The Australian Prudential Regulation Authority (APRA) has released a report analysing the self-assessments carried out by 36 of the country’s largest banks, insurers and superannuation licensees in response to the Final Report of the Prudential Inquiry into Commonwealth Bank of Australia
APRA wrote to the institutions’ boards last June asking them to gauge whether the weaknesses uncovered by the CBA Prudential Inquiry also existed in their own companies. The landmark CBA inquiry had found that continued financial success dulled the bank’s senses, especially with regard to the management of non-financial risks.
After receiving the self-assessments last December, APRA’s frontline supervision teams carried out detailed analysis and benchmarking of their quality and the key issues that institutions identified.
APRA noted a wide variation in the quality of the self-assessments; most institutions recognised the opportunity provided by the findings in the Final Report to critically examine their own organisation , however a small number of institutions took a lighter touch approach and viewed it as an exercise for APRA rather than an opportunity to drive improvement.
Consistent findings in the self-assessments included:
non-financial risk management requires improvement;
accountabilities are not always clear, cascaded and effectively enforced;
acknowledged weaknesses are well-known and some have been long-standing; and
risk culture is not well understood, and therefore may not be reinforcing the desired behaviours.
APRA Deputy Chair John Lonsdale said it is clear that many of the issues identified within CBA are not unique to that institution.
“Although the self-assessments raised no concerns about financial soundness, they confirmed our observation that industry is grappling to manage non-financial risks, such as culture and accountability,” Mr Lonsdale said.
“The self-assessments provided valuable insights into the depth and totality of issues, and how institutions were addressing them. It was also interesting to observe the generally positive assessments boards and senior leadership teams had of their own performance, even when they had identified serious weaknesses in their institutions.
“It was not always evident that institutions clearly understood the drivers of their findings. Therefore, there is a risk that any planned action to address weaknesses may not be effective or sustainable.”
APRA is considering applying additional capital requirements to several regulated institutions after an analysis of self-assessments found material weaknesses in the governance and management of non-financial risks. APRA is also seeking assurances from all boards that the weaknesses identified in their self-assessments will be addressed as a matter of priority in an effective and sustainable manner.
Mr Lonsdale said the findings would be used to help APRA better target its efforts to lift standards of non-financial risk management, as outlined in its 2019 Policy Priorities document.
“APRA will shortly write to the boards of all participating institutions providing tailored observations on their self-assessments. Boards should expect increased supervisory scrutiny of their institutions as they implement remediation actions. Also, in a number of cases, the weaknesses identified in the self-assessment were sufficiently material that APRA is considering stronger supervisory responses, including the application of an operational risk capital overlay,” he said.
“Boards must be committed to uplifting governance and management of non-financial risks. Where this commitment is not forthcoming, APRA will consider the need for further regulatory action. We also continue to encourage those institutions that have not yet done a self-assessment to do so as a valuable means of identifying and addressing weaknesses in their business.”
A copy of the publication is available below: