Week 1 - Overview of regulatory compliance Complete
docx
keyboard_arrow_up
School
University of New South Wales *
*We aren’t endorsed by this school
Course
8503
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
42
Uploaded by LieutenantFreedom12639
Week 1: Overview of regulatory compliance
The recent Royal Commission into Misconduct in the Banking, Superannuation and Financial Services
Industry highlighted the myriad of issues financial services firms experienced and continue to experience in complying with regulatory obligations, and regulatory and community expectations.
This week, we examine the complexity
of regulatory frameworks and regulators. We look at what the aims of compliance in financial services firms should be. We then look at how those aims can be achieved by way of implementing a comprehensive compliance framework. The framework is built around a way to assess and rank regulatory risks: a Compliance Risk Assessment. Through this process, we collate regulatory obligations into types of risks, assess a firm’s exposure to such risks, examine the effectiveness of existing controls and prioritise action items to address residual risk.
Anatoly Kirievsky (Adjunct Lecturer) Week 1 Speech (Transcript)
In this week, we're going to look at the core of regulatory compliance. We will go through what a regulator is, what they do, and how to set up an overall compliance framework, and we will see that a compliance framework ultimately seats around a concept of compliance risk assessment.
What are my risks?
What are my controls?
How effective are they, and therefore, what do I need to prioritise?
But it's really important to understand why this framework is required.
To understand that we really need to go to the Banking Royal Commission, and the answer to
the Banking Royal Commission. In terms of the Banking Royal Commission, it uncovered misconduct on an industrialist level. We're not just talking about the standard response of, this
is a couple of bad apples trying to do the wrong thing, whilst the overall institution is trying to do the right thing.
We have seen structural problems across some of the biggest and best institutions that we have in Australia. From a regulatory perspective, they looked at what companies have in mind now, what they have in place now, and they said that what currently exists does not work.
The answer for banks is a concept of banking executive accountability regime, and under this regime, institutions have to take reasonable steps to address their risks. But most importantly, there's a concept of individual accountability.
Accountable persons, who are usually senior executives, directors, and a few other nominated
heads of, they face personal responsibility for ensuring that they personally take reasonable steps to mitigate the risks. If they don't take reasonable steps, they face personal risk of being banned from the industry, as well as institutions themselves face the risk of fines that are now
going to go all potentially into billions of dollars.
Now, that it's very clear what the stick is, the carrot is you get to work in the industry.
You get to enjoy the benefits of this work. The stick is you'll get kicked out of
the industry and your institutions will be severely penalised.
Therefore, how do you make sure that you don't get the stick?
The answer is to set up your compliance framework, and that's what we're going to learn about in this week.
Examine the historical factors which led to the regulatory compliance framework.
Understand the aim of regulatory compliance.
Identify key components of a compliance framework.
Describe the CRA process and required data.
TOPIC 1
What is FinTech and what is RegTech?
We define the terms FinTech and RegTech.
Purpose
Before we progress with the course, it's important to understand the meaning of the terms RegTech and FinTech.
In this activity, we review the definition of FinTech and the different components that make up the broad "FinTech" field. We then analyse the definition of RegTech and how the two interact.
Activity Instructions
In this activity you will be introduced to FinTech and RegTech by engaging with some sharing activities and reading and watching some resources. Please follow the instructions provided.
An introduction to FinTech and RegTech Define the terms FinTech and RegTech in your own words. Then, read other students’ definitions before hovering over the card to reveal sample definitions.
You can add your definitions on the Padlet board by clicking on the plus (+) icon. Please include your name and keep your post short (under 50 words). You must submit your definitions by the end of Week 1.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
FinTech and RegTech Defined in students’ words
FinTech & RegTech
FinTech is implementing technology with the financial sector to create an easier and convenient environment to deliver financial services.
RegTech is implementing a regulatory and compliance framework to the FinTech industry to ensure banks are taking responsible measures in providing a financial service.
FinTech
Financial services via technology creating efficient and effective processors to all members
of its eco-system.
RegTech.
The regulatory frame work and compliance processors for consumers and FI's with technology.
Jerome Finette
FinTech and RegTech
FinTech - is the implementation of technological products, services and processes into the financial sector to make their operations more efficient and effective. This can be in relation to how they interact with customers, regulators, employees etc.
RegTech - is a subset of FinTech, is the implementation of technology in order to more effectively and efficiently comply with government regulations and reduce risk breaks in operations.
Callum Hunt FinTech & RegTech Def
Fintech – broadly this is the use of technology in the financial services industry to replace, automate and improve any existing processes or actions performed by a finance business. RegTech – is the use of technology to replace, automate and improve existing processes or
actions required to accurately and more regularly perform compliance checks. The aim is to not only to better comply with Gov regulations but to also protect the business from a variety of risks. Daniel Dumble
RegTech and FinTech
RegTech uses many technologies such as cloud computing, big data, AI, blockchain, machine learning to perform compliance check and reduce financial risk, increase regulatory compliance and stamp out laundering and fraud, which ensure companies are more effective in reaching regulatory compliance.
FinTech is referring to modern technologies used by businesses that provide automated and improved financial services. FinTech & RegTech
Fintech: IT platform and Eco-system innovations that transform the way financial services are delivered by addressing security / privacy concern, remove barrier for entry for new business and minimize the need to rely on 3rd party trust / intermediary
RegTech: is a subset of fintech which will qualify the above attributes but specifically into regulatory framework, technology that making sure compliances happen without the need to rely on 3rd party trust or bias of personnel.
Tan Nguyen
FinTech & RegTech
There are a number of definitions for FinTech and in many ways traditional financial services firms and banks are FinTech’s because they use technology to deliver financial services/solutions. However, I have generally considered FinTech to be more contemporary, customer focused, data drive, agile-run, start-up or disruptive organisations. I consider RegTech to be a subset of FinTech, and again, historically most organisations will have used technology (think ubiquitous scripts, VBA, excel spreadsheets, exception reporting and the like) to manage regulatory compliance risk, but there is a new paradigm emerging, similar to the old vs new FinTech analogy I gave above, strongly innovation, technology and data driven, more effective, automated, efficient solutions. Patsy
FinTech & RegTech
FinTech is a term that has been used in recent years to describe the application of technology to improve time proven financial activities as well as deliver new types of financial activities. In future, the term may be considered superfluous as the nature of modern financial services largely dictates such use of technology as increasingly becoming
the norm. RegTech, being a subset of FinTech, could be defined as the use of technological solutions to facilitate compliance with & monitoring of regulatory requirements & risk management. Andrew Nell
FinTech and RegTech
FinTech (Financial Technology) - the use of technology in aiding the delivery of financial services and solutions to both customers and financial institutions.
RegTech (Regulatory Technology) - used mainly by financial institutions and businesses, RegTech is a subcategory of FinTech that eases financial regulation and makes the process more efficient and accessible.
Dhira T.
FinTech & RegTech - own words
RegTech - a subset of FinTech that's used to assist in a streamlined approach to mitigating risk to flow on to comply with regulation. In this token, this persists in automating some of
the more technically manual processes (i.e., exception reporting).
FinTech - The use of technology, namely applications typically, to reduce complexity, automate and optimise not the organisations internal functions, but also the customers experience - the end user seeks to gain large benefit here. In today's society, FinTech is largely driving a race to the best UX platform that ultimately challenges expectations and conventional norms in traditional finance (and other industries too!).
Mary S
Definitions
FinTech is a Financial service or product provider that aims to compete with traditional financial institutions by using innovative technology to improve systems and experience. RegTech is the technology that is being used to mitigate regulatory risk and compliance in the ever-changing finance industry. Maggie
FinTech is financial sector innovations using technology enabled business models that reduce intermediaries for transactions in entities creating new opportunities for entrepreneurship. In its disruption of traditional financial hierarchy, it has challenged privacy, regulatory & law enforcement frameworks. The first significant growth of FinTech is clearly identified to the 2008 GFC, and now the Covid pandemic will surely create exponential FinTech growth as a response.
RegTech is part of the FinTech ecosystem. Technology & its businesses provide solutions to
how technology can be used to improve the delivery of regulations in finance and banking
systems. The regulator view point & the financial or banking enterprise must find balance for optimal use of emerging innovation and technologies for the good of society.
Kadi FinTech and RegTech
Any technology that allows or performs financial services (digital currencies and wallets, digital retail payment, robo-advisory systems etc) can be defined as FinTech. RegTech is a subset of FinTech, which focuses on technologies to automate the governance and execution of compliance and regulatory requirements.
Fintech - using technology to advance financial services by either creating new business or
enhancing existing business and process. RegTech - a subset of FinTech using technology to meet regulatory requirements. Craig Fulton
Fintech and RegTech
Fintech is a disruptive innovation in Financial Industry
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
FinTech & RegTech
FinTech - the use of emerging technologies to develop both current and new markets within the financial sector. It could be to disrupt current traditional businesses or to create value in the current market. It can also allow traditional capital markets to have new possibilities for raising funds along with investors who need to gain returns on surplus funds held. RegTech being a sector of FinTech, is concerned with the use of technology in increasing efficiency with the regulatory environment for businesses. This could include, within financial services, mandated compliance, KYC and AML requirements. FinTech & RegTech
Fintech –
Is technology used in the Financial sector to deliver services and solutions.
RegTech –
Is the use of technology to mitigate risks, perform compliance and maintain governance as
part of a broad regulatory framework.
G Samuels
FinTech & RegTech
FinTech is the disruptive use of technology to deliver financial services and products to new or existing customers or segments, in a way which reduces the friction experienced by traditional financial services.
RegTech is the use of technology to automate and improve the ability to comply with applicable regulations, or the ability to better regulate financial institutions through the innovative use of technology. Brad Jones
FinTech & RegTech
FinTech is defined as a technology enabled financial services function that automates processes, is cost-effective long-term and improves customer experience. RegTech is a technology enabled framework used to automate the regulatory requirements to streamline the compliance process. FinTech & RegTech
FinTech is with technology that support using computer program and other technology to improve activities in financial services and financial solutions.
RegTech (sub set of FinTech) is with technology of application to regulation that identify risk and enable efficient compliance which are all about rules, policies, resolution, control,
monitoring and regulation management.
Syed Saleh
FinTech & RegTech
FinTech: Financial Technology, using technology to provide financial solutions. Such as PayPal, After Pay
RegTech: Regulatory and Technology, using information technology to boost regulatory procedure. Such as reporting, compliance
Isik Hirtes
THE Official Deifications of FinTech and RegTech according to Lecture.
FinTech has been defined in a PwC Global FinTech Report 2019 as:
"A combination of technology and financial services that's transforming the way financial businesses operate, collaborate, and transact with their customers, their regulators, and others in the industry." All types of companies, from start-ups to tech companies to established firms, are using FinTech.
The term RegTech was first used by the UK’s Financial Conduct Authority (FCA) in 2015 who called it:
"A subset of FinTech that focuses on technologies that may facilitate the delivery of regulatory requirements more efficiently and effectively than existing capabilities."
FinTech
In recent years, many variations of FinTech have emerged that draw on cutting-edge technologies specifically tailored for certain sectors or functions within the financial services ecosystem, such as RegTech and InsurTech.
FinTech is not new. As soon as the technology became available, it started to be used to assist
in banking transactions.
Watch
Watch this video from 50 years ago:
<Video Embedded on Site>
Since this footage was filmed, FinTech has penetrated every aspect of finance. From a consumer perspective — chances are, you are using FinTech every day — in electronic banking, phone banking, using PayPal, Apple Wallet, using the New Payment Platform (NPP)
that allows for electronic payments to be settled instantaneously, in trading shares automatically from the phone, and the list goes on.
RegTech
Regulatory technology (RegTech) is the use of technology to automate compliance and oversight within regulated institutions. Given the relatively large size and highly regulated nature of financial services, RegTech first emerged in that area, hence it was seen as a subset of FinTech.
In the word cloud below, consider different areas of industry that would require RegTech applications.
Feedback
There is no feedback provided for this activity.
TOPIC 2
The Banking Royal Commission
We explore the key learnings from the Banking Royal Commission.
Purpose
The Banking Royal Commission had a dramatic impact on the financial services industry, uncovering the extent of misconduct, kick-starting multibillion dollar remediation programs, reshaping the structure of financial services and ending many careers.
This activity looks at why the Banking Royal Commission was established — was it for political reasons or for substantive reasons? We then look at the kinds of issues that were
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
uncovered and how those issues drove the regulatory response, both in Australia and overseas.
Activity instructions
Read the following information and complete the associated activities.
The Global Financial Crisis and its aftereffects
The wide-spread bankruptcies of financial institutions around the world and unprecedented government bailouts and support programs meant that the existing capital and risk management frameworks were viewed as inadequate. This forced global regulators back to the drawing board. The result was a strong focus on quantitative risk measures, including the following:
more capital (finally moving away from the historic 8% of risk-weighted assets)
better capital (a greater proportion of total capital to be held as higher quality (Tier 1 capital)
better modelling of key risks
a significantly stronger framework to manage liquidity risk
additional requirements for systemically important banks
additional capital for exposures to central counterparties
These measures were applied in Australia by the Australian Prudential Regulation Authority (APRA), but the Australian banking industry was seen as relatively unscathed by the Global Financial Crisis (GFC).
A good summary of the lessons from the GFC can be found in a speech from the Deputy Governor of the Reserve Bank of Australia:
Lessons and Questions from the GFC
: https://www.rba.gov.au/speeches/2018/sp-dg-2018-
12-06.html
Refer to Week 1 Reading Directory for the PDF version with filename “7 – Lessons
and Questions from the GFC.pdf”
The banking Royal Commission
The banking royal commission was established in late December of 2017, after years of public pressure. Its first public hearings began on 13 March, and they ran through 2018. Although Australian banks remained relatively safe from a capital perspective after the GFC, a large number of scandals emerged:
Insurance
CommInsure faced accusations of:
allegedly hawking its policies in unsolicited phone calls
engaging in misleading and deceptive conduct in relation to the definition of heart attack used in policies
committing misconduct in claims handling
Freedom Insurance:
aggressive selling tactics, in one case pushing insurance onto a person with Down’s syndrome
Junk Insurance:
the Royal Commission called out practices of selling insurance that offered no practical value to the insured, but massive commissions (up to 79% of the premiums paid) to the salesmen
Wealth management
Clients charged fees for no service; that is, charged a fee where a service was not provided (for example for financial advice), and in some cases where service could not have been provided (financial adviser not available; charging dead people for life insurance). This was an issue across all major banks and a major issue at AMP.
Charging clients higher rates based on incorrect assumptions
Using client funds to cover their own errors
Anti-money Laundering (AML)
The Commonwealth Bank of Australia (CBA) ended up with a $700m penalty, whilst losing its CEO and other management executives. A summary of the key breaches can
be found here.
Westpac is currently negotiating the scale of the penalty with AUSTRAC, after being accused of breaching the Anti-money laundering (AML)/counter-terrorism financing (CTF) obligations 23m times.
Industry response
Despite the numerous scandals that were exposed, there was a lack of appropriate response
from the banking and finance sector:
push back against the Royal Commission — "unnecessary and a waste of taxpayer funds"
delaying the commencement of reforms
advocating a roll-back of reforms
pushing back on professional standards
Watch
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Watch the video below from the Guardian Australia for some key moment from the Banking Royal Commission (2:12mins): https://youtu.be/3RW1U9Q-lzw
Further reading
Read an overview of the scandals that were exposed after the GFC here:
https://ap01-a.alma.exlibrisgroup.com/leganto/readinglist/citation/34337928250001731?
auth=SAML
Refer to Week 1 Reading Directory for the PDF version with filename “1 - Banking
royal commission - The scandals revealed during the inquiry that shocked
Australia.pdf”
Case study NAB/APRA
Review some of the key findings from the APRA o the National Australia Bank (NAB). You can use the left and right arrows on the slider to navigate between sections.
Accessible Interactive Instructions: Use the arrow keys to navigate between slides. After selecting a slide, use the Tab key to move to the slide content.
NAB FX scandal overview
NAB FX scandal overview - SLIDE 1 of 4
The entire FX options desk (four traders) colluded to mask losses
Started out with small losses that were carried forward
In September 2003, took a strong view on USD and lost
Masked the losses with fictitious trades
Disguised the losses
Reduced the VaR measure NAB Facts SLIDE 2 of 4
The four traders involved in the currency options trading losses were
Luke Duffy (Head of FX Options)
Gianni Gray (Senior FX Options Trader)
David Bullen (Senior FX Options Trader) and
Vince Ficarra (Junior FX Options Trader) The team of traders were supervised by Gary Dillon, the Joint Head of the Global Foreign Exchange operations.
NAB fraud SLIDE 3 of 4
The weakness centred on the end-of-day processing of transactions, which occurred in the morning following the day’s trading activities.
The traders entered false transactions before the end-of-day close
Information was used to prepare management reports and ultimately NAB’s financial statements
Traders then had a “one-hour-window” of opportunity (8.00 am - 9.00 am) to reverse
the data and avoid the system’s internal checks
Traders regularly used this practice to process false trades or deal rates and rollover losses
The “one-hour window” became routine morning behaviour
The fictitious transactions produced profits for the trading desk, resulting in the traders receiving bonuses for 2003 totalling AUD $790k (AUD $120k- AUD $265k per person)
NAB outcomes SLIDE 4 of 4
13 Jan 04: NAB announces losses of $180m
19 Jan 04: revised to $185m
27 Jan 04: (PWC Review) revised to $360m
APRA’s response Capital ratio of 10% instead of 8% APRA withdrew approval to use VaR Cannot trade FX until deficiencies are rectified Significant remediation required on policies and procedures Other changes Four traders fired and jailed
Duffy got 29 months, based on cooperation – otherwise was looking at 51 months jail
30 senior staff in total fired or reassigned including:
Head of FX
Executive General Manager of Corporate & Institutional Banking
Head of Markets
Executive General Manager of Risk Management
CEO
Chairman
81 special conditions from APRA
Question activity
After reviewing the key findings in the slider above, answer the question below. Once you have submitted your answer you will be able to see responses from other students.
Given what NAB went through in 2006 and the extensive remediation process thereafter, what are the key factors that allowed NAB to be involved in bank bill swap rate (BBSW) and FX scandals in the global markets department within a few short years?
Further reading
If you would like to read more about the scandal, please click on the following link to view the APRA document.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
TOPIC 3
An overview of the Banking Executive Accountability Regime (BEAR)
We look at the BEAR framework.
Purpose
This activity provides an overview of the key response to ongoing compliance scandals in the
industry, which applies the concept of individual accountability: the BEAR.
Activity instructions
Read the following information about the BEAR.
What is BEAR?
The Bear is a framework that requires individuals to take personal responsibility for risks arising in their business area.
APRA Chairman Wayne Byres said the BEAR presented an opportunity for a major strengthening of accountability among the directors and senior executives of Authorised Deposit-taking Institutions (ADIs):
"Many problems that have arisen in the financial system over recent years have had, at their heart, organisational complexity and diffused responsibility. By effectively implementing the BEAR, ADI's will genuinely enhance their governance and risk management through much clearer understanding and agreement on individual accountabilities."
Open each panel below to explore the features of the BEAR framework.
Accountability obligations: authorised deposit
Conduct its business with honesty and integrity, and with due skill, care and diligence;
Deal with APRA in an open, constructive and cooperative way;
In conducting its business, prevent matters from arising that would adversely affect the ADI’s prudential standing or prudential reputation;
Ensure that each of its accountable persons meets his or her accountability obligations; and
Ensure that each of its subsidiaries that is not an ADI complies with the above as if the subsidiary were an ADI.
Accountable persons
All directors of the board of an ADI;
Individuals with actual or effective senior executive responsibility for management or control of a significant or substantial part or aspect of the operations of the ADI or ADI group; and
Individuals with senior executive responsibility for one of the particular responsibilities specified in the legislation (CEO, CFO, CRO, COO, CIO, CCO, Group Head of HR, Head of Internal Audit and Head of AML). Obligations
Act with honesty and integrity, and with due skill, care and diligence;
Deal with APRA in an open, constructive and cooperative way;
Take reasonable steps in conducting their responsibilities as an accountable person to prevent matters from arising that would adversely affect the ADI’s prudential standing
or prudential reputation.
Registration
Accountability statements and accountability map
Remuneration
Must defer up to 40% of bonus for four years
Must reduce bonus for failure to comply with obligations Notification
Changes in personnel, breaches of accountabilities, bonus reductions
Disqualifications and civil penalties
Individuals – no penalty, but can be disqualified
ADIs: fine of up to $210m.
BEAR and the Royal Commission
The Royal Commission was a backward-looking exercise – examining past scandals. BEAR obligations were not in place at the time the scandals were taking place. However, at the Royal Commission, references to BEAR were numerous. Fundamentally, the point made by Commissioner Hayne was that if IUF BEAR was in place at the time of these scandals, many of the executives would have failed to discharge their BEAR obligations. This would have meant possible disqualification for them from the industry and made their institution subject to the penalties prescribed under the regime.
Further reading
You can read the BEAR framework document by clicking on the following link:
APRA – Information Paper:
https://www.apra.gov.au/sites/default/files/information_paper_implementing_the_bear.pdf
Refer to Week 1 Reading Directory for the PDF version with filename
“Implementing the Banking Executive Accountability Regime.pdf”
TOPIC 4
What is regulatory compliance?
In this lesson, we cover the aims of compliance and
core principles developed to achieve it.
Purpose
In this activity, we start by examining compliance risk. What is it? And what are the objectives of a financial services firm in relation to compliance? We then look at the global
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
principles that have been developed by the Basel Committee on Banking Supervision (BCBS)
to achieve effective compliance.
Regulatory technology provides us with tools to try to achieve our objectives. The scandals identified in the previous lesson indicate that the aims of compliance have not been achieved. The BEAR is an attempt to embed some of the principles into the Australian regulatory framework.
Activity instructions
Read the following information and complete the associated activities.
What is compliance?
Compliance relates to compliance risk, which is defined in relation to banks as the "risk of legal or regulatory sanctions, material financial loss, or loss to reputation a bank may suffer as a result of its failure to comply with laws, regulations, rules, related self-regulatory organisation standards, and codes of conduct applicable to its banking activities."
As is the case with risk management more generally, compliance risk cannot be eliminated entirely. Instead, institutions need to set out their appetite for compliance risk (as for other risks!). Once you know what your risk appetite is – this is your target. Compliance is then the
process of managing this risk.
Compliance and the compliance function in banks
A good question to consider when looking at compliance is who is actually responsible for compliance at a bank? At times, the simple answer was to find someone with “compliance” in
their title and point to them as being responsible for driving compliance and managing the risk for the organisation. This view is no longer held valid.
The Three Lines of Defence model
In recent years, firms have broadly accepted the three lines of defence model, with regulator’s
support. Use your mouse to hover over each disc below to view more information about the three lines of defence model:
1
st
line of Defence: Operational managers that own and manage risk
2
nd
line of Defence: The risk and compliance function
3
rd
line of Defence: Internal audit
In this model, compliance staff are not the primary force driving the management of compliance risk. That responsibility lies on the first line: the business units that take on risks in their activities. Compliance function does serve a critical role: it develops frameworks, provides advice, conducts monitoring and testing, and challenges activities and assessments of compliance risk in the first line.
The Basel Committee principles for the management of compliance risk
Compliance risk is not new. As long as financial services have existed, misconduct has been a
common feature. The BCBS conducted a consultation in 2003, and based on the responses, developed the high-level principles for the management of compliance risk.
Note that BCBS is not a rule-making body; its principles are not binding unless they are converted into laws, rules and regulations in the country by the local regulator. Therefore, it is
akin to recommended reading — technically not compulsory, but you know you can get a better outcome if you do follow them.
Read
Read about the 10 principles outlined in the Basel Committee document via the link below:
Compliance and the compliance function in banks - https://ap01-a.alma.exlibrisgroup.com/leganto/readinglist/citation/34339155700001731?
auth=SAML
Refer to Week 1 Reading Directory for the PDF version with filename “4 -
Compliance and the compliance function in banks.pdf”
Case study quiz
In this activity, you'll apply the 10 principles mentioned above to a real-life scenario. You'll begin by reviewing the principles and then considering them in the context of a compliance review of the CBA. This activity has three parts:
1.
review the 10 Principles
2.
read the summary of the CBA report
3.
complete a short quiz (ungraded)
Begin the activity in the first tab below. Then, progress through each subsequent tab.
10 Principles
BCBS introduced 10 principles
Principle 01:
The bank’s board of directors is responsible for overseeing the management of the bank’s compliance risk. The board should approve the bank’s compliance policy, including a formal document establishing a permanent and effective compliance function. At least once a year, the board or a committee of the board should assess the extent to which the bank is managing its compliance risk effectively.
Principle 02:
The bank’s senior management is responsible for the effective management of the bank’s compliance risk.
Principle 03:
The bank’s senior management is responsible for establishing and communicating a compliance policy, for ensuring that it is observed, and for reporting to the board of directors on the management of the bank’s compliance risk.
Principle 04:
The bank’s senior management is responsible for establishing a permanent and effective compliance function within the bank as part of the bank’s compliance policy.
Principle 05:
The bank’s compliance function should be independent
Principle 06:
The bank’s compliance function should have the resources to carry out its responsibilities effectively.
Principle 07:
The responsibilities of the bank’s compliance function should be to assist senior management in managing effectively the compliance risks faced by the bank. Its specific responsibilities are set out below. If some of these responsibilities are carried out by staff in different departments, the allocation of responsibilities to each department should be clear.
Principle 08:
The scope and breadth of the activities of the compliance function should be subject to periodic review by the internal audit function.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Principle 09:
Banks should comply with applicable laws and regulations in all jurisdictions in
which they conduct business, and the organisation and structure of the compliance function and its responsibilities should be consistent with local legal and regulatory requirements.
Principle 10:
Compliance should be regarded as a core risk management activity within the bank. Specific tasks of the compliance function may be outsourced, but they must remain subject to appropriate oversight by the head of compliance.
CBA Report
Read section 11 of the APRA CBA report – pp102-104.
Summary of CBA Report: https://ap01-a.alma.exlibrisgroup.com/leganto/readinglist/citation/34339010090001731?
auth=SAML
Extract of CBA Report pp102-104:
PANEL RECOMMENDATIONS
In the preceding chapter, the Panel has summarised CBA’s remediation plans and has made specific recommendations on how CBA might enhance its ability to deliver on its plans. This chapter brings all the Panel’s recommendations together. Viewed overall, the recommendations focus on five key levers to promote change in CBA:
more rigorous Board and Executive Committee level governance of non-financial risks;
exacting accountability standards reinforced by remuneration practices; • a substantial
upgrading of the authority and capability of the operational risk management and compliance functions;
injection into CBA’s DNA of the ‘should we?’ question in relation to all dealings with and decisions on customers; and
cultural change to support enhanced risk identification and remediation, moving the dial from reactive and complacent to empowered, challenging and striving for best practice. A number of these recommendations reinforce and set the bar for initiatives that are underway. Other recommendations provide signposts for additional work that CBA must undertake to strengthen governance, culture and accountability. To better inform its deliberations and in particular its recommendations, the Panel obtained advice on the range of risk management practices globally. This articulated a view of mature practices for the areas that the Panel evaluated, which have been taken into account in informing these recommendations.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Section A: Governance Role of the Board 1.
The CBA Board maintain its recent heightened visibility, promoting a clear tone at the
top in both messaging and action. 2.
The processes and practices of the Board and its Audit and Risk Committees be aligned with global better practice for risk management. 3.
The Board ensure effective coordination between its Audit, Risk and Remuneration Committees. 4.
The BAC increases direct engagement with the business unit and support function owners of significant issues and hold them accountable for timely and effective closure of these issues. 5.
5. The Board ensure it receives adequate nonfinancial risk information, including early indicators of emerging risks, to support constructive debate and challenge. Senior Leadership Oversight 6.
The CEO ensure that the Executive Committee accepts and embeds collective accountability for management of the Group. 7.
The CEO ensure that the Executive Committee:
discusses, understands and takes action to mitigate the impact of risks that span business units;
promotes the voice of support functions as an effective counterbalance to the business units; and
engages in constructive challenge and debate. 8.
CBA establish an effective Non-Financial Risk Committee at the Group Executive level.
Risk Management and Compliance
9.
CBA ensure that its Three Lines of Accountability principles are effectively embedded
and subject to strict governance. In doing so, CBA must ensure that business units take primary ownership of risk management. 10. CBA ensure that business unit Chief Risk Officers have the necessary independence to provide effective challenge to the business. 11. CBA strengthen its Risk in Change process to ensure that there is effective risk-based oversight from Line 2 across the Group. 12. CBA strengthen its management of operational and compliance risk. In doing so, CBA
must ensure that:
the Group Risk Appetite Statement includes limits and triggers for more granular operational and compliance risk metrics by risk theme;
minimum standards are clearly articulated in policies and embedded across the
Group;
there is a stronger focus on the ‘big picture’ and identification of emerging risks;
Line 2 effectively fulfils its assurance responsibilities;
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
the control environment is robust, reflecting effective control design and testing; and
root causes and not merely issues are addressed in a timely and effective manner.
13. CBA build up the capabilities and subject matter expertise of operational and compliance risk staff through training and continued recruitment. 14. CBA elevate the stature of the compliance function by making the Head of Compliance a member of the Executive Committee and/or the recommended Non-
Financial Risk Committee, by making their appointment and removal subject to approval by the Board Risk Committee, and by ensuring that they have direct access to the Board.
15. CBA review its conduct risk profile in business units, incorporate the findings in its Conduct Risk Strategy and ensure that conduct risk is fully considered in decision-
making processes.
Issue Identification and Escalation
16. The Executive Committee and Board improve their processes for monitoring issues raised by internal audit, regulators and other sources, and end any organisational tolerance for untimely or ineffective resolution of significant and outstanding matters of concern. 17. CBA report on customer complaints to the Board and Executive Committee in line with better practice peer organisations.
18. CBA prioritise investment in the identification of systemic issues from customer complaints.
19. CBA strengthen its dialogue and engagement with regulators. Financial Objectives and Prioritisation
20. CBA take in its investment prioritisation processes a more pre-emptive approach to investment decisions in risk management, compliance and resilience areas prior to these becoming ‘high rated’ issues.
21. CBA leadership champion the ‘should we?’ question in all interactions with customers
and key decisions relating to customers. Section B: Accountability Accountability
22. CBA, building upon the foundation established by BEAR, incorporate the Accountability Principles set out in in this Report. Remuneration
23. The CBA Board exercise stronger governance to ensure the effective application of the remuneration framework. In particular, the Board assess remuneration outcomes for Group Executives to reflect individual and collective accountability for material adverse risk management and compliance outcomes. In turn, Group Executives cascade accountability throughout the Group on a consistent basis.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
24. To support the effective oversight of the remuneration framework:
the Board require a comprehensive risk assessment from the CRO to assist it in determining appropriate risk adjustments for poor risk behaviours and outcomes for the CEO and Group Executives;
the Board require comprehensive analytics and reporting from management, including the assessment of Group values and the use of the risk gate opener; and
the BRC actively support the Board Remuneration Committee in ensuring that
risk outcomes are reflected in executive remuneration outcomes.
25. In support of the effective application of the remuneration framework:
the CBA Board provide clear guidance to management on the Board’s expectations in determining an appropriate level of risk adjustment for good and poor risk behaviours and outcomes;
the risk function assists in the application of the risk gate opener in the Group through applying more rigour in challenging outliers, observed inconsistencies
and absolute levels of risk reductions; and
CBA, with due regard for confidentiality concerns, communicate the impact of
both good and poor risk outcomes on remuneration across the Group to reinforce the link between accountability and consequence.
26. CBA review and update its remuneration framework and practices to include:
the potential for an upside for sound risk management and collective risk adjustments to promote collective accountability;
specific management guidance on the application of malus to both STVR and LTVR; and
the adoption of the FSB supplementary guidance on sound compensation practices, including the potential for clawback in the case of serious misconduct.
Section C: Culture
Culture and Leadership 27. Senior leaders reinforce key behaviours of increasing self-reflection, giving and receiving constructive challenge and dealing with conflict effectively.
28. CBA ensure that its senior leaders are capable of cascading the desired tone at the top in a personal and authentic manner.
29. The divide between business units and the risk function be bridged through effective working relationships at all levels.
30. The Vision and Values initiative focus on staff personally living ethical values, with due consideration of CBA’s Conduct Risk Strategy, to close the gap between good intent and actions. Section D: Remediation Initiatives and Recommendations Remediation Initiatives
31. CBA senior leadership have ‘skin in the game’ and adequate time commitment to perform program director or oversight roles, rather than relying on external parties to provide leadership.
32. There is clear accountability for program delivery and remuneration consequences for unsuccessful outcomes.
33. CBA determine the programs or initiatives that may need to be deferred to create organisational capacity to deliver the BROP and its associated initiatives.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
34. CBA develop and demand rigorous project disciplines and subject them to independent review.
35. CBA design, evaluate and implement BROP in an end-to-end manner, that ensures formal frameworks are effectively embedded into day-to-day operations.
TOPIC 5
Types of regulators
This section introduces the key Australian regulators in relation to financial services.
Purpose
This activity introduces you to the main types of financial services regulators and what laws they enforce. This information allows firms to understand the nature of their compliance risk
exposure, and design compliance frameworks accordingly.
Activity instructions
Read the following information and complete the associated activities.
What do regulators do?
Regulators promote stability of the Australian financial system and support effective and efficient regulation by Australia’s financial regulatory agencies.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Click the next button below to reveal how regulators promote stability in the financial system:
Identifying important issues and trends in the financial system, with a focus on those that may impinge upon overall financial stability.
Exchanging information and views on financial regulation and assisting with coordination where members' responsibilities overlap.
Harmonising regulatory and reporting requirements, paying close attention to regulatory costs.
Ensuring appropriate coordination among the agencies in planning for and responding
to instances of financial instability.
Coordinating engagement with the work of international institutions, forums and regulators as it relates to financial system stability.
The regulators
Explore the 4 main regulators in the slides below. Use the arrow keys to navigate between slides.
APRA Slide 1 of 4
1.
APRA is the prudential regulator of the Australian financial services industry, established 1 July 1998. 2.
It oversees banks, credit unions, building societies, general insurance and reinsurance companies, life insurance, private health insurance, friendly societies and most of the superannuation industry. 3.
Its mission is to establish and enforce prudential standards and practices designed to ensure that, under all reasonable circumstances, financial promises made by institutions APRA supervises are met within a stable
, efficient
, and competitive
financial system.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
4.
APRA currently supervises institutions holding $5.4 trillion in assets for Australian depositors, policyholders and superannuation fund members. ASIC Slide 2 of 4
1.
The Australian Securities and Investments Commission (ASIC) is Australia’s corporate, markets and financial services regulator
2.
ASIC contributes to Australia’s economic reputation and wellbeing by ensuring that Australia’s financial markets are fair and transparent, supported by confident and informed investors and consumers.
3.
ASIC's priorities are:
promoting investor and financial consumer trust and confidence
ensuring fair, orderly and transparent markets
providing efficient and accessible registration
4.
ASIC regulates Australian companies, financial markets, financial services organisations and professionals who deal and advise in investments, superannuation, insurance, deposit-taking and credit
5.
Group of companies, performing different roles
6.
Acts as a listing and trading market for different financial instruments:
securities, exchange-traded funds, options, depository receipts (ASX)
futures (ASX24)
7.
Acts as a clearing and settlement venue for traded securities (for ASX and Chi-X).
8.
Acts as a regulator:
for listed companies
for clearing and settlement participants
AUSTRAC Slide 3 of 4
1.
AUSTRAC is Australia's financial intelligence agency with regulatory responsibility for AML and CTF.
2.
They detect and monitor existing and emerging money laundering and terrorism financing threats as an integral part of a domestic and international information exchange network.
3.
They use our financial intelligence capability, information and intelligence products to
provide ongoing value to domestic and international partner agencies, taskforces and industry.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
4.
They protect revenue, support the prevention and disruption of money laundering and terrorism financing, and influence policy and law reform.
ACCC Slide 4 of 4
1.
The Australian Competition and Consumer Commission (ACCC) promotes competition and fair trade in markets to benefit consumers, businesses, and the community.
2.
The ACCC also regulates national infrastructure services.
3.
Primary responsibility is to ensure that individuals and businesses comply with Australian competition, fair trading, and consumer protection laws.
4.
Has started to engage actively in banking issues:
access to new products (Apple Pay)
anti-competitive behaviour (market collusion, cartel behaviour)
Check your knowledge about the regulators
Complete the following (non-assessed) multiple-choice questions to check your understanding of the main regulators and the laws they enforce. Use the left and right arrows
to navigate through the questions.
Further reading
Click on the button below to read about the government’s enhanced regulatory sandbox.
ASIC regulatory sandbox - https://asic.gov.au/for-business/innovation-hub/enhanced-
regulatory-sandbox/additional-resources-for-the-enhanced-regulatory-sandbox/
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
TOPIC 6
The compliance framework
Introducing the comprehensive compliance framework.
Purpose
In this activity, we introduce the compliance framework and provide a description of its key components. We will be exploring the compliance framework in depth throughout this course.
Activity instructions
Explore the components of the compliance framework using the interactive image below.
The compliance framework
We saw in the three lines of defence model that the compliance risk is owned by the business units. Compliance function facilitates the management of compliance risk. This is achieved, and can only be achieved, through the establishment of a comprehensive, enterprise-wide compliance framework.
Explore the compliance framework model by clicking on the white dot next to each element.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Throughout the following weeks, we will be exploring the compliance framework by focusing
on key areas in the framework. The following activity for this week is a compliance framework navigation tool that you can use to navigate to different activities in this course relating to each component.
Having an effective compliance program can achieve a number of things:
reduce the risk of non-compliance
improve transparency, giving management the information about how much risk they are taking
reduce potential sanctions
In the US, the Department of Justice explicitly sets out the considerations in determining whether to bring charges, pursue penalties or plea agreements, based on the effectiveness of the compliance framework. In Australia, the link is not as explicit, however, as we will learn in Week 6, the effectiveness of the compliance framework will allow executives to discharge a portion of their individual responsibilities by documenting some of the "reasonable steps" they have taken to manage risk in their area of responsibility.
Further reading
If you would like to read the considerations laid out by the US Department of Justice, click on
the link below:
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Evaluation of Corporate Compliance Programs:
https://www.justice.gov/criminal-fraud/page/file/937501/download
Refer to Week 1 Reading Directory for the PDF version with filename “5 -
Evaluation of Corporate Compliance Programs.pdf”
TOPIC 7
Compliance framework navigation
You can use this page to navigate to activities relating to each component of the compliance framework.
Purpose
As you progress through the course, you may want to refer back to a particular section of the
compliance framework. If you would like to review the activity relating to a particular component of the compliance framework, you can click on the relevant section in the image below.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
TOPIC 8
An introduction to the compliance risk assessment
An introduction to the compliance risk assessment.
Purpose
In this activity, we will begin to look at the Compliance Risk Assessment (CRA)
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
The CRA needs to be executed in order to be able to compare different regulatory risk exposures. This comparison is conducted between different risk types, and for each risk to be compared with the overall risk appetite set by the board.
Activity instructions
Read the following information about the CRA and complete the associated activities.
The compliance risk assessment
The CRA is a central part of the compliance framework. The effectiveness of the compliance framework relies on the effectiveness of the CRA. This relationship works in reverse as well –
the CRA will only work if the compliance framework is clear, comprehensive, consistent in the data it collates, and the different elements of the framework are interconnected.
The issue facing firms is that the number of regulatory obligations that need to be complied with is in the thousands. The firm should aim to comply with all of them, but they are not all equal. For example, notifying the regulator of an address change one day late is not going to have as much impact as running a misleading and deceptive marketing campaign. The resources within the firm are limited, hence it needs to allocate those resources to the areas
with the highest risk. It also helps to assess the overall risk exposure, and compare it with a firm’s risk appetite.
There are different approaches to a CRA. One of the more common ones is as follows:
Compliance risk assessment process:
This is the regulatory Inventory we
identified
as part of the compliance framework.
Identify all applicable obligations
Collate regulatory obligations into risk themes
or typologies.
For example, most laws carry a record-
keeping obligation.
Hence, you can have a single “Record Keeping” risk typology, to which you can link
all of
the identified record-keeping obligations.
Take the list of resulting risk typologies and consider to what extent each one applies to each of the business units Consider the extent that each typology applies to
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
within your firm. For example, obligations applicable to the fixed income dealing
desk are going to be quite different compared with a credit card department at a bank.
your firm.
Assess the risks
For each one of the risks, assess Inherent Risk, Control Effectiveness and
Residual Risk.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
The stages of assessing risk
Let us examine those stages in more detail.
Inherent risk (Slide 1 of 4)
Inherent Risk is the assessment of the risk (for each business unit) without any assessment of control in place to mitigate the risk. So, if there are no controls, how exposed am I to the risk? This is driven by:
What is the Likelihood of this risk eventuating? For example, in relation to record-
keeping, without any policies, procedures, or reviews, how likely is it that the firm will comply with all of its record-keeping obligations? Almost certain, or practically never?
What is the Impact of non-compliance? The impact can range from minor (internal only, no regulatory action, fine or sanction, no customer impact) to catastrophic (loss of human life, major customer losses, extreme fines, loss of licence to operate)
Combining the Likelihood and Impact allows us to come up with an overall Inherent Risk score – for example, High, Medium, Low.
The comprehensiveness of the compliance framework is particularly important. Impact assessment is not static. Regulatory priorities develop and change over time, as do expected sanction levels. Until AUSTRAC issued CBA with a $700m fine, the assessment of potential impact from an AML breach would have been quite different. Hence, CRA is a dynamic document. It requires regular review and assessment, as well as event-driven changes. Industry developments (new regulations, changes to maximum penalties, regulator speeches setting out priority areas, issued fines) should all be captured as part of the compliance framework and inform the CRA.
Control Effectiveness (Slide 2 of 4)
Once the IR is assessed, we can assess the quality of controls in place to mitigate this particular risk.
The assessment of Control Effectiveness has two steps:
1.
Identifying the range of controls the firm has in place
2.
Assessing how “effective” those controls are
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Controls can be broken into types. Some of the key controls include preventative (policies, procedures, training, system controls, review processes) and detective (reviews, monitoring & testing activities, surveillance). For each of the controls, the firm can assess its overall effectiveness – which can also be broken down into design effectiveness (is the control designed appropriately to control the risk) and operational effectiveness (is it implemented appropriately). For example, if you have a review process for advertisements which only checks that each ad includes required disclosures in the small print - you could say the control is operating effectively if each ad is checked, but if the substance of the ad is not reviewed - then the control is poorly designed.
Overall, the Control Effectiveness can range from Fully Effective to Ineffective. Note that in some cases controls are not going to be present – part of the assessment is to consider the overall control effectiveness for each risk type. Risks do not require all controls to be present
– some risks can be controlled with only a number of controls, whilst others require the full range of controls to be in place.
In general, it is unlikely that the overall Control Effectiveness for a risk is going to be Effective if the only controls in place are preventative.
Residual Risk (Slide 3 of 4)
Once you assessed the IR and CE, you can consider what is the actual level of risk faced by your firm. This is known as Residual Risk (RR). For each risk typology, consider your IR (based
on Likelihood and Impact) and then assess the impact of controls. Do the controls in place reduce the likelihood of a breach taking place? Do they impact on the impact of the breach? Remember what we covered in the DoJ manual - regulators can take the effectiveness of your compliance framework into account in determining the level of sanction to apply.
For the Residual Risk, you have to therefore assess Likelihood and Impact again:
Given the controls we have in place, what is the likelihood that a breach of obligations relating to this particular risk will take place?
Given the controls in place, if a breach was to occur, what would be the level of impact for the firm?
This assessment is conducted for each risk typology for each business unit.
Next Steps (Slide 4 of 4)
When you have the residual risk results, you can then rank them from the highest level of risk to the lowest. The overall results can be compared with your firm’s risk appetite. If the
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
appetite for regulatory risk is low, then any risk typologies with RR above low require mitigation to bring the level of risk to within appetite. For high-risk items – they are prioritised in timelines (for example, must be mitigated within 6 months) and seniority of oversight (for example, head of the business unit personally overseeing risk reduction). Lower risk items above appetite can have longer remediation plans.
Remediation is achieved by identifying specific action items, allocating owners, due dates, and tracking progress.
Read -
SAI Global’s policy on risk management
Read the SAI Global’s policy on risk management (6 pages), and analyse how the risk analysis
matrix is applied within that firm. Click on the link below to access the reading list:
Don’t know where to get this document.
Consequences and levels of risk
Choose your workplace or another financial institution and consider what financial penalty would be considered an insignificant, moderate or catastrophic financial consequence to your chosen organization
Banking
I would say our financial impact with would be similar to SAI global. On a side note, the second factor that is included with financial impact, physical injury, would likely be dependent on on the type of industry. In banking, I think it is more likely to be 'loss to reputation' risk. Many banks including regionals, Neobanks and Credit Unions can handle a significant financial penalty, especially with the unusually high capital and liquidity ratios
they currently have. On the other hand, reputational risk is almost the more important, and more catastrophic risk to minimise. This was quite clear during the Royal Commission.
Maggie
The company I work for is a payments business with revenues in excess of AUD$130m annually. We are regulated by the Central Bank of Myanmar which is the equivalent of APRA and the Reserve Bank rolled into one. Any financial penalty would likely to be
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
catastrophic as it would have an outsize impact on trust in the payments system. Brad Jones
Westpac - I'd say AUSTRAC's penalty of $1.3b & APRA's additional $500m to be held in Capital is catastrophic given final FY20 reported profit was $2.29b and total cash earnings were $2.608b. This is a record fine in Aus Bank history and attracts reputational risk that could deter clients & other banks from doing business with Westpac for many years to come. The flip a coin question is what financial penalty do they consider to be moderate & insignificant. I don't know for sure and couldn't locate any clearer direction in their annual report so I'll take a stab in the dark. Insignificant = anything up to $1m
Moderate = $1m to $100m
Catastropic = $100m+
Happy for anyone to correct me here. Cheers
Daniel
Apart from the straight bottom line impact of the penalty - the severity of which would depend on the institution's balance sheet - I would think the other consideration is how the penalty may trigger a loss of investor and consumer confidence - for example, AMP could arguably have weathered the financial penalties (as well as additional customer remediation costs) following the Hayne Royal Commission but the loss of confidence in their wealth management and life insurance arms arguably created the momentum for the likely break-up of the 170 year old business - Alex Defining "catastrophic"
I'm keen to consider what is meant by catastrophic. Westpac is still operational, and although no doubt wounded by the fine itself, it hasn't impacted their capital holdings to the extent they are in breach of that capital requirement. Shareholder's won't be happy with the impact in dividend and shareprice, so a bunch of work there for the bank on investor relations and steadying the ship so to speak. If I consider the ramifications for say
a super fund, then catastrophic would be a situation where their operational reserves drop below a threshold level/requirement. So back to considering what is meant by catastrophic, I would interpret catastrophic to be that the organisation can't recover, and under what circumstances would a regulator apply a fine that results in the failure of a major bank, super fund etc. The ramifications of that would be significant for
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
members/customers. Does highlight the difficulty for regulators in being taken seriously via meaningful penalties without actually harming the consumer (too much). Patsy
Commbank Home Lending
Insignificant - minor, once off policy breaches resulting in financial loss to the bank (e.g. quoting wrong rates to customers and having to cover that loss internally)
Moderate - insufficient training provided to lender resulting in a home loan being written that shouldn't have been approved, customer falls into financial difficulty and bank has to forgive the debt due to lender error
Catastrophic - ineffective bank policies inadvertently designed to negatively impact customers (e.g. changing policy surrounding job keeper payments when covid hit) if the bank puts in place an insufficient policy and approves loans for people on job keeper and job keeper gets put on hold for political reasons, thousands of customers homes could be at stake I never work in financial institute but believe catastrophic impact will be one that significantly impact the long term equity of the company (including both finance and reputation). This will depend on the board appetite for risk, personally a 10% in pact on revenue and profit or reputation impact that will take lots of effort to fix will be highest level. Lowest level of risk will be one that if any result in insignificant financial impact (which again need to be defined, some might say anything below $ dollar). Tan
Penalty assessment
I have chosen Australian Ethical Investments AEF, a publicly listed company. AEF is a fund managed company that specializes in environmental and socially responsible investments.
It offers managed funds and retail Super. The Economic position from its balance sheet in 2020 had 34 million in Assets, with 21million in cash, liabilities of 13million, debt 1million in both long term and short term and 21million of shareholder equity.
If AEF were to incur a financial penalty from APRA or ASIC, it’s 2 main regulators, these different scenarios are looked at based on the CBA’s penalty from 2018 from AUSTRAC.
CBA was fined 0.07% of its assets for AML breeches. (700million) This amount may also have impacted reputation risk as the growth in both 2018, (-7.7%) and 2017 (-2.16%) were in negatives, however by 2019 growth was up at 10.46%. From this brief view I’m going to call this penalty mildly moderate at best, however I’m also going to use it for projecting onto AEF. AEF is not in a lesser economic position to CBA so I feel I will be on
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
the conservative side with my considered positioning of penalties.
A catastrophic penalty would be about 0.21% of assets- 7.14 million. This is because the cash on hand is 21million and there are 11million in liabilities already. If reputation risk impacts the institution on top of the penalty, I feel economic risk may cascade.
A moderate penalty would be about 0.07% of assets- 2.38million. This would be payable from cash on hand and not overly stress other liabilities obligations.
An insignificant penalty would be well below the moderate and could be seen at approximately just over a 1 million at around 0.035% of assets and quite possibly absorbable into the economic position of the institution. Kadi
Further viewing
Inherent, Residual and Targeted Risk: What Risk Professionals Need to Know
https://info.protechtgroup.com/risk-assessment-webinar-recording?
submissionGuid=0dd8fa57-276f-4152-8fbb-df024fb5fd01
Group discussion activity
In this activity, we will apply what we have learned about the regulators and the compliance risk assessment to a chosen firm. This will allow you to identify the practical issues that financial institutions are currently dealing with, and some of the complexities and challenges facing financial services firms.
Activity instructions: In your allocated groups, you will be given the name of a financial institution. As a group you will be using the forum below to share your ideas and considering all of the regulations that would apply to this institution. Categorise the regulations into types of compliance risk. Companies for each group
Hi guys
Hope you can all see this:
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Group
Company
A
AMP Limited (AMP)
B
Bank of Queensland Limited (BOQ)
C
Challenger Limited (CGF)
D
Perpetual Limited (PPT)
E
Suncorp Group Limited (SUN)
F
Magellan Financial Group Limited (MFG)
G
Medibank Private Limited (MPL)
H
IOOF Holdings Limited (IFL)
I
QBE Insurance Group Limited (QBE)
Weekly wrap
At the end of each week, we will ask you to step through a quick self-
reflection about your achievements.
Welcome to the end of Week 1
That’s the end of Week 1. We hope you have enjoyed the topics we have covered and have had time to reflect on them.
Self-assess
At the end of each week, we will ask you to step through a quick self-reflection about your achievement of the weekly learning objectives.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help