Conduct Self-Assessments

May 23, 2019

 

 

Earlier this week, the Australian Prudential Regulation Authority (APRA) released the self-assessment report into governance, culture and accountability.

 

This report comes after APRA reached out to major financial institutions last June, and focusses on the review of Australia’s 36 financial institutions regulated by APRA.

 

In its earlier report, APRA highlighted a number of underlying themes that were not unique to the failings APRA found in CBA’s own approach to risk and compliance when concerning non-financial risks. Those themes included:

  1. Non-financial risk management needs improvement.

  2. Accountabilities are not always clear, cascaded and effectively enforced.

  3. Acknowledged weaknesses are well known and some have been long-standing.

  4. Risk culture is not well understood and therefore may not be reinforcing the desired behaviours.

Despite these common themes, those organisations which did self-assess don’t appear to accept that they, too, may have fallen prey to complacency.

 

According to the Information Paper:

 

They have, however, generally rejected the notion that the cultural traits of complacency, insularity and collegiality underpinning the Prudential Inquiry findings are prevalent.

 

 

Self-assessment as opportunity

 

The regulator said that ‘most’ organisations saw this self-assessment as an opportunity to examine their own processes critically; however, APRA also noted that other organisations may have approached it more as a ‘tick the box’-type exercise.

 

According to the Information Paper: 

 

At the other end of the spectrum, a small number of institutions approached the self-assessment largely as an exercise for APRA, rather than an opportunity to drive improvement. These institutions applied a lighter-touch process, such as a ‘tick the box’ approach, and justified this by indicating that the issues detailed in the Final Report could not and do not apply to them given the different scale or business models of their respective operations.

 

The regulator expressed concern that, while most organisations did take the exercise seriously, most failed to discover any new insights. APRA believes this failing may well be indicative of a lack of understanding of the problem and may lead to a repeat performance of wrong-doing.

 

Another cause for concern noted by APRA was that the reports were a ‘bit thin’ when it came to examining the link between senior management and remuneration.

 

This is an area that came under significant scrutiny during the Royal Commission into Banking Superannuation and Financial Services Industry, as a magnifying glass was focused over the link between variable remuneration and the compliance failures. This lack of detail was also extended to the ability of senior management to articulate culture.

According to the Information Paper:

 

Many institutions either struggled to articulate their assessment of culture or provided little evidence to support their assessment. While APRA acknowledges the challenges of measuring and analysing risk culture, it appears that there remains significant scope for improvement in this area.

Please reload

Suggested Posts
Please reload

Tags
Please reload

©2018-2019 by The GRC Institute - Governance, Risk & Compliance.  ABN: 42862119377