongoing basis that senior management is responding appropriately to these risks.

The ability of the board to effectively challenge senior management is influenced by the style of the chair and the expertise of the directors but it also relies critically on boards being provided with comprehensive reporting that clearly highlights matters warranting specific attention.

Risk management reports to the CBA board had limited detail on the risk profile of the organisation and the trajectory of new and emerging risks.

I surmise this led to the CBA directors being unaware of the emerging conduct risk from Future of Financial Advice and National Consumer Credit Protection laws on the provision of financial advice and credit.

Nor, it seems, did management provide the board risk committee with the information required to determine the cultural change required to ensure employees understood and complied with the new behaviours expected in dealings with customers.

The policy behind the financial services legislation required the providers to consider whether the services provided were in the interest of the customer so that the mindset of the provider would be “should” the service or product be provided to the customer rather than “can we”.

Implementation of changes of this magnitude required strong executive leadership communicated through the levels of middle management. As we have seen in the royal commission, financial entities did not approach the legislation with this mindset but rather resorted to compliance box-ticking which looked at the boundaries of what conduct could be undertaken.

Remuneration

While the commissioner has overemphasised the remuneration arrangements as a principal reason for misconduct, boards should carefully review incentives in remuneration arrangements in light of his criticisms.

My experience is that employees expect variable incentives to reward them for superior service to customers, innovation or skill in dealing with competition or disruption, and for their other contributions to the financial and non-financial success of the company.

I do not support the commissioner’s suggested remuneration model of base salary and a profit fund shared equally, or any prescriptive legislative intervention.

Boards must be allowed flexibility to set remuneration according to their circumstances, subject to the prudential oversight of APRA, which can deliver this regulation more effectively than black letter law.

Simplify the law

In the labyrinthine and overly detailed blizzard of provisions regulating financial advice and consumer responsible lending it is easy to lose sight of the principles behind the regulations.

The more complicated the law, the easier it is for compliance to be seen as asking “can I do this” and answering the question by ticking boxes instead of asking “should I do this?”

There is every reason to think the conduct examined in this report has occurred when the only question asked is: “Can I?”

We need referral of financial regulation to the Law Reform Commission aided by experts from the financial services sector, regulators and academics to fix this issue.

Proactive regulators

The commissioner was highly critical of ASIC and APRA in not enforcing misconduct through the courts.

He strongly advocates for public proceedings to penalise a breach of the law. Both regulators have promptly followed the litigation road map the commissioner set out in his report.

It is disappointing the commissioner failed to make a more thoughtful examination of the merits of enforceable undertakings, which have been highly effective in enabling a company to undertake a cultural change roadmap to comply with the principles of FOFA and promptly remediate misconduct.

While the commissioner’s enthusiasm for litigated outcomes is supported by some academic literature which suggest that negotiated outcomes may promote regulatory laxity, it is not consistent with the UK Conduct Authority’s approach, where settlements appear to be commonplace.

Also, Australia is considering deferred prosecution agreements in areas outside financial services for serious corporate offences which require action almost identical to an enforceable undertaking.

Class actions

A great tide of litigation following on from the royal commission has been forecast by observers. Unsurprisingly, plaintiff class action firms have been the first to commence proceedings and there are seven class actions currently afoot, arising from revelations aired at the royal commission.

Non-financial sector

Both the interim report and the CBA report have profound corporate governance implications for all companies.

They remind all boards they must effectively oversee non-financial risk, its prevention, detection and the management of consequences. They must also identify legislative change affecting their sector and provide leadership in managing cultural changes where it is required.

Directors’ liability

In Australia, public company directors face a significantly higher chance of being liable than US or British directors for a breach of director’s duties by failing to monitor corporate culture risks.

The rise of “stepping stone liability” also suggests directors may be liable for a breach of s180 of the Corporations Act (care and diligence) where they fail to monitor managerial integrity or corporate culture issues.

This form of liability arises where the company breaches a provision of the Corporations Act and the directors have breached their duty of care by allowing the contravention to occur.

Loss of trust

The royal commission report’s disclosure of systemic misconduct by financial entities has eroded the trust of their stakeholders, their shareholders, customers, politicians and the media.

The consequences for financial entities and their directors and shareholders for the misconduct exposed by the royal commission have been profound.

Emerging regulatory litigation and more proactive oversight by ASIC and APRA may distract the board and management from a focus on strategy.

Three of the banks have responded to the serious misconduct in their retail financial advice businesses by announcing their exit from the sector. Only Westpac and AMP will remain.

CBA has entered into an enforceable undertaking with APRA in respect of the recommendations made in the CBA report and other major banks and the AMP may be required to follow. An EU can be a time-consuming process for executives and directors alike

In light of all of these issues, the boards and executives of the major banks and the AMP must accept the lessons of both the interim report and the CBA report.

They must implement effective corporate governance and compliance using the CBA risk management and cultural roadmap and thoughtfully consider the recommendations and criticisms of the commission. They must Complete remediation.

Only then will the slow task of restoring trust with their stakeholders begin.

Kevin McCann is a former chairman of Macquarie, Origin Energy and Healthscope. He is chairman of Citadel and Telix Pharmaceuticals.

More related stories

Banking royal commission

ASIC to pursue fiscal rogues

ASIC has vowed to test the law to its fullest in tackling financial crime and deterring future misconduct within the fiscal sector.

Read more

Financial Services

Bligh urges legal action to build trust

ABA chief Anna Bligh is urging the next government to introduce an industry reform bill within 100 days.

Read more