Earlier this week, it was announced that the Australian Prudential Regulation Authority (APRA) had agreed to a court enforceable undertaking (CEU) from Westpac Banking Corp (Westpac), as the bank pledged to “lift substantially its efforts to address risk governance deficiencies”.
The CEU comes after APRA had raised concerns with Westpac about its culture, governance and accountability practices following an investigation by the financial crime watchdog AUSTRAC into alleged breaches of anti-money laundering and counter-terrorism financing laws. The bank has since paid a record $1.3 billion penalty after admitting over 23 million breaches of the laws related to this issue.
Indeed, in a review released earlier this year, it was found that Westpac had an “immature and reactive” risk culture, unclear accountabilities, capability shortfalls and inadequate oversight. APRA’s prudential reviews of Westpac had also identified additional weaknesses in Westpac’s risk governance, the regulator said.
What the CEU entails
According to the court enforceable undertaking document, released this week, APRA said it was “concerned about the nature and extent of the weaknesses” identified, as well as “the pace at which those weaknesses will be rectified”.
The regulator had lamented that Westpac’s past attempts at remediation had “often resulted in ongoing delays and, in some cases, a reset of programs”.
It particularly noted that some of the bank’s remediation programs “lacked key features which will be integral to achieving wholesale improvements in Westpac’s risk governance”.
For example, the regulator alleged in the CEU that some programs were “not sufficiently far-reaching to address effectively wide-ranging risk governance gaps and carries high execution risk”. It added that it was concerned the bank was “not actively managing the significant interdependencies” between different remediation activities where certain actions are contingent on others first being completed, or where there appears to be overlap between different remediation activities that have a common purpose.
Moreover, APRA said that new risk governance issues have continued to emerge, including breaches of APRA’s liquidity standard as announced by APRA and Westpac earlier this week.
“APRA’s conclusion is that Westpac has failed to deliver the expected risk governance improvements despite almost two years of remediation.
“This has undermined APRA’s confidence in Westpac’s ability to remediate these weaknesses in a timely manner,” the CEU reads.
Westpac has now acknowledged the concerns and agreed to a range of actions, including:
- developing an integrated plan that incorporates all its major risk governance remediation programs, covering both financial and non-financial risks and submitting this plan to APRA “within 90 days”;
- setting out a clear timeline for implementation of the risk remediation activities;
- assigning accountabilities for delivery of the plan to named executives and board members and incorporating outcomes into remuneration decisions;
- obtaining independent assurance over the implementation of the plan with direct reporting to APRA on Westpac’s progress in implementing the integrated plan within 15 business days from the end of each quarter (commencing from the date the integrated plan is submitted to APRA).
Moreover, in December 2019, APRA increased Westpac’s operational risk capital add-on to $1 billion. The $1 billion capital add-on will continue to apply until such time as it has completed the risk governance activities set out in the integrated remediation plan to APRA’s satisfaction.
Westpac progress ‘not good enough’: APRA
Speaking after the CEU was issued, APRA deputy chair John Lonsdale said the CEU provided greater assurance of Westpac’s determination to more effectively execute its risk governance remediation work.
“As one of the country’s largest and most important financial institutions, Westpac should be a leader in risk management. Although the bank has made progress in some areas over the past year, it is not good enough.
“We continue to observe new prudential issues arising while longstanding weaknesses persist, and we believe Westpac’s governance, culture and accountability frameworks and practices are still in need of a substantial uplift.
“APRA’s concerns have been communicated directly to the board and senior management with the clear message that the magnitude of improvements that Westpac needs to deliver requires a deep commitment to change at all levels across the organisation,” he said.
“Entering into a CEU is a serious step that indicates the severity of the situation. The integrated plan required by the CEU must be designed to deliver the sustainable risk governance step-change that APRA requires,” Mr Lonsdale added.
Westpac acknowledged that upon any breach of the terms of this CEU, APRA may take regulatory action as it considers appropriate in the circumstances, including enforcement action.
Westpac Group CEO Peter King said Westpac was determined to deliver on its risk remediation activities.
“My top priority is to ensure the bank’s risk culture and management of risk meet the high standards expected of us,” he said following the CEU agreement.
“We have had constructive discussions with APRA and know we have to deliver a disciplined step-change in our management of financial and non-financial risk.
“While we have made progress in improving our standards, we have much more work to do, and this must be done at pace.”
[Related: APRA slaps Westpac with enforceable undertaking]