The Australian Prudential Regulation Authority will step up supervisory activity and is considering applying additional capital requirements to some institutions, in response to the findings of a self-assessment by large financial institutions that identifies a number of areas for improvement in the management of non-financial risks, accountability and culture.
APRA has released a report analysing the self-assessment carried out by 36 of the country's largest banks, insurers and superannuation licensees in response to the Prudential Inquiry into Commonwealth Bank.
ADI participants included all the big banks, Macquarie Bank, Teachers Mutual Bank, Bank of Queensland, CUA, Bendigo and Adelaide Bank and Cuscal.
The CBA inquiry found that continued financial success had "dulled the bank's senses, especially with regard to the management of non-financial risks".
APRA asked the boards of the 36 companies to assess whether the weaknesses uncovered by the CBA inquiry were also present in their own businesses. It found that the weaknesses identified in the CBA inquiry were not unique.
Findings from the self-assessment include: non-financial risk management requires improvement; accountabilities are not always clear, cascaded and effectively enforced; acknowledged weakness are well known and some have been long-standing; and risk culture is not well understood and therefore may not be reinforcing the desired behaviours.
Problems with non-financial risk management included resource gaps (particularly in compliance), blurred roles and insufficient oversight.
While accountabilities were fairly clearly set out at senior levels, there was less clarity at lower levels.
"For some institutions, the issues identified in the self-assessment are material and the changes required to address them are significant," the APRA report says.
APRA deputy chair John Lonsdale said: "The self-assessments raised no concerns about financial soundness but they confirmed our observation that industry is grappling to manage non-financial risks, such as culture and accountability."
Lonsdale said boards and senior leadership teams were generally positive about their own performance, even when they identified serious weakness in their institutions.
"It was not always evident that institutions clearly understood the drivers of their findings," he said.
APRA plans to use the findings to target its efforts to lift the standard of non-financial risk management. It will write to the boards of the 36 financial institutions with specific feedback.
It said most institutions have committed to considerable list of actions but they have, generally, rejected the idea that the cultural traits of "complacency, insularity and collegiality" underpinning the findings are prevalent.
"Significant uplift is required across industries to bring governance and the management of non-financial risks to an appropriate standard. This includes embedding robust frameworks that incentivise delivery of sound outcomes, proactive management of issues and consistent application of rewards and consequences," the report says.