Banks, insurers warned of more financial hits
Banks risk more financial blows unless they deal properly with governance, culture and pay issues, says APRA.
The prudential regulator’s deputy chairman John Lonsdale has warned banks and insurers they risk further financial hits unless they adequately deal with governance, culture and pay structures after the bruising Hayne royal commission.
In a speech to the 2019 Actuaries Summit, the Australian Prudential Regulation Authority’s Mr Lonsdale said the big four banks had already spent or set aside $7 billion collectively to fix systems and repay customers after failing to get on top of non-financial risks.
“That’s the thing about non-financial risks: left unaddressed, the consequences become distinctly financial in nature,” he added.
“In the wake of the royal commission, our major banks have seen their profits eroded by the cost of remediating aggrieved customers and upgrading or putting in place systems to stop it happening again.”
Mr Lonsdale also highlighted ramifications for senior staff stemming from the Banking Executive Accountability Regime, which applies to all deposit-taking institutions from July and is already in place at the big banks.
“In short, the consequences of failing to properly identify, assess and mitigate risks, especially non-financial risks, are higher and potentially more expensive than they have been for many years,” he said.
Mr Lonsdale cautioned that vigilance over cyber-attacks and protecting a company’s reputation should be a priority for financial institutions.
“Overseas, successful cyber-attacks have caused major financial and reputational damage to some of the world’s largest companies, including Yahoo, Marriott and eBay,” he said.
“APRA has warned repeatedly that it’s only a matter of time before an Australian bank, insurer or super fund falls victim to a cyber-attack, and noted that – in a worst-case scenario – such an attack could threaten the entity’s viability.”
Mr Lonsdale also called on actuaries to be more alert to calling out lax governance and poor practices.
“APRA has provided the platform and handed over the microphone; actuaries need to turn it on and speak up,” he said.
“To be truly effective, actuaries must be prepared to probe, test and challenge boards and management about the wisdom of their decisions, and potential risks they may not have fully considered.”
APRA’s new cross-industry standard, CPS 320 Actuarial and Related Matters, comes into effect on July 1. It outlines that the purpose of the appointed actuary is to ensure board and senior management have “unfettered access to expert and impartial actuarial advice and review”.
On draft changes to pay practices under the prudential framework, Mr Lonsdale said industry should expect them to propose: “longer vesting periods, greater scope for malus (financial penalties) or clawback, and less focus on short-term financial metrics in setting variable remuneration”.
“APRA will not be determining what executives get paid; we will not be dictating what companies’ corporate culture should be, or prescribing the composition of their board,” he added of the changes which are set to be released in coming weeks.
“Our role is to ensure the companies we supervise have effective systems and frameworks in place that optimise their ability to meet the financial commitments they make to their customers.”
In March, APRA chairman Wayne Byres said the current system, where pay was largely based on the achievement of financial targets, would have to change, giving way to a new regime where financial and non-financial considerations held equal sway.
In his speech, Mr Lonsdale also reiterated APRA’s tougher approach to enforcement after the regulator was heavily criticised by the Hayne royal commission for being too soft.
“We will be less patient with the time taken by uncooperative entities to remediate issues, more forceful in expressing specific expectations, and prepared to set examples using public enforcement to achieve general deterrence.”
He told the conference a new regulatory standard on information security - which takes effect in July – was aimed at bolstering entities’ resilience against cyber-attack risks, and noted APRA would “shortly be releasing” updated guidance in that area.
ACCC to launch new cartel actions, warns on crypto fraud
The Australian Competition and Consumer Commission is concerned about influencers peddling get rich crypto scams in the wake of proposed deregulation of the sector by Trump.
Why Goodman’s AI pivot has a big message for investors
The veteran property investor is replaying the strategy that turned a small commercial property trust into a $70bn industrial powerhouse.