Login or request a free trial

Westpac risk remediation plan approved, with caveats

Westpac’s revised plan to fix its flawed risk governance has been approved by the Australian Prudential Regulation Authority, despite an assurance report on the plan saying there are areas where it could be improved.

In December APRA announced that the bank’s previous program to deal with its risk management problems, Customer Outcomes and Risk Excellence (CORE), had fallen short.

The bank gave APRA an enforceable undertaking to “lift substantially its efforts to address risk governance deficiencies.” It agreed to submit a detailed integrated plan outlining all major remediation activities related to risk governance, with clear timelines and accountabilities.

The new plan builds on the CORE program, covering financial as well as non-financial risk. It will run for longer than CORE and has a greater focus on accountability and execution.

The independent reviewer, Promontory Australia, said the new plan provides the foundation for a successful risk remediation program. Accountability structures that have put in place “should support the effective implementation of the plan”.

However, some of the “deliverables” are expressed in broad terms and should be refined. Also “closure criteria for some activities could be more closely aligned with the workstream problem statements”.

Promontory said execution risk could be reduced by ensuring more appropriate sequencing and co-ordination of activities.

It warned that the new plan spans almost all aspects of the bank’s operations and carries significant execution risk.

It said it will be important for the bank to demonstrate a strong “tone from the top” in the implementation of the new plan and this must be sustained over the life of the program.

The bank’s risk governance problems came to light in the wake of Austrac’s court action over Westpac’s many breaches of its anti-money laundering obligations.

In December, APRA said it was concerned about the bank’s progress in fixing weaknesses that include “an immature and reactive risk culture, unclear accountabilities, capability shortfalls and inadequate oversight”.

The bank had already conceded its remediation work had not delivered. An assessment conducted by an internal review team supported by Oliver Wyman, published in July last year, identified further changes the bank needed to make to fix weaknesses in the way it manages risk.

At the time, Westpac chief executive Peter King said: “Our management of non-financial risk is currently not at the standard we set for ourselves. It is clear we have more to do.”

When the review team went looking for the causes of the bank’s weaknesses in risk management, it found that the bank’s organisational structure was too complex. This introduced inconsistencies in the way risk is managed across the bank, made execution difficult and created confusion about policies and practices.

“Westpac’s tendency to perpetuate complexity by introducing, among other things, new committees led to capacity and execution constraints and a lack of clarity in accountability and introduction of additional risk,” the report said.

It found that awareness of risks was inconsistent and the approach to managing those risks was not sufficiently proactive.

It also found that Westpac employees did not have sufficient capability to manage non-financial risk.

 

 

 

I'm a returning subscriber

Password reset
Login

Request a free trial

  • Emailing you the news at 7am.
  • Covering core lending and funding issues, strategy, payments, regulation, risk management, IT, marketing and more.
  • Original news and summaries of major stories from other media – ditch your newspaper subscriptions.
  • Focused on banking and finance, saving you the time spent wading through newspapers and other services.
  • With reporting from former editors and senior writers from the AFR and The Australian.
  • Configured for your phone, laptop and PC.
Free trial Banking Day