Wayne Byres, Chairman - House of Representatives Standing Committee on Economics
Thank you for the opportunity to appear this morning. I would like to make a few opening remarks to update the Committee on our activity since last we spoke to you in August.
Given it has dominated the headlines over the past couple of weeks, I would like to start with a few brief comments on the AUSTRAC statement of claim in relation to Westpac.
These are very serious allegations which have caused us, as the prudential regulator focused on the financial safety of institutions and the system, to carefully consider what they mean for the prudential standing of Australia’s second largest bank. The bank is financially strong, but the AUSTRAC matter has raised issues of governance, culture and accountability in relation to risk management, particularly as it relates to AML/CTF obligations. While we must be careful not to duplicate or cut across matters for which AUSTRAC is the appropriate regulator, and which are before the Courts, we are actively considering what further action by APRA is required. This includes examining whether obligations under the Banking Executive Accountability Regime have been met, and how Westpac’s management of operational and compliance risks more broadly needs to be enhanced. As would be expected, we are also ensuring we closely coordinate our activities with our fellow regulators – especially AUSTRAC and ASIC.
With all of the attention on one institution, it is essential not to lose sight of other issues which are important for delivering a sound and resilient financial system. Since the August hearing, we have published our Corporate Plan for 2019-2023. The Plan is built on the recommendations from, amongst others, the Royal Commission and Capability Review, and sets out four key community outcomes that we are seeking to deliver for the Australian community:
- maintaining financial system safety and resilience;
- improving outcomes for superannuation members;
- transforming governance, culture, remuneration and accountability within the financial sector; and
- improving cyber resilience across the financial system.
These are key areas in which I expect the Committee will want to explore, so let me say a few words about each.
From the perspective of traditional metrics, the financial system and most entities within it are financially sound and resilient. This is important, and shouldn’t be taken for granted. It serves the Australian community well – a thriving economy cannot be sustained without a well-functioning financial system. And it is important that this strength has been built up, because there’s no doubt that competition, regulatory change, increasing community demands and technological disruption are stretching the ability of participants to adapt and evolve. Not all will do so. Very low interest rates, while undoubtedly appropriate for the economy as a whole, are adding further headwinds to the financial sector. Profitability, and therefore capital generation – essential for balance sheet growth – will come under more pressure.
This is, and will remain, a core area of focus for APRA. The Capability Review recognised this as our traditional strength, and stressed the importance of not jeopardising this strength as we embrace a broader range of tasks. APRA has successfully delivered on its core mandate – the financial safety of regulated entities and a sound and resilient financial system – over a long period of time, and we certainly intend to continue to do that.
Superannuation fund heatmap
When it comes to improving outcomes for superannuation members, we recently announced the details of a major initiative to bring greater transparency to the performance of trustees.
Trustees have the privilege of managing trillions of dollars of members’ retirement savings – not the right to manage them. Many, but not all, treat that privilege very seriously. Our superannuation heatmap – designed to provide important information on the outcomes being delivered by every MySuper product – will be published in full next week, and represents a major leap forward in transparency and accountability in the superannuation industry.
Our goal with the heatmap is simple: to help drive better member outcomes by shining the light on those MySuper products that need to improve. For the past couple of years, we have been focused on using data to weed out the under-performers in the industry. We have seen reductions in costs and, in some cases, changes of trustee as a result. However, when coupled with new regulatory powers and penalties provided by the Parliament earlier this year, our heatmap means APRA is now much more well-equipped to take these efforts to a whole new level.
In addition to the heatmap, APRA has launched a multi-year project to upgrade the breadth, depth and quality of our superannuation data collection. APRA’s Superannuation Data Transformation project aims to help deliver better industry practices and improve member outcomes by significantly enhancing the comparability and consistency of reported data. As part of the Stronger Super reforms in 2013, we substantially upgraded the superannuation data collection from what it was – the number of data items and options collected increased ten-fold at that time – but it was primarily focused on data needed to support assessment of the new MySuper products. To reduce burden and promote efficiency, we also aligned reporting obligations to accounting standard requirements and proposed product dashboard definitions for data on expenses, investment performance, fees and costs.
Unfortunately, the comparability and consistency of that information has proven inadequate. Choice creates a major challenge, as there are well over 40,000 superannuation investment options on offer. We will have to be more prescriptive in what we ask for, and potentially diverge from other reporting requirements in some areas. That will come at a cost to the system. But being able to genuinely assess member outcomes requires more granular product and investment option level data. On this score, there is no choice.
Governance, remuneration, culture and accountability
The fact that shortcomings in governance and risk culture continue to emerge in the financial services industry is concerning and shows the importance of our work to transform governance, culture, remuneration and accountability – or GCRA as we have come to short-hand it. It also shows there are no quick fixes.
Last month, APRA published its plans to significantly scale up the intensity of its supervision in this area. The new approach builds on a program of work that APRA commenced in 2015, including APRA’s thematic reviews of risk culture and remuneration, the Prudential Inquiry into the Commonwealth Bank of Australia, and the results of the subsequent self-assessments of a range of large financial institutions. It also responds to recommendations from the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry and the APRA Capability Review. It is facilitated by additional funding approved by the Government in the 2019 Budget.
Our intensified approach establishes a supervisory framework and methodology designed to strengthen the resilience of financial institutions by addressing, and ideally preventing, issues of poor risk governance, misaligned incentives and misconduct that have undermined public confidence in the financial sector over recent years. It is, we believe, at the forefront of international practice in many areas.
Under the broad banner of GCRA, an area of great interest has been our proposals to overhaul the prudential requirements in relation to remuneration.
The new standards are intended to require boards to ensure their remuneration practices reward the right behaviours, improve accountability and promote effective management of financial and non-financial risks. They also respond to the recommendations of the Royal Commission. We are not setting caps on executive pay, but we have proposed a limit on the use of financial metrics to determine variable remuneration, and increasing bonus deferral periods: in the case of CEOs of the largest institutions, this would be for seven years, with an additional capacity for clawback beyond that.
Our consultation on the proposals closed in late October and we are currently going through 74 substantial submissions received. As I said in a speech recently, our proposals – which are far more prescriptive than we have traditionally been about remuneration practices – have caused a fair amount of angst. The concerns have come from entities, industry bodies, investors and shareholder groups, and we are considering all of the issues carefully. We are not wedded to the specific proposals we put out for consultation, but equally we have been clear that the status quo will not be acceptable.
We plan to release our response to the feedback we received from the consultation process early next year.
There is no doubt that cyber risks are increasing in importance, and cyber-attacks on financial institutions are nowadays a routine occurrence. APRA cannot prevent cyber-attacks from occurring, but we think it important we play a role in ensuring regulated institutions are resilient to cyber-attacks through prevention, detection and response capabilities.
Over the past year, we have set clear – and legally binding – requirements in relation to cyber hygiene in the form of our new Prudential Standard CPS234, which came into force in the middle of this year. We are matching that with a strengthening of our ability to assess the cyber resilience of the institutions we regulate, as well as utilising third party expertise for deeper assessments where we think it’s necessary. And we are strengthening our alliances with peer regulators and other government agencies to ensure we are aligned with and contributing to Australia’s 2020 Cyber Security Strategy.
All of these are positive and important steps in lifting the cyber resilience of the financial system. Yet it also needs to be acknowledged that the current regulatory framework is not designed for clouds, ecosystems and partnership models. Not only do regulators need new skills, resources and partnerships, but possibly new powers to ensure that as critical functions and data move outside the regulatory perimeter, we are able to satisfy ourselves that the requisite level of safety and control remain in place. As we develop our new cyber supervision strategy, we will need to consider how best to tackle these issues.
I will conclude by simply noting that there is much I do not have time to cover. Since we spoke to this Committee in August, we have produced our 2018/19 Annual Report, delivered and published 13 speeches on our plans and activities, updated our enforcement approach, and released a number of major papers, including one that explains how APRA balances a range of considerations to deliver on its mandate to keep the financial system safe for the benefit of the Australian community. We published last Friday an updated APRA-ASIC MoU, embedding stronger and closer cooperation between the two agencies, and today will be announcing measures designed to improve the viability of disability income insurance products. And finally, today also marks the move to a new organisational structure for APRA, including a division dedicated to superannuation as recommended by the Capability Review. My colleague Suzanne Smith, who is appearing before this Committee for the first time today, will be leading that division as its Executive Director.
With those remarks, my colleagues and I are pleased to answer the Committee’s questions.