Westpac’s managers have a tendency to react to problems by looking for someone to blame rather than working out what can be learned, according to a new assessment of the bank’s culture, governance and accountability.
“It is important this trait does not develop further at Westpac,” the report says.
Other observations in the report are that aspects of Westpac’s non-financial risk culture are “immature and reactive”, there was a “lack of capability” in the management of non-financial risk, the bank’s organisational structure was overly complex and that directors struggled to handle the volume and complexity of material they were being given.
Westpac undertook a culture, governance and accountability self-assessment in 2018 but following Austrac’s statement of claim last year in relation of contraventions of anti-money laundering and counter-terrorism financing law, APRA told the bank to do the assessment again.
The reassessment, which was conducted by an internal review team supported by Oliver Wyman, identified further changes the bank needed to make to fix weaknesses in the way it manages non-financial risk.
Westpac chief executive Peter King said in a statement: “Our reassessment confirms that our management of non-financial risk is currently not at the standard we set four ourselves. It is clear we have more to do.”
King said the bank was embarking on a “comprehensive, multi-year program called Customer Outcomes and Risk Excellence”, conceding that the program developed after the 2018 self-assessment “has not delivered sufficient momentum”.
The program has three pillars: the board and management must promote a proactive risk culture; risk management frameworks must be simplified and given greater resources; and accountability must be clearer.
Some initiatives already being undertaken include the establishment of a new board legal, regulatory and compliance committee; creation of a new group executive role for financial crime, compliance and conduct; and the appointment of an additional 240 risk and compliance “experts”.
When the review team went looking for the causes of the bank’s weaknesses in non-financial risk management, it found that the bank’s organisational structure was too complex. This has introduced inconsistencies in the way risk is managed across the bank, made execution difficult and created confusion about policies and practices.
“Westpac’s tendency to perpetuate complexity by introducing, among other things, new committees led to capacity and execution constraints and a lack of clarity in accountability and introduction of additional risk,” the report said.
It found that awareness of non-financial risks was inconsistent and the approach to managing those risks was not sufficiently proactive.
“Contributory behavioural traits include a tendency to focus on individual issues rather than broader shortcomings,” the report said.
The bank has a “three line of defence” model, which is not well understood. The model has “blurred boundaries”, which means things fall through the cracks.
“Stronger ownership of risk outcomes is required,” the report said.
It also found that Westpac employees did not have sufficient capability to manage non-financial risk. Another problem is that “processes to identify systemic issues are constrained by the need to manually aggregate and analyse issue data.”
The report says that, given the complexity of non-financial risk issues, board and executive oversight needs to be refocused. Some directors said they had difficulty digesting the volume and complexity of the information they were given. They also said they would like management to be “more forthright in their reporting and escalation of issues”.
On the culture side, a priority will be to strengthen “psychological safety”. The report said there has been a tendency for leaders to react to incidents by looking for someone to blame rather than what can be learned.
Changes to the 2018 program recommended in the latest assessment include stronger board and executive oversight, better communication of the program and a clearer focus on outcomes.
The review team found that issues were not always dealt with effectively, and around 30 per cent of open issues are extended, while 13 per cent are extended more than once.
Employees lack confidence that action will be taken unless issues are subject to regulatory or media scrutiny.