The former Australian Securities & Investments Commission deputy chairman, who joined the IBM-backed, Washington-based Promontory last year, said regulators were increasingly taking a more proactive stance towards market problems rather than being reactive.

“There is a greater focus on outcomes rather than the process. It is not just a question have you handed over the disclosure documents but are you generating the right outcomes for customers. There is (also) a focus on governance and culture in the accountability piece … (And) a greater focus on gathering more data, having higher expectations around reporting and a greater expectation around transparency,’’ Mr Kell said.

“What we are seeing is those developments are occurring across the whole regulatory spectrum — APRA, ASIC, ACCC and Austrac.

“Technology is very much part of that, it is on the radar of all these regulators and they are being more upfront about firms managing technology risk.

“How will it increase or reduce the risks?

“That is something we are increasingly building into our work with these organisations.”

Promontory has been reviewing the risk management failures at Westpac, which saw the bank fail to report millions of money transfers to Austrac, including some which could be linked to child abuse in The Philippines.

The failures resulted in the bank agreeing to pay a $1.3bn fine in September last year and led to the departures of CEO Brian Hartzer and chairman Lindsay Maxsted.

Before securing the Westpac contract, Promontory worked on the Commonwealth Bank’s internal review following its own AUSTRAC enforcement matter in 2017.

Mr Kell said APRA had recognised that key players in the financial services sector had strengthened their control environment for the provision of technology services in the cloud, which would assist their regulatory compliance.

“But APRA still expects to see the board, the governance committee or the relevant executives to be informed and up to speed on any technology initiatives such as cloud initiatives,” he said.

“That is an area which boards are grappling with. That will continue for a while yet. Being able to incorporate technology with the regulatory requirements is fundamental. You can’t look at them separately.

“Directors don’t have a choice. They do need to be on top of the technology initiatives and the associated risks and they need to ensure they have the right skills mix on the board.

“It is not just an issue for the technology guy.”

The latest IBM Institute for Business Value CEO Study 2021 based on interviews with over 3000 CEOs across 28 industries, finds regulation to be the second most important external force that chief executives say will affect their businesses in years to come.

This is the first time regulatory concerns have been ranked so high in 17 years of chief executive research.

IBM has been focusing its strategy on the hybrid cloud market, which allows companies to connect public cloud providers with private cloud infrastructure as the technology giant builds out new regulatory compliance controls

IBM VP, cloud platform, Jason Jameson said the firm was advocating a holistic approach across business and technology to manage risks and meet regulatory expectations on the journey to the cloud.

“Compliance will move to a real-time compliance that is handled by technology,” he said.

“The big area we are addressing is this third and fourth party risk and the organisations that those organisations use. We are focused on bringing those folks into the fold.”

Mr Kell, who was the key driver of much of ASIC’s financial sector policy, resigned from the corporate regulator in September 2018 after his tenure had been extended for 12 months in May that year so he could lead ASIC’s response to the Hayne royal commission.

He said his focus at Promontory had been on remediation work to uplift risk management, compliance, culture, governance and accountability across the financial services sector.

“That is a big focus for Promontory. Working with key players in the sector to help them uplift all that and to provide assurance to the regulatory authorities that the progress is occurring. That has been a big focus and will continue,’’ he said.

He said his return to the private sector had highlighted for him “up close how significant the changes are that are happening in these financial firms”.

“These cultural changes don’t happen overnight. They take a lot of hard work. They take a lot of management and board time. But they have to if they are going to be sustainable. That is one of the reasons why if you can get technology as part of the solution helping you, it is going to be critical,’’ he said.

“These changes to the culture of firms is a hard slog but but it is vital.”

More Coverage

APRA makes it harder to be a bank

Richard Gluyas

APRA releases 2021 to-do list

David Ross

New year brings chance for new blood at watchdogs

John Durie

More related stories

Financial Services

No surrender: Wilson-Bolton war in its final stages

The long-running conflict between Geoff Wilson and Nick Bolton must be amongst the most expensive and all-consuming in Australian financial services in recent decades.

Read more

Economics

Keep up: How CEOs are navigating the Trump frenzy

Some of Donald Trump’s biggest calls are sending financial as well as strategic shockwaves through business. And they’re all unfolding in real time.

Read more