3.3 Accountability

Accountability is centrally important to any consideration of culture, governance and remuneration.

Clear accountability is vital to effective governance. It ensures that issues are resolved, and resolved effectively. It fosters a culture where risks are managed soundly. It lies at the heart of the proper operation of any variable remuneration and incentive system. It is accountability that determines what consequences must follow when things go wrong (and where credit is due when things are done well).

The report of the Prudential Inquiry into CBA observed that:[1]

A lack of accountability is a common theme underlying several of the issues observed in this Inquiry. This contributed to: an inability to identify who is accountable when things have gone wrong; inadequate remuneration outcomes for adverse risk and compliance outcomes; weak issue escalation, management and closure; insufficient Executive Committee oversight; and inadequate business unit supervision of functions performed elsewhere in the Group.

When asked to comment on the G30’s observation that ‘the Australian banking industry is only beginning its long journey to repair its conduct and culture’,[2] Mr Byres said:[3]

[T]he general concept of clarity of accountability, or, more to the point, the problem of diffused responsibility and no clarity of accountability has been at the heart of many problems that have happened. No one had responsibility. No one has actually taken responsibility for issues. Boards have not known how to apply consequences because it’s not clear who was responsible for things.

I agree.

3.3.1The BEAR

The enactment of the Banking Executive Accountability Regime (BEAR) will provide entities and regulators (both APRA and ASIC) with a clearer understanding of the responsibilities that attach to particular offices or positions within banks. It will allow those individuals to be held to account if they fail in performing their obligations.

I have already indicated in the chapter about the banking sector that I consider APRA should determine, under section 37BA(4) of the Banking Act 1959 (Cth), an additional responsibility of accountable persons within each of the banks subject to the BEAR. That additional responsibility would be for the end-to-end management of product design, delivery, maintenance and, where necessary, remediation. It would then be for each bank to identify the relevant accountable person.

As is also evident from what I have written about the superannuation sector and the regulators, I consider that provisions of the kind now made by the BEAR should be made in respect of all APRAregulated institutions. Given that systems of even greater reach have been implemented in other jurisdictions, there is, in my view, every reason to go down this path, and no satisfactory reason to draw back.

Obviously, a change of this kind should be introduced only after allowing a sufficient time for both the regulators and the regulated to prepare for its introduction. And it may very well be that the change should be made first in the superannuation sector and then after a further interval, in the insurance sector. (I say that superannuation sector should be the first chosen because of the particular size and importance of that sector to members and to the economy generally.) Regardless, there is no reason in principle or in practice to confine the reach of accountability provisions of the kind set out in the BEAR to the banking sector.

Obviously, enactment of the BEAR has introduced an additional form of accountability for senior banking executives. But the BEAR is not a substitute for proper processes within entities for identifying who is accountable for risk and how they are to account for it and be held accountable. As the CBA Prudential Inquiry showed, that accountability must include financial risk but must extend to all forms of risk including, in particular, conduct and compliance risk. Under the BEAR, the Chief Risk Officer of a bank will have certain responsibilities with respect to risk management. That responsibility is, of course, important. But it cannot be seen as a complete or comprehensive identification of who within the organisation should be held accountable for risks or as a complete or comprehensive statement of how they are to account and be held accountable.

3.3.2This Commission

The proceedings of this Commission have brought an additional, and different, form of accountability to bear on the entities whose conduct has been examined. The Commission’s examination of conduct that might amount to misconduct and conduct falling short of community standards and expectations has attracted close public attention.

The last oral evidence the Commission received, in the seventh round of public hearings, was given by the chairs of three bank boards, the CEOs of the five largest banks and AMP, and the chairs of APRA and ASIC. Each was asked many questions intended to show how their entities or agencies assessed what had been looked at in the course of the Commission’s work.

As would be expected, each of these witnesses gave evidence suggesting that their respective entities or agencies had its own distinctive understanding of, and response to, the events considered in and issues raised by the Commission. Most professed to having learned from what had happened and proffered their ideas about causes and responses. But the nature and extent of their engagement with the issues differed rather more markedly than I had expected. It seemed to me that there remain elements of unwillingness to recognise, and to accept responsibility for, poor conduct of the kinds examined in this inquiry.

Unwillingness to recognise and to accept responsibility for misconduct explains the prolonged and repeated failures by large entities to make breach reports required by the law. That same unwillingness explains the prolonged negotiation with the regulator about what should be done in response to misconduct, whether by compensating affected customers or altering defective practices and processes.

There remains unwillingness, in at least some entities, to recognise and give effect to the obligation to ensure that the relevant services are provided efficiently, honestly and fairly, without first having the regulator agree with what the entity judges to be required in order to meet that standard.[4] That is, there remains a reluctance in some entities to form and then to give practical effect to their understanding of what is ethical, of what is efficient honest and fair, of what is the ‘right’ thing to do.[5] Instead, the entity contents itself with statements of purpose, vision or values, too often expressed in terms that say little or nothing about those basic standards that underpin both the concept of misconduct and the community’s standards and expectations.

These observations do not apply to all entities. It was apparent from the evidence that some entities recognise now the need to respond to what has happened by confronting why it happened and then seeking to prevent recurrence. And it was also apparent that they recognise that the task is not easy.

CBA has been compelled by the Prudential Inquiry to confront why it has had ‘a succession of conduct and compliance issues’ and has not met the community’s ‘high expectations for it as an institution.[6] As a result of that Inquiry, CBA gave an enforceable undertaking (EU) that obliged it to undertake a remedial action plan responding to each of the recommendations in the Inquiry’s report. An independent reviewer must report to APRA every three months until all items on the remediation action plan have been completed. The reports must explain the status of compliance with the EU and the items on the remediation action plan that CBA considers are nearing completion.[7]

I was persuaded that Mr Comyn, CEO of CBA, is well aware of the size and nature of the tasks that lie ahead of CBA.

None of the other large banks have been confronted so directly with why each has had its own conduct and compliance issues.

I have little doubt that Mr Elliott, CEO of ANZ, is also well aware of the size and nature of the tasks that lie ahead of ANZ.

Westpac stands apart from the other three major banks by seeking to maintain at least some aspects of its wealth business. The challenges for Westpac may therefore differ from those facing the other major banks. And while I do not doubt Mr Hartzer, CEO of Westpac, when he says that Westpac has sought to ‘reset’ its relationship with ASIC,[8] only time will tell whether that proves to be right.

NAB also stands apart from the other three major banks. Having heard from both the CEO, Mr Thorburn, and the Chair, Dr Henry, I am not as confident as I would wish to be that the lessons of the past have been learned. More particularly, I was not persuaded that NAB is willing to accept the necessary responsibility for deciding, for itself, what is the right thing to do, and then having its staff act accordingly. I thought it telling that Dr Henry seemed unwilling to accept any criticism of how the board had dealt with some issues. I thought it telling that Mr Thorburn treated all issues of fees for no service as nothing more than carelessness combined with system deficiencies when the total amount to be repaid by NAB and NULIS on this account is likely to be more than $100 million.[9] I thought it telling that in the very week that NAB’s CEO and Chair were to give evidence before the Commission, one of its staff should be emailing bankers urging them to sell at least five mortgages each before Christmas. Overall, my fear – that there may be a wide gap between the public face NAB seeks to show and what it does in practice – remains.

[1]CBA Prudential Inquiry, Final Report, 59.

[2]G30, Banking Conduct and Culture: A Permanent Mindset Change, November 2018, 6.

[3]Transcript, 30 November 2018, Wayne Byres, 7443.

[4]Transcript, Kenneth Henry, 27 November 2018, 7134.

[5]Transcript, Andrew Thorburn, 26 November 2018, 7091–2.

[6]CBA Prudential Inquiry, Final Report, 3.

[7]Enforceable Undertaking, APRA and CBA, 30 April 2018, cls 12–13.

[8]Transcript, Brian Hartzer, 22 November 2018, 6878.

[9]See ASIC, Media Release 18-229MR, 7 August 2018.