The Australian Prudential Regulation Authority (APRA) has agreed to a Court Enforceable Undertaking (CEU) from Westpac Banking Corporation (Westpac) pledging to lift substantially its efforts to address risk governance deficiencies.
The CEU comes after APRA expressed concerns with the bank’s progress in remediating weaknesses including an immature and reactive risk culture, unclear accountabilities, capability shortfalls, and inadequate oversight.
APRA’s concerns arose from the findings of the risk governance review into Westpac that APRA commenced in response to AUSTRAC’s allegations of anti-money laundering (AML) breaches in December 2019. APRA also examined risk governance reviews conducted by Westpac and third parties over the past year, including Westpac’s own June 2020 Reassessment, which highlighted that the change achieved in risk governance since its 2018 self-assessment had only been “incremental”.
APRA’s analysis of the material concluded that:
Westpac’s Customer Outcomes and Risk Excellence (CORE) Program is not sufficiently far-reaching to address effectively wide-ranging risk governance gaps and carries high execution risk;
long-standing weaknesses remain unaddressed, and have contributed to new prudential issues; and
weak execution was a key root cause of the bank’s risk governance issues.
APRA’s conclusion is that Westpac has failed to deliver the expected risk governance improvements despite almost two years of remediation. This has undermined APRA’s confidence in Westpac’s ability to remediate these weaknesses in a timely manner.
Westpac has acknowledged APRA’s concerns. The CEU signed today requires Westpac to:
develop an integrated plan that incorporates all its major risk governance remediation programs, covering both financial and non-financial risks;
obtain independent assurance over the implementation of the plan with direct reporting to APRA; and
assign accountabilities for delivery of the plan to named executives and Board members and incorporate outcomes into remuneration decisions.
APRA Deputy Chair John Lonsdale said the CEU provided greater assurance of Westpac’s determination to more effectively execute its risk governance remediation work.
“As one of the country’s largest and most important financial institutions, Westpac should be a leader in risk management. Although the bank has made progress in some areas over the past year, it is not good enough. We continue to observe new prudential issues arising while long-standing weaknesses persist, and we believe Westpac’s governance, culture and accountability frameworks and practices are still in need of a substantial uplift.
“APRA’s concerns have been communicated directly to the Board and senior management with the clear message that the magnitude of improvements that Westpac needs to deliver requires a deep commitment to change at all levels across the organisation.
“Entering into a CEU is a serious step that indicates the severity of the situation. The integrated plan required by the CEU must be designed to deliver the sustainable risk governance step-change that APRA requires,” Mr Lonsdale said.
In December 2019, APRA increased Westpac’s operational risk capital add-on to $1 billion. The $1 billion capital add-on will continue to apply until such time as it has completed the risk governance activities set out in the integrated remediation plan to APRA’s satisfaction.
The Australian Prudential Regulation Authority (APRA) is the prudential regulator of the financial services industry. It oversees banks, credit unions, building societies, general insurance and reinsurance companies, life insurance, private health insurers, friendly societies, and most members of the superannuation industry. APRA currently supervises institutions holding $6.5 trillion in assets for Australian depositors, policyholders and superannuation fund members.
Subscribe for updates
To receive media releases, publications, speeches and other industry-related information by email