More attention needs to be paid to the cost of non-financial risks. Certainly, the Australian Prudential Regulation Authority (APRA) will be paying closer attention to those who have not paid enough attention to non-financial risks.
“Failing to adequately manage risks relating to anti-money laundering and counter-terrorism financing laws saw our largest bank fined $700 million by AUSTRAC,” APRA Deputy Chairman John Lonsdale said, at the 2019 Actuaries Summit, held in Sydney.
According to Lonsdale, of the 36 APRA-regulated entities that completed the recently-released information paper on self-assessment, the approach to non-financial risks across these institutions was ‘consistently weak’.
“As a result of the self-assessments, we have intensified and more-precisely targeted our supervision of entities. And in some cases, we are considering imposing additional capital requirements due to the materiality of the weaknesses identified,” Lonsdale said.
“That’s the thing about non-financial risks: left unaddressed, the consequences become distinctly financial in nature. In the wake of the Royal Commission, our major banks have seen their profits eroded by the cost of remediating aggrieved customers and upgrading or putting in-place systems to stop it happening again.”
Lonsdale went on to say that, collectively, the Big Four have already spent $7 billion on fixing these oversights, and that figure is likely to increase.
The other non-financial risk on which the prudential regulator focused was that of cyber-attack, making reference to the major cyber-attacks faced by Marriott, Yahoo and Ebay.
Lonsdale noted that, like the ‘why not litigate?’ approach being adopted by the Australian Securities and Investments Commission (ASIC), APRA will also be ‘constructively tough’ with their own new enforcement approach.
In mid-April, APRA Chairman Wayne Byres indicated that the prudential regulator would follow through on the recommendations from the Enforcement Review, conducted last November.
In addition, Byres stated that APRA will:
adopt a “constructively tough” appetite to enforcement, outlining it in a board-endorsed enforcement strategy document;
ensure APRA supervisors are supported and empowered to hold institutions and individuals to account, while strengthening governance of enforcement-related decisions;
combine APRA’s enforcement, investigation and legal experts in one strengthened support team, ensuring resources are available to support the pursuit of enforcement action where appropriate; and
strengthen cooperation on enforcement matters with ASIC.