APRA’s report on its latest bank risk culture survey landed last week – and its title ‘No room for complacency on bank risk culture’ says a lot.

APRA sees this survey of 18 ADIs as ‘leading regulatory practice’ and allows it to better assess risk behaviours and how well risk management frameworks across the sector are doing.

The survey invites all employees of a selected ADI to share their views on their organisation’s risk practices – and so the findings are (hopefully) an authentic view from the work place on a business’ attitudes to risk.

APRA sees the survey results as part of its expanded supervisory toolkit – and that suggests that banks ought to expect survey themes to be used in any upcoming supervision that APRA applies to individual banks.

So, what are some of the things that banks can take from the survey results?

Correlation with weaknesses

APRA sees a clear link between risk culture survey results and its supervisory experience of a particular ADI. So, if your ADI was part of the survey, there’s not a lot of scope for the bank to be surprised at APRA’s supervision approach towards it.

Complacency concern

One of the survey’s key points is about the need for continual vigilance by boards and senior management on risk culture. This firmly repeats Commissioner Hayne’s key recommendation from the Banking Royal Commission of 2018: banks need to regularly assess and re-assess their governance and culture.

The theme of continual focus on lifting risk capability is very clear. And, although the amount of work the sector has done on risk is applauded,

Now is not the time to slow momentum. APRA survey insights

Any hint (e.g. messaging, whether internal or external) that a bank feels that its culture is ‘fixed’ could get picked up as an example of the complacency APRA is clearly concerned about.

Senior executive over-confidence?

APRA’s survey found that senior executives were more optimistic about risk and controls than the functions that actually manage them.

Importantly, the age-old tension on resources to support risk and compliance functions was also observed – with senior management tending more to the belief that sufficient resourcing is committed to risk control. APRA seemed to side with those at the function level by observing:

The critical ‘voice of risk’ needs to continue to be heard and acted upon, especially on the need for investment in risk management capability and architecture. APRA Survey insights

Risk management functions need more clarity?

APRA found a wide response range (42% difference in levels of agreement amongst staff) on whether the 3LOD model was actually understood across the organisation, and on whether there’s enough clarity on risk management accountability. Perhaps some further thinking is needed on how 3LOD is explained and put into practice internally?

The regulator repeats the APRA Prudential Inquiry 2018 mantra that “clearly delineated responsibilities across the organisation would promote effective accountability, encouraging the prompt identification of new and emerging risk issues”.

Some next steps

APRA sees its risk culture survey as helping to ‘uplift risk management practices in a meaningful and targeted way’ and so it’ll be no surprise for regulatory supervision units in major banks to see the next phase of APRA supervision picking up some of the survey themes.

Key things to think about, and questions to be ready for, include:

  • Make sure you understand the views within, and about, your organisation that came out of the survey
  • Consider the questions put by APRA in each of the ‘Matters for ADIs to Consider’ boxes in the report – a good preview of what the next set of supervision questions might cover.
  • Can you show how you address complacency on risk – eg recent internal reforms or projects that may give senior executives a more aggregated view of risk?
  • Remember this from the survey:
  • Employees think some of the tell-tale markers that contributed to the mismanagement of non-financial risks… are still prevalent today

    Do your employees think that way and, if so, why?

 

Norton Rose Fulbright’s Risk Advisory team can assist with regulatory supervision strategies and risk governance implementation and is happy to address any questions the post above may have raised for you.



Contacts

Australian Chair and Global Co-Head of Restructuring
Partner
Partner
Senior Advisor - Risk Advisory
Special Counsel
Associate

Recent publications

Subscribe and stay up to date with the latest legal news, information and events . . .