The Australian Prudential Regulation Authority (APRA) has agreed to a court enforceable undertaking (CEU) from Bank of Queensland Limited (BOQ) acknowledging its past risk management and risk culture weaknesses and committing to rectify these serious issues.
The CEU follows several breaches of APRA’s prudential standards in 2022 and 20231, and APRA’s prudential review into BOQ’s operational risk, compliance and risk culture. The CEU also incorporates the findings of an independent report on the root causes of these issues, which was completed at APRA’s request in April 2023.
BOQ has acknowledged the weaknesses set out in the CEU and has agreed to:
- prepare a remediation plan that details all activities BOQ is undertaking, or will undertake, to address the weaknesses, with a clear timeline for implementation, and that specifies the Accountable and Responsible Persons for each activity;
- submit the remediation plan to APRA for approval and address concerns APRA may have; and
- appoint an independent reviewer to provide written reports on the implementation of the remediation plan, whether it is sustainable and whether further work is necessary to ensure the root causes of the material weaknesses are addressed.
In addition, APRA will require BOQ to hold an operational risk capital add-on of $50 million to take effect from 30 May 2023. The capital add-on will remain in place until such time as BOQ has delivered the remedial action plan under the CEU to APRA’s satisfaction.
APRA notes today’s announcement by the Australian Transaction Reports and Analysis Centre (AUSTRAC) that it has agreed to a separate enforceable undertaking from BOQ. APRA and AUSTRAC have worked closely together to ensure that their respective actions are appropriately co-ordinated and avoid unnecessary duplication.
APRA Chair John Lonsdale said: “Although BOQ is financially sound and comfortably above its core capital and liquidity requirements, there are significant gaps in its risk management framework that must be addressed as a priority, particularly in the non-financial risk, anti-money laundering and counter-terrorism financing spaces.
“The CEUs announced today, combined with the capital overlay that APRA has applied, provide a strong platform and clear incentives for BOQ to deliver on this important remediation agenda.
“I have communicated APRA’s concerns directly to the BOQ Chair and CEO. They understand what we require, have taken important steps towards being able to deliver that in recent months, and we look forward to receiving and approving a final, comprehensive remediation plan that will address the underlying issues raised,” Mr Lonsdale said.
*An updated version of APRA's enforceable undertakings register can be found at: Enforceable undertakings register.
1 The breaches relate to paragraph 51 APS: 210 Liquidity, CPS: 231 Outsourcing and CPS: 232 Business Continuity Management.