It has taken a month for the prudential regulator to stop twiddling its thumbs and investigate Westpac over a money laundering scandal that had its roots in incomplete and inadequate risk management and governance systems.
The fact it took AUSTRAC to highlight these failings in its statement of claim, along with a calling out of the attitude of executives and directors, should have spurred the Australian Prudential Regulation Authority (APRA) to action.
As AUSTRAC said in its statement of claim against Westpac: “These contraventions are the result of systemic failures in its control environment, indifference by senior management and inadequate oversight by the board.”
APRA is the regulator responsible for monitoring the banking system’s risk management framework, known as CPS 220, so it could be argued that it should have been more on top of the situation.
Westpac told the market in its 2018 annual report that it had self-reported to AUSTRAC a failure to report a large number of international fund transfers as required under the Anti-Money Laundering and Counter-Terrorism Financing Act.
Then, after CBA’s money laundering scandal erupted, APRA required 36 banks, insurers and super funds to self-assess their risk, governance and culture. Westpac released its findings in July this year, which should have raised red flags with APRA about the culture and systems the bank had in place. So should have Westpac’s CPS 220 review which it conducts every three years as well as the “sin list” it released to the banking royal commission.
The findings of its self-assessed review into risk, governance and culture should also have raised alarm bells and prompted APRA to test its powers under the Banking Executive Accountability Regime (BEAR), which were introduced in July 2018 for the banks.
Instead of forcing the 36 financial institutions to publicly release their capability reviews, it left it up to them. Some did but many didn’t, which is a scandal in itself. The best regulator did was hit a few institutions with additional capital requirements.
Now APRA is talking tough. It said it will investigate the bank and executives for potential prudential breaches, contraventions of the Banking Act and the BEAR. It has also added another $500 million to Westpac’s capital requirements, “to reflect the heightened operational risk profile of the bank”. This takes the lender’s total operational risk capital add-ons to $1 billion, which is comparable to CBA.
But it is worth noting that Westpac’s AUSTRAC scandal relates to 23 million breaches, some of which allegedly facilitated child exploitation, compared with less than 60,000 breaches for CBA.
It would be interesting to know how APRA calculated that $1 billion figure.
At the centre of APRA’s investigation into Westpac is the conduct which led to AUSTRAC filing its statement of claim and the executives that were responsible.
Given the bank’s self-assessment of its culture, the combative testimony at the royal commission, the AUSTRAC statement of claim as well as the bank’s initial reaction to the scandal, which wasn’t nearly apologetic enough, it really was all quite obvious.
It initially tried to downplay the issues and chief executive Brian Hartzer reportedly told executives “we don’t need to overcook this”.
While APRA spent the past month working out what it would investigate, investors, the federal police and the corporate regulator swung into action.
It resulted in the reluctant resignation of Brian Hartzer and the hastening of the pending departure of chairman Lindsay Maxsted, as well as a historic second strike at the bank’s annual meeting. Meanwhile, the corporate regulator is investigating potential breaches of continuous disclosure obligations.
APRA is an important regulator that has serious shortcomings. Chairman, Wayne Byres, needs to step up and lead the way.
Source: Thanks smh.com