Outcomes thus far reflect instances of failures of leadership, governance and accountability, as well as complacency about governance and culture, and a lack of management non-financial risks.
One example highlighted by the Banking Royal Commission (BRC) is Commonwealth Bank (CBA’s) audit committee sitting over a “red” audit report, a second report noting the issues had not progressed, and a third report about the failure to close issues in a timely manner.
APRA stated that while the CBA audit committee had been diligent, it had “exhibited a lack of rigour and urgency in holding management to account”.
In this paper, we share what we have seen arising from the BRC and how organisations can use these outcomes to continuously improve their governance structures and processes.
- Impact on the board’s role, composition and operation, performance evaluations for all boards and committees (how often, how prescriptive?)
- Risk identification and remediation is not just reactive and complacent but empowered, challenging and striving
- Adoption of a proactive approach for managing and reporting on operational risk and compliance controls
- Assurance that senior management is appropriately governing risk and focusing on the quality, independence and reliability of internal processes to manage risk
- Board supports leading technology innovation, exhibits a high level of trust in management and identifies areas to enhance governance practices
- Comprehensive reporting that clearly highlights matters warranting specific attention
- See Figure 1 - "Governance Maturity Model"
- Tailored content - don’t get lost in detail!
- Quality data, advanced analytics, tracking of risk mitigation, not just completing actions/"box ticking"
- Reporting on operational and compliance risk in a detailed and proactive manner
- Boards with capabilities in operational risk and compliance, as well as risk culture
- Board to have a highly visible presence in dealing with both non-financial and financial risks
- Sales incentives harming financial industry integrity - leading to poor customer outcomes
- Systematic application of remuneration and work systems that drive employees to sell/push products/services to customers
- Nature of accountability, reinforced by remuneration practices
- Formal remuneration framework with a strong link to organisational values, and risk and compliance outcomes
- Risk gate opener that allows for rewarding via performance-based remuneration because of good risk management
- Recognition of good management - adjust remuneration to encourage business to raise issues
- Increased transparency/ prioritisation of remedial activities
- Non-complex, transparent remuneration framework
- Proactive reporting approach highlighting key indicators related to risk and reputation
- As stated by Australian Institute of Company Directors (AICD), every board and director in Australia should focus on this.
- Risk culture consistent with risk appetite and strategy should be embedded across the business.
- Messaging from leadership drives cultural change; senior leadership demonstrating a commitment to objectives through actions.
- Staff should understand what is expected of them, take ownership and escalate issues quickly.
- The Board's interaction with business for lapses in internal controls and "red" audit issues create a strong sense of accountability.
- Regular interactions on audit issues allow the Board to directly set the tone on having a sound control environment.
- Constructive challenge throughout senior management and Board
- Clear roles and responsibilities across business units (not a federated organisational structure)
- Proper reporting on issue closure and appetite for consequence management
- A proactive culture with respect to addressing risk management shortcomings
- Investment by leadership in tools and systems that support effective risk management
- Proactive leadership culture and timely compliance with regulatory requests
Read more about the Banking Royal Commission >>